In the documentation of virtual-reassembly It was mentioned that the command should not be used for asymmetric paths..
I couldnot understand why would this make a difference in asymmetric paths.. Can someone come up with an explanation for the same
the link that i mentioned is :
VFR Configuration Restriction
VFR should not be enabled on a router that is placed on an asymmetric path. The reassembly
process requires all of the fragments within an IP datagram. Routers placed in the
asymmetric path may not receive all of the fragments, so the fragment reassembly will
With ip virtual-reassembly, each IP datagram is associated with a managed timer. If a device does not receive all of the fragments within the specified time (which can be configured via the timeout seconds option), the timer will expire and the IP datagram (and all of its fragments) will be dropped.
In an asymmetric network, some packets go one way, while other packets go a different way, and a single device would not see all the fragments, and the above timer would expire, causing a failure.
So does asymmetric network means that packets between a particular source and destination take different paths to reach the destination.
I confused "asymmetric network" with "asymmetric routing". "asymmetric routing" is when the takes one direction when travelling from A to B and taking a different path(devices) while taking the return path ( B to A). Am i correct with my understanding of "asymmetric routing".
So to conclude "asymmetric routing" and "asymmetric network" means different scenarios. Please correct me if I am wrong.
Those are great questions!
I would consider an asymmetric path to have some traffic between point A and B go 1 path, and some traffic between the same two points use a different path. A transit router in ether one of these paths would only see some of the traffic, but not all of it, which may cause the problem with virtual reassembly.
If our network was asymmetric in that all the traffic went outbound 1 path, and all the return traffic came back on a different path, I don't think that would cause a problem for virtual reassembly, but it could cause a problem with a stateful firewall who is tracking sessions.
It seems pretty easy to get the terms confused, and I bet alot of the confusion is based on the context of what device or devices we are have in the path(s). I would probably ask a few additional questions if the customer said they had asymmetric anything, just to clarify.
Follow up question: Does the assymetric network restriction apply even if the assymetry is based on two interfaces on the same router?