[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: "pf" drops all IPv6 fragments
Brian Selecki wrote:
>On 5/27/2010 12:38 PM, Michael Graff wrote:
>> Currently, only IPv4 fragments are supported and IPv6 fragments are
>> blocked unconditionally.
> I never understood this comment; isn't the idea to avoid
> fragmentation in v6 by requiring PMTU Disc. in the RFC?
PMTUD is nice and shiny, but won't help to get rid of fragmentation for
TCP can adapt its segment size to the PMTU discovered. UDP, for example,
can not - and you'll see large UDP packets in DNS responses (for example),
if you start using DNSSEC and/or have large numbers of "normal" records.
> End units can still fragment, I suppose; but its suboptimal.
It's unavoidable in the generic case.
> Are network admins excessively blocking v6 ICMP?
Not generally, but this isn't going to help non-TCP (and maybe SCTP)
USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany
Main Index |
Thread Index |