Summary
The datapath is not able to handle IP fragments right now.
Details
On encounter of IP fragments, L4 policy as well as load-balancing breaks as fragments can't be associated correctly. In order to fix the situation, full reassembly is not required. Instead, we can build in tracking of fragments to associate it with the existing connection tracking table.
- As first fragments appear, the conntrack table entry is created and the policy as well as load-balancing decision is stored.
- If a fragment ID is set, a fragment table entry must be created which points to the conntrack table entry via the 5-tuple or some other means.
- As further fragments are processed, the initial conntrack entry can be looked up via the fragment table.
- Expiration of fragment table entries must be performed.
Summary
The datapath is not able to handle IP fragments right now.
Details
On encounter of IP fragments, L4 policy as well as load-balancing breaks as fragments can't be associated correctly. In order to fix the situation, full reassembly is not required. Instead, we can build in tracking of fragments to associate it with the existing connection tracking table.