Fragmentation =================== .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is IPv4 Fragmentation?** IPv4 Fragmentation is the process of breaking a large IP packet into smaller pieces (fragments) so it can pass through networks with smaller Maximum Transmission Units (MTUs). Each fragment is sent separately and reassembled at the destination. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is IPv4 Fragmentation useful?** It's useful when packets exceed the MTU of a network segment. Without fragmentation, oversized packets would be dropped. Fragmentation ensures that large packets can still traverse networks with varying MTU sizes. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How does IPv4 Fragmentation work?** A router or sending host splits the packet into fragments. Each fragment has its own IPv4 header, including fields like Identification, Fragment Offset, and More Fragments (MF) flag. The receiver uses these fields to reassemble the original packet. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is IPv4 Fragmentation used?** Fragmentation is used whenever a packet's size exceeds the MTU of a link. This may happen in WAN connections, older networks, or tunnels. It's handled by routers or sending hosts, depending on the configuration. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which OSI layer does IPv4 Fragmentation belong to?** IPv4 Fragmentation is a function of the **Network Layer (Layer 3)**. It operates as part of the IP protocol, enabling reliable delivery of data across different types of networks. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is IPv4 Fragmentation Windows specific?** No, IPv4 Fragmentation is part of the core IP protocol and is supported on all major operating systems, including Windows. Fragmentation can be influenced by system settings but is not platform-specific. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is IPv4 Fragmentation Linux specific?** No. Linux supports IPv4 Fragmentation like any OS with a networking stack. Linux also provides tools to observe or manipulate fragmentation behavior (e.g., `ping -M do`, `ip`, `iptables`). .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Transport Protocol is used by IPv4 Fragmentation?** IPv4 Fragmentation is transport-independent. It fragments any IP packet, regardless of whether it carries TCP, UDP, ICMP, or other Layer 4 protocols. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Port is used by IPv4 Fragmentation?** Fragmentation occurs at the network layer and does not involve ports. Port numbers belong to the transport layer (TCP/UDP), and fragmentation occurs before port-specific data is processed. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is IPv4 Fragmentation using client-server model?** No. Fragmentation is independent of application architecture. It may occur in client-server, peer-to-peer, or any IP-based communication where packet size exceeds the path MTU. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What happens when an IPv4 packet is too large to transmit?** When an IPv4 packet exceeds the Maximum Transmission Unit (MTU) of a network link, it is fragmented into smaller packets. These smaller packets are then transmitted separately and reassembled at the destination. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the Maximum Transmission Unit (MTU)?** MTU refers to the largest size of a packet that can be transmitted over a particular network without being fragmented. Different network types and devices may have different MTU sizes. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the "More Fragments" (MF) flag in IPv4 Fragmentation?** The "More Fragments" (MF) flag is a bit in the IPv4 header that indicates whether a packet is fragmented. If set, it means that more fragments follow; if not set, it means this is the last fragment. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the role of the Identification field in IPv4 Fragmentation?** The Identification field is used to uniquely identify fragments belonging to the same original packet. This helps the destination system to reassemble the fragments correctly. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How does the Fragment Offset field work in IPv4 Fragmentation?** The Fragment Offset field in the IPv4 header tells the receiving system where to place the fragment in the reassembled packet. It specifies the position of the fragment in the original packet. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the role of the TTL (Time to Live) in IPv4 Fragmentation?** The TTL field in an IPv4 packet helps prevent the packet from looping indefinitely if there is a routing error. It is decremented by each router, and if it reaches zero, the packet is discarded. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What happens if an IPv4 fragment is lost?** If any fragment of an IPv4 packet is lost during transmission, the entire packet must be retransmitted, because the receiver cannot reassemble it without all fragments. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Can IPv4 fragmentation occur on all network types?** No, some networks like Ethernet typically handle fragmentation, but others, such as PPPoE, may not allow fragmentation. If a packet is too large for such networks, it may be dropped. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the MTU size of Ethernet?** The standard MTU for Ethernet is 1500 bytes, which means any IP packet larger than 1500 bytes will require fragmentation to pass through Ethernet networks. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the impact of fragmentation on network performance?** Fragmentation can reduce network performance because it adds overhead. Every fragmented packet requires additional headers, and fragmented packets may encounter more routing delays and packet loss. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How can IPv4 fragmentation affect applications?** Fragmentation can cause performance issues in applications that depend on low latency or high throughput, as it increases overhead and the likelihood of packet reordering or loss. