Bug ID 499538: Fragmented ESP packets were getting dropped in BIG-IP with MTU = 576

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9

Opened: Jan 06, 2015

Severity: 3-Major


The db variable tm.minipfragsize is set to 576 by default on the image 11.5.1-hf6. What this means is that BIG-IP system does not process packets with a payload length of less than 576 bytes. When MTU is set to 576, the payload length is 576. Because IP header length is 20 bytes typically, the BIG-IP system drops the 576 byte-fragmented packets. The workaround for this issue is to set the db variable value to 552 so that it passes the IP minimum size check.


There are packet drops on the BIG-IP system. Data traffic is not passing the BIG-IP system if ESP is fragmented.


-- MTU set to 576 on the interface of an intermediate node before the BIG-IP system. The db variable tm.minipfragsize set to anything greater than 552. -- ESP packets reach the BIG-IP system as fragmented with size 576 bytes.


Set the db variable tm.minipfragsize to 552 when the MTU is set to 576 on any node previous to the BIG-IP system.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips