Robin Whittle wrote:
I argue against Fred Templin's position that
ordinary RFC1191 DF=1 Path MTU Discovery (and
therefore its RFC1981 IPv6 equivalent) is "busted".
Where is the evidence that networks filtering out
PTB (Packet Too Big) messages is a significant
problem?
This happens. Consult some operator folks, privately and quietly. Many
enterprises blocked all inbound ICMP when DDoS attacks started happening.
To the extent that any such problem exists, why
should this be accepted and further protocols
created to work around it? I think the networks
which do this are non-compliant with the inter-
working requirements of the Internet. These
networks should change their ways.
You have the cart before the horse. Reality is not warped to fit the
needs of the network architecture, the network architecture must be
molded to deal with reality. The fact of the matter is that today, we
have a hostile environment. Anything and everything that can be used to
create an attack will be used. To protect themselves, many people will
happily throw the baby (or at least its signaling protocol) out with the
bathwater.
As a result, ICMP is dead. Long live ICMP.
Tony
_______________________________________________
rrg mailing list
[email protected]
http://www.irtf.org/mailman/listinfo/rrg
