[j-nsp] ip fragmentation, different mtu sizes

Brent Sweeny sweeny at indiana.edu
Tue Dec 17 22:42:36 EST 2013

I believe it does show 'the expected ip fragmentation'. this is from a
cisco 2921:

tpr-oob#show ip traffic | in frag
         0 fragmented, 0 fragments, 0 couldn't fragment
tpr-oob#ping somehost size 1600

Type escape sequence to abort.
Sending 5, 1600-byte ICMP Echos to somehost, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/66/68 ms
tpr-oob#show ip traffic | in frag
         5 fragmented, 10 fragments, 0 couldn't fragment

I don't have a juniper quiet enough to isolate one test, but it is
seeing and counting fragments from a number of sources:
re1> show system statistics ip | match frag
         25525417 fragments received
         0 fragments dropped (dup or out of space)
         0 fragments dropped (queue overflow)
         2 fragments dropped after timeout
         0 fragments dropped due to over limit
         242206410 output datagrams fragmented
         0 fragments created
         7 datagrams that can't be fragmented

On 12/17/2013 10:15 PM, snort bsd wrote:
> thanks.
> it is not about setting df bits. i didn't set df bits when i sent
> extended icmp pings between two routers and i wasn't interested in that.
> there are a few posts clearly explained the differences between two
> vendors in terms of mtu calculations. that is not the point here.
> what i am trying to understand is about fragmentation. clearly with
> default media mtu (or ip mtu for that matter), if i send out l3 packets
> bigger than the protocol mtu (without seting up df bit), why didn't the
> expected ip fragmentations happen?
> On Tuesday, 17 December 2013 9:13 PM, Brent Sweeny <sweeny at indiana.edu>
> wrote:
> you're correct that they calculate sizes differently. Cisco uses the
> payload size including headers; Juniper just the data-payload size, so
> for example a 9000 byte layer3 packet for Cisco = 9000 - 20B IP header -
> 8B ICMP header=8972B for Juniper.
> you can get them to send unfragmented ICMP packets by turning on the
> no-fragment flag.  On JunOS, it's 'do-not-fragment'; in IOS, it depends
> a lot on the version but it's there.    HTH.
> brent sweeny, indiana university
> On 12/17/2013 8:03 PM, snort bsd wrote:
>> hi, all:
>> i have a genetic question regarding ip fragmentation. i have two
> routers; one is cisco and another is juniper. they connected back to
> back with default ethernet mtu (cisco 1522 and juniper 1518, of course
> with vlan on both ends). i understand that two vendors have different
> ways of calculating the overhead of headers.
>> when i send icmp pings, without specifying packets sizes (just default
> values) or specifying packet sizes smaller than the values (1472 on
> juniper side and 1500 on cisco side), everything is fine, but anything
> beyond thsoe two values on both ends, i got nothing.
>> i thought that, for ip mtu, anything bigger than ip mtu (or juniper
> term protocol mtu) would be fragmented into multiple packets.
>> did i miss something or my understanding isn't correct?
>> thanks!

More information about the juniper-nsp mailing list