Forum Discussion

Cirrocumulus

Dec 26, 2012

How to clear Don't Fragment (DF) bit

there is some virtual server that have a problem that packet segment lost when MTU = 1500 so i want to clear DF bit to fix this problem , and how to clear it? than...

config

design

Hamish

Cirrocumulus

Jan 05, 2013

FWIW I just fixed an issue with checkpoint firewalls and MTU issues.. There's a known bug in checkpoint with some intel 10Gb network cards using the ixgbe drivers..

It happens when coalescing goes a bit mad. The ixgbe drivers will take incoming packets and coalesce them into bigger (i.e. Jumbo) packets... This appears to go a bit mad on some of their kit (There's an sk note and a workaround (Set the timers to 0 for coalescing). Sometimes the workaround doesn't work and you need to get an updated driver.

To diagnose, do a tcpdump on the firewall. Even though you have a 1500 Byte MTU on the inbound interface you'll see packets > 1514 bytes being accepted (Small lie they're two packets coalesced).

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

How to clear Don't Fragment (DF) bit

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Virtual Fragmentation Should Not Result in Network Fragmentation

Microservices – application fragments need application services

VPN fragmented IP packets dropped

F5 APM redirect when the URI contains a # (hashtag) / URI fragmentation

Issues with TCP Fragmentation?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS