Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us> writes:

> I don't think so.  I can conceive of embedded boxes which would not
> want to have to deal with IP fragmentation and reassembly..  (not so
> much from the code size, but from issues relating to the memory*time
> footprint caused by fragmented packets where some of the fragments had
> been lost..).

The problem is, the DF thing is a sender issue.  I, as a receiver,
cannot control if the other end's packets are fragmented when they get
to me or not.

If fragmentation must occur because of the encap header added,
fragmenting the GRE packet is permitted?  With or without notification
for the other end?  If no notification is sent, this once again breaks
the purpose of PMTU.

> That said, it's OK to fragment a packet with DF set at the link level
> as long as it's reassembled before it is forwarded by the router on
> the other end of the link.  But clearing the DF bit and fragmenting at
> the IP layer is wrong.

I never said clear it :)

The real issue here, is that I cannot use a GRE tunnel to home and
still reach many web sites.  That is the problem I am trying to fix.
I would like to avoid breaking PMTU, however, and fragmenting silently
will do that in that it won't discover the real MTU.

--Michael