cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11494
Views
8
Helpful
11
Replies

what is meaning of DF-BIT in ping or DO-not-fragment

knaik99
Level 1
Level 1

When we send ping to destination with packet size like 1500 with df-bit /Do not fragment then whole 1500 packet goes to destination without fragment right?

what is use of DF-BIT or do not fragment?

is it used to put packet load of 1500 on link

please explain

11 Replies 11

Yes
Ping with DF set make the whole 1500 size ping send to destination
without DF set 
the ping can fragment in any hop in path to destination.

The original poster asks "what is use of DF-BIT or do not fragment?". Most of the time we do not care whether fragmentation is occurring. But there can be some circumstances where we want to avoid fragmentation. Using ping with DF bit is a helpful test to determine whether fragmentation is occurring on the path to that destination. So DF is a diagnostic tool.

HTH

Rick

Fragmentation means packets get divided right? Like 1500 would be sent as 1000 + 500 to destination?

and if we set df-bit then packet would be sent as whole i.e. 1500 till destination,Right?

"So DF is a diagnostic tool."

To clarify, I believe @Richard Burts means this in the context, of "Using ping with DF bit is a helpful test to determine whether fragmentation is occurring on the path to that destination.", i.e. in a broader context it just means we don't want such a marked packet fragmented.

"Most of the time we do not care whether fragmentation is occurring. But there can be some circumstances where we want to avoid fragmentation."

Laugh, possibly I'm in a minority (?) that usually very much cares about possible fragmentation, and wants to, generally, avoid it.

BTW, on many hosts, if PMTUD is NOT enabled, DF bit is NOT set, and for traffic going to destinations NOT on the connected network (where MTU is known), the Internet standard minimum packet size of 576 might be used (to avoid fragmentation).

I run lab, between R2 and R3 I config the mtu 1000 and keep other interface with it default MTU 1500. 
with df set the icmp is failed 
without df set the icmp success Screenshot (182).png

Fragmentation means packets get divided right? Like 1500 would be sent as 1000 + 500 to destination?

and if we set df-bit then packet would be sent as whole i.e. 1500 till destination,Right?

 

Yes correct 

"Fragmentation means packets get divided right? Like 1500 would be sent as 1000 + 500 to destination?"

If a transit link's MTU was 1000, and a 1500 byte packet wants to cross it, then yes, w/o DF set, a 1500 byte packet would be fragmented into 1000 + 500.

. . . to destination?"

Well, that depends. Perhaps there as another later link with a MTU of 400.  The 1000 + 500 would then be further fragmented to 400 + 400 + 200 + 400 + 100.  Then assuming no further fragmentation is need, the latter is what the destination will receive.

If, though, the 400 MTU was encountered before the 1000 MTU link (like going in the reverse direction), again starting with 1500, the initial fragmentation would be 400 + 400 + 400 + 300, which would not need fragmentation when it got to the 1000 MTU.  The latter is what the destination would receive.  (Do note how different MTU limits fragment "differently" depending on the sequence the lower MTUs are encountered.)

". . . and if we set df-bit then packet would be sent as whole i.e. 1500 till destination,Right?"

Yes, again, if fragmentation is NOT needed along the way.

BTW, if the link the sending host is connected to only support a MTU of 1000, the host would not (normally) send a 1500 byte packet, regardless of the DF setting, because, generally, we want to avoid fragmentation, which the sending host would need to do if it sends a 1500 byte packet onto its connected 1000 byte MTU media.

That said, I not 100% positive what a host would do if you try to send a packet larger than its NIC's MTU if you also want to have DF set.  I would assume, it would not send the packet at all.  The alternative would be to send the packet (fragmented) but w/o DF set.

Also BTW, I recall Cisco's ping, using its advanced options, let you send a ping packet up to 64K regardless of the connected media.

Joseph W. Doherty
Hall of Fame
Hall of Fame

"When we send ping to destination with packet size like 1500 with df-bit /Do not fragment then whole 1500 packet goes to destination without fragment right?"

Yes, correct, if the packet is not lost in transit for some other reason, including if it needs to be fragmented, but since the DF-bit is set, it will not be fragmented, it will be dropped.

"what is use of DF-BIT or do not fragment?"

Insures a transit hop, with a MTU too small to handle the packet, does not fragment the packet.  Instead, it drops (discards) the packet and sends an IGMP message back to the sending IP that the packet was too large.

"is it used to put packet load of 1500 on link"

Not quite sure what your intent is with this statement.  Whether you can place 1500 bytes size packets depends on the medium the packet is using and the NIC generating the underlying frames.

BTW, some media support packets larger than 1500.  (NB: 1500 is the max for "standard" Ethernet, but there are non-standard Ethernets that support much larger packets, often up to about 9K.)

KennethJohnson
Level 1
Level 1

Excellent explanation!

Some study material is a bit cryptic on this ping option.  They explain it is a diagnostic tool, and the results of using it, BUT NEVER explain what it actually does.

kudos and thanks!

"Some study material is a bit cryptic on this ping option."

More than some.

On most Cisco network devices, for example, enter ping, alone (may require enable mode), and look at all the prompts for additional settings, some of which, if selected, cause even more prompts for settings.

Or, somewhat related, you don't see much on using small-services, TCP's or UDP's, for diagnostic purposes; in fact, more likely to run across a recommendation to insure they are disabled (for increase security). 

Review Cisco Networking for a $25 gift card