[c-nsp] [j-nsp] ip fragmentation, different mtu sizes

snort bsd snortbsd at yahoo.com.au
Tue Dec 17 22:15:22 EST 2013


thanks. 


it is not about setting df bits. i didn't set df bits when i sent extended icmp pings between two routers and i wasn't interested in that.

there are a few posts clearly explained the differences between two vendors in terms of mtu calculations. that is not the point here.

what i am trying to understand is about fragmentation. clearly with default media mtu (or ip mtu for that matter), if i send out l3 packets bigger than the protocol mtu (without seting up df bit), why didn't the expected ip fragmentations happen?





On Tuesday, 17 December 2013 9:13 PM, Brent Sweeny <sweeny at indiana.edu> wrote:
 
you're correct that they calculate sizes differently. Cisco uses the
payload size including headers; Juniper just the data-payload size, so
for example a 9000 byte layer3 packet for Cisco = 9000 - 20B IP header -
8B ICMP header=8972B for Juniper.
you can get them to send unfragmented ICMP packets by turning on the
no-fragment flag.  On JunOS, it's 'do-not-fragment'; in IOS, it depends
a lot on the version but it's there.    HTH.
brent sweeny, indiana university


On 12/17/2013 8:03 PM, snort bsd wrote:
> hi, all:
> 
> i have a genetic question regarding ip fragmentation. i have two routers; one is cisco and another is juniper. they connected back to back with default ethernet mtu (cisco 1522 and juniper 1518, of course with vlan on both ends). i understand that two vendors have different ways of calculating the overhead of headers.
> 
> 
> when i send icmp pings, without specifying packets sizes (just default values) or specifying packet sizes smaller than the values (1472 on juniper side and 1500 on cisco side), everything is fine, but anything beyond thsoe two values on both ends, i got nothing.
> 
> i thought that, for ip mtu, anything bigger than ip mtu (or juniper term protocol mtu) would be fragmented into multiple packets. 
> 
> did i miss something or my understanding isn't correct?
> 
> thanks!


More information about the cisco-nsp mailing list