Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP All
Known Affected Versions:
11.4.0, 11.4.1, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4
Fixed In:
12.0.0, 11.6.0 HF5, 11.5.3
Opened: Mar 05, 2014 Severity: 4-Minor
IP packets that are fragmented by TMM, the fragments will have their DF bit set if tm.pathmtudiscovery is set to enable (this is the default setting for this dbvar). This is perfectly compliant with RFC standards, and it is the correct thing to do.
Non-RFC compliant switches by other vendors may reject a fragment with DF bit leading to packet being dropped or treated as a bad packet by them.
IP packet that needs to be fragmented by TMM due to MTU restriction on the egress VLAN/interface. Non RFC compliant downstream switches that do not want to see the DF bit set in IP fragments.
Setting tm.pathmtudiscovery to disable results in DF bit not being set on the fragments.
tm.pathmtudontfragoverride dbvar introduced. If the value is changed from 'disable' (this is the default) to 'enable', then DF bit will not be set in IP fragments generated by TMM.