Forum Discussion
NimbostratusMTU is reduced to 576 when VS is attached
Hi,
I am a newcomer to BIG-IP. I have a LTM deployed in L2 mode by putting two untagged interface to one VLAN group.
Without attaching any VS, everything is normal and the MTU is 1500, from client side packet capture.
Once I attached a VS for redirecting HTTP, I can see from Wireshark on client machine that all packets from LTM is limited to MTU 576 (with Ethernet header, the packet size is 590).
I suspected the problem is from the pool members. So I shutdown all pool members and added fail open logic by detecting the active member (thanks to Aaron for answering my question posted on the iRules forum last night).
After this change, MTU from client side packet capture is still 576. I used the default HTTP profile in the VS.
I am using LTM VE BIG--IP-10.1.0.3341.1084.
Is this a known issue or I did something wrong?
Thanks a lot,
Peter
7 Replies
What_Lies_Bene1Cirrostratus
Assuming you've checked the MTU for the VLAN group, the best way to determine the source of the problem would be to do a tcpdump, using the client IP as a filter (assuming no SNAT is being used). Something like this: tcpdump -i any -nn -vv -s0 -X host x.x.x.x. Perhaps the Pool Member's IP MSS is set very low for some reason.
Peter_125719Yes. I checked the MTU of the VLANs in the VLAN group. They are set to 1500. There is nothing special from the virtual server and the pool. The virtual server is actually a web proxy. So if I fail open with no active members available, the client can still visit the original web server. Standard HTTP profile is used for the virtual server.
I did run traffic capture on BIG-IP on both internal and external interfaces for the fail open case. In the SYN-ACK from server side to LTM external, MSS is 1430. But in the same packet forwarded from LTM to client, MSS is set to be 1460 (1460 + 20 + 20 = 1500), which is perfectly consistent with the MTU in the internal VLAN interface. But the actual maximum packet size on the internal interface is 612, which includes the 22 extra bytes LTM padding (590 + 22 = 612). While on the external interface size, the server side maximum packet size is 1506:
1430 (MSS) + 20 (TCP header) + 20 (IP header) + 14 (Ethernet header) + 22 (LTM padding with VS name)= 1506
Thanks,
Peter- What_Lies_Bene1OK, so how are you determining the maximum packet size on the internal VLAN? Is this simply the largest packet size you've seen in your packet capture? Have you confirmed the client MSS and layer 2 MTU settings?
hoolioI would contact your F5 or partner SE and ask for an evaluation key for BIG-IP VE. This will support any currently supported LTM version and not be subject to older bugs and some technical restrictions. I'm not certain it will fix this specific MTU issue, but I don't think it's worth spending too much time troubleshooting with the 10.1 trial VE.
Aaron- Peter_125719Got a point, Aaron. I do have a 11.x trial license. I will set it up and update this thread later.
Thanks,
Peter - Peter_125719Verified. The issue doesn't exist with BIG-IP VE 11.2.1.7970.
Thanks,
Peter 
nejla_130683Hi, we have same problem with BIG-IP 11.6.0 Build 5.0.429 Hotfix HF5. Do you have any advice for this problem?
