On Sep 13, 2014, at 4:37 PM, Franck Martin <[email protected]> wrote:
> My understanding is that UDP fragmentation is something frown upon in IPv4 > and even more on IPv6 (because of processing power needed, and security > concerns)? No. IP fragmentation is a normal part of TCP/IP communications across the Internet. It isn't something to actively wish for, but it's perfectly normal. > -limit size to <1500? on both IPv4 and IPv6? No. > -allow UDP fragmentation on IPv4 and IPv6, how securely? Yes, allow it; there's no security issue. This is a myth originating with clueless vendors in the mid-1990s, and propagated today Confused Information Systems Security Professionals (CISSPs) and their ilk. > Any good documentation, pointers? Slide 153 of this deck: <https://app.box.com/s/r7an1moswtc7ce58f8gg> ---------------------------------------------------------------------- Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> Equo ne credite, Teucri. -- Laocoön
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
