[c-nsp] IPv4 fragmented packets on SUP720-3BXL

Łukasz Bromirski lukasz at bromirski.net
Wed Nov 11 18:29:04 EST 2009


On 2009-11-11 12:00, Thomas Habets wrote:
> On Tue, 10 Nov 2009, Gert Doering wrote:
>> No. Routers will never reassemble transit traffic.
>
> Never is a strong word. It seems "ip virtual-reassembly" do it. It looks
> like it at least reassembles them in memory and delays them before
> forwarding them (as fragments) from the debug and counters. On a virtual
> 7200:

Sure. But that functionality is not found on core routers, but
on border routers running CBAC/ZBFW or IPS functionalities, that need
a whole packet to do it's work on it.

As Gert noted, fragmented IP packet is forwarded in hardware
(or "normally") as long as it contains valid header information.

-- 
"Everything will be okay in the end. |                  Łukasz Bromirski
  If it's not okay, it's not the end. |       http://lukasz.bromirski.net


More information about the cisco-nsp mailing list