F3215-HP Load Balancing Module Security Command Reference-6PW101

238

max-fragments number: Specifies the maximum number of fragments per reassembly. The value range

is 1 to 255, and the default is 16.

max-reassemblies number: Specifies the maximum number of concurrent reassemblies. The value range

is 1 to 1024, and the default is 64.

timeout seconds: Specifies the timeout interval of a reassembly, in the range of 1 to 64 seconds. The

default value is 3 seconds.

Usage guidelines

When the maximum number of concurrent reassemblies is reached, the device discards all subsequent

fragments (not including fragments that belong to assemblies established before the number is reached)

and sends a syslog message. When the maximum number of fragments per reassembly is reached, the

device discards all fragments of the reassembly and sends a syslog. When the fragments of a datagram

(in a reassembly) are not reassembled within the timeout interval, all the fragments of the reassembly are

discarded.

If the drop-fragments keyword is specified along with any combination of the keywords max-fragments,

max-reassemblies, and timeout, the drop-fragment keyword overrides the others and the device drops

all incoming fragments.

Examples

# Enable the IP virtual fragment reassembly feature on security zone Trust.

<Sysname> system-view

[Sysname] zone name trust

[Sysname-zone-trust] ip virtual-reassembly