Fortinet white logo
Fortinet white logo

Hardware Acceleration

Reassembling and offloading fragmented packets

Reassembling and offloading fragmented packets

NP7 processors support reassembling and offloading fragmented IPv4 and IPv6 packets. The NP7 processor uses defrag/reassembly (DFR) to re-assemble fragmented packets. The NP7 can re-assemble and offload packets that have been fragmented into two packets (1 header and 1 packet fragment). Traffic that has been fragmented into more that two packets is handled by the CPU.

Reassembling and offloading fragmented packets is disabled by default and all fragmented packets are handled by the CPU. If your system is processing relative large amounts of fragmented packets, you can use the following command to improve performance by reassembling and offloading them using NP7 processors:

config system npu

config ip-reassembly

set status {disable | enable}

set min_timeout <micro-seconds>

set max_timeout <micro-seconds>

end

Where:

status, enable or disable IP reassembly. IP reassembly is disabled by default.

min_timeout is the minimum timeout value for IP reassembly in the range 5 to 600,000,000 μs (micro seconds). The default min-timeout is 64 μs.

max_timeout is the maximum timeout value for IP reassembly 5 to 600,000,000 μs. The default max-timeout is 1000 μs.

The timeouts are quite sensitive and may require tuning to get best performance depending on your network and FortiGate configuration and traffic mix.

Note

The CLI help uses us to represent μs or micro seconds.

Reassembling and offloading fragmented packets

Reassembling and offloading fragmented packets

NP7 processors support reassembling and offloading fragmented IPv4 and IPv6 packets. The NP7 processor uses defrag/reassembly (DFR) to re-assemble fragmented packets. The NP7 can re-assemble and offload packets that have been fragmented into two packets (1 header and 1 packet fragment). Traffic that has been fragmented into more that two packets is handled by the CPU.

Reassembling and offloading fragmented packets is disabled by default and all fragmented packets are handled by the CPU. If your system is processing relative large amounts of fragmented packets, you can use the following command to improve performance by reassembling and offloading them using NP7 processors:

config system npu

config ip-reassembly

set status {disable | enable}

set min_timeout <micro-seconds>

set max_timeout <micro-seconds>

end

Where:

status, enable or disable IP reassembly. IP reassembly is disabled by default.

min_timeout is the minimum timeout value for IP reassembly in the range 5 to 600,000,000 μs (micro seconds). The default min-timeout is 64 μs.

max_timeout is the maximum timeout value for IP reassembly 5 to 600,000,000 μs. The default max-timeout is 1000 μs.

The timeouts are quite sensitive and may require tuning to get best performance depending on your network and FortiGate configuration and traffic mix.

Note

The CLI help uses us to represent μs or micro seconds.