[j-nsp] FBF and fragmented UDP packets
Rubens Kuhl Jr.
rubens at email.com
Thu Feb 26 22:46:59 EST 2004
What you are trying to do would require a state-aware view of the packet
flows, and a M-router is a stateless device (at least without service PICs).
One way I can think of would be forwarding all fragmented packets to an
external box, reassemble them and send them back to the router.
I'm curious why are you getting DNS UDP fragments; DNS traffic would usually
go TCP for packets that might need fragmentation.
Rubens
----- Original Message -----
From: <peter at devries.tv>
To: <juniper-nsp at puck.nether.net>
Sent: Friday, February 27, 2004 12:29 AM
Subject: [j-nsp] FBF and fragmented UDP packets
Kind of a tough problem here. We're strictly using FBF and static
routes (routing instances) to route packets through a M20 (M40 in
production) the issue that we have is that we need to send fragmented
UDP packets to the same routing instance as their initial packet, but
only fragmented UDP packets that are DNS without catching every other
fragmented UDP packet.
So far we're sending the first DNS UDP packet to the right routing
instance and if we put in
<snip>
from {
protocol UDP;
is-fragment;
}
<snip>
we can get all fragments to go to the routing instance. Obviously not
what we're looking for. So any suggestions out there? We're open to
anything that might do it and we can play with the specifics.
We're currently running JunOS 5.7R3.4.
Thanks,
Peter
More information about the juniper-nsp
mailing list