Forum Discussion

kridsana's avatar
kridsana
Icon for Cirrocumulus rankCirrocumulus
Dec 26, 2012

How to clear Don't Fragment (DF) bit

there is some virtual server that have a problem that     packet segment lost when MTU = 1500     so i want to clear DF bit to fix this problem , and how to clear it?     than...
config
design
nitass's avatar
nitass
Icon for Employee rankEmployee
Jan 09, 2013
when ptumd is disabled, bigip will clear DF bit so when sending out packet to router.i understand if df bit is set in incoming packet, bigip does not clear df bit when sending it out. 

 pmtu is disabled

[root@B3900-R72-S18:Active:Standalone] config  tmsh list sys db one-line|grep mtu
sys db route.metrics.mtu { value "enable" }
sys db tm.enforcepathmtu { value "enable" }
sys db tm.minpathmtu { value "296" }
sys db tm.pathmtudiscovery { value "disable" }

 line (1) is packet from client to bigip and line (2) is packet from bigip to server.

[root@B3900-R72-S18:Active:Standalone] config  tcpdump -nni 0.0 tcp port 7 or icmp -s0 -v
tcpdump: listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
(1) 15:06:51.538295 IP (tos 0x0, ttl 255, id 15881, offset 0, flags [DF], proto: TCP (6), length: 52) 200.200.200.11.38257 > 11.11.11.100.7: S, cksum 0xa757 (correct), 954024461:954024461(0) win 4380  in slot1/tmm2 lis=
(2) 15:06:51.538787 IP (tos 0x0, ttl 254, id 15881, offset 0, flags [DF], proto: TCP (6), length: 52) 12.12.12.253.38257 > 11.11.11.100.7: S, cksum 0x1f23 (correct), 954024461:954024461(0) win 4380  out slot1/tmm2 lis=/Common/bar

 line (3) is packet from client to bigip and line (4) is packet from bigip to server.

[root@B3900-R72-S18:Active:Standalone] config  tcpdump -nni 0.0 tcp port 7 or icmp -s0 -v
tcpdump: listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
(3) 15:13:08.665107 IP (tos 0x0, ttl 255, id 16514, offset 0, flags [none], proto: TCP (6), length: 52) 200.200.200.11.38259 > 11.11.11.100.7: S, cksum 0x0dad (correct), 1659548072:1659548072(0) win 4380  in slot1/tmm0 lis=
(4) 15:13:08.665289 IP (tos 0x0, ttl 254, id 16514, offset 0, flags [none], proto: TCP (6), length: 52) 12.12.12.253.38259 > 11.11.11.100.7: S, cksum 0x8578 (correct), 1659548072:1659548072(0) win 4380  out slot1/tmm0 lis=/Common/bar

does router handle fragmentation packet on their own and don't send ICMP fragmentation needed return to F5?if df bit is not set, i do not think router will send icmp unreachable/fragmentation needed (because packet can be fragmented).