The timeout of 5 seconds specifies that if all the fragment packets
are not received within the specified time, the IP datagram and all its fragments will be dropped.
This feature was introduced in IOS Version 12.3(8)T.
Example 5-6. Virtual Fragmentation Reassembly (VFR) Configuration Example
interface Fastethernet0/0
ip inspect
in | out
ip virtual-reassembly max-reassemblies 100 max-fragments 20 timeout 5
!
VRF-Aware IOS Firewall
The Multiprotocol Label Switching Virtual Private Network (MPLS VPN) feature allows several sites to interconnect
transparently through a service provider network. A service provider network can support several IP VPNs. Each of these
appears as a separate private network. VRF is an IP routing table instance for connecting sites in a VPN network. Each VPN
has its own set or sets of VRF instances, thereby allowing each site to send IP packets to any other site in the same VRF
instance.
The Cisco IOS Firewall feature is enhanced to support inspection for VRF instances in a MPLS VPN network. CBAC can inspect
packets on a per-VRF basis for packets sent and received within a VRF. VRF-aware CBAC implementation can include
multiple firewall instances (with VRF instances) that are allocated to separate VPN customers.
Pages:
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235