[c-nsp] ip virtual-reassembly drop-fragments
Juergen Marenda
cnsp at marenda.net
Thu Jun 2 10:44:45 EDT 2016
Satish Patel wrote:
> is it safe to put on internap facing interface?
>
> ip virtual-reassembly drop-fragments
what's an "internap"?
s/ap/et/
Yes it is safe, but
"no ip virtual-reassembly"
is the best thing you can do, on every interface,
and look form time to time and after reloads weather it reappears.
"virtual-reassembly" should "reassembly" fragments (in a special, memory
conserving way)
So dropping fragments in that context must be an april's first joke.
Having too few resources,
the theoretically good idea behind "virtual-reassembly" does not work very
well (in practice)
esp. when it should be usefull.
Using the "no" form on every interface where it appears automagically
When you configure nat, crypto, ... did help us to solve many problems.
Juergen.
More information about the cisco-nsp
mailing list