Support Center > Search Results > SecureKnowledge Details
Fragmented traffic is dropped while using L4 Distribution Technical Level
Symptoms
  • Traffic is dropped by the rulebase when using L4 Distribution on a Maestro device.
  • Correction is not applied to the fragmented packets of the connection.
  • Adding a dedicated rule of the specific traffic resolves the issue.
  • zdebug is showing: Virtual defragmentation error
Cause
Layer 4 distribution adds the Source and/or Destination ports to the distribution equation (based on the configured distribution mode).

When fragmentation occurs, the first fragmented packet contains the entire 5 tuple. However, the following fragmented packet does not hold the ports.

In this case, each of the following fragmented packets is distributed based on Layer 3 alone. This may cause the fragmented packet to arrive to a different member, making it impossible to assemble all the fragmentation data.


Solution
Note: To view this solution you need to Sign In .