Login
- Table of Contents
-
- 06-Network
- 01-Scanner
- 02-VRF
- 03-Interface
- 04-Interface pairs
- 05-Interface collaboration
- 06-Security zones
- 07-VLAN
- 08-MAC
- 09-DNS
- 10-ARP
- 11-ND
- 12-Forwarding advanced settings
- 13-ALG
- 14-GRE
- 15-IPsec
- 16-ADVPN
- 17-L2TP
- 18-SSL VPN
- 19-Routing table
- 20-Static routing
- 21-Policy-based routing
- 22-OSPF
- 23-BGP
- 24-IS-IS
- 25-RIP
- 26-IPv4 multicast routing
- 27-IPv6 multicast routing
- 28-PIM
- 29-IGMP
- 30-MLD
- 31-DHCP
- 32-HTTP
- 33-SSH
- 34-NTP
- 35-FTP
- 36-Telnet
- 37-MAC authentication
- 38-MAC address whitelist
- 39-MAC access silent MAC info
- 40-MAC access advanced settings
- 41-IP authentication
- 42-IPv4 whitelist
- 43-IPv6 whitelist
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 12-Forwarding advanced settings | 38.50 KB |
Forwarding advanced settings
Introduction
DF bit processing method
If the size of a packet to be forwarded exceeds the path MTU, the device must fragment it before forwarding it out. If the DF bit of this packet is set, the device does not forward the packet and a communication failure occurs. The device will only send an ICMP error message to the source host of the packet.
This feature allows the device to modify the DF bit setting of IP packets, so that the packets can be fragmented and forwarded.
The feature takes effect only on the IP packets to be forwarded and does not affect the DF bit setting of the locally generated packets.
Packet forwarding modes
|
|
Support for the packet distribution policy depends on the device model. |
· On a multi-CPU device, packets can be distributed among CPUs based on one of the following policies:
· Flow-based policy—Forwards packets of a flow to one CPU or multiple CPUs. This policy takes the first-in first-out rule. A data flow is defined by using the following criteria:
¡ One-tuple—Uses only one of the items for flow identification: source IP address, destination IP address, source port number, or destination port number.
¡ Three-tuple—Uses the combination of source IP address, destination IP address, and protocol number for flow identification.
¡ Five-tuple—Uses the combination of source IP address, source port number, destination IP address, destination port number, and protocol number for flow identification.
· Packet-based policy—Forwards packets in sequence to different CPUs, even though they are the same flow. This policy does not ensure packet order.
IPv4 virtual fragment reassembly
IPv4 virtual fragment reassembly (VFR) checks, reorders, and caches fragments upon fragment receiving to ensure that these fragments will be assembled in the correct order.
On an HA network, if an HA device does not receive all fragments of a datagram, it cannot reassemble the datagram and will discard the received fragments. To resolve this issue, you can enable this feature. Devices that do not receive the first fragment of a datagram forward the received fragments of this datagram to the device that receives the first fragment for VFR.
For the devices to permit the received fragments to pass, you can turn off the IPv4 VFR feature.
IPv6 virtual fragment reassembly
IPv6 VFR checks, reorders, and caches IPv6 fragments upon fragment receiving to ensure that these fragments will be assembled in the correct order.
On an HA network, if an HA device does not receive all IPv6 fragments of a datagram, it cannot reassemble the datagram and will discard the received fragments. To resolve this issue, you can enable this feature. Devices that do not receive the first fragment of a datagram forward the received fragments of this datagram to the device that receives the first fragment for VFR.
For the devices to permit the received IPv6 fragments to pass, you can turn off the IPv6 VFR feature.
