Bug ID 451224: IP packets that are fragmented by TMM, the fragments will have their DF bit

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP All(all modules)

Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.4.0, 11.4.1, 11.5.1, 11.5.2, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0, 11.6.0 HF5, 11.5.3

Opened: Mar 05, 2014

Severity: 4-Minor

Symptoms

IP packets that are fragmented by TMM, the fragments will have their DF bit set if tm.pathmtudiscovery is set to enable (this is the default setting for this dbvar). This is perfectly compliant with RFC standards, and it is the correct thing to do.

Impact

Non-RFC compliant switches by other vendors may reject a fragment with DF bit leading to packet being dropped or treated as a bad packet by them.

Conditions

IP packet that needs to be fragmented by TMM due to MTU restriction on the egress VLAN/interface. Non RFC compliant downstream switches that do not want to see the DF bit set in IP fragments.

Workaround

Setting tm.pathmtudiscovery to disable results in DF bit not being set on the fragments.

Fix Information

tm.pathmtudontfragoverride dbvar introduced. If the value is changed from 'disable' (this is the default) to 'enable', then DF bit will not be set in IP fragments generated by TMM.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips