In a network, Internet Protocol (IP) forwarding equipment, such as routers, L3 (Layer 3, also known as the network layer) switches and L3 gateways, is used to receive an IP packet from a sending host and transfer the IP packet to a receiving host. When a first piece of IP forwarding equipment receives an IP packet larger than the MTU (Maximum Transmission Unit) of the next network segment, IP fragmentation is performed; that is, the IP packet is fragmented into IP fragments by the first piece of IP forwarding equipment. Then, the IP fragments are forwarded by the first piece of IP forwarding equipment to a second piece of IP forwarding equipment, and so on, until they are received by the receiving host. However, usually, the IP fragments are utilized to perform an IP fragment attack, and when an IP fragment attack occurs, the receiving host may crash. Therefore, IP fragment reassembly is required in the IP forwarding equipment to determine if an IP fragment attack is occurring so as to prevent the receiving host from crashing.
One method for IP fragment reassembly commonly used in IP forwarding equipment is to cache each IP fragment and then reassemble the IP fragments that associate with an IP packet. However, caching each IP fragment can consume a large amount of the memory space on the IP forwarding equipment. Thus, the IP forwarding equipment may be susceptible to a denial of service (DOS) attack. Furthermore, caching each IP fragment cannot meet the real-time requirements of some applications, such as a network meeting application or a Voice-over-Internet Protocol (VOIP) application.