Cisco Memory Issues Packet Fragmentation

Memory Issues: Packet Fragmentation

Fragmentation of Cisco memory allocations is an ongoing and ubiquitous concern for network engineers. Regardless of the system under consideration, fragmented allocation uses excessive memory, network, and CPU resources. Significant levels of packet fragmentation can result in Cisco memory fragmentation on systems that process the data, like Cisco routing hardware.

In some cases, attackers have been able to effect Denial of Service (DoS) attacks on large areas of the Internet by targeting network routers directly, rather than end-user systems that depend on these backbones. When memory allocation is saturated by any server, its ability to serve the network load it is processing becomes impaired. If an attacker can force a vulnerable machine to allocate all of its memory, he can overload it and cause it to temporarily stop working. 

In Cisco firewalls, this type of attack is especially problematic as it is normally done using stateless UDP packets, which bypasses many of the inherent protections used by Stateful Packet Inspection, which is the first level of defense offered by all Cisco PIX firewalls.

Cisco memory fragmentation is can be a problem even where no vulnerability is extant if the hardware tends to allocate resources approaching its total capacity.  Any router that is not clearly being attacked but still experiences high memory fragmentation needs attention.  Upgrading the internal memory of the device is the easiest way to limit the effects of memory fragmentation.  Other fixes include running the most current version of Cisco IOS that your router or firewall allows, consulting with the large quantity of documentation on Cisco's web site, optimizing your network hardware to reduce memory fragmentation profiles, or where following these directions is not feasible, replacing the device outright.  Technical experts at PC Wholesale can help with your memory fragmentation issues.  In addition, they carry a full line of Cisco original and third-party memory for every Cisco device.