IP Traffic stats FRAG and No Port

p.mckay · ‎09-23-2005

Notice the following information while looking at the wan ip traffic

I was wondering how bad the couldn’t fragment count should be. There are GRE tunnels involved here and the count increased by 1800 over night. We have seen from the sniffs that some devices send the packet with the DF set and then renegotiate their packet sizes and every thing goes on it’s way. Just wondering what is bad and what is acceptable

Frags: 2983 reassembled, 112 timeouts, 0 couldn't reassemble

90019 fragmented, 561855 couldn't fragment

Also I noticed the counter under the UDP “no port” I can not find information to explain this.

UDP statistics:

Rcvd: 2785186 total, 0 checksum errors, 2047177 no port

Sent: 740277 total, 0 forwarded broadcasts

Harold Ritter · ‎09-23-2005

It is better to have a lot of "couldn't fragment" than a lot of "fragment". Fragmentation is usually not a good thing in a network. It causes overhead on the router having to fragment packets and the destination device having to reassemble them.

The "no port" under the UDP section is due to a UDP message with the destination address of the local being received but the UDP destination port doesn't exist.

It causes the router to send an ICMP destination port unreachable message to the source of the UDP packets unless "no ip unreachable" is configured on the ingress interface.

This counter would be incremented for instance if you do a traceroute to this router or if someone is doing a port scan.

Let me know if I answered your question,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

p.mckay · ‎09-23-2005

What's good bad and ugly is always a question thanks for the reply it helps get a prespective.