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does IPv4 fragmentation impact security?** Yes, fragmentation can impact security by allowing attackers to bypass network security measures like firewalls and intrusion detection systems. This is because fragments might evade inspection, making packet analysis harder. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What happens when an IPv4 packet is fragmented beyond the network's MTU?** If a packet exceeds the network's MTU and cannot be fragmented, it will be dropped. The sender will typically receive an ICMP "Fragmentation Needed" message so it can resend the packet with a smaller size. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is Path MTU Discovery (PMTUD)?** Path MTU Discovery is a technique used to determine the MTU of the entire path between the source and destination. This prevents fragmentation by ensuring packets are sent at the correct size to avoid exceeding MTU limits. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is an IPv4 Fragment Reassembly Time?** The Fragment Reassembly Time refers to the time allowed for fragments to be reassembled. If the fragments are not reassembled within the allowed time, the original packet is discarded. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Can an IPv4 packet be reassembled at any router?** No, only the destination host is responsible for reassembling IPv4 fragments. Intermediate routers only forward fragments to the next hop. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the role of the IPv4 Header Checksum in fragmentation?** The IPv4 Header Checksum ensures that the header data of each fragment is not corrupted. Each fragment's header is independently verified to ensure it is intact. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How do firewalls handle fragmented IPv4 packets?** Firewalls generally inspect the first fragment of a packet to determine if it is allowed based on rules. Subsequent fragments may be examined depending on the firewall's configuration, but some firewalls drop fragmented packets by default to prevent potential security risks. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is IPv4 fragmentation necessary in modern networks?** Fragmentation is becoming less necessary in modern networks with higher MTU sizes and better optimization techniques, such as Path MTU Discovery. However, it is still used when packets exceed network limitations. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`Fragmentation Basic Setup on Ubuntu using IPv4 ` * :ref:`IPv4 Feature : Fragmentation ` * :ref:`Reference links ` .. _Fragmentation_step1: .. tab-set:: .. tab-item:: Learnings in this section * In this section, you are going to learn .. _Fragmentation_step2: .. tab-set:: .. tab-item:: Terminology * Terminology .. _Fragmentation_step3: .. tab-set:: .. tab-item:: Version Info * Version Info .. _Fragmentation_step18: .. tab-set:: .. tab-item:: Packet Fragmentation **Objective** Demonstrate that a large IPv4 packet can be fragmented to pass through a network with a smaller Maximum Transmission Unit (MTU). **Test Setup** * Laptop 1 (Server) * Configure the network interface ``enp0s8`` with an IPv4 address. * Set the MTU of the interface to a smaller value (e.g., 1300 bytes) to create a bottleneck. .. code-block:: shell test:~$ sudo ip addr add 192.168.1.10/24 dev enp0s8 test:~$ sudo ip link set enp0s8 up test:~$ sudo ip link set dev enp0s8 mtu 1300 test:~$ ip a 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host noprefixroute valid_lft forever preferred_lft forever 2: enp0s3: mtu 1500 qdisc fq_codel state DOWN group default qlen 1000 link/ether 08:00:27:59:c3:5d brd ff:ff:ff:ff:ff:ff 3: enp0s8: mtu 1300 qdisc fq_codel state UP group default qlen 1000 link/ether 08:00:27:75:59:bf brd ff:ff:ff:ff:ff:ff inet 192.168.1.10/24 scope global enp0s8 valid_lft forever preferred_lft forever .. note:: Setting a lower MTU simulates network links with smaller packet size limits. * Laptop 2 (Client) * Configure the network interface ``enp0s8`` with an IPv4 address. * Send a single ping packet larger than Laptop 1's MTU to force fragmentation. .. code-block:: shell test:~$ sudo ip addr add 192.168.1.20/24 dev enp0s8 test:~$ sudo ip link set enp0s8 up test:~$ ping 192.168.1.10 -s 1400 -c 1 PING 192.168.1.10 (192.168.1.10) 1400(1428) bytes of data. 1408 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=1.56 ms --- 192.168.1.10 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.562/1.562/1.562/0.000 ms .. note:: The ``-s`` flag specifies the ICMP payload size in bytes. **Procedure and Analysis** * Expected Fragmentation * Wireshark should show the single large ping packet broken into two or more fragments. * All fragments share the same Identification field; Fragment Offset indicates position. * Packet 1 (First Fragment) * More fragments flag: Set (``..1. ....``), indicating additional fragments follow. * Identification: e.g., ``0x85df``, shared across fragments. * Fragment Offset: ``0``, confirming this is the first fragment. * Total Length: ``1300 bytes`` (20-byte header + 1280-byte data payload). * Packet 2 (Second Fragment) * More fragments flag: Not set (``..0. ....``), indicating the last fragment. * Identification: Same as first fragment (``0x85df``). * Fragment Offset: ``1280``, indicating position within original packet. * Total Length: ``148 bytes`` (20-byte header + 128-byte data payload). .. note:: * Wireshark can verify fragmentation fields: Identification, Fragment Offset, and MF (More Fragments) flag. * Reassembly occurs at the destination to reconstruct the original packet. * Ensures large packets traverse links with smaller MTU without data loss. **Wireshark Capture** :download:`Download wireshark capture ` .. _Fragmentation_step4: .. tab-set:: .. tab-item:: IPv4 Feature : Fragmentation **Fragmentation - Testcases** .. csv-table:: :file: ./IPv4_Fragmentation/IPv4_Feature4_Fragmentation_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _Fragmentation_step17: .. tab-set:: .. tab-item:: Reference links * Reference links