On this page we discuss issues that are not covered in the other pages related to your network infrastructure.
Dropped network packets when the internet connection is available
The internet connection is available, but still you notice issues that seem to point to a problem with the network connectivity:
- A high number of unauthorized payments.
- Payment terminals that fail to go online or that switch to Store and Forward transactions.
- Terminal applications intermittently failing to load.
The cause can be payment packets being dropped because the Maximum Transmission Unit (MTU) is exceeded. The MTU is the largest size packet that can be sent over a network connection. Routers will fragment or drop packets that are bigger.
The default MTU for payment terminals is 1500 bytes. Part of the MTU is reserved for the Transmission Control Protocol (TCP) and Internet Protocol (IP) headers of the connection. This leaves 1460 bytes for the Maximum Segment Size (MSS). The MSS is the maximum amount of data in bytes that is accepted in a TCP session.
As a packet travels along its network path, more header bytes may be added, for example by PPPoE, VPN, or MPLS network protocols you are using. The terminal is not aware of those additional headers and continues to transfer packets with the default MTU. The network router at your store or data center can't fragment the packet because the terminal marks payment packets as "Don't Fragment". As a result, your router drops the packet even though the internet connection is available.
A good technique to avoid packets being fragmented or dropped, is to lower the MSS. Network vendors refer to this as TCP MSS clamping, TPC MSS ceiling, or TCP MSS adjustment. Here are some resources to help you understand this technique:
- Cisco - ip tcp adjust-mss
- Juniper - Configuring TCP MSS for Session Negotiation
- Linux - Circumventing Path MTU Discovery issues wiuth MSS Clamping
Changing the MSS value affects all your network traffic. So before you start lowering the MSS, contact your network support team or the support center of your network vendor.
The standard technique to avoid packets being fragmented or dropped, is Path MTU Discovery (PMTUD). This technique allows network hosts to determine the MTU on a network path. In practice however, most networks don't allow the Internet Control Messages Protocol (ICMP) that this technique relies on.