fragmentation

bem336 · ‎05-14-2012

Hi all, i get below result when i do sniffing. from what i read, frag caused by MTU size but which device caused this? is it fortigate itself, switch or server? do we need to standardize mtu size for mentioned devices? this problem cost me intermittent snmp but show no timed out when pinging. 52.594763 X.X.X.X.161 -> X.X.X.X.64243: udp 8270 (frag 60968:1480@0+) 52.594768 X.X.X.X -> X.X.X.X: ip-proto-17 (frag 60968:1480@1480+) 52.594786 X.X.X.X -> X.X.X.X: ip-proto-17 (frag 60968:1480@2960+) 52.594800 X.X.X.X -> X.X.X.X: ip-proto-17 (frag 60968:1480@4440+) 52.594803 X.X.X.X -> X.X.X.X: ip-proto-17 (frag 60968:880@5920+) 52.594820 X.X.X.X -> X.X.X.X: ip-proto-17 (frag 60968:1478@6800) 52.594832 X.X.X.X.161 -> X.X.X.X.64243: udp 8270 (frag 60968:1480@0+) 52.594834 X.X.X.X.161 -> X.X.X.X.64243: udp 8270 (frag 60968:1480@0+) 52.594836 X.X.X.X -> X.X.X.X: ip-proto-17 (frag 60968:1480@1480+) 52.594838 X.X.X.X -> X.X.X.X: ip-proto-17 (frag 60968:1480@1480+) 52.594840 X.X.X.X -> X.X.X.X: ip-proto-17 (frag 60968:1480@2960+) 52.594841 X.X.X.X -> X.X.X.X: ip-proto-17 (frag 60968:1480@2960+) 52.594843 X.X.X.X -> X.X.X.X: ip-proto-17 (frag 60968:1480@4440+) 52.594845 X.X.X.X -> X.X.X.X: ip-proto-17 (frag 60968:1480@4440+) 52.594846 X.X.X.X -> X.X.X.X: ip-proto-17 (frag 60968:1480@5920+) 52.594848 X.X.X.X -> X.X.X.X: ip-proto-17 (frag 60968:1480@5920+) 52.594850 X.X.X.X -> X.X.X.X: ip-proto-17 (frag 60968:878@7400) 52.594851 X.X.X.X -> X.X.X.X: ip-proto-17 (frag 60968:878@7400)

emnoc · ‎05-14-2012

Will looking at it, the device ( SNMP enable host ) is sending packets that are huge. I don' t see this being a problem, since ip-fragmentation is being handle correct by the device. So maybe look at options to reduce the SNMP packet size.

PCNSE

NSE

StrongSwan

bem336 · ‎05-20-2012

is there something i can do on the firewall itself?

fragmentation

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website