[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The IPv4 Internet MTU

To: IPv6 Operations <v6ops@ops.ietf.org>
Subject: Re: The IPv4 Internet MTU
From: james woodyatt <jhw@apple.com>
Date: Fri, 12 Oct 2007 10:02:32 -0700
In-reply-to: <5910A7D6-F900-4C3F-9BCF-02612285760C@muada.com>
References: <DACB514F44E4864CAFDC7DAD144A7E6C8E57C28BA0@NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com> <b421a96407453920c5d290e54545c4cb@chewa.net> <470CBDFE.2080807@ericsson.com> <470D3B47.7050908@gmail.com> <3D6A011D-4356-4E1E-8299-67C9C48F5BC3@muada.com> <470F5FFB.8060208@ericsson.com> <5910A7D6-F900-4C3F-9BCF-02612285760C@muada.com>

On Oct 12, 2007, at 07:23, Iljitsch van Beijnum wrote:

It has to be in-band because the out-of-band method (ICMP) isfiltered in a small but significant number of all cases.Unfortunately, UDP doesn't support options and inserting IPv6option headers or IPv4 options will almost certainly trigger thesame filtering that makes using ICMP problematic. So the onlychoice would be adding something to the next higher protocol on topof UDP.

I'd hate to be repetitive and boring, but I'm shocked-- SHOCKED! Isay-- to learn that stateful packet filtering is the root cause of somany problems for application transport.

I have a radical proposal: how about we tell the stateful packetfilter users that it's their own damned fault if their filters breaktheir favorite applications, and that they can either fix theirbroken filters or they can turn them off? Since *when* has it beenour job to reengineer the whole world because some idiot can't readthe RFC series?

PMTUD for IPv4/UDP could work just fine through NAT if the statematching and translation code isn't totally broken. The problem weare discussing here is in the wetware of the coders who write the NATand stateful packet filter implementations. It's their problem ifapplications don't work because their filters don't pass ICMP throughfor corresponding UDP state-- *not* ours.

Let's concentrate on the problems that belong to us.  That's what I say.


--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering

Follow-Ups:
- Re: The IPv4 Internet MTU
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: The IPv4 Internet MTU
  - From: Gert Doering <gert@space.net>
- Re: The IPv4 Internet MTU
  - From: arno@natisbad.org (Arnaud Ebalard)
- Re: The IPv4 Internet MTU
  - From: Doug Barton <dougb@dougbarton.us>

References:
- RE: The IPv4 Internet MTU
  - From: Christian Huitema <huitema@windows.microsoft.com>
- RE: The IPv4 Internet MTU
  - From: Rémi Denis-Courmont <rdenis@simphalempin.com>
- Re: The IPv4 Internet MTU
  - From: Magnus Westerlund <magnus.westerlund@ericsson.com>
- Re: The IPv4 Internet MTU
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Re: The IPv4 Internet MTU
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: The IPv4 Internet MTU
  - From: Magnus Westerlund <magnus.westerlund@ericsson.com>
- Re: The IPv4 Internet MTU
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: Re: The IPv4 Internet MTU
Next by Date: Re: The IPv4 Internet MTU
Previous by thread: Re: The IPv4 Internet MTU
Next by thread: Re: The IPv4 Internet MTU
Index(es):
- Date
- Thread