Problem s VPN tunely - zrejme fragmentace

Dan Lukes dan at obluda.cz
Mon Nov 16 10:58:29 CET 2009


Zbyněk Burget wrote:
>>> ip:
>>>         2480402489 total packets received
>>>         10380325 output datagrams fragmented
>>>         39989831 fragments created
>>>         20 datagrams that can't be fragmented

> Mohl bych se zeptat, kde je hranice, kde je jeste mnozstvi fragmentace v 
> poradku a kde uz je to moc?

Na TCP by k fragmentaci dochazet v podstate nemelo. Dneska ma naprosta 
vetsina TCP komunikace nastaveny "Don't fragment" flag. Na UDP zalezi na 
typu provozu. Beznych 512B DNS paketu by se fragmentovat nemelo, ale 
vetsi pakety se fragmentovat mohou.

Neexistuje presna hranice. Muzu ti ale poslouzit cisly z nekterych svych 
siti (site s pomerne velkymi toky takze "total" citac se protaci a nelze 
ho brat vazne, uptime je pres 82 dnu):

ip:
         602409910 total packets received
         29 fragments received
         17 fragments dropped (dup or out of space)
         6 fragments dropped after timeout
         2 packets reassembled ok
         2 output datagrams fragmented
         6 fragments created

					Dan




More information about the Users-l mailing list