On 10/22/2013 11:25 PM, Valery Smyslov wrote:
I appreciate the work transport folks has done. I will also appreciate if you point out what exact lessons should be applied here and why. And you may consider PMTUD in IKE as simplified PLMTUD, implemented according with Section 10.4 of RFC4821.
From the second sentence of that section: Because you never generate distinct probes, finding out when the MTU fails is tied to timeouts in your message exchange system, rather than being decoupled.
From Section 9: You don't talk about trying to make sure that IPv4 DF is set, as per Section 9, which means that even the conservative values you pick might continue to generate fragments downstream.
Finally, and this is separate from RFC4821, you don't mention the fact that dropping fragments is against the recommended behavior for NATs. I appreciate trying to get around that issue, but it's equally important to indicate this as a flaw of the network, rather than "just the way it is".
Joe _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
