Term
| Briefly describe the steps that trigger an IP packet to be fragmented. |
|
Definition
a. IP layer receives a datagram and determines exit interface.
b. IP layer compares datagram size with exit interface MTU.
c. IP layer performs fragmentation if necessary. |
|
|
Term
| Who can perform fragmentation in IPv4 and IPv6? |
|
Definition
a. IPv4 - the sender or any intermediate router.
b. IPv6 - sending host only. |
|
|
Term
| When is a fragmented datagram reassembled? |
|
Definition
| When it reaches the final destination. |
|
|
Term
| If the UDP port numbers are only contained within the first fragment of a UDP/IP packet, how will a FW process subsequent fragments? |
|
Definition
| They will be tracked using the Identification, Fragment Offset and More Fragments fields in the IPv4 header. |
|
|
Term
| Describe the IPv4 Fragment Offset field. |
|
Definition
| It defines the relative position of the first fragment payload byte, in the original IP datagram, in 8-byte units. The first fragment will always have a Fragment Offset of 0. |
|
|
Term
|
Definition
| The final fragment will be set to 0, all previous fragments will be set to 1. |
|
|
Term
| How can a receiving host calculate the size of the original IP datagram using only the final fragment? |
|
Definition
| Final fragment is identified by a MF setting of 0. The original datagram size is the sum of the Fragment Offset field (x8) and the IPv4 Total Length field, minus the IPv4 IHL. |
|
|
Term
| If a TCP/IPv4 fragment is lost, what must be retransmitted? |
|
Definition
| The whole TCP segment. Fragmentation may have occurred at an intermediate router, so the sending host would have no idea of the fragmentation details. |
|
|
Term
| Why might the UDP port info be missing when analyzing UDP/IPv4 packets in tcpdump? |
|
Definition
| This info would only be contained within the payload of the first fragment. |
|
|
Term
| What are the rules for carving up the IPv4 payload into fragments? |
|
Definition
| All fragment payloads must be in multiples of 8 bytes. This does not apply to the final fragment. |
|
|
Term
| Describe the reassembly timeout. |
|
Definition
a. usually 30s or 60s.
b. timer starts when a fragment is received and is not reset.
c. ICMP Time Exceeded message is sent if all fragments don't make it in time. |
|
|
Term
| Describe how IPv4 PMTUD will save the day if a 1600-byte UDP/IPv4 datagram with the DF bit set, encounters a remote link with a 1500-byte MTU. |
|
Definition
| The device connected to the link, will return an ICMPv4 PTB message. The IP layer on the sender will perform fragmentation independently, without the application knowing. |
|
|
Term
| How can the IP layer of a sending host, perform PMTUD faster? |
|
Definition
| It can often cache PMTUD info on a per-destination basis, this will timeout if unused. |
|
|
