Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2453
Views
0
Helpful
16
Replies

Pre-fragmentation and Link fragmentation and Interleaving questions

rose_smile33
Level 1
Level 1

‎12-17-2009 04:31 AM

I'm going to study two features on security and network performance,  which are:

1- Pre-fragmentation (look ahead fragmentation)

2- Link fragmentation and Interleaving

I have some questions that need your help to answer the following:

> 1- Which cisco  series supports the two features?

> 2- Does Cisco 7206 IP router support any of these features?

> 3- How links and other devices which are not support pre-fragmentation would deal with the pre-fragmented IPsec  traffic?

> 4- Are there any difference between Cisco 7206 IP router and Cisco 7206 VXR?

> 5- I would going to simulate a network to study the above features. Could you have any support ( Ex:Disscus with you and experts the network model suggestions , features parameters and protocols' configurations, affects on performance and others)!

Labels:
0 Helpful
16 Replies 16

rose_smile33
Level 1
Level 1
In response to Laurent Aubert

‎01-28-2010 12:25 PM

Hi ;

"I'm completely lost with what you want to achieve. It makes no sense to me to want at the same time pre-fragmentation and PMTUD because the goal of PMTUD is to avoid fragmentation and save router resources !!!"

Laurent, Please refer to http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml

PMTU function doesn't mean to prevent fragmentation but just adjusting the MTU to avoid packet drop if fragmentation is in need; i know that the default setting for the DF is 1 when PMTU is enabled but you can clear the DF to allow fragment (like example 1 in the reference doc. at the above link)

" Actually the tunnel PMTUD will copy the DF bit of the inner packet to the GRE header so it may not be always 1."

Please refer to Senario 5 of the above reference: It mentions that PMTU is enabled and the DF bit is not copied when the IP packet is encapsulated by GRE.

Rose.

0 Helpful

Laurent Aubert
Cisco Employee
Cisco Employee
In response to rose_smile33

‎01-28-2010 01:33 PM

Hi,

I'm sorry but I disagree. PMTUD will compute the MTU with which no fragmentation will occur on the path between a source and a destination. Packets drop + ICMP too big packet are just the way to determine this MTU value.

From the link you found :

" PMTUD was developed to avoid fragmentation in the path between the endpoints. It is used to dynamically determine the lowest MTU along the path from a packet's source to its destination."

In Scenario 5, the DF bit of the original packet is set to 0 so there is no PMTUD for data packet.

Scenario 6 describes PMTUD for both data and GRE in action: " with the tunnel path-mtu-discovery command, and the DF bit is copied from the original IP header to the GRE IP header"

Thanks,

Laurent.

0 Helpful
Customers Also Viewed These Support Documents