cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3444
Views
0
Helpful
6
Replies

Purpose of ip virtual assembly

John Blakley
VIP Alumni
VIP Alumni

I've seen this enabled by default on routers, but when would you want to disable it?

Thanks,

John

HTH, John *** Please rate all useful posts ***
1 Accepted Solution

Accepted Solutions

Okay :-)

I don't have a list of all the features that use virtual reassembly but the 2 that spring to mind are firewalls and NAT.

Put simply it's to do with IP fragments (apologies if i'm telling you something you already know here). When you configure "ip virtual-reassembly" it tells the router that rather than forward the fragments on as it would normally it needs to reassemble the packet.

Obviously one of the primary uses of this is with firewalls. So if you have the IOS stateful firewall running then you would want this enabled. Also if you configure NAT under any interface ip virtual-assembly is automatically enabled as far as i know.

My understanding of it was that it was disabled by default and if a feature that needed it was turned on then it too would be automatically turned on.

Jon

View solution in original post

6 Replies 6

Jon Marshall
Hall of Fame
Hall of Fame

John

Do you mean "ip virtual-reassembly" ?

Jon

Yes. :)

HTH, John *** Please rate all useful posts ***

Okay :-)

I don't have a list of all the features that use virtual reassembly but the 2 that spring to mind are firewalls and NAT.

Put simply it's to do with IP fragments (apologies if i'm telling you something you already know here). When you configure "ip virtual-reassembly" it tells the router that rather than forward the fragments on as it would normally it needs to reassemble the packet.

Obviously one of the primary uses of this is with firewalls. So if you have the IOS stateful firewall running then you would want this enabled. Also if you configure NAT under any interface ip virtual-assembly is automatically enabled as far as i know.

My understanding of it was that it was disabled by default and if a feature that needed it was turned on then it too would be automatically turned on.

Jon

Thanks Jon. So, are you saying that the router will hold all packets that belongs to a session before forwarding to its destination in/out bound? It makes sense why it would be enabled for CBAC.

John

HTH, John *** Please rate all useful posts ***

John

"So, are you saying that the router will hold all packets that belongs to a session before forwarding to its destination in/out bound?"

Yes, altho that does raise an interesting point. My understanding is that it does reassemble the packet to check against firewall rules etc.. but that the actual fragments are what it forwards on ie. it only reassembles the packet for inspection, it doesn't actually reassemble it and then transmit the whole packet, hence the "virtual" bit.

Jon

Ah, well that makes even more sense :)

HTH, John *** Please rate all useful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: