Hi, Fred,
On 7/1/2013 8:34 AM, Templin, Fred L wrote:
OK, but IPv4 also has a limit of minMRU=576. So, we have:
IPv4 minMTU = 576 (*)
IPv4 minMRU = 576
IPv6 minMTU = 1280
IPv6 minMRU = 1500
(*) Even though the specs say that IPv4 minMTU = 68, everyone
seems to be saying that for practical purposes it is now 576.
There needs to be a difference between the minMTU and the minMRU; if
not, then IP-in-IP tunnels will never succeed without a separate
fragmentation and reassembly layer - and although SEAL provides that,
we
currently do not require anything like that for X-in-X encapsulation.
With IPv4, there is no difference between minMTU and minMRU.
Tunnels over IPv4 therefore set DF=0 to allow for in the
network fragmentation if necessary.
But then that's useless. Let's say you already send just 576, and set
DF=1, and that packet encounters an IPv4 tunnel. You add 20 bytes of
header, resulting in 596.
At the tunnel ingress, you can't fragment the inner packet because DF=1
- and why shouldn't it be set? You're using the minMTU.
At that ingress, you can't fragment the outer packet because you would
need the egress to reassemble something that is 596 -- larger than the
egress ever expected to reassembly (minMRU).
So you drop the packet and send an ICMP too-big back to the source, who
drops it because they're already sending minMTU packets and doesn't
think it should have to drop the MTU below that.
AFAICT, you now have broken the path completely.
With IPv6, minMTU is smaller than minMRU but that does not
guarantee that a packet sent by the ingress can be received
by the egress without fragmentation.
No, but it does guarantee that the packet can traverse a tunnel and
still make it to its destination.
The difference between minMTU and minMRU is the amount of accumulated
headers you can accommodate by tunneling. At 1500-1280, that's 5 levels
of nested IPv6 tunnels, or more than a few IPsec tunnel-mode tunnels if
needed.
That's not as much as I'd like, but it's at least non-zero.
> RFC2473 acknowledges
this by using fragmentation at the ingress as a limiting
condition for when the MTU within the tunnel becomes too
small. This can happen for example if there is a 1280 MTU
link within the tunnel, if there are nested encapsulations
within the tunnel, etc.
Yes, but if minMRU == minMTU, then the number of encapsulations
supported is zero.
Joe
_______________________________________________
Int-area mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/int-area
