the fragment keyword

From: Victor Cappuccio (cvictor@protokolgroup.com)
Date: Sat May 27 2006 - 22:50:58 ART

Next message: Scott Morris: "RE: OSPF authentication using rollover keys"
Previous message: CCIEin2006: "Bridging over a Serial Interface"
Next in thread: Petr Lapukhov: "Re: the fragment keyword"
Maybe reply: Petr Lapukhov: "Re: the fragment keyword"
Maybe reply: Victor Cappuccio: "RE: the fragment keyword"
Maybe reply: Petr Lapukhov: "Re: the fragment keyword"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello

Please sorry this dummy question but I wish to know if the router, when a
initial fragment goes though, if it creates a State Table kind of the
Originator / Flag and Flag Offset of the sender?

Assuming this configuration

access-list 101 deny ip any host X.X.X.1 fragments
access-list 101 permit tcp any host X.X.X.1 eq 25
access-list 101 deny ip any any

Ok Suppose the Initial Fragment (containing l4 information), has passed (2nd
Access-List), but how the router how's exactly when the following pkts are
from the same flow and sent to the same port number in L4 ?

I understand that in this new IOS Versions the fragment keyword in the ACL
would also force the IOS to check the second access-list for noninitial and
initial fragments, but is there something stored in memory to check for
Originator / Flag and Flag Offset?

What if a fragment of a big chuck comes out of order?

Is there anyway to see this?

Thanks
Victor.

Next message: Scott Morris: "RE: OSPF authentication using rollover keys"
Previous message: CCIEin2006: "Bridging over a Serial Interface"
Next in thread: Petr Lapukhov: "Re: the fragment keyword"
Maybe reply: Petr Lapukhov: "Re: the fragment keyword"
Maybe reply: Victor Cappuccio: "RE: the fragment keyword"
Maybe reply: Petr Lapukhov: "Re: the fragment keyword"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:22 ART