IP virtual reassembly

itdsmartnet · ‎11-17-2008

hi,

i have router on which nat is enabled and it gives error " gigabitethernet 0/0 the fragment table has reached its maximum threshold 16" what does it mean and what is the solution.

Thanks

royalblues · ‎11-17-2008

It means the router has ip virtual-reassembly enabled on the interface and has reached its maximum threshold limit.

when NAT is enabled on an interface, VFR is automatically enabled on that interface.A buffer overflow attack can occur when an attacker continuously sends a large number of incomplete IP fragments, causing the firewall(IOS Firewall) to lose time and memory while trying to reassemble the fake packets.

The max-reassemblies number option and the max-fragments number option allow you to configure maximum threshold values to avoid a buffer overflow attack and to control memory usage.

In addition to configuring the maximum threshold values, each IP datagram is associated with a managed timer. If the IP datagram does not receive all of the fragments within the specified time (which can be configured via the timeout seconds option), the timer will expire and the IP datagram (and all of its fragments) will be dropped.

Try configuring no ip virtual-reassembly under the interfaces and see whether the error goes off

HTH

Narayan

Jeffrey Jones · ‎02-25-2013

not seeing the error, but should ip virual-reassembly be off on interface that I am using for voice, that I have nat configured for my cisco cube to go to the SIP provider?