Ted, > -----Original Message----- > From: Ted Lemon [mailto:[EMAIL PROTECTED] > Sent: Wednesday, December 05, 2007 5:20 PM > To: [EMAIL PROTECTED] > Subject: Re: [Int-area] EAP and DHCP end-points > > On Dec 5, 2007, at 4:59 PM, Templin, Fred L wrote: > > IP fragmentation and reassembly doesn't work very well when > > there is no IP source address, which is the case the DHCP-AUTH > > stuff was looking at. > > True. > > > It also doesn't work very well for UDP > > applications that sit behind IPv4 NATs and/or firewalls; > > especially when those devices fail to pass non-initial IPv4 > > fragments. > > The idea of relaying DHCP through NAT makes my teeth itch. > > > Hmm; several folks told me that relay agents only need to > > support 576? > > It depends on what you mean by "need to." If they are BOOTP relay > agents that only know about RFC951, then you could indeed make this > argument. But at this late date, anything that's in a device that > does DHCP relay is really a DHCP relay agent, not a BOOTP relay > agent. And the DHCP protocol explicitly allows packets larger than > 576 bytes. > > Admittedly it does not require them, but in practice any relay agent > that doesn't support them is breaking DHCP functionality that's > specified in the protocol. So while technically you could say that > it's not noncompliant, since there is a significant piece of the DHCP
> protocol that doesn't work with that device, it's pretty > clearly broken. > > > But when the path doesn't support the > > packet size, and the application can't reduce the size of the > > packet, then it has to do what needs to be done to get the > > packet through. > > E.g., get a firmware update for the broken device! :') ACK on all of the above, except that there really are UDP applications that can't reduce the size of the packets they send and can't rely on IP fragmentation because of behind-NAT placement. (Well, OK, I know of one such application but there are probably others...) Fred [EMAIL PROTECTED] > _______________________________________________ > Int-area mailing list > [email protected] > https://www1.ietf.org/mailman/listinfo/int-area > _______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
