IP Fragmentation - effects on network traffic
There are several reasons to avoid IP fragmentation in any network topology:
- If an IP packet has its Do not Fragment (DF) flag set, then any attempt at fragmentation will cause the packet to be dropped. Some applications set this flag to because they need to avoid fragmentation in order to function.
- Excessive fragmentation can affect CPU resources for routers, as well as hosts, since fragmentation needs processing power to ensure it is performed correctly. Both fragmentation and reassembly can tax CPU resources if it is excessive. This can be leveraged in an IP Fragmentation Attack.
- An increase in fragmentation can also affect throughput. Each fragment has its own IP header, so an increase in fragmentation means an increase in IP packets, which means an increase in headers and thus in total data being sent over the link. Also, if fragments are lost in transit, they have to be resent, further decreasing throughput. Typically, GRE tunnels already added overhead, by introducing fragmentation, you are further increasing this overhead.
- Fragmentation at layer 3 can cause a slow down in the segmentation taking place at layer 4, especially when is used as a transport layer protocol.
Links
https://networklessons.com/cisco/ccie-enterprise-infrastructure/pppoe-mtu-troubleshooting-cisco-ios
Links to this page:
- ASA - VTI VPN and MSS
- IP Fragmentation Attack
- MTU - Adjusting MTU to accommodate additional headers
- MTU - Benefits of large L2 MTU
- MTU - Path MTU Discovery (PMTUD)
- MTU - Understanding L2 MTU and Frame Handling in Network Switches
- Ping - extended feature
- Ping - sweep range of sizes
- UDP - Maximum Datagram Size