Fragmentation on Cisco router 800 series.

I’ve been monitoring a new site installation for a Client and noticed some fragmentation messages in the log…

#show log | i frag
Apr  2 10:23:57: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer0: the fragment table has reached its maximum threshold 16
Apr  2 14:36:50: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer0: the fragment table has reached its maximum threshold 16
Apr  2 22:45:35: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer0: the fragment table has reached its maximum threshold 16
Apr  2 22:46:40: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer0: the fragment table has reached its maximum threshold 16
Apr  3 07:08:49: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer0: the fragment table has reached its maximum threshold 16
Apr  3 08:58:25: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer0: the fragment table has reached its maximum threshold 16
Apr  3 08:59:01: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Dialer0: the fragment table has reached its maximum threshold 16

I reviewed the configuration whilst I could just up the buffer settings for max-reassemblies and max-fragmentation I thought I’d better try and find out why I was seeing these errors.

I ran a ping from a DOS window using the no fragment flag and set the buffer size to 1500

ping -f -l 1500 10.238.105.2

The output I received show the fragmentation occurring

C:UsersUser1>ping -f -l 1500 10.238.105.2

Pinging 10.238.105.2 with 1500 bytes of data:
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.

Ping statistics for 10.238.105.2:
Packets: Sent = 3, Received = 0, Lost = 3 (100% loss)

I re ran the ping tests reducing the buffer until I found the level that fragmentation stopped. This meant that the MTU needed to be reduced on both the Dialler interface and the VPN tunnels as they were set too high. Note: The Tunnel MTU sizes need to be lower than the Dialler MTU otherwise the packets won’t fit in the window!

So on both the VPN Tunnel and Dialler interfaces I set the mtu to the relevant sizes

FRICSC-RTR-01#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
FRICSC-RTR-01(config)#int Tu0
FRICSC-RTR-01(config-if)#ip mtu 1350
FRICSC-RTR-01(config-if)#int Tu1
FRICSC-RTR-01(config-if)#ip mtu 1350
FRICSC-RTR-01(config-if)#int Di0
FRICSC-RTR-01(config-if)#mtu 1370
FRICSC-RTR-01(config-if)#exit
FRICSC-RTR-01(config)#exit
FRICSC-RTR-01#wr
Building configuration…
[OK]

For safety and so I don’t get any more of the errors in the log I’ll also the increasing the size of the max-reassemblies and the max-fragments settings – this only needs setting on the Dialler and BVI interfaces.

FRICSC-RTR-01#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
FRICSC-RTR-01(config)#int BVI2
FRICSC-RTR-01(config-if)# ip virtual-reassembly
FRICSC-RTR-01(config-if)#int Di0
FRICSC-RTR-01(config-if)#ip virtual-reassembly max-reassemblies 512 max-fragments 64
FRICSC-RTR-01(config-if)#exit
FRICSC-RTR-01(config)#exit
FRICSC-RTR-01#wr
Building configuration…
[OK]

Now we can clear the log and monitor again to make sure we’ve cleared the errors.