Solved

Counter for amount of packets fragmented by router

Posted on 2014-03-30
4
649 Views
Last Modified: 2014-03-31
Hello experts. I am doing more research on packet fragmentation. I want to avoid my routers doing packet fragmentation themselves and leave it to hosts. In a test environment i have configured it as such that the router is responsible for fragmenting the packets to get over its outside link rated at 1400 MTU. The host doesn't know to fragment yet so it gets to router and is too large so it must fragment. I have verified i am up to this point by setting access lists with the fragments keyword. Inside interface of the router that must fragment shows 0 hits on the fragments ace. On the next hop router
the incoming fragments ACE does show fragments, indicating that the router is fragmenting,

My question is as follows: How do i determine how many packets the router has had to fragment itself? I would think this would be an option but don't see a way to view this. Already looked into:

1. show ip traffic: This does increment but it shows all fragments that have flowed through not how many the router had to generate.
2. show controllers fa0/1: This always stays at 0
0
Comment
Question by:Psy4HA
  • 2
4 Comments
 
LVL 44

Expert Comment

by:Darr247
ID: 39965485
If the router's outside interface must fragment anything over 1400, then it's likely fragmenting all but the last (i.e. partial) packet in a transmission, since the default for most hosts will be 1500 (assuming Jumbo packets aren't enabled on gigabit adapters)... or 1492 for PPPoE.

Try setting the MTU on the hosts' adapters to 1400 bytes and see how many fragments show up on the ACE, then.

Or, just run
ping www.google.com -f -l ####
where #### is the packet size in bytes, decrementing #### until you no longer get the 'Packet needs to be fragmented' message... that should verify how low you need to go to prevent fragmentation to google.com (use the specific domain.tld if you're trying to prevent fragmentation between specific locations).
0
 

Author Comment

by:Psy4HA
ID: 39965498
Thank you I agree. I am mainly looking for a counter to tell me how many fragments the router had to generate. I do realize there are ways to prevent router from fragmenting but wanted to see counters indicating the router is working on fragging. (Without having to set acls) am looking from a hardening perspective or ways to protect my router from fragmenting too much or to quickly see if I have performance fragmentation issues quickly on my network. If I set acls with fragments on outside interface of router it doesn't show fragments like the router fragments the packets after it checks with the acl so I have to check on my next hop router. I am not sure I am doing a good job of explaining
0
 
LVL 17

Accepted Solution

by:
TimotiSt earned 500 total points
ID: 39966292
Take a look at the IF-MIB of SNMP, counters like ipIfStatsReasmOKs should be of use, depending on your exact needs.
It'll depend on the router if it actually supports these MIBs.

I've checked a few snmp walks I have on hand of various devices (3Com and HP switches, UPS systems, etc):

3com-core.walk:RFC1213-MIB::ipReasmTimeout.0 = INTEGER: 30
3com-core.walk:RFC1213-MIB::ipReasmReqds.0 = Counter32: 0
3com-core.walk:RFC1213-MIB::ipReasmOKs.0 = Counter32: 0
3com-core.walk:RFC1213-MIB::ipReasmFails.0 = Counter32: 0
3com-core.walk:RFC1213-MIB::ipAdEntReasmMaxSize.192.168.0.22 = INTEGER: 65500
3com.walk:RFC1213-MIB::ipReasmTimeout.0 = INTEGER: 10
3com.walk:RFC1213-MIB::ipReasmReqds.0 = Counter32: 0
3com.walk:RFC1213-MIB::ipReasmOKs.0 = Counter32: 0
3com.walk:RFC1213-MIB::ipReasmFails.0 = Counter32: 0
3com.walk:RFC1213-MIB::ipAdEntReasmMaxSize.192.168.0.6 = INTEGER: 1500
hp.walk:RFC1213-MIB::ipReasmTimeout.0 = INTEGER: 60
hp.walk:RFC1213-MIB::ipReasmReqds.0 = Counter32: 0
hp.walk:RFC1213-MIB::ipReasmOKs.0 = Counter32: 0
hp.walk:RFC1213-MIB::ipReasmFails.0 = Counter32: 0
hp.walk:RFC1213-MIB::ipAdEntReasmMaxSize.127.0.0.1 = INTEGER: 65535
hp.walk:RFC1213-MIB::ipAdEntReasmMaxSize.192.168.0.2 = INTEGER: 65535
smc.walk:RFC1213-MIB::ipReasmTimeout.0 = INTEGER: 20
smc.walk:RFC1213-MIB::ipReasmReqds.0 = Counter32: 0
smc.walk:RFC1213-MIB::ipReasmOKs.0 = Counter32: 0
smc.walk:RFC1213-MIB::ipReasmFails.0 = Counter32: 0
smc.walk:RFC1213-MIB::ipAdEntReasmMaxSize.4294967232.168.0.3 = INTEGER: 1500
ups01.walk:RFC1213-MIB::ipReasmTimeout.0 = INTEGER: 30
ups01.walk:RFC1213-MIB::ipReasmReqds.0 = Counter32: 0
ups01.walk:RFC1213-MIB::ipReasmOKs.0 = Counter32: 0
ups01.walk:RFC1213-MIB::ipReasmFails.0 = Counter32: 0
ups01.walk:RFC1213-MIB::ipAdEntReasmMaxSize.0.0.0.0 = INTEGER: 65535
ups01.walk:RFC1213-MIB::ipAdEntReasmMaxSize.127.0.0.1 = INTEGER: 65535
ups01.walk:RFC1213-MIB::ipAdEntReasmMaxSize.192.168.0.26 = INTEGER: 65535
ups02.walk:RFC1213-MIB::ipReasmTimeout.0 = INTEGER: 30
ups02.walk:RFC1213-MIB::ipReasmReqds.0 = Counter32: 0
ups02.walk:RFC1213-MIB::ipReasmOKs.0 = Counter32: 0
ups02.walk:RFC1213-MIB::ipReasmFails.0 = Counter32: 0
ups02.walk:RFC1213-MIB::ipAdEntReasmMaxSize.0.0.0.0 = INTEGER: 65535
ups02.walk:RFC1213-MIB::ipAdEntReasmMaxSize.127.0.0.1 = INTEGER: 65535
ups02.walk:RFC1213-MIB::ipAdEntReasmMaxSize.192.168.0.27 = INTEGER: 65535
ups6k.walk:RFC1213-MIB::ipReasmTimeout.0 = INTEGER: 0
ups6k.walk:RFC1213-MIB::ipReasmReqds.0 = Counter32: 0
ups6k.walk:RFC1213-MIB::ipReasmOKs.0 = Counter32: 0
ups6k.walk:RFC1213-MIB::ipReasmFails.0 = Counter32: 0
ups6k.walk:RFC1213-MIB::ipAdEntReasmMaxSize.127.0.0.1 = INTEGER: 1500
ups6k.walk:RFC1213-MIB::ipAdEntReasmMaxSize.192.168.0.28 = INTEGER: 1500

Open in new window

0
 

Author Closing Comment

by:Psy4HA
ID: 39967373
Thank you sir! SNMP was the solution. There is a few objects around this i found:

ipSystemStatsOutFragOKs
ipSystemStatsOutFragCreates

They increment only when the router generates fragments not when hosts do (so not just a counter for frags passing through)

Thanks!
Cory Fulchiron
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now