Hi Ran, > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of RJ Atkinson > Sent: Wednesday, January 04, 2012 2:44 PM > To: [email protected] > Subject: Re: Fragmentation-related security issues > > > On 04 Jan 2012, at 16:53 , Templin, Fred L wrote: > > "Most deployed IPv4 transit routers disabled all router > > fragmentation of IPv4 packets years ago." Are you sure > > about that? Because, I have had at least one person from > > a major router vendor tell me that router fragmentation > > is well supported in their products. > > I have no doubt their product possesses the capability. > That is subtly different from folks responsible for > configuring routers disabling that capability in > particular routers of a particular deployment.
This can only be done at the peril of black-holing DF=0 packets that are too large. Meaning, either the responsible folks have a high degree of certainty that their core links will pass the packets w/o loss due to an MTU restriction, or they just don't care that large packets are silently lost. So, it has to be the former since folks that just don't care don't stay in business. This current "pool pah" of FUD reminds me of the one that transpired at the 2002 v6ops interim meeting when the subject of tunnel MTU got started. Others may choose to repeat that, but I've personally seen enough of it for one lifetime. Thanks - Fred > I was referring to the latter, not the former. > My apologies for being unclear. > > Yours, > > Ran > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > [email protected] > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
