Hmmm while I understand the reasoning, I do not think that forcing core routers to generate ICMP PTB messages is a good idea as this is done by the route processor and not in silicon. This would be a nice DoS ;-)
Their ICMP generation is usually rate limited (actually there is a HW rate limiter on too-big packets). OTOH, core should never have a 'small MTU' link, so, this should be only a problem in theory. -éric > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Havard Eidnes > Sent: vendredi 6 janvier 2012 09:28 > To: [email protected] > Cc: [email protected]; [email protected] > Subject: Re: Fragmentation-related security issues > > >> The problem with RFC4821 (assumming the ICMP-free variant) is > >> that it has a longer convergnece time that ICMP-enabled PMTU. > > > > RFC4821 works even if there are no ICMPs, but will > > converge more quickly if there are ICMPs. That is why > > RFC4821 should be a SHOULD for hosts, and generation > > of ICMPs should be a MUST for routers. > > Does not this also imply that ICMP-generating routers MUST use a > globally unique IPv6 address as the source of the ICMP? > > Regards, > > - Håvard > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > [email protected] > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
