[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

New fragment header, was: Re: Evolution of the IP model - ICMP and MTUs



Ok, this is what the new fragment header would look like:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| next header   |res|type |S/F|T|      fragment offset    |res|M|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                        identification                         |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|          source port          |      destination port         |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    observed packet length     |            checksum           |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

next header: protocol number of the header following the new fragment header

res: reserved

S/F: SYN/FIN, copied/synthesized from transport

T: 1 = addresses were translated

fragment offset: as usual

type: tcp/udp/sctp/dccp/AH/ESP/other+ports/other-ports

M: more fragments

identification: groups fragments of the same packet, copied from TCP sequence if applicable

ports: copied from transport port numbers or IPsec SA

observed packet length: maximum packet size seen in the opposite direction in the last 5 minutes, 0 = unknown / no packets larger than 1280 bytes seen

checksum: checksum of the IP pseudo header + transport segment bytes upto byte 1280 of the packet, 0 = N/A

The new fragment header is always the first header following the IPv4 or IPv6 header. This means that filtering on protocol and port numbers is always easy because the information is always present in the same place in the packet, even if additional headers are present between the new fragment header and the transport header.

When routers observe a packet with the new fragment header that is too large to be forwarded, they truncate the packet. The minimum size of the first fragment is 1280 bytes. Note that traditional IPv4 fragmentation produces the same result as truncation for the first fragment.

Because the new fragment header has its own checksum over the relevant part of the first 1280 bytes of the packet, bit errors can still be detected so protocols that can make use of the truncated data (such as TCP or DNS) may do so.

NATs MAY only translate the new fragment header.

The observed packet length field allows for passive PMTUD. A full PMTUD implementation can be done by initializing the PMTU to 1280 and then use a new fragment header for packets larger than the PMTU and/or in response to incoming packets that updated the OPL, updating the PMTU from the OPL field in incoming packets, resetting the PMTU after a retransmission timeout.