[j-nsp] IP fragmented PIM Registers dropped

Phil Mayers p.mayers at imperial.ac.uk
Fri Sep 8 11:55:14 EDT 2006 

Steven Wong wrote:
> Hi Phil,
> 
>> I've also used a tap on the link facing the M7i to verify that both IP
> 
>> fragments are leaving the previous hop, so it does seem to be an issue
> 
>> at the juniper side. The "router protect" ACL on lo0 should not (does 
>> not seem to) be hitting the traffic.
> 
> Do you have the pkt decode for these two fragments ?

The tap which can see both says (with "tcpdump -v -v -v"):

16:45:50.644109 IP (tos 0x0, ttl 255, id 64377, offset 0, flags [+], 
length: 1500) 155.198.1.2 > 155.198.0.254: pim v2 Register  IP 
truncated-ip - 28 bytes missing! (tos 0x0, ttl   4, id 0, offset 0, 
flags [DF], length: 1500) 155.198.52.25.32801 > 239.255.52.25.5002: [|udp]

16:45:50.644129 IP (tos 0x0, ttl 255, id 64377, offset 1480, flags 
[none], length: 48) 155.198.1.2 > 155.198.0.254: pim

I can send them across as pcap if you like.

> 
> Also, what kinds of "fragment drop" you have seen ?
> 
>         0 fragments received
>         0 fragments dropped (dup or out of space)
>         0 fragments dropped (queue overflow)
>         0 fragments dropped after timeout
>         0 fragments dropped due to over limit
>         0 packets reassembled ok

10 seconds apart, I'm getting:

admin at ext-m7i-1> show system statistics ip | match frag
         33013109 fragments received
         306584 fragments dropped (dup or out of space)
         32646709 fragments dropped (queue overflow)
         43551 fragments dropped after timeout
         32646709 fragments dropped due to over limit
         0 output datagrams fragmented
         0 fragments created
         0 datagrams that can't be fragmented

admin at ext-m7i-1> show system statistics ip | match frag
         33013209 fragments received
         306593 fragments dropped (dup or out of space)
         32646799 fragments dropped (queue overflow)
         43551 fragments dropped after timeout
         32646799 fragments dropped due to over limit
         0 output datagrams fragmented
         0 fragments created
         0 datagrams that can't be fragmented

There is, obviously, quite a bit of other traffic hitting the box since 
it's a border router, including quite a bit of large SNMP, which 
accounts for the large absolute values of some of the above - but the 
two above were take when only PIM was hitting it, so the relative values 
of the above two reflect fragmented pim registers.

More information about the juniper-nsp mailing list