Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1674
Views
0
Helpful
1
Replies

ISR 4431 out or order Fragmented Packets

jeffreywatson
Level 1
Level 1

‎03-29-2018 08:34 AM - edited ‎03-01-2019 03:23 PM

Does an ISR 4431 router handle UDP fragmented packets differently than other packets ?

 

We are flowing UDP data over our routers which is a mix of fragmented packets and non- fragments received from an upstream tunnel.  The application puts a sequence counter in the data field.

I am finding out of order UDP frames exiting my ISR 4431 router.   The frames that are out of order are always the fragments delayed by one frame.  

 

Is that my router delaying the fragments because they are processed differently ?

 

I have the same issue with our checkpoint firewalls, where the fragmented packets were not getting hardware accelerated.  So I am trying to find out if our routers and doing something similar.

 

thank you in advance

 

Labels:
0 Helpful
1 Reply 1

xthuijs
Cisco Employee
Cisco Employee

‎04-06-2018 07:09 AM

hi!

note this is the XROS and platforms forum and we may not have all the knowledge about ISR/XE, but I can get you porbably started in the right direction.

 

the ISR443 is built with dual CPU and multicore. some of the cores are handing control plane and some of the cores handle the data plane forwarding.

since this is effectively parallel software forwaridng that means that a packet requiring more service will automatically take longer.

sequencing is normally maintained, but it can happen that one packet being done faster is getting sent faster also this in order to maintain proper forwarding power so that one clogging core taking more time to process doesnt stall the pipeline for others that can be done quicker.

so I can understand this situation you are seeing.

espeically considering you mention "tunnl".

if the frag is on the outer the tun dest needs to reassemble and reassembly in any forwarding especially with multi packet processing is a disaster! eg second frag can come in on different core!

so pak has to be placed on a public palce for all to grab to reassemble.

the inner frag is reassembled by the host obviously.

in general it is always best to prevent frag as much as possible because of all the stipulations that it comes with take loadbalancing for example: with a frag packet I cant hash on the L3/L4, so I need to inspect the L3 header for frag offset or MF to exclude or update hash from L4 info since non zero frags dont have an l4 header... some implementations dont perceive that and can cause different LB decissions for the first frag and subsequent ones...

some other implementations dont reassemble in the fast path or frag in thr fastpath and that can also cause processing delays or features not getting applied.

xander

0 Helpful
Customers Also Viewed These Support Documents