Re: "pf" drops all IPv6 fragments

To: current-users%netbsd.org@localhost
Subject: Re: "pf" drops all IPv6 fragments
From: Gert Doering <gert%kirk.greenie.muc.de@localhost>
Date: Sun, 6 Jun 2010 13:31:45 +0200 (CEST)

Brian Selecki wrote:

>On 5/27/2010 12:38 PM, Michael Graff wrote:
>>       Currently, only IPv4 fragments are supported and IPv6 fragments are
>>       blocked unconditionally.

>   I never understood this comment;  isn't the idea to avoid
>   fragmentation in v6  by requiring PMTU Disc. in the RFC?

PMTUD is nice and shiny, but won't help to get rid of fragmentation for
non-TCP protocols.

TCP can adapt its segment size to the PMTU discovered.  UDP, for example, 
can not - and you'll see large UDP packets in DNS responses (for example),
if you start using DNSSEC and/or have large numbers of "normal" records.

>   End units can still fragment, I suppose; but its suboptimal.

It's unavoidable in the generic case.

>   Are network admins excessively blocking v6 ICMP?

Not generally, but this isn't going to help non-TCP (and maybe SCTP) 
protocols.

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             
gert%greenie.muc.de@localhost
fax: +49-89-35655025                        
gert%net.informatik.tu-muenchen.de@localhost

References:
- "pf" drops all IPv6 fragments
  - From: Michael Graff
- Re: "pf" drops all IPv6 fragments
  - From: Brian A. Seklecki (CFI NOC)

Prev by Date: daily CVS update output
Next by Date: HEADS-UP: ACPICA updated (again)
Previous by Thread: Re: "pf" drops all IPv6 fragments
Next by Thread: Re: "pf" drops all IPv6 fragments
Indexes:

Home | Main Index | Thread Index | Old Index