[Date Prev][Date Next][Thread Prev][Thread Next][Thread Index]
Re: [fw1-gurus] Fragmentation question
Yes, that's correct.
Is it reasonable for someone to be sending you 64KB
UDP packets? Is it reasonable for some link between that send and you to
have an MTU of 410?
In general, I'd incline toward "No" as the answer to
both, but you *might* have a situation where one or the other is
reasonable. (I recommend PMTUD over fragmentation....)
I used to see a lot of 64KB ICMP packets fragmented
-- they were always an attempt to DoS our bandwidth....
log from a Sun R55 box:
FW-1: Virtual defragmentation error: Large packet (xxx.22.98.29 -> xxx.18.7.14 proto 17 id 3976 len 410 offset
65120) - 175 fragments dropped during the last 60
So proto 17 = UDP,
i assume len is the length of the current fragment in bytes, but what does
offset mean? Is it bytes from the start of the unfragmented packet? If so,
then has a 65K packet been broken up into 160 odd 410 length
fw1-gurus mailing list