Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Fragmentation in IP  (Read 730 times)

Weaver

  • Kitizen
  • ****
  • Posts: 4004
  • Retd sw dev; A&A; 3 7km ADSL2; IPv6; Firebrick
Fragmentation in IP
« on: October 20, 2016, 04:41:01 AM »

Does anyone have experience of a setup where stuff was always being IP-fragmented? How bad was it, or did you get away with it?
Logged

aesmith

  • Reg Member
  • ***
  • Posts: 665
Re: Fragmentation in IP
« Reply #1 on: October 20, 2016, 07:44:14 PM »

We have issues on customer networks sometimes when MTU on the WAN is sub-1500.   Typically the issue is incorrect MSS negotiation, and the fix is an over-ride that can be applied in the router.   I've seen some odd symptoms, including for example being able to access the file system of a remote server perfectly, but RDP just showed a blank screen.

Also but unrelated we found  a Lync server sending jumbo frames with "don't fragment" set.
Logged

petef

  • Member
  • **
  • Posts: 57
Re: Fragmentation in IP
« Reply #2 on: October 21, 2016, 08:02:30 PM »

Many years ago I diagnosed a problem with NFS on my company intranet. There was occasional data corruption caused by packet loss which was not noticed by the software that reassembled the fragmented IP. The fix was to reduce the NFS block sizes so that fragmentation was avoided.
Logged

Weaver

  • Kitizen
  • ****
  • Posts: 4004
  • Retd sw dev; A&A; 3 7km ADSL2; IPv6; Firebrick
Re: Fragmentation in IP
« Reply #3 on: February 07, 2017, 03:24:31 PM »

Could I / we test this? Send some fragments to your favourite server, and arrange to receive some?

I could of course reduce my own MTU, but that might well simply cause things to adapt and reduce packet sizes anyway so I simply get unfragmented smaller packets as PMTUD does it's good thing.

And now I think of it, unfortunately I don't have the tools to inspect the results at the moment either as I'm confined to my main operations base these days.

I would be also very interested in how firewalls deal with this in general. (i) Anyone know anything? But (ii) also especially interested in the case where an initial fragment is suspiciously short, say if an L4 header is split across a fragment boundary, this might look like an attempt to evade security checks by obfuscation? (iii) Do firewalls buffer fragments in case ii then, waiting until they have enough contiguous data to get an entire L4 header to inspect it or however much of the packet they need depending on how deep their inspection is? (iv.) What happens if fragments arrive out of order at a firewall?

Makes you think there ought to be a standard test program for generating a set of test cases to check that firewalls, routers and hosts correctly handle fragments and we should be able to give various classes of boxen pass / fail stickers, or nice little stars and scores out of 100 for correct behaviour. (Following on from the success of the AcidX test for CSS capabilities and compliance in web rendering engines.)
Logged