Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k

Purpose of ip virtual assembly

I've seen this enabled by default on routers, but when would you want to disable it?

Thanks,

John

HTH, John *** Please rate all useful posts ***
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Purpose of ip virtual assembly

Okay :-)

I don't have a list of all the features that use virtual reassembly but the 2 that spring to mind are firewalls and NAT.

Put simply it's to do with IP fragments (apologies if i'm telling you something you already know here). When you configure "ip virtual-reassembly" it tells the router that rather than forward the fragments on as it would normally it needs to reassemble the packet.

Obviously one of the primary uses of this is with firewalls. So if you have the IOS stateful firewall running then you would want this enabled. Also if you configure NAT under any interface ip virtual-assembly is automatically enabled as far as i know.

My understanding of it was that it was disabled by default and if a feature that needed it was turned on then it too would be automatically turned on.

Jon

6 REPLIES
Hall of Fame Super Blue

Re: Purpose of ip virtual assembly

John

Do you mean "ip virtual-reassembly" ?

Jon

Re: Purpose of ip virtual assembly

Yes. :)

HTH, John *** Please rate all useful posts ***
Hall of Fame Super Blue

Re: Purpose of ip virtual assembly

Okay :-)

I don't have a list of all the features that use virtual reassembly but the 2 that spring to mind are firewalls and NAT.

Put simply it's to do with IP fragments (apologies if i'm telling you something you already know here). When you configure "ip virtual-reassembly" it tells the router that rather than forward the fragments on as it would normally it needs to reassemble the packet.

Obviously one of the primary uses of this is with firewalls. So if you have the IOS stateful firewall running then you would want this enabled. Also if you configure NAT under any interface ip virtual-assembly is automatically enabled as far as i know.

My understanding of it was that it was disabled by default and if a feature that needed it was turned on then it too would be automatically turned on.

Jon

Re: Purpose of ip virtual assembly

Thanks Jon. So, are you saying that the router will hold all packets that belongs to a session before forwarding to its destination in/out bound? It makes sense why it would be enabled for CBAC.

John

HTH, John *** Please rate all useful posts ***
Hall of Fame Super Blue

Re: Purpose of ip virtual assembly

John

"So, are you saying that the router will hold all packets that belongs to a session before forwarding to its destination in/out bound?"

Yes, altho that does raise an interesting point. My understanding is that it does reassemble the packet to check against firewall rules etc.. but that the actual fragments are what it forwards on ie. it only reassembles the packet for inspection, it doesn't actually reassemble it and then transmit the whole packet, hence the "virtual" bit.

Jon

Re: Purpose of ip virtual assembly

Ah, well that makes even more sense :)

HTH, John *** Please rate all useful posts ***
2042
Views
0
Helpful
6
Replies
CreatePlease to create content