It means the router has ip virtual-reassembly enabled on the interface and has reached its maximum threshold limit.
when NAT is enabled on an interface, VFR is automatically enabled on that interface.A buffer overflow attack can occur when an attacker continuously sends a large number of incomplete IP fragments, causing the firewall(IOS Firewall) to lose time and memory while trying to reassemble the fake packets.
The max-reassemblies number option and the max-fragments number option allow you to configure maximum threshold values to avoid a buffer overflow attack and to control memory usage.
In addition to configuring the maximum threshold values, each IP datagram is associated with a managed timer. If the IP datagram does not receive all of the fragments within the specified time (which can be configured via the timeout seconds option), the timer will expire and the IP datagram (and all of its fragments) will be dropped.
Try configuring no ip virtual-reassembly under the interfaces and see whether the error goes off
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...