Forum Discussion
VPN fragmented IP packets dropped
There's a VPN tunnel in the picture, that is forcing the MTU to 1400 -- hence why we get packets with less than 552bytes & with the MF set.
I agree that performance might become an issue. What would be a good option is: to limit performance problems by creating a new VS for all remote VPN sites, with the same pool members. The iRule would only be used on that new dedicated VS for remote VPN sites traffic only.
Thanks for your feedback.
default ethernet mtu is 1500 bytes.
the 100 bytes difference to vpn's 1400 might be cause of the small fragment.
enabling jumbo frame 9000 bytes mtu on physical interface means adjacent switch/router will less likely to send fragmented payload to the f5.
- Neo_PhMay 17, 2024Altocumulus
I agree for the jumbo frames. Despite having jumbo frames on the path, when packets goes through the VPN, we have to force the MTU to 1400.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com