Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1738
Views
0
Helpful
3
Replies

Cisco VCS products setting up the DF flag in IP packets on outbound

mguguvcevski
Level 1
Level 1

‎08-01-2013 11:24 AM - edited ‎03-18-2019 01:33 AM

Hello experts,

After capturing VSC Control and Expressway packets with Wireshark, I realized that the DF bit is set for each media RTP packet flowing outbound from the devices, if and when they are used as MTP for the streams.

Is there a way to turn this feature off ?

Before someone answers that there is an implementation of the PMTUD RFC on the boxes, I am fully aware of it, but it does not help in may case.

Thank you.

1 person had this problem
Labels:
0 Helpful
3 Replies 3

ahmashar
Level 4
Level 4

‎08-05-2013 12:58 PM

Hi,

Have you seen this:

With the release of X7 code for the Telepresence Video Communications  Server (VCS), RFC 4821 is supported.  When enabled, this allows the VCS  to be able to respond to  ICMP type 3, code 4 (Destination unreachable,  fragmentation needed, DF  flag is set) messages.  The VCS will then  readjust the frame size of the packet and retransmit.  Below is a brief  description on how to enable and disable this feature on the VCS:

The VCS X7 software now supports RFC4821:

IP RFC4821 Mode:

Determines when RFC4821 Packetization Layer Path MTU Discovery is used by the VCS network interface.

Enabled: Packetization layer MTU probing is always performed.

Auto: Disabled by default, enabled when an ICMP black hole is detected.

Disabled: Packetization layer MTU probing is not performed.

Default: Disabled

Example: xConfiguration IP RFC4821 Mode: Enabled

This  feature is useful if you have a situation where fragmentation is  occuring across a link or there is a potential for consistent congestion  on the link.

https://supportforums.cisco.com/docs/DOC-23594

0 Helpful

mguguvcevski
Level 1
Level 1
In response to ahmashar

‎08-05-2013 11:39 PM

Hi Ahmad,

Yes, as I mentioned in my previous post I am fully aware of this functionality, the only problem being that it must be enabled on every router hop in the network, and SPs very rarely or almost never enable it, or rely on PMTUD.

So I am wondering what the rationale was behind setting the DF bit in the IP packets, even for UDP traffic.

The thing I am missing is the possibility to turn the DF bit set to off, or adjust the MTU manually for all these frames.

Thanks,

Mihail

0 Helpful

ahmashar
Level 4
Level 4
In response to mguguvcevski

‎08-06-2013 12:36 AM

Hi Mihail,

RFC4821 provide mechanism to detect unreachable UDP port, for if there is link congestion.

It uses ICMP Type 3 code 3 -Destination not reachable when a UDP port is blocked.

If  there is congestion on link, far-end or intermediate devices does not  support the MTU as present value, it will send ICMP type 3 code 4  fragmentation needed.

If  DF bit (Don't Fragment bit) is set in IP header flag, it will be  informed as well.It does not pose any security threat from what I know  and it will not affect the normal communication of the VCS.

regards, Ahmad

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents