Bug ID 658036: Honoring negotiated MSS for TCP segmentation

Last Modified: Apr 19, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0

Opened: Apr 12, 2017
Severity: 3-Major
Related AskF5 Article:
K04651090

Symptoms

Following are the symptoms: 1. When the BIG-IP system's MTUs are larger than the smallest MTU in the end-to-end path: -- The BIG-IP system does not mark coalesced packets larger than egress MSS but smaller than egress MTU in the BIG-IP system for segmentation. Therefore, the BIG-IP system receives 'ICMP fragmentation needed' messages from an intermediate router which drops the packets when the Don't Fragment (DF) bit is set in IP header. 2. When the BIG-IP system's MTUs are less than 1500: -- On ingress, the BIG-IP system rejects coalesced packets larger than ingress MTU and less than 1500 and having DF bit set in IP header. the BIG-IP system sends 'ICMP fragmentation needed' message to sender.

Impact

No traffic or very low throughput.

Conditions

* Generic Receive Offload (GRO) and Large Receive Offload (LRO) for data plane interfaces are supported and enabled (both in host and guest). * Packets are sent with DF bit set. * For #1: -- FastL4 profile in use. -- The BIG-IP system's VLAN MTUs are larger than the smallest MTU in the end-to-end path. * For #2: -- The BIG-IP system's MTUs are set to a value that is less than 1500. -- The packets' DF bits are set.

Workaround

Disable LRO and GRO for data plane interfaces using the following command: tmsh modify sys db tm.tcplargereceiveoffload value disable. Note: For KVM virtio devices, LRO/GRO need to be turned off in host NIC.

Fix Information

The BIG-IP system fastL4 stack now uses discovered MSS to determine whether TCP segmentation is required.

Behavior Change