cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
368
Views
0
Helpful
7
Replies
m1xed0s
Contributor

How to diagnose C4507 fragmentation issue?

I am trying to figure out an issue with Small packets (sub-200Byte) which caused firewall performance issue and so far I can only pin point to the 4507 LAN switch doing the fragmentation...Standard MTU1500 is in use though. 

 

From "show ip traffic" command of the 4507, I can see there are fragmentation happening but how would I be able to see which interface OR VLAN the fragmentation is for? Also what would be the default intervel for the statistics?

Screenshot 2021-05-06 164542.png

7 REPLIES 7
Giuseppe Larosa
Hall of Fame Master

Hello,

the number of fragmented packets 2906 and the number of reassembled packets 1453 is low when compared to the total number of packets received (first line) 545127415

So fragmentation is not a serius issue in your network not on this catalyst C4507

 

Hope to help

Giuseppe

 

Likely you are right...I reset the counter yesterday after I posted here and there has no frags so far...It was likely some historical data since last reboot...If it changed, will post back here for further advise.

 

But assuming it was indeed the switch performs fragmentation, how would I track down regarding which port(s) or VLANs the frags happenning?

Joseph W. Doherty
Hall of Fame Expert

Your 4507 should only fragment sending too large packets out a L3 interface.

Unsure your 4507 supports embedded packet capture, but perhaps the best or only way to identify the source of the fragmentation is to capture fragmented packets, note their source and destination IPs, and work backwards finding an MTU L3 hop size drop from source to destination.

BTW, I believe (?) the IP stats you've posed only apply to the 4507 as a host, i.e. its either the source or destination for those IP packet stats.

I could do capture but I would have to know which interface to capture as source…

 

I will double check doc but if the ip traffic only applies to the traffic initiated by or to the switch, then it won’t help on what I am trying to figure out…

If the fragmentation is an issue for your FW, what about capturing traffic on the port to/from it?

From the captures I did, I saw no IP fragmenetation...But I do see small packets outbound fromo 4507 to firewall. Also the physical port connecting to switch is L2 and routing is done by the L3 SVI...

But when I did the capture on link from this 4507 to another switch, I saw small packets outbound from 4507 as well which makes me think the 4507 is the root cause.

There's a difference between small packets and fragmented packets.  The latter can be small to large and the latter are marked as packet fragments.  So, you're unsure which you're dealing with?