Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
560
Views
0
Helpful
7
Replies

How to diagnose C4507 fragmentation issue?

m1xed0s
Spotlight
Spotlight

‎05-06-2021 12:50 PM

I am trying to figure out an issue with Small packets (sub-200Byte) which caused firewall performance issue and so far I can only pin point to the 4507 LAN switch doing the fragmentation...Standard MTU1500 is in use though. 

 

From "show ip traffic" command of the 4507, I can see there are fragmentation happening but how would I be able to see which interface OR VLAN the fragmentation is for? Also what would be the default intervel for the statistics?

Screenshot 2021-05-06 164542.png

Labels:
0 Helpful
7 Replies 7

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎05-07-2021 05:00 AM

Hello,

the number of fragmented packets 2906 and the number of reassembled packets 1453 is low when compared to the total number of packets received (first line) 545127415

So fragmentation is not a serius issue in your network not on this catalyst C4507

 

Hope to help

Giuseppe

 

0 Helpful

m1xed0s
Spotlight
Spotlight
In response to Giuseppe Larosa

‎05-07-2021 05:21 AM - edited ‎05-07-2021 05:22 AM

Likely you are right...I reset the counter yesterday after I posted here and there has no frags so far...It was likely some historical data since last reboot...If it changed, will post back here for further advise.

 

But assuming it was indeed the switch performs fragmentation, how would I track down regarding which port(s) or VLANs the frags happenning?

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎05-07-2021 06:12 AM

Your 4507 should only fragment sending too large packets out a L3 interface.

Unsure your 4507 supports embedded packet capture, but perhaps the best or only way to identify the source of the fragmentation is to capture fragmented packets, note their source and destination IPs, and work backwards finding an MTU L3 hop size drop from source to destination.

BTW, I believe (?) the IP stats you've posed only apply to the 4507 as a host, i.e. its either the source or destination for those IP packet stats.

0 Helpful

m1xed0s
Spotlight
Spotlight
In response to Joseph W. Doherty

‎05-07-2021 06:48 AM

I could do capture but I would have to know which interface to capture as source…

 

I will double check doc but if the ip traffic only applies to the traffic initiated by or to the switch, then it won’t help on what I am trying to figure out…

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to m1xed0s

‎05-07-2021 07:17 AM

If the fragmentation is an issue for your FW, what about capturing traffic on the port to/from it?

0 Helpful

m1xed0s
Spotlight
Spotlight
In response to Joseph W. Doherty

‎05-07-2021 07:30 AM

From the captures I did, I saw no IP fragmenetation...But I do see small packets outbound fromo 4507 to firewall. Also the physical port connecting to switch is L2 and routing is done by the L3 SVI...

But when I did the capture on link from this 4507 to another switch, I saw small packets outbound from 4507 as well which makes me think the 4507 is the root cause.

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to m1xed0s

‎05-07-2021 01:51 PM

There's a difference between small packets and fragmented packets.  The latter can be small to large and the latter are marked as packet fragments.  So, you're unsure which you're dealing with?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card