Last Modified: Oct 17, 2023
Known Affected Versions:
11.6.0, 11.6.1, 11.6.2, 11.6.3, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 11.6.4, 11.6.5, 126.96.36.199, 188.8.131.52, 184.108.40.206, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 12.1.4, 18.104.22.168, 12.1.5, 22.214.171.124, 126.96.36.199, 188.8.131.52, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Opened: Apr 12, 2017 Severity: 3-Major Related Article:
Related Article: K04651090
Following are the symptoms: 1. When the BIG-IP system's MTUs are larger than the smallest MTU in the end-to-end path: -- The BIG-IP system does not mark coalesced packets larger than egress MSS but smaller than egress MTU in the BIG-IP system for segmentation. Therefore, the BIG-IP system receives 'ICMP fragmentation needed' messages from an intermediate router which drops the packets when the Don't Fragment (DF) bit is set in IP header. 2. When the BIG-IP system's MTUs are less than 1500: -- On ingress, the BIG-IP system rejects coalesced packets larger than ingress MTU and less than 1500 and having DF bit set in IP header. the BIG-IP system sends 'ICMP fragmentation needed' message to sender.
No traffic or very low throughput.
* Generic Receive Offload (GRO) and Large Receive Offload (LRO) for data plane interfaces are supported and enabled (both in host and guest). * Packets are sent with DF bit set. * For #1: -- FastL4 profile in use. -- The BIG-IP system's VLAN MTUs are larger than the smallest MTU in the end-to-end path. * For #2: -- The BIG-IP system's MTUs are set to a value that is less than 1500. -- The packets' DF bits are set.
Disable LRO and GRO for data plane interfaces using the following command: tmsh modify sys db tm.tcplargereceiveoffload value disable. Note: For KVM virtio devices, LRO/GRO need to be turned off in host NIC.
The BIG-IP system fastL4 stack now uses discovered MSS to determine whether TCP segmentation is required.