[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Evolution of the IP model - ICMP and MTUs
On Mon, 18 Aug 2008 11:17:54 +0200, Iljitsch van Beijnum
<iljitsch@muada.com> wrote:
> On 18 aug 2008, at 8:45, Rémi Després wrote:
>
>> IMU,
>
> IMU?
In My Understanding, I guess.
>> since it shows that, at high data rates, IPv4 fragmentation can lead
>> to undetected data corruption at the IP layer, it implies that
>> fragmentation SHOULD be discarded from an updated IPv4 service model
>> (the DF bit MUST be set in all packets).
>
> What about actually FIXING the problem.
>
> I remember that when I first read about IPv6 (many a moon ago) I
> noticed that IP packets had an unfragmentable and fragmentable parts.
> So I thought "excellent, they got it right, the port numbers are now
> in all fragments!" Unfortunately, that wasn't the case.
>
> However, we could come up with a new fragment header for both IPv6 and
> IPv4 that DOES have all the information NATs and firewalls need in the
> fragment header, as well as a larger ID field. This would of course
> take significant time to get deployed, but considering that we've been
> limping along with broken PTMUD for a decade and a half having a GOOD
> solution may be worth the wait.
And would cause the packet to be rejected by existing middleboxes. Hmm...
Firewalls can simply let every non first fragments in. Deep packet
inspection needs to de-fragment anyway - adding the port number to every
fragment does not help. Hence, this issue is really only about NATs.
Anyway, too late for IPv4. With IPv6, it supposedly has no NATs, and even
if it had, it seems that it could be a pure network ADDRESS translator
rather than a network ADDRESS and PORT translator. In that case,
fragmentation is a non-issue.
--
Rémi Denis-Courmont