05-06-2021 12:50 PM
I am trying to figure out an issue with Small packets (sub-200Byte) which caused firewall performance issue and so far I can only pin point to the 4507 LAN switch doing the fragmentation...Standard MTU1500 is in use though.
From "show ip traffic" command of the 4507, I can see there are fragmentation happening but how would I be able to see which interface OR VLAN the fragmentation is for? Also what would be the default intervel for the statistics?
05-07-2021 05:00 AM
Hello,
the number of fragmented packets 2906 and the number of reassembled packets 1453 is low when compared to the total number of packets received (first line) 545127415
So fragmentation is not a serius issue in your network not on this catalyst C4507
Hope to help
Giuseppe
05-07-2021 05:21 AM - edited 05-07-2021 05:22 AM
Likely you are right...I reset the counter yesterday after I posted here and there has no frags so far...It was likely some historical data since last reboot...If it changed, will post back here for further advise.
But assuming it was indeed the switch performs fragmentation, how would I track down regarding which port(s) or VLANs the frags happenning?
05-07-2021 06:12 AM
Your 4507 should only fragment sending too large packets out a L3 interface.
Unsure your 4507 supports embedded packet capture, but perhaps the best or only way to identify the source of the fragmentation is to capture fragmented packets, note their source and destination IPs, and work backwards finding an MTU L3 hop size drop from source to destination.
BTW, I believe (?) the IP stats you've posed only apply to the 4507 as a host, i.e. its either the source or destination for those IP packet stats.
05-07-2021 06:48 AM
I could do capture but I would have to know which interface to capture as source…
I will double check doc but if the ip traffic only applies to the traffic initiated by or to the switch, then it won’t help on what I am trying to figure out…
05-07-2021 07:17 AM
If the fragmentation is an issue for your FW, what about capturing traffic on the port to/from it?
05-07-2021 07:30 AM
From the captures I did, I saw no IP fragmenetation...But I do see small packets outbound fromo 4507 to firewall. Also the physical port connecting to switch is L2 and routing is done by the L3 SVI...
But when I did the capture on link from this 4507 to another switch, I saw small packets outbound from 4507 as well which makes me think the 4507 is the root cause.
05-07-2021 01:51 PM
There's a difference between small packets and fragmented packets. The latter can be small to large and the latter are marked as packet fragments. So, you're unsure which you're dealing with?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide