[Date Prev][Date Next][Thread Prev][Thread Next][Thread Index]

Re: [fw1-gurus] Fragmentation question

  Yes, that's correct. 
  Is it reasonable for someone to be sending you 64KB UDP packets?  Is it reasonable for some link between that send and you to have an MTU of 410?
  In general, I'd incline toward "No" as the answer to both, but you *might* have a situation where one or the other is reasonable.  (I recommend PMTUD over fragmentation....)
  I used to see a lot of 64KB ICMP packets fragmented -- they were always an attempt to DoS our bandwidth....
David Gillett

From: Adam Carter [mailto:[email protected]]
Sent: Monday, March 23, 2009 6:28 PM
To: <[email protected]>
Subject: [fw1-gurus] Fragmentation question

The console log from a Sun R55 box:
FW-1: Virtual defragmentation error: Large packet (xxx.22.98.29 -> xxx.18.7.14 proto 17 id 3976 len 410 offset 65120) - 175 fragments dropped during the last 60 seconds
So proto 17 = UDP, i assume len is the length of the current fragment in bytes, but what does offset mean? Is it bytes from the start of the unfragmented packet? If so, then has a 65K packet been broken up into 160 odd 410 length fragments?
fw1-gurus mailing list
[email protected]