Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Fixed In:
13.0.0
Opened: Aug 15, 2016 Severity: 2-Critical Related Article:
K13886979
The BIG-IP system repeatedly retransmits TCP segments when tm.enforcepathmtu is disabled and IPv4 ICMP Fragmentation Needed messages are received. As a result of this issue, you may encounter one or more of the following symptoms: - When the BIG-IP system receives an IPv4 ICMP Fragmentation Needed message and has tm.enforcepathmtu disabled, the system does not update the path MTU (PMTU) for the connection. However, the TCP profile retransmits unacknowledged data at the existing PMTU size, generally resulting in further ICMP Fragmentation Needed messages and subsequent retransmissions.
The system retransmits the TCP segment each time an ICMP Fragmentation Needed message is received.
This issue occurs when all of the following conditions are met: - The system receives an ICMP Fragmentation Needed message. - The BIG-IP database variable tm.enforcepathmtu is disabled.
To work around this issue, you can disable tm.pathmtudiscovery. To do so, perform the following procedure. Impact of workaround: Performing the following procedure should not have a negative impact on your system. Note: disabling tm.pathmtudiscovery causes BIG-IP to transmit IP messages with Don't Fragment unset Disabling tm.pathmtudiscovery 1. Log in to the command line. 2. Disable tm.pathmtudiscovery using the following syntax: tmsh modify sys db tm.pathmtudiscovery value disable
TCP no longer retransmits when receiving IPv4 ICMP fragmentation needed messages, thus eliminating the unnecessary retransmissions.