How to clear Don't Fragment (DF) bit

sorry, i mean icmp unreachable/fragmentation needed should not be dropped, should it?

As Nitass suggests, can you not fix the issue on the router? I believe Cisco ACLs can now be quite granular where ICMP message types are concerned (if it's a Cisco).

 

Is there a reason this is important to you? PING doesn't seem to like a critical function to me, or is this actually affecting application traffic too?

 

sorry, i mean icmp unreachable/fragmentation needed should not be dropped, should it?

 

oh if it's about ICMP fragmentation needed >> F5 receive this packet >> but i didn't found resend packet with new MTU from F5.

 

 

Is there a reason this is important to you? PING doesn't seem to like a critical function to me, or is this actually affecting application traffic too?

 

sorry I mistook this all of time , point is not ping , ping is just show how to test this. customer use tcp normally .

Understood, thanks. I assume you did a packet capture to confirm this.

 

 

1) Did you see what the 'new' MTU was in the packet?

 

2) Did the F5 just keep sending packets at the old MTU?

 

3) Did it eventually remove the DF bit from resent packets?

Posted By What Lies Beneath on 01/17/2013 01:51 AM

 

Understood, thanks. I assume you did a packet capture to confirm this.

 

 

1) Did you see what the 'new' MTU was in the packet?

 

2) Did the F5 just keep sending packets at the old MTU?

 

3) Did it eventually remove the DF bit from resent packets?

 

1. Yes i see only some of them. Most of them is receive ICMP fragmentation needed and nothing happen.

 

2. no

 

3. no

 

OK, so what was the MTU provided in the Unreachable packet? Do you know where the lower MTU network is?

 

 

Is the router Cisco? If so, could you use the 'ip tcp adjust-mss' command to help here?

oh if it's about ICMP fragmentation needed >> F5 receive this packet >> but i didn't found resend packet with new MTU from F5.i am confused. on page 1, you mention you cannot ping virtual server with mtu 1500. if you ping virtual server, how come does bigip receive icmp unreachable/fragmentation needed??

 

 

This problem is client can't ping to virtual server with MTU 1500. it has only one problem virtual server.

i am confused. on page 1, you mention you cannot ping virtual server with mtu 1500. if you ping virtual server, how come does bigip receive icmp unreachable/fragmentation needed??

 

sorry I mistook this ,after F5 reassemble TCP , it send packet 1500 to client but checkpoint drop it and return ICMP fragmentation needed to F5 with MTU next hop 1476. maybe i focus only ping that customer test show too much.

And you have re-enabled PMTU yes?

after F5 reassemble TCP , it send packet 1500 to client but checkpoint drop it and return ICMP fragmentation needed to F5 with MTU next hop 1476.you do see it in tcpdump, don't you? have you provided support the tcdpump? it is C1263209, isn't it? what is the tcpdump filename?