Hi Ole, > Outer IP fragmentation is undesirable for multiple reasons. > E.g. a tunnel tail-end has to reassemble _before_ it can check if the > fragment chain belongs to a tunnel. Last I looked, a lot of IP fragments are > part of attacks, and they are costly to process.
At least one tunneling protocol has a means of discarding spurious fragments before admitting them into the reassembly cache. The draft could mention something about filtering of spurious fragments. Thank you - Fred > Ole > _______________________________________________ > Int-area mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ Int-area mailing list -- [email protected] To unsubscribe send an email to [email protected]
