On 6/17/2016 10:32 AM, Templin, Fred L wrote: > Hi Vincent, > > Although Joe and I may not agree on all points (yet), I am pretty sure that > one point we do agree on is that tunnels will ultimately need to account for > fragmentation of one form or another. Without fragmentation, nested > tunnels within tunnels can only recurse so far until an MTU underrun > is encountered. And, without fragmentation, tunnels cannot support a > minimum MTU if they traverse links with sufficiently small MTUs even > if there is no nesting. Yup.
> It is true that one possibility is for the tunnel to simply shut down if it > encounters an MTU underrun meaning that one or more destinations > will simply become unreachable. But, that sort of arrangement may not > be acceptable for safety-critical communications where destinations > should be made reachable through any means available. Yes - this is the only end-run that seems to work within the constraints of existing specs. It does have a downside, though - it basically works like "the tree in the forest". Until it actually falls, there's no point in preventing its use. However, once it falls, it cannot get "back up" again - if it did, it would act like a link that requires a different MTU. So it's "optimistic" with a fairly bad failure mode. IMO, its' the only safe way to deploy non-reassembling tunnels, even in a "controlled" environment -- because "controlled" is only true as long as it can be known, and the "shut-down" approach serves a a monitor to enforce that control. Joe _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
