IP_VFR-4-FRAG_TABLE_OVERFLOW日志

lxw615117 · ‎03-20-2016

各位，
我最近在一台2921的路由器上看到了这样的日志，
*Mar 19 05:07:29.903: %IP_VFR-4-FRAG_TABLE_OVERFLOW: GigabitEthernet0/0: the fragment table has reached its maximum threshold 16
*Mar 19 05:07:59.975: %IP_VFR-4-FRAG_TABLE_OVERFLOW: GigabitEthernet0/0: the fragment table has reached its maximum threshold 16
*Mar 21 00:31:18.064: %IP_VFR-4-FRAG_TABLE_OVERFLOW: GigabitEthernet0/0: the fragment table has reached its maximum threshold 16
*Mar 21 01:38:18.719: %IP_VFR-4-FRAG_TABLE_OVERFLOW: GigabitEthernet0/0: the fragment table has reached its maximum threshold 16
*Mar 21 03:23:11.383: %IP_VFR-4-FRAG_TABLE_OVERFLOW: GigabitEthernet0/0: the fragment table has reached its maximum threshold 16
*Mar 21 03:40:23.987: %IP_VFR-4-FRAG_TABLE_OVERFLOW: GigabitEthernet0/0: the fragment table has reached its maximum threshold 16
*Mar 21 03:43:52.867: %IP_VFR-4-FRAG_TABLE_OVERFLOW: GigabitEthernet0/0: the fragment table has reached its maximum threshold 16
show ip traffic interface gigabitEthernet 0/0
GigabitEthernet0/0 IP-IF statistics :
Rcvd: 6350552 total, 663495580 total_bytes
0 format errors, 296 hop count exceeded
0 bad header, 0 no route
0 bad destination, 0 not a router
0 no protocol, 0 truncated
2642484 forwarded
0 fragments, 0 total reassembled
0 reassembly timeouts, 0 reassembly failures
0 discards, 3704308 delivers
Sent: 3139020 total, 209634871 total_bytes 0 discards
1179608 generated, 1959412 forwarded
0 fragmented into, 0 fragments, 0 failed
Mcast: 0 received, 0 received bytes
0 sent, 0 sent bytes
Bcast: 0 received, 0 sent
huayi-jz#show ip traffic interface gigabitEthernet 0/1
GigabitEthernet0/1 IP-IF statistics :
Rcvd: 2649411 total, 205205190 total_bytes
0 format errors, 1541 hop count exceeded
0 bad header, 1 no route
0 bad destination, 0 not a router
0 no protocol, 0 truncated
1957856 forwarded
0 fragments, 0 total reassembled
0 reassembly timeouts, 0 reassembly failures
0 discards, 647556 delivers
Sent: 2874280 total, 419319360 total_bytes 0 discards
229057 generated, 2645223 forwarded
0 fragmented into, 0 fragments, 0 failed
Mcast: 0 received, 0 received bytes
0 sent, 0 sent bytes
Bcast: 0 received, 0 sent
我看人家说是外网接口受到的碎片攻击，也有说是建立isakmp协商时，路由器重组这个包失败，
能不能帮我看一下有什么解决办法。

pebao · ‎03-27-2016

这个日志的意思是接口下达到了最大分片重组阈值，你可以试试下面命令：
100#config t
100(config)#interface FastEthernet0
100(config-if)#ip virtual-reassembly max-reassemblies 1024

lxw615117 · ‎03-29-2016

pebao 发表于 2016-3-28 14:49
这个日志的意思是接口下达到了最大分片重组阈值，你可以试试下面命令：
100#config t
100(config)#interf ...

这个试过了，没有用，这个设备重启以后，故障就消失几天，然后又出现网络访问慢的问题，另外发现他在极短的时间内就有2万多个nat映射（show ip nat statistical）这还是在只有一个终端的情况下，是不是被人攻击了？