Actually, this isn't a BigIP problem. It's a BSDI problem (the underlying OS for the BigIP box). I believe BSDI has a patch available for BSD/OS 4.0 (mayabe even 3.1). While you can't benefit from this patch directly, you can perhaps nudge your F5 rep about expediting a patch for your boxen. Chris Chris Mauritz Director, Systems Administration Rare Medium, Inc. chrism@raremedium.com -----Original Message----- From: Mark Kosters [mailto:markk@internic.net] Sent: Tuesday, November 24, 1998 11:08 AM To: Greg A. Woods; North America Network Operators Group; NetBSD Networking Technical Discussion List Cc: Mark Kosters Subject: Re: SOLVED! The cause of puzzling TCP (eg. WHOIS) connection failures with some InterNIC.net hosts On Fri, Nov 20, 1998 at 04:25:11PM -0500, Greg A. Woods wrote:
The problem has to do with the failure of a host to fragment larger packets on demand (i.e. when the other host sends an ICMP "needs frag" notification). This may be because the ICMP packet never gets through (perhaps someone who didn't understand TCP/IP and ICMP and everything else related implemented a filter on all "abnormal" ICMP packets); or it may be because the receiving host doesn't understand the ICMP "needs frag" request (and also doesn't implement path MTU discovery, or have I got that backwards?).
No matter what the problem really is, I'm sure a *lot* of people would be much happier if this problem were fixed, specifically for the WHOIS service (though I've also had troubles receiving HTTP too). I got quite a few replies about similar experiences when I first posted about this on NANOG recently.
Thanks Greg for the good information. The InterNIC load balancers (BigIP made by F5 Labs) do have a problem with path MTU discovery. We have taken a short term fix of turning off path MTU discovery on the hosts behind BigIP until F5 issues a fix. Regards, Mark -- Mark Kosters markk@internic.net InterNIC Registration Services PGP Key fingerprint = 1A 2A 92 F8 8E D3 47 F9 15 65 80 87 68 13 F6 48 I am not a spokesperson for NSI. Anything I write or say is my personal opinion and in no way should be interpreted as NSI's official position.