SRX Services Gateway
Highlighted
SRX Services Gateway

RT_FLOW: FLOW_REASSEMBLE_SUCCEED

[ Edited ]
‎07-30-2014 07:11 AM

Hi All,

 

I have a firewall sending a ton of T_FLOW: FLOW_REASSEMBLE_SUCCEED messages.  From what I can gather its from re-creating framented packets that were sent over an IPSEC VPN.

 

Is it possible view which traffic flows are getting framented.

 

I have the tcp-mss ipsec set to 1350 on both sides of the VPN.
 

 

Thanks

 

EDIT: Typo

2 REPLIES 2
Highlighted
SRX Services Gateway

Re: RT_FLOW: FLOW_REASSEMBLE_SUCCEED

‎08-01-2014 01:32 AM

There is no commands to show the fragmented sessions/packets, but we can try applying a firewal filter as below to capture/log the packets with more-fragment flag set.

 

 

root@SRX2A# show firewall
family inet {
    filter te {
        term 1 {
            from {
                fragment-flags < (in symbolic or hex formats) - (Ingress only)> ;
            }
            then {
                log;
                accept;
            }
        }
        term 2 {
            then accept;
        }
    }
}

 

 

Thanks,

Suraj

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too

 

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
Highlighted
SRX Services Gateway

Re: RT_FLOW: FLOW_REASSEMBLE_SUCCEED

‎08-01-2014 04:58 AM

Hello ttl,

The issue is, if you are interested in seeing the actual packet that is being fragmented it is tough to capture it.

I have seen some times that when you test by setting mss 1350 under ipsec-vpn under flow. It only affects device behind the device not devices from peer end.

Instead you can set mss to 1350 under all tcp like :

set security flow tcp-mss all-tcp mss 1350.

test this and seeif you are still seeing drops.

Regards,

c_r

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too