boneyard
Jul 17, 2012MVP
F5 setting don't fragment bit
am running into a situation where it appears the F5 is setting the don't fragment bit of a packet that didn't have it set initially. what can be causing this? is there a way to turn this off?
Do you have an explicit reason for allowing packets without DNF set? Fragmentation in the network isn't good. Most sensible firewalls will drop fragments by default (They're too good a vector for a DOS attack). I find path-mtu discovery to be a much better proposition (However it does require network and firewall admins who know what they're doing).
H