[Date Prev][Date Next][Thread Prev][Thread Next][Thread Index]

Re: [fw1-gurus] Fragmentation question

Subject: Re: [fw1-gurus] Fragmentation question
From: "David Gillett" <gillettdavid@xxxxxxxx>
To: "'Adam Carter'" <Adam.Carter@xxxxxxxxxxxx>, <fw1-gurus@xxxxxxxxxxxxxxxxxx>
Date: Tue, 24 Mar 2009 09:07:06 -0700

Yes, that's correct.

Is it reasonable for someone to be sending you 64KB UDP packets? Is it reasonable for some link between that send and you to have an MTU of 410?

In general, I'd incline toward "No" as the answer to both, but you *might* have a situation where one or the other is reasonable. (I recommend PMTUD over fragmentation....)

I used to see a lot of 64KB ICMP packets fragmented -- they were always an attempt to DoS our bandwidth....

David Gillett

From: Adam Carter [mailto:Adam.Carter@xxxxxxxxxxxx]
Sent: Monday, March 23, 2009 6:28 PM
To: <fw1-gurus@xxxxxxxxxxxxxxxxxx>
Subject: [fw1-gurus] Fragmentation question

The console log from a Sun R55 box:

FW-1: Virtual defragmentation error: Large packet (xxx.22.98.29 -> xxx.18.7.14 proto 17 id 3976 len 410 offset 65120) - 175 fragments dropped during the last 60 seconds

So proto 17 = UDP, i assume len is the length of the current fragment in bytes, but what does offset mean? Is it bytes from the start of the unfragmented packet? If so, then has a 65K packet been broken up into 160 odd 410 length fragments?

_______________________________________________
fw1-gurus mailing list
fw1-gurus@xxxxxxxxxxxxxxxxxx
http://lists.phoneboy.com/listinfo.cgi/fw1-gurus-phoneboy.com

References:
- [fw1-gurus] Fragmentation question
  - From: Adam Carter

Prev by Date: [fw1-gurus] Fragmentation question
Next by Date: Re: [fw1-gurus] Static NAT limitations
Previous by thread: [fw1-gurus] Fragmentation question
Next by thread: Re: [fw1-gurus] Static NAT limitations
Index(es):
- Date
- Thread