To clear the DF bit or not to... Your thoughts?

Ricky S · ‎06-14-2012

Hey everyone,

Is it more beneficial to clear the DF bit at the router and allow fragmentation of an IP datagram or not to clear it and let PMTUD do what it does best? I have asked this question to my fellow network pros and everyone seem to have mixed thoughts. One said, "Clearing the DF bit fixed a lot of issues I had with applications sending data packets with the DF bit set which get dropped by the router causing the host to re-transmit the packet with lower MTU setting."

Other said, "PMTUD saves my day every day."

I want to know what are your thoughts and how do you implement this on your network?

Joseph W. Doherty · ‎06-14-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

The major pros and cons are, if your router needs to fragment, it make take a noticeable performance hit but PMTUD ICMP packets are sometimes blocked. Normally I lean toward adhering to standards, i.e. if the packet indicates DF, then don't fragment the packet but try to inform the source.