Hi Ran, 

> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On 
> Behalf Of RJ Atkinson
> Sent: Wednesday, January 04, 2012 2:44 PM
> To: [email protected]
> Subject: Re: Fragmentation-related security issues 
> 
> 
> On 04  Jan 2012, at 16:53 , Templin, Fred L wrote:
> > "Most deployed IPv4 transit routers disabled all router
> > fragmentation of IPv4 packets years ago." Are you sure
> > about that? Because, I have had at least one person from
> > a major router vendor tell me that router fragmentation
> > is well supported in their products.
> 
> I have no doubt their product possesses the capability.
> That is subtly different from folks responsible for
> configuring routers disabling that capability in 
> particular routers of a particular deployment.

This can only be done at the peril of black-holing
DF=0 packets that are too large. Meaning, either the
responsible folks have a high degree of certainty that
their core links will pass the packets w/o loss due to
an MTU restriction, or they just don't care that large
packets are silently lost. So, it has to be the former
since folks that just don't care don't stay in business.

This current "pool pah" of FUD reminds me of the one
that transpired at the 2002 v6ops interim meeting when
the subject of tunnel MTU got started. Others may
choose to repeat that, but I've personally seen enough
of it for one lifetime.

Thanks - Fred

> I was referring to the latter, not the former.
> My apologies for being unclear.
> 
> Yours,
> 
> Ran
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> [email protected]
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
> 
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

Reply via email to