Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IQ Platform
Known Affected Versions:
7.0.0, 7.0.0.1, 7.0.0.2
Opened: Jan 31, 2020 Severity: 3-Major Related Article:
K50745396
TCP traffic on a BIG-IQ system using a self IP address may not correctly honor the MSS size specified during the connection establishment. The result is IP fragmentation of TCP segments sent out on the wire. The expected behavior is that TSO would package the TCP segments in a way that would not require fragmentation. When a large amount of data needs to be transferred using a self IP address, the BIG-IQ system might send out fragmented IP packets with both the DF and MF bits set. Setting both bits is RFC compliant and valid, however some routers drop such packets. This might result in retransmissions and low throughput.
Data transfer from the BIG-IQ system's self IP address might be slow or fail.
This occurs when a self IP address processes large data transfers, and the router between the two endpoints does not process the IP fragments that have both the DF and MF bits set. This occurs only when TCP segmentation offload (TSO) is enabled, and traffic is using a tmm interface. TSO enabled is the default setting.
To work around this issue, you can disable TSO by issuing the command: ethtool -K tmm tso off. Note: This has a different effect from setting the db key tm.tcpsegmentationoffload to 'disable' (which is not a workaround for the issue). Note: To persist the effect of this command across reboots, use the solution specified in K14397: Running a command or custom script based on a syslog message, available here: https://support.f5.com/csp/#/article/K14397. For example, alert tmmready "Tmm ready" { exec command="/sbin/ethtool -K tmm tso off" }
None