Hello, A question has come up regarding the interpretation of RFC 4301 and IPv6 Path MTU Discovery for Security Gateway Devices. We would appreciate any insight anyone can offer.
Section 8.2.1 indicates that the SG should map the header information from the payload in a received (inbound) ICMPv6 Packet Too Big message to an SA. Then, when another outbound packet is received that should be tunneled through that SA, it should drop the packet, and propagate the PMTU information through a synthesized PTB message. This seems to be the only option for IPv6. Section 6 states: "The discussion in this section applies to ICMPv6 as well as to ICMPv4." Section 6.1.1 gives two possibilities for processing, the second case refers to Section 8.2.1, while the first case states: "If the implementation applies fragmentation on the ciphertext side of the boundary, then the accepted PMTU information is passed to the forwarding module (outside of the IPsec implementation), which uses it to manage outbound packet fragmentation" The question is: Does this statement apply to both IPv4 and IPv6, or does it only apply to IPv4/ICMPv4? Section 8.2.1 seems to imply that it would not apply to IPv6, meaning PTMU information should always be propagated in IPv6, however section 6 seems to state that it applies to both, and the implementation may choose to fragment. Thanks for your time, Tim Carlin ---- Timothy Carlin InterOperability Laboratory University of New Hampshire +1-603-862-1224 tjcar...@iol.unh.edu _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec