DF bit in Apache to Tomcat communication

1

Edited (edits are in italics):

In my configuration I have an Apache 2.2 Http Server configured as a reverse proxy with mod_proky_jk, that exposes http service from an Apache Tomcat 6 application server. The two are different MS Windows 2008 R2 boxes.

My problem is that communication between a remote mobile device connected via GPRS or GSM sometimes fails.

I found this message and it seems to fit my situation.

Dumping TCP messages, I noticed that Apache requests packets with the DF bit set to "don't fragment". The Ethernet frame size is actually 1514 and MTU is 1500.

Is there a way to tell Apache to not use DF bit? Maybe binding the service to the machine IP instead of all interfaces?

The new quetion is:

If the problem is caused by PPPoE added bytes, setting a lower MTU on the two Windows boxes may correct this problem?

Further update

I noticed that some mobile device failed the communication, other didn't fail. I analyzed the differences between two of these devices and noticed in the WWAN settings in Tools > Data configuration the the non working one had "Enable automatic configuration" not checked. I checked it and warm rebooted and the connection succeded. I unchecked it and the connection still succeded. This device never failed again.

Maybe I caught the problem? What does this setting affect at the communication level?

Andrea Colleoni

Posted 2012-02-27T14:57:20.587

Reputation: 173

How do you know communication fails because of fails due to IP checksum offload? Just because you see checksum errors in wireshark, doesn't mean that there is a failure. Are you sure the packet is 1514 bytes, or is the Ethernet Frame which the packet is encapsulated in 1514 bytes? – Zoredache – 2012-02-27T17:13:16.717

Thanks for the comment. I edited my question to fix some mistakes. – Andrea Colleoni – 2012-02-28T09:16:45.070

Answers

1

Is there a way to tell Apache to not use DF bit?

No, there is no way to do this, because Apache does not work at this level in the network stack. Apache makes standard system calls to the kernel.

My problem is that communication between the two fails due to IP checksum offload.

How do you know communication fails because of fails due to IP checksum offload? Just because you see checksum errors in wireshark, doesn't mean that there is a failure.

I noticed that Apache requests packets with the DF bit set to "don't fragment", but the packet size actually is 1514, (more than the MTU = 1500),

Are you sure the packet is 1514 bytes, or is the Ethernet Frame which the packet is encapsulated in 1514 bytes?

pinging with "-f -l 1514" switch it tells "Packet needs to be fragmented but DF set.".

As for your ping, if the MTU is 1500, then trying to ping with size of 1514 is not going to work.

Zoredache

Posted 2012-02-27T14:57:20.587

Reputation: 18 453

Thanks for the response and be patient for my lacks of knowledge on this issue. Your response was useful and clarified me some things, so I edited my question. – Andrea Colleoni – 2012-02-28T09:16:59.500

Asked: 2012-02-27T14:57:20.587

Viewed: 1 400 times

Active: 2012-02-29T16:31:43.087