Question on IP fragmentation

Question

I recently read this piece of information in a book which i want to understand more clearly with experts help from here.

"When a Packet gets fragmented all the fragmented packets gets same TTL Value.If they take different path through a network,they may end up with destination with varying TTL Values.When the first fragment arrives at the destination,however the destination host will begin counting down from the TTL Value of that packet in seconds.All the fragments must arrive before the timer expires or the fragment is considered "incomplete".

Can i assume that if the first fragment comes to end host with TTL value X and end host waits for X seconds before gathering all the Fragmented packets?

Can I safely assume that reassembly always happens at DIP(Destination IP in IP Header) or Is it at the default gateway router of End host?

Accepted Answer

1

What book is that and when was it published? This mechanism seems really outdated, but I might be wrong... I mean, lets consider a starting TTL of 255. It's pretty safe to assume that it will end up at the destination with nothing less than a TTL of 200, since the maximum hop distance across the internet is somewhere between 22 and 30 hops, so assuming 55 hops is really generous. That would mean that - according to your book - the receiver waits for 200 seconds in case a fragment doesn't arrive. 200 seconds are an eternity in modern networks, and if a host would really wait this long before dropping the partially received fragments it could be attacked in a very simple denial of service attack.

My guess is that modern stacks drop fragments based on a multiple of the RTT, not on TTL. I'd have to check this in a lab setup, though - I haven't found any specification yet.

answered 28 Jun '13, 07:36

Jasper ♦♦
23.8k●5●51●284
accept rate: 18%

Thanks Jasper.This was from Wireshark Network Analysis by Laura Chappell[2nd edition 2012 Publication]

(28 Jun '13, 08:04) krishnayeddula

Yep, just found it in that book, too. Not sure if it is correct thought; waiting that long would be very dangerous. I'll have to investigate further.

Also, to answer your questions I somehow skipped in the original answer: the reassembly is done on the receiving node, not a router in front of it. And as soon as all fragments are received the reassembled packet is passed up the stack; there is no sense in waiting for the TTL to expire until doing that, because it would mean artificial pauses that aren't necessary.

(28 Jun '13, 08:09) Jasper ♦♦

Hi Jasper if MTU is same between End Router and the host connected to it then what prevents the reassembly on Router itself rather than end host?(Pardon me if this sounds silly)

(28 Jun '13, 10:24) krishnayeddula

3

From RFC 1122

There MUST be a reassembly timeout.  The reassembly timeout
value SHOULD be a fixed value, not set from the remaining TTL.
It is recommended that the value lie between 60 seconds and 120
seconds.  If this timeout expires, the partially-reassembled
datagram MUST be discarded and an ICMP Time Exceeded message
sent to the source host (if fragment zero has been received).

I believe there was an earlier RFC that suggested to use the remaining TTL as a timeout value, but I was unable to find it.

(28 Jun '13, 13:31) Kurt Knochner ♦

1

what prevents the reassembly on Router itself

If a router would do reassembly for all nodes (connected to its network) it would have to reserve a huge buffer for the reassembly of the packets. That would certainly overload the router, so it's better to distribute that task and let the final node, the receiver, reassemble the packets.

Nevertheless, you can configure routers to do exactly that. So the real reason that prevents reassembly on the router itself is a matter of configuration.

(28 Jun '13, 13:44) Kurt Knochner ♦

Thanks for the answer Kurt.

(28 Jun '13, 14:12) krishnayeddula

showing 5 of 6 show 1 more comments