A10 AX fragmentation issue
George Bonser
gbonser at seven.com
Sat May 28 19:07:02 CEST 2011
>
> Any A10 AX user using SLB-PT might want to double-check that their
> site(s) are accessible by clients behind MTU <1500 links, NOT doing
> overly aggressive[1] MSS clamping. You might find that the required
> fragmentation of HTTP responses just doesn't happen and thus traffic
> being blackholed.
>
> The only currently known workaround is lowering the real server's MTU
> to
> 1260[2] so the load balancer won't have to fragment in the first
place.
>
> Best regards,
> Daniel
>
> [1] easiest way to spot it is probably a tunnel with MTU=1280 like
> SixXS provides.
>
> [2] 1260-sized IPv4 packet becomes 1280-sized when replacing the 20-
> octet
> IPv4 header with the 40-octet IPv6 header
>
> --
> CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0
Is this an A10 issue or is this a problem with ICMP PMTU discovery in
general? It might also depend on what kind of server is being used. If
you have Linux servers, you might want to set
/proc/sys/net/ipv4/tcp_mtu_probing to a value of 2 (while it is an ipv4
sysctl, it is effective for all tcp connections ipv4 and ipv6). Setting
this allows the system to perform PMTUD without relying on ICMP.
Solaris and modern MS Windows servers support this mechanism by default.
More information about the ipv6-ops
mailing list