> On Aug 16, 2018, at 5:47 AM, Ole Troan <otr...@employees.org> wrote:
>
> Joe,
>
>>> IPv4 fragments do have a higher drop probability than other packets. Just
>>> from the fact that multiple end-users are sharing a 16 bit identifier space.
>>
>> It’s really the fact that NATs that process fragments don’t reassemble
>> before translating and/or don’t rate limit fragments they generate as
>> already required by 791 (as explained in 6884).
>
> That’s incorrect.
> See https://tools.ietf.org/html/rfc7597#section-8.3.3
> <https://tools.ietf.org/html/rfc7597#section-8.3.3>
You should re-read that RFC. It correctly points out that this is a flaw in
current devices.
There is a solution - reassemble before NATing, and when issuing the new
packets, issue then with IDs generated at the NAT.
The correct behavior is already indicated in RFC 6864, Sec 5.3.1
>
>> A NAT that is broken isn’t helping users share addresses. It’s just broken.
>
> I wish it was that simple.
It’s not simple, but saying that “fragmentation is broken” does not make it
more simple either.
Joe
_______________________________________________
Int-area mailing list
Int-area@ietf.org
https://www.ietf.org/mailman/listinfo/int-area
