CCIE Security Exam: Cisco IOS Router Handling of Large TCP Packets

Handling of Large TCP Packets by Cisco IOS Router

Prev Question Next Question


What action will be taken by a Cisco IOS router if a TCP packet, with the DF bit set, is larger than the egress interface MTU?



Click on the arrows to vote for the correct answer

A. B. C. D.


When a router receives a packet with the Don't Fragment (DF) bit set, it will not fragment the packet if it exceeds the maximum transmission unit (MTU) of the egress interface. Instead, the router will take one of the following actions:

A. Split the packet into two packets, so that neither packet exceeds the egress interface MTU, and forward them out. This process is called packet fragmentation. The router will split the packet into smaller fragments, each with a size that does not exceed the MTU of the egress interface. The fragments will be forwarded to the destination, where they will be reassembled back into the original packet. Packet fragmentation can cause problems in some networks, especially if some of the fragments are lost or delayed. Therefore, it is generally recommended to avoid fragmentation whenever possible.

B. Respond to the sender with an ICMP Type 3, Code 4. This response is called a "destination unreachable - fragmentation needed and DF set" message. The router will send this message back to the sender to indicate that the packet was too large to be forwarded out of the egress interface without fragmentation, and that the DF bit was set. The message includes the MTU of the egress interface, so that the sender can adjust the packet size accordingly and try again. This process is called Path MTU Discovery.

C. Respond to the sender with an ICMP Type 12, Code 2. This response is called a "parameter problem" message. It indicates that the router encountered an error while processing the packet, such as an invalid option or header field. This response is not directly related to the DF bit or packet fragmentation, and would not be sent in this scenario.

D. Transmit the packet unmodified. This option is not possible when the DF bit is set. If the packet exceeds the egress interface MTU and the DF bit is set, the router must take one of the above actions.

In summary, the correct answer is A, which involves packet fragmentation. Answer B is also correct, but it refers to the ICMP message that the router would send back to the sender, rather than the action taken by the router. Answer C is incorrect, as it does not apply to this scenario. Answer D is not possible when the DF bit is set.