Dealing with fragments


Dealing with fragments
Tom Lancaster

Most network professionals are familiar with fragmenting packets. In many cases, this is necessitated by changes in the Maximum Transmission Unit or MTU size of layer 2 protocols, as a packet passes across different networks. For instance, Ethernet's MTU is 1518 Bytes and Token Ring's MTU is commonly set to 4096, so a big frame originated from a Token Ring network couldn't be passed whole across an Ethernet segment.

In the good old days, when all we had to worry about was file and print sharing, the larger MTU yielded more efficiency and greater performance. However, it's commonly understood that when VoIP or other time-sensitive traffic is in use, these packets can get stuck behind a big packet in the queues on routers and switches and cause enough jitter to be noticeable to people using the phones.

So fragmentation busts these large packets into several smaller ones and IP tracks these fragments by using several fields in the IP header, so that the destination host can reassemble the fragments. However, IP leaves out some very important info when it does this. Namely, only the first packet in a series of fragmented packets will contain the layer 4 and higher protocol information. (Note that IP fragmentation is very different from Frame-Relay fragmentation and interleaving.)

This is a common issue in security circles because firewalls and similar devices have problems

    Requires Free Membership to View

identifying fragments and taking the appropriate actions. But it's also a problem for network engineers using VoIP for a similar reason: when you assign QoS info based on information like the UDP or TCP port, you will usually only set the first fragment and miss all the rest of the fragments.

Fortunately, VoIP packets are usually small and rarely (never) fragmented, but many people choose to lower the priority of other traffic, rather than raising the priority of voice traffic. If you're using a scheme like this to prioritize your traffic, keep in mind how fragments will affect your scheme. In any case, setting the first fragment to a different priority than the rest of the fragments is likely to result in out-of-order fragments and potentially, some retransmissions.

You can use access-lists to permit or deny packets using the "fragments" keyword, with a statement like:

access-list 101 deny ip any any fragments

Although different networks have different requirements, you can use this command to deny any fragmented packets from being forwarded on a given interface, or you can use it when you are prioritizing your traffic.

Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.

This was first published in January 2002

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.