> There are several solutions
> including using all zeros with DF flag (Linux), 

This violates the spec, and is an incomplete "solution" (you still
need something to generate them for the non-DF case).

> randomization (OpenBSD),

I'm very dubious about this unless there's a mechanism to avoid ip id
collisions (i.e., using randomized permutations/shuffling rather than
standard PRNG).

> and connection/peer-specific squences (Solaris).

ip id's can't possibly be "connection" based since port numbers are
only found in the initial fragment.

Solaris uses a destination-specific cache for ip id generation.  

advantage: ip id collisions which matter become much less likely.

FUD disadvantage: Some security scanners don't notice that the ip id's
are destination-specific, and flag it as "insecure" for using
sequential ip id's.

real disadvantage: one more cache to manage/control/etc.; one more
cache replacement algorithm to design/tune; particularly worrisome for
connectionless protocols.

						- Bill