09-23-2005 08:49 AM - edited 03-03-2019 10:34 AM
Notice the following information while looking at the wan ip traffic
I was wondering how bad the couldnt fragment count should be. There are GRE tunnels involved here and the count increased by 1800 over night. We have seen from the sniffs that some devices send the packet with the DF set and then renegotiate their packet sizes and every thing goes on its way. Just wondering what is bad and what is acceptable
Frags: 2983 reassembled, 112 timeouts, 0 couldn't reassemble
90019 fragmented, 561855 couldn't fragment
Also I noticed the counter under the UDP no port I can not find information to explain this.
UDP statistics:
Rcvd: 2785186 total, 0 checksum errors, 2047177 no port
Sent: 740277 total, 0 forwarded broadcasts
09-23-2005 10:27 AM
It is better to have a lot of "couldn't fragment" than a lot of "fragment". Fragmentation is usually not a good thing in a network. It causes overhead on the router having to fragment packets and the destination device having to reassemble them.
The "no port" under the UDP section is due to a UDP message with the destination address of the local being received but the UDP destination port doesn't exist.
It causes the router to send an ICMP destination port unreachable message to the source of the UDP packets unless "no ip unreachable" is configured on the ingress interface.
This counter would be incremented for instance if you do a traceroute to this router or if someone is doing a port scan.
Let me know if I answered your question,
09-23-2005 10:53 AM
What's good bad and ugly is always a question thanks for the reply it helps get a prespective.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide