Packet analysis in Wireshark possible MSS issue?
we have an issue in the customer network.
The Client (ADSL CPE) initiates the session to our System.
The packet successfully passed the customer Firewall and receivers then at the F5 BigIP LTM pair.
As we have issues with (Fast)Retransmissions and (multiple) Duplicate Acks I analysed a Wireshark trace in detail.
You can see the 2 relevant packets in attachment.
The Clients sends the SYN Packet. This packet includes the Maximum Segment Size of 1360 Bytes (which is good for ADSL).
In the SYN-ACK packet from the F5 LB to the IAD the MSS is now set to 1460. 1460 is too large for the CPE.
As I can see in further packets 1460 is used for further communication. This results in fragmentation and loss of performance/utilization.
The question is now: Why is the F5 LTM sending 1460 as MSS and is not using the 1360 "suggested" from the client?
Thanks for any help!
Cheers