[c-nsp] IPv4 fragmented packets on SUP720-3BXL
Gert Doering
gert at greenie.muc.de
Tue Nov 10 16:37:14 EST 2009
Hi,
On Tue, Nov 10, 2009 at 06:20:13PM -0200, Leonardo Gama Souza wrote:
> >There is nothing special about *forwarding* fragmented packets - unless
> >you have an ACL or anything else that wants to look at Layer 4 info.
>
> That would be Netflow or some QoS policy attached to the interface, for
> instance?
> I guess the router should reassembly the fragmented packets before
> applying any policing on the traffic arriving on the interface...
> Am I right?
No. Routers will never reassemble transit traffic.
(Some firewall devices do, so maybe the IOS firewalling feature set will
do funny things with fragments, but normal IOS will never ever reassemble
packets not destined to itself)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20091110/b42a541d/attachment.bin>
More information about the cisco-nsp
mailing list