> -----Original Message-----
> From: Brian E Carpenter [mailto:[email protected]]
> Sent: Friday, June 21, 2013 4:53 PM
> To: Ronald Bonica
> Cc: Ray Hunter; [email protected] 6man-wg
> Subject: Re: FW: New Version Notification for draft-bonica-6man-frag-
> deprecate-00.txt
>
> On 22/06/2013 07:53, Ronald Bonica wrote:
> >> I don't 100% agree. In the case that PMTUD is broken, there'd be
> >> nothing to stop a current DNSSEC implementation from always assuming
> >> a default path MTU of 1280, without awaiting confirmation from
> PMTUD,
> >> and fragmenting the UDP packet pre-emptively [assuming fragmentation
> >> was not equally broken along the path as ICMP PTB was].
> >>
> >
> > Do any implementations actually do this?
> >
> > If they do, how well are they working, today?
>
> Does it matter?
Hi Brian,
I think that it does. If a DNSSEC implantation fragments every packet larger
than 1280 bytes, regardless of whether that packet needs to be fragmented:
- it ignores the advice of RFC 2460 and RFC 5405
- it doesn't work very well today, because so many operators filter its
fragmented output
AFAIKS, there are two ways to make this application work better:
- make people stop filtering IPv6 fragments
- change the implementation's behavior
Given that the former is impossible, it seems that the later is required.
Ron
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
