Cisco Catalyst SD-WAN Network Configuration Guide, Releases 26.x and Later

PDF

Configure VFR and underlay fragmentation

Want to summarize with AI?

Log in

Guides configuration of VFR and underlay fragmentation, including procedures for configuring underlay fragmentation via configuration groups and CLI, enabling boost mode with CLI commands, and configuring VFR with CLI.


Use one of these methods to configure VFR and underlay fragmentation:


Configure underlay fragmentation using a configuration group

Before you begin

Minimum supported releases: Cisco IOS XE Catalyst SD-WAN Release 17.15.1a

Procedure

1.

From the Cisco SD-WAN Manager, choose Configuration > Configuration Groups.

2.

Click Transport & Management Profile.

3.

Select the desired transport profile and click Edit.

4.

Click Edit Ethernet Interface > Tunnel.

5.

Enable Allow Fragmentation and MTU To Max.

6.

Click Save.


Configure VFR using CLI commands

Enable virtual fragment reassembly (VFR) on interfaces to prevent fragmentation attacks and ensure correct packet delivery.

You can configure VFR using a CLI template. For more information about using CLI templates, see CLI Add-On Feature Templates and CLI Templates.

Note

By default, CLI templates execute commands in global config mode.

Procedure

Enable VFR.

  • Enable VFR for IPv4 packets
  • Enable VFR for IPv6 packets

To enable VFR for IPv4 packets on Inbound Interface Traffic perform the following steps:

  1. Configure an interface type and enter interface configuration mode.

    interface interface-type interface-number

  2. Enable VFR on the interface and specify the maximum threshold values.

    ip virtual-reassembly [max-reassemblies number ] [max-fragments number ] [timeout seconds ] [mode modes][drop-fragments ]

Example:

Here is the complete configuration example to enable VFR for IPv4 packets:


interface GigabitEthernet5
ip virtual-reassembly max-reassemblies 64 max-fragments 16 mode default timeout 5

To enable VFR for IPv4 packets on outbound interface traffic perform the following steps:

  1. Configure an interface type and enter interface configuration mode.

    interface interface-type interface-number

  2. Enable VFR for outbound interface traffic on the interface and specify the maximum threshold values.

    ip virtual-reassembly-out [max-reassemblies number ] [max-fragments number ] [timeout seconds ] [mode modes][drop-fragments ]

Example:

Here is the complete configuration example to enable VFR for IPv4 packets:


interface GigabitEthernet 5
ip virtual-reassembly-out mode default max-fragments 64

To enable VFR for IPv6 packets on inbound interface traffic perform the following steps:

  1. Configure an interface type and enter interface configuration mode.

    interface interface-type interface-number

  2. Enable VFR for IPv6 packets on inbound interface traffic.

    ipv6 virtual-reassembly [in|out] [max-reassemblies number ] [max-fragments number ] [timeout seconds ] [mode modes][drop-fragments ]

Example:

Here is the complete configuration example to enable VFR for IPv6 packets:


interface GigabitEthernet 5
ipv6 virtual-reassembly in mode default max-fragments 25
max-reassemblies 1024

To enable VFR for IPv6 packets on outbound interface traffic perform the following steps:

  1. Configure an interface type and enter interface configuration mode.

    interface interface-type interface-number

  2. Enable VFR for IPv6 packets on outbound interface traffic.

    ipv6 virtual-reassembly [in|out] [max-reassemblies number ] [max-fragments number ] [timeout seconds ] [mode modes][drop-fragments ]

Example:

Here is the complete configuration example to enable VFR for IPv6 packets:


interface GigabitEthernet 5
ipv6 virtual-reassembly out mode default max-fragments 25

Configure underlay fragmentation using CLI commands

You can configure underlay fragmentation using CLI templates. For more information about using CLI templates, see CLI Add-On Feature Templates and CLI Templates.

Note

By default, CLI templates execute commands in global config mode.

This section provides example CLI configurations to configure underlay fragmentation.

Procedure

1.

Enter the config-sdwan mode

Example:

sdwan
2.

Configure an interface type and enter interface configuration mode.

Example:

interface interface-name interface-number 
3.

Configure the tunnel interface.

Example:

tunnel-interface
4.

Skip Layer 3 fragmentation and clear overlay DF bit.

Example:

inner-fragmentation-disable
5.

Perform the encapsulation for the GRE interface of the TLOC.

Example:

encapsulation gre 

Only GRE encapsulation is supported for underlay fragmentation in Cisco IOS XE Catalyst SD-WAN Release 17.12.1a.

Here is the complete configuration example to enable underlay fragmentation:


sdwan
interface GigabitEthernet1
tunnel-interface
inner-fragmentation-disable
encapsulation gre

Enable boost mode using CLI commands

You can enable boost mode using a CLI template. For more information about using CLI templates, see CLI Add-On Feature Templates and CLI Templates.

Note

By default, CLI templates execute commands in global config mode.

Procedure

Enable the boost mode.

Example:

platform ipreass boost-mode 

Here is the complete configuration example to enable the boost mode:

platform ipreass boost-mode