The IP protocol can handle fragmentation and it includes the fragmentation offset and identifier. I know this comes into play when your IP packet is too big for some specific network or link where the MTU is lower then the previous one.
For example, the MTU is 1000 bytes, and your IP packet is 900 (+20) bytes. Further down the line the MTU is only 500, so you have to extract the IP data and put it into two packets, one of them 480 (+20), and the other one 420 (+20).
But from my understanding this is fragmentation in the Networking layer, turning an IP packet into multiple IP packets. Meaning that you only have the Transport Layer Header present one time, and a new Network layer header for each smaller IP packet.
I hope my understanding of this is correct. Anyway, after the image comes my actual question:
Let's say your IP packet length is limited by 1000 bytes including the header, due to the MTU of 1000 bytes.
What actually happens if for some reason your TCP segment is bigger than 980, thus exceeding the maximum IP packet size?
What if your TCP segment is 1960 bytes. How is the fragmentation handled here? Is it put into a 1980 IP packet, which is then fragmented into two 980 (+20) IP packets?
Does the fragmentation occur before this, in the transport layer? Are multiple smaller transport layer segments, each with its own header sent into the IP layer with the correct size?
Best Answer
After the routing decision is made for a given packet, it is scheduled to go out of a particular interface. If the packet is too big for the MTU of the link, it is sent as two or more IP packets containing fragments. The details are in Internet Protocol RFC 760 section 2.2, but in brief the first one has the beginning of the packet including the TCP header, and the later ones are just continuations. The receiver can tell there are more by the "More Fragments" flag in the header, and sees where they go by the Fragment offset.
As the beginning of the IP packet payload is in the first fragment, only the first fragment has the TCP header. The subsequent fragments will just begin with their appropriate part of the payload, probably bytes from the middle of the TCP stream.
This mechanism is IPv4-specific, and isn't directly related to the content of the packet. TCP tries to keep the packets inside the MTU by adjusting the maximum segment size of the TCP stream, but if the MSS is too high, you'll get the fragmentation.
Remember there's also a "Don't Fragment" flag, which if implemented, means instead of forwarding the fragments, the system will drop the packet and send an ICMP error back (unless configured not to).
Remember also that this "do I need to fragment this packet" question happens for every packet going out of every interface. Even if the interface out of a server has a MTU big enough for a given packet, some router along the way might have a much smaller MTU -- this is the "path MTU" issue. Any routing change, such as for load balancing or fault recovery, can change the path MTU. As a consequence of this, it's legitimate for fragments to arrive in the right order, overlap, be partially duplicated.
Finally, don't forget that fragments can be misformed on purpose: such as sending duplicate portions of the data, which can lead to some unpleasant security problems. Consequently many routers and firewalls do a certain amount of reassembly even though strictly speaking they don't this isn't needed to do the router's job -- it could just forward the fragments.