,

MTU and Suprema devices

When Suprema devices communicate with BioStar, the packet comes and goes through the network devices like routers. The MTU (maximum transmission unit) is the largest packet unit in bytes that can be passed onwards through the network layers. The value for the MTU is set by operating systems or network devices like routers. When you go to the menu of a router, you can change the value as shown in the figure below:

Operating systems and network devices automatically negotiate the MTU size. However, the operating system built on some of our Suprema models including BioLite Net, BioEntry Plus, Xpass, and Xpass Slim does not support the auto-negotiation feature. We can only control the MSS (maximum segment size) in the TCP header. The MSS set in the TCP header should be lower than the MTU of other network devices. When Suprema devices and the BioStar application are on the same network, the MTU size is usually not an issue. But when they are on different networks, especially on the VPN network, the MTU size plays a critical role in the transmission of packets from Suprema devices to the BioStar application. We highly recommend that you set the MTU of your network devices such as VPN devices and routers to be set greater than 1620.

However, some of our clients should stick to a certain size for some reason. To deal with those cases, we provide firmware with the smaller MSS (maximum segment size), because the MTU should be dealt on an operating system level and we cannot control it.
The TCP protocol provides an option field (MSS, maximum segment size) to control the MTU size of the packet, as shown in the figure below:

Let's say we have firmware with the MSS of 1024 bytes, which means that its MTU size will be greater than 1090 bytes. You can add the size of the TCP header (20 bytes), the IP header (20 bytes) and the Ethernet header (26 bytes) to get the MTU size from the MSS. The packet size can become larger as it goes through network devices, depending on the device types. In addition, VPN network devices encapsulate the original IP packets with its IPSec headers. Therefore, we recommend taking this into account when you set the MTU size of your network.