R3303-HP HSR6800 Routers Layer 3 - IP Services Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6804 Router Chassis

131

132

133

134

135

136

137

138

139

140

126

• Fragment-flood attack—If the number of concurrent reassemblies or the number of fragments per

datagram exceeds the upper limits, the reassemblies or fragments are considered a fragment-flood

attack.

Configuration guidelines

• The IP virtual fragment reassembly feature only applies to incoming packets on an interface.

• The IP virtual fragment reassembly feature does not support load sharing. The fragments of an IP

datagram cannot arrive through different interfaces.

Configuration procedure

To configure IP virtual fragment reassembly:

Step Command Remarks

1. Enter system view.

system-view N/A

2. Enter interface view.

interface interface-type interface-number N/A

3. Enable IP virtual fragment

reassembly.

ip virtual-reassembly [ drop-fragments |

max-fragments number | max-reassemblies

number | timeout seconds ] *

By default, the feature is

disabled.

Configuration example

Network requirements

As shown in Figure 53, configure devices as follows:

• Router A connects to Host and Router B.

• NAT is enabled on GigabitEthernet 3/0/2 of Router A.

• Configure IP virtual fragment reassembly on GigabitEthernet 3/0/2 of Router A.

Figure 53 Network diagram

Configuration procedure

1. Configure the host:

# Configure a route so that the Host, Router A, and Router B can communicate with each other.

(Details not shown.)

2. Configure Router A:

# Configure NAT and IP virtual fragment reassembly.

<RouterA> system-view

[RouterA] nat static 10.1.1.1 11.2.2.3

[RouterA] interface gigabitethernet 3/0/2

Host

10.1.1.1/8

Router A

GE3/0/1

10.1.1.2/8

Router B

GE3/0/1

11.2.2.1/8

GE3/0/2

11.2.2.2/8