Hello.
I have a problem in my network with one application.
When the application didnt fragment the data, it worked fine, but now its neccesary to fragment the data and now it doesnt work.
I have done a tcpdump capture and appears the following information:

12:55:03.776578 IP (tos 0x0, ttl 59, id 33301, offset 0, flags [DF], proto: TCP (6), length: 40, bad cksum 0 (->72b4)!) X.X.X.X.X > Y.Y.Y.Y.Y: ., cksum 0x9890 (correct), 1113:1113(0) ack 585 win 7008

12:55:03.777310 IP (tos 0x0, ttl 59, id 33302, offset 0, flags [DF], proto: TCP (6), length: 40, bad cksum 0 (->72b3)!) X.X.X.X.X > Y.Y.Y.Y.Y, cksum 0x920d (correct), 1113:1113(0) ack 1084 win 8176

12:55:08.782494 IP (tos 0x0, ttl 59, id 33303, offset 0, flags [DF], proto: TCP (6), length: 40, bad cksum 0 (->72b2)!) X.X.X.X.X > Y.Y.Y.Y.Y: F, cksum 0x920c (correct), 1113:1113(0) ack 1084 win 8176

12:55:08.785066 IP (tos 0x0, ttl 62, id 48258, offset 0, flags [DF], proto: TCP (6), length: 40) Y.Y.Y.Y.Y > X.X.X.X.X: F, cksum 0x8f6b (correct), 1084:1084(0) ack 1114 win 8848

12:55:08.805185 IP (tos 0x0, ttl 59, id 33304, offset 0, flags [DF], proto: TCP (6), length: 40, bad cksum 0 (->72b1)!) X.X.X.X.X > Y.Y.Y.Y.Y., cksum 0x920b (correct), 1114:1114(0) ack 1085 win 8176

I have done a ethtool -k to look if it's active the checksum offload but it's not active.

Also, my host is after a load balancer, could it be a problem??
Thanks

Fragmentation is normally handled by routers and bridges. Why is it "necessary" now?


I almost missed this, but these two packets are from different hosts. Note the ttl. So local hosts are ok, remote hosts are not.

The flag on these packets is DF. A DF Flag means do NOT fragment. So you should be getting ICMP error notification packets.

I also find the size of the packets odd for TCP. I thought the minimum size was a length of 64. I believe these are technically runts, which most routers will discard as damaged packets.


I don't know, but I don't think so.

Well, our client decided to fragment the data, and when he changed the tx way appears the problems... but analizing the frames i think that the problem is on his application, because I think the sent packets aren't fragmented packets, on TCP/IP, due to the DF flag, but really the frames should be on the same IP packet...
Sorry for my poor english and thanks for your answer

I agree. You might also suggest they reduce their (MSS) Maximum Segment Size on their systems so that fragmentation is not required. Forcing routers to fragment everything can cause delays.

If a packet is marked as DF, then you try to fragment it, the router doing the fragmentation will fail due to DF and will ditch the packet.It will send an ICMP message indiacting fragmentation required but DF set.

The answer is as mentioned - MSS must be set at the TCP source host to force it to use smaller packets.

Cheers

Pete

Thanks for the answers
Pete, I have one doubt, if the flag DF means "Dont fragment", why do you say that it tries to fragment? With other tcpdump capture I saw the packets are being received on the host, but the application log shows that it discards the second frame, I mean, the application recognizes the first one, but when it receives the second one, due to the packet it's fragmented (althought by ip protocol it doenst!!), the application discards it and return a general error.

Thanks and sorry for my poor english.

I am certain this is a typo.

If a packet is marked as DF, and the router determines fragmentation is required, the router doing the fragmentation will fail due to DF and will ditch the packet.It will send an ICMP message indicating fragmentation required but DF set.

Thats what I meant! Thank you. It didn't make sense the way I wrote it...