> On Jul 29, 2018, at 10:29 PM, Mikael Abrahamsson <swm...@swm.pp.se> wrote: > > On Sun, 29 Jul 2018, Joe Touch wrote: > >> You’re engaging in a game of escalation - whatever layer you add >> fragmentation will end up being a layer that a vendor puts a device that >> does DPI that fails. > > Yes, but I can filter those UDP packets by looking in the UDP header, that's > all the DPI I need in that box. It doesn't need to understand the > upper-protocol level fragmentation, because I do not require it to understand > that protocol at all. I just need for it to understand that it's UDP and look > at the UDP port number.
Right. You need just UDP ports right now for YOUR DPI. Others need to look at the payload (the D in DPI). > > The biggest mistake of TCP and UDP combined with IP level fragmentation is > that the port information isn't available in every packet. The biggest mistake of protocol X with X-1 level fragmentation is that the entire headers of X aren’t available in every X-1 packet. Replace X with your favorite protocol and you’ll see how and why this can’t continue to work. The packets would eventually burst with all the headers. Joe _______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area