> -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Brian E Carpenter > Sent: Wednesday, January 04, 2012 11:13 AM > To: [email protected] > Subject: Re: Fragmentation-related security issues > > On 2012-01-05 02:57, RJ Atkinson wrote: > > Earlier, Mark Andrews wrote: > >> Atomic fragments > 1280 should not appear in the network. > >> Atomic fragments <= 1280 are a expected part of the IPv6 > landscape. > >> For TCP they should be rare. > >> For UDP it depends on the protocol running on top of UDP. > >> PMTUD relying on PTB is just not reliable. > > > > To the best of my understanding, the above is correct. > > The last point is IMHO the most significant. As far as I'm > concerned, PMTUD for IPv4 has *never* been reliable, and for > many years I clamped the MTU on my laptop at 576 to avoid > constant connectivity failures while on travel. That seems > to have become unnecessary in recent years since 1500 became > almost universal as the link MTU (but PMTUD is still unreliable). > > I see no reason to expect that PMTUD will be more reliable for > IPv6 than for IPv4.
I think a lot is now hinging on the assumption that PMTUD for IPv6 works. Unlike the situation for IPv4, I see no reason to expect that PMTUD for IPv6 will be unreliable. > 1280 is reasonably safe today only because > 1500 link MTU is widespread. On this point, I agree that 1280 fits within the current day Internet cell size (1500) even if there are multiple levels of encapsulation. But, I see no reason why IPv6 PMTUD can't be counted upon for larger than 1280. Fred [email protected] > On 2012-01-05 05:19, Dan Wing wrote: > > > We can clamp TCP MSS on our various translator devices. > > However, this won't help with TCP implementations whose > MSS negotiation is broken. I haven't seen that failure > mode on translated paths, but I have seen it on 6to4 paths, > where one end wanted to reduce the MSS and the other end > was stuck on 1440. > > Brian > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > [email protected] > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
