Forum Discussion
How to clear Don't Fragment (DF) bit
there is some virtual server that have a problem that
packet segment lost when MTU = 1500
so i want to clear DF bit to fix this problem , and how to clear it?
thank you
- kridsanaCirrocumulusbigip would relay fragmentation needed packet between client and server.
excuse me , please explain about how this work. All I know is PMTUD is work by set DF bit to know what exactly MTU can pass through other device and reach client by receive next hop MTU in packet ICMP fragmentation needed from x device. If disable PMTUD ..fragmentation will handle by x device , right?
- nitassEmployeewhen pmtu is disabled, bigip does not know what smallest mtu size is. so, bigip won't fragment packet when sending out and will receive icmp unreachable/fragmentation needed packet. this will increase number of packets sending back and forth in the network.
- kridsanaCirrocumuluswhen pmtu is disabled, bigip does not know what smallest mtu size is. so, bigip won't fragment packet when sending out and will receive icmp unreachable/fragmentation needed packet. this will increase number of packets sending back and forth in the network.
does router handle fragmentation packet on their own and don't send ICMP fragmentation needed return to F5?
from tcpdump, I see F5 receive ICMP fragmentation needed packet but I didn't sure F5 resend smaller MTU.
thank you.
- nitassEmployeewhen ptumd is disabled, bigip will clear DF bit so when sending out packet to router.i understand if df bit is set in incoming packet, bigip does not clear df bit when sending it out.
pmtu is disabled [root@B3900-R72-S18:Active:Standalone] config tmsh list sys db one-line|grep mtu sys db route.metrics.mtu { value "enable" } sys db tm.enforcepathmtu { value "enable" } sys db tm.minpathmtu { value "296" } sys db tm.pathmtudiscovery { value "disable" } line (1) is packet from client to bigip and line (2) is packet from bigip to server. [root@B3900-R72-S18:Active:Standalone] config tcpdump -nni 0.0 tcp port 7 or icmp -s0 -v tcpdump: listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes (1) 15:06:51.538295 IP (tos 0x0, ttl 255, id 15881, offset 0, flags [DF], proto: TCP (6), length: 52) 200.200.200.11.38257 > 11.11.11.100.7: S, cksum 0xa757 (correct), 954024461:954024461(0) win 4380 in slot1/tmm2 lis= (2) 15:06:51.538787 IP (tos 0x0, ttl 254, id 15881, offset 0, flags [DF], proto: TCP (6), length: 52) 12.12.12.253.38257 > 11.11.11.100.7: S, cksum 0x1f23 (correct), 954024461:954024461(0) win 4380 out slot1/tmm2 lis=/Common/bar line (3) is packet from client to bigip and line (4) is packet from bigip to server. [root@B3900-R72-S18:Active:Standalone] config tcpdump -nni 0.0 tcp port 7 or icmp -s0 -v tcpdump: listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes (3) 15:13:08.665107 IP (tos 0x0, ttl 255, id 16514, offset 0, flags [none], proto: TCP (6), length: 52) 200.200.200.11.38259 > 11.11.11.100.7: S, cksum 0x0dad (correct), 1659548072:1659548072(0) win 4380 in slot1/tmm0 lis= (4) 15:13:08.665289 IP (tos 0x0, ttl 254, id 16514, offset 0, flags [none], proto: TCP (6), length: 52) 12.12.12.253.38259 > 11.11.11.100.7: S, cksum 0x8578 (correct), 1659548072:1659548072(0) win 4380 out slot1/tmm0 lis=/Common/bar
- nitassEmployeeadditionally, mtu information in route metric is controlled by route.metrics.mtu db key. it will be created even pmtu is disabled.
[root@B3900-R72-S18:Active:Standalone] config tmsh list sys db one-line|grep mtu sys db route.metrics.mtu { value "enable" } sys db tm.enforcepathmtu { value "enable" } sys db tm.minpathmtu { value "296" } sys db tm.pathmtudiscovery { value "disable" } [root@B3900-R72-S18:Active:Standalone] config tmsh show net cmetric Net::RouteMetric Destination IP HWaddress TMM rtt rttvar ssthresh bandwidth MTU 11.11.11.100 0:23:e9:0:65:4 1 0 0 0 0 1000 Destination IP HWaddress TMM rtt rttvar ssthresh bandwidth MTU 11.11.11.100 0:23:e9:0:65:4 0 0 0 0 0 1000 Total records returned: 2
- kridsanaCirrocumulusadditionally, mtu information in route metric is controlled by route.metrics.mtu db key. it will be created even pmtu is disabled.
- nitassEmployeei would prefer enabling it (pmtu).
- kridsanaCirrocumulus
this seem to be a can't solve problem -_-
- nitassEmployeei might be lost but why you don't find where icmp unreachable/fragmentation needed is dropped.
- kridsanaCirrocumulusit's router
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com