Hi! I think that the 1024 bytes limit is rather arbitrary (CLR?). It does not always avoid fragmentation, nor does it provide for efficient transfer when larger messages need to be transmitted.
I assume we can't completely avoid fragmentation with -protocol, because that would require a very small message size limit, and we will still probably assume Ethernet. Fragmentation is not inherently bad except for some firewalls of vendor we won't mention which used to drop fragmented UDP packets at will instead of reassembling them (I think they call those stateless firewalls). But that's just broken - if they need UDP port info, they must reassemble packets. In IPv6, the clients learn the MTU of the network and must do fragmentation themselves. So, unexpected fragmentation should be less of an issue and efficiency will be achieved by discovering optimal MTU. It almost seems like we are re-inventing the IP fragmentation with out support for syslog multi-part messages. Solution proposal: How about we just set the size limit at around 64Kb (max UDP datagram size) and drop the whole fragmentation feature? At least for the foreseeable future 64Kb should be sufficient (although I am sure this won't be enough forever). Together with this, we can recommend that in order to avoid IP fragmentation and potential firewall, performance and reliability issues, it is recommended that on the Ethernet users strive to restrict most syslog messages to 512 bytes. This recommendation will also potentially improve readability of messages. By removing the syslog fragmentation from -protocol, we will leave fragmentation in one place -- IP and allow for more efficient syslog implementations. Anton. > -----Original Message----- > From: Rainer Gerhards [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 11, 2004 11:57 AM > To: [EMAIL PROTECTED]; Anton Okmianski > Subject: syslog message size and fragmentation > > > Hi WG, > > I had an off-list discussion with Anton that lead to the > discovery of a new issue in -protocol, that of message > fragmentation. -protocol specifies a message size limit of > 1024 characters, but also assumes that message of this size > can always be transmitted without (transport) fragemention. > In the real world, datagram based transport mappings will > probably not be able to assure that the message will not > become fragmented. The MTU can at least be as low as 576 bytes. > > Must this issue be addressed in the context of -protocol? If > so, what is the best solution? > > Thanks, > Rainer >
