NAT and packet fragment

Unanswered Question
Jul 30th, 2007
User Badges:

Hello team!

I have one rare and strong problem with NAT. Some time NAT traffic dropped and end-hosts not received any packets. If timeout is long, than session destroyed but on the 7600 router (latest SRB1 IOS) NAT translation is active. If timeout not so long, than session not destroyed.

At the moment of packets drop we can see following debug:

Jul 27 09:40:45.862: NAT*: creating fragment 26277 17 -- 161 1065

Jul 27 09:40:45.862: NAT*: fo 185, looking for fragment 26277 17

Jul 27 09:40:45.862: NAT*: found fragment 26277 17 -- 161 1065

Jul 27 09:41:00.810: NAT: expiring fragment 26277 17

Have any body helpful info about this problem?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sbilgi Fri, 08/03/2007 - 05:47
User Badges:
  • Silver, 250 points or more

First of all I would like to say you please don?t send any sensitive information in post like public IP address etc..

When Fragment Packet and non-Fragment Packet come in NAT+CEF router. Fragment Packet need to pass thought the packet with process switch and non-Fragment Packet that can still use CEF to switching the packet as well. That is the reason why after come in non-Fragment packet will come over Fragment Packets after NAT translated.


This Discussion