Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Counter for amount of packets fragmented by router

Posted on 2014-03-30
Last Modified: 2014-03-31
Hello experts. I am doing more research on packet fragmentation. I want to avoid my routers doing packet fragmentation themselves and leave it to hosts. In a test environment i have configured it as such that the router is responsible for fragmenting the packets to get over its outside link rated at 1400 MTU. The host doesn't know to fragment yet so it gets to router and is too large so it must fragment. I have verified i am up to this point by setting access lists with the fragments keyword. Inside interface of the router that must fragment shows 0 hits on the fragments ace. On the next hop router
the incoming fragments ACE does show fragments, indicating that the router is fragmenting,

My question is as follows: How do i determine how many packets the router has had to fragment itself? I would think this would be an option but don't see a way to view this. Already looked into:

1. show ip traffic: This does increment but it shows all fragments that have flowed through not how many the router had to generate.
2. show controllers fa0/1: This always stays at 0
Question by:Psy4HA
  • 2
LVL 44

Expert Comment

ID: 39965485
If the router's outside interface must fragment anything over 1400, then it's likely fragmenting all but the last (i.e. partial) packet in a transmission, since the default for most hosts will be 1500 (assuming Jumbo packets aren't enabled on gigabit adapters)... or 1492 for PPPoE.

Try setting the MTU on the hosts' adapters to 1400 bytes and see how many fragments show up on the ACE, then.

Or, just run
ping www.google.com -f -l ####
where #### is the packet size in bytes, decrementing #### until you no longer get the 'Packet needs to be fragmented' message... that should verify how low you need to go to prevent fragmentation to google.com (use the specific domain.tld if you're trying to prevent fragmentation between specific locations).

Author Comment

ID: 39965498
Thank you I agree. I am mainly looking for a counter to tell me how many fragments the router had to generate. I do realize there are ways to prevent router from fragmenting but wanted to see counters indicating the router is working on fragging. (Without having to set acls) am looking from a hardening perspective or ways to protect my router from fragmenting too much or to quickly see if I have performance fragmentation issues quickly on my network. If I set acls with fragments on outside interface of router it doesn't show fragments like the router fragments the packets after it checks with the acl so I have to check on my next hop router. I am not sure I am doing a good job of explaining
LVL 17

Accepted Solution

TimotiSt earned 500 total points
ID: 39966292
Take a look at the IF-MIB of SNMP, counters like ipIfStatsReasmOKs should be of use, depending on your exact needs.
It'll depend on the router if it actually supports these MIBs.

I've checked a few snmp walks I have on hand of various devices (3Com and HP switches, UPS systems, etc):

3com-core.walk:RFC1213-MIB::ipReasmTimeout.0 = INTEGER: 30
3com-core.walk:RFC1213-MIB::ipReasmReqds.0 = Counter32: 0
3com-core.walk:RFC1213-MIB::ipReasmOKs.0 = Counter32: 0
3com-core.walk:RFC1213-MIB::ipReasmFails.0 = Counter32: 0
3com-core.walk:RFC1213-MIB::ipAdEntReasmMaxSize. = INTEGER: 65500
3com.walk:RFC1213-MIB::ipReasmTimeout.0 = INTEGER: 10
3com.walk:RFC1213-MIB::ipReasmReqds.0 = Counter32: 0
3com.walk:RFC1213-MIB::ipReasmOKs.0 = Counter32: 0
3com.walk:RFC1213-MIB::ipReasmFails.0 = Counter32: 0
3com.walk:RFC1213-MIB::ipAdEntReasmMaxSize. = INTEGER: 1500
hp.walk:RFC1213-MIB::ipReasmTimeout.0 = INTEGER: 60
hp.walk:RFC1213-MIB::ipReasmReqds.0 = Counter32: 0
hp.walk:RFC1213-MIB::ipReasmOKs.0 = Counter32: 0
hp.walk:RFC1213-MIB::ipReasmFails.0 = Counter32: 0
hp.walk:RFC1213-MIB::ipAdEntReasmMaxSize. = INTEGER: 65535
hp.walk:RFC1213-MIB::ipAdEntReasmMaxSize. = INTEGER: 65535
smc.walk:RFC1213-MIB::ipReasmTimeout.0 = INTEGER: 20
smc.walk:RFC1213-MIB::ipReasmReqds.0 = Counter32: 0
smc.walk:RFC1213-MIB::ipReasmOKs.0 = Counter32: 0
smc.walk:RFC1213-MIB::ipReasmFails.0 = Counter32: 0
smc.walk:RFC1213-MIB::ipAdEntReasmMaxSize.4294967232.168.0.3 = INTEGER: 1500
ups01.walk:RFC1213-MIB::ipReasmTimeout.0 = INTEGER: 30
ups01.walk:RFC1213-MIB::ipReasmReqds.0 = Counter32: 0
ups01.walk:RFC1213-MIB::ipReasmOKs.0 = Counter32: 0
ups01.walk:RFC1213-MIB::ipReasmFails.0 = Counter32: 0
ups01.walk:RFC1213-MIB::ipAdEntReasmMaxSize. = INTEGER: 65535
ups01.walk:RFC1213-MIB::ipAdEntReasmMaxSize. = INTEGER: 65535
ups01.walk:RFC1213-MIB::ipAdEntReasmMaxSize. = INTEGER: 65535
ups02.walk:RFC1213-MIB::ipReasmTimeout.0 = INTEGER: 30
ups02.walk:RFC1213-MIB::ipReasmReqds.0 = Counter32: 0
ups02.walk:RFC1213-MIB::ipReasmOKs.0 = Counter32: 0
ups02.walk:RFC1213-MIB::ipReasmFails.0 = Counter32: 0
ups02.walk:RFC1213-MIB::ipAdEntReasmMaxSize. = INTEGER: 65535
ups02.walk:RFC1213-MIB::ipAdEntReasmMaxSize. = INTEGER: 65535
ups02.walk:RFC1213-MIB::ipAdEntReasmMaxSize. = INTEGER: 65535
ups6k.walk:RFC1213-MIB::ipReasmTimeout.0 = INTEGER: 0
ups6k.walk:RFC1213-MIB::ipReasmReqds.0 = Counter32: 0
ups6k.walk:RFC1213-MIB::ipReasmOKs.0 = Counter32: 0
ups6k.walk:RFC1213-MIB::ipReasmFails.0 = Counter32: 0
ups6k.walk:RFC1213-MIB::ipAdEntReasmMaxSize. = INTEGER: 1500
ups6k.walk:RFC1213-MIB::ipAdEntReasmMaxSize. = INTEGER: 1500

Open in new window


Author Closing Comment

ID: 39967373
Thank you sir! SNMP was the solution. There is a few objects around this i found:


They increment only when the router generates fragments not when hosts do (so not just a counter for frags passing through)

Cory Fulchiron

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question