On 7200VXR If i run the command show ip traffic | i frag, I am getting lot of the packets unfragmented.
1974197253 fragmented, 3921287034 fragments, 3170675 couldn't fragment
Can some one help me out why it is occuring.
This is could be due to the DF bit being set to 1. Below is a link that would help explaining the issue:
Hope this helps,
I would look at the fragmentation as the symptom of some underlying problem. Most modem OS's use Path MTU Discovery (PMTUD) to automatically find the largest supported packet size so they can avoid fragmentation. Some possible causes are a host with a very large MTU setting, hosts that have disable or do not support PMTUD, firewalls or ACL's that block ICMP (type 3 messages), or tunnel interface (IPSEC or GRE) that add overhead and take away from the amount of data an interface can transmit.
PMTUD relies on ICMP to communicate MTU info back to the originating host, so if you are blocking ICMP (type 3, code 4), that could be one cause.
Another cause, one that I have seen many times, is mainframes and other large system OS's that do not support PMTUD and have an MTU set on the interface that is very large. These machines send very large MTU packets into the network and rely on the network to break them up for delivery.
If PMTUD is broken and you have some IPSEC or tunnel links in the network, then those could be causing the fragmentation as the hosts do not know about the added overhead of the IPSEC or tunnel link.
I would suggest figuring out if its a host issue or network issue. The most common cause that I have seen is overly restrictive firewall rules blocking all ICMP. You can find these pretty fast from a workstation just by issuing a ping with the DF bit set and a size greater than 1500. For example, on a windows machine, use the following from CLI.
ping -f -l 2000 188.8.131.52
You will get one of three responses.
a reply, a timeout or an error message.
If icmp is working you should be an error "Packet needs to be fragmented but DF set." If you get a timeout, check your routers and firewalls to make sure ICMP is enabled at least for type 0,3, and 8 messages.
The other thing I would look at is a sniffer capture of the interface where the fragmentation is occurring. In the TCP 3-way handshake, the hosts use there local MTU to fill in the MSS field in the syn and syn/ack packets. If the value of that field is larger than 1460, than check the MTU of the hosts in your network. Cisco has a nice interface command to rewrite the value on the fly, ip tcp adjust-mss xxxx, but that only helps your tcp traffic.