IETF Logo Mail Archive

Re: [BEHAVE] Fwd: IPv6 hosts sending <1280 byte packets

"Dan Wing" <dwing@cisco.com> Mon, 08 February 2010 16:20 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0A4C43A7448 for <behave@core3.amsl.com>; Mon, 8 Feb 2010 08:20:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ZFWXSp3ARQR for <behave@core3.amsl.com>; Mon, 8 Feb 2010 08:20:03 -0800 (PST)
Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by core3.amsl.com (Postfix) with ESMTP id 79EB13A742C for <behave@ietf.org>; Mon, 8 Feb 2010 08:20:03 -0800 (PST)
Authentication-Results: sj-iport-5.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AsgFALrIb0urRN+K/2dsb2JhbACHeoESt1CXCYRUBA
X-IronPort-AV: E=Sophos;i="4.49,431,1262563200"; d="scan'208";a="147553600"
Received: from sj-core-4.cisco.com ([171.68.223.138]) by sj-iport-5.cisco.com with ESMTP; 08 Feb 2010 16:21:06 +0000
Received: from dwingwxp01 ([10.32.240.196]) by sj-core-4.cisco.com (8.13.8/8.14.3) with ESMTP id o18GL6pi011025; Mon, 8 Feb 2010 16:21:06 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Iljitsch van Beijnum' <iljitsch@muada.com>, behave@ietf.org
References: <4B6F08CC.2070900@wand.net.nz> <063A973F-EBC3-4CD0-B5B6-B0FB42A8593D@muada.com>
Date: Mon, 08 Feb 2010 08:21:06 -0800
Message-ID: <00f201caa8da$b78e3e90$c4f0200a@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
In-Reply-To: <063A973F-EBC3-4CD0-B5B6-B0FB42A8593D@muada.com>
Thread-Index: AcqoLXaVuCJlYDjOSS+ytT5o3LcRLwAqlLFA
Cc: behave-chairs@tools.ietf.org
Subject: Re: [BEHAVE] Fwd: IPv6 hosts sending <1280 byte packets
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Feb 2010 16:20:07 -0000

> -----Original Message-----
> From: behave-bounces@ietf.org 
> [mailto:behave-bounces@ietf.org] On Behalf Of Iljitsch van Beijnum
> Sent: Sunday, February 07, 2010 11:40 AM
> To: behave@ietf.org WG
> Subject: [BEHAVE] Fwd: IPv6 hosts sending <1280 byte packets
> 
> Ben Stasiewics has done some testing to see if hosts actually 
> respond with a fragment header after a < 1280 too big 
> message, and the results are surprising.
> 
> Looks like we can't depend on hosts implementing this correctly.

To be clear, Ben Stasiewicz's test does not determine if the problem is hosts
failing to implement the last paragraph of Section 5 of RFC2460 correctly, or
if host-/network-based firewalls are blocking ICMPv6 packet-too-big messages
or blocking IPv6 packets with the fragment header.

I recently received email from TAHI (http://www.tahi.org), which does IPv6
conformance testing.  Their test is listed at
http://www.ipv6ready.org/docs/Core_Conformance_Latest.pdf and its test
v6LC.4.1.6 ("Receiving MTU Below IPv6 Minimum Link MTU") which appears to have
been tested since 2005.  So any recipient of the IPv6 Ready certification will
implement things correctly.  And there may well be sysctl settings to tweak
this specific behavior.


But no matter the reason, I agree that a greater than 50% failure on the
Internet means the function is effectively broken.  In my view, Ben's testing
invalidates the consensus reached in the meeting at IETF76 (Hiroshima), and I
have asked authors of xlate and xlate-stateful to revise the documents
accordingly.

If anyone thinks we should keep the IETF76 consensus, please speak up now!

-d


> Begin forwarded message:
> 
> > From: Ben Stasiewicz <ben@wand.net.nz>
> > Date: 7 februari 2010 19:39:08 GMT+01:00
> > To: mtu@psc.edu
> > Cc: Matthew Luckie <mjl@wand.net.nz>
> > Subject: Re: IPv6 hosts sending <1280 byte packets [was RE: 
> RRG discussion of SEAL, IPTM - and my critique of RFC4821]
> 
> > On 29/01/10 08:40, Dan Wing wrote:
> >> Ben, would it be possible to conduct a test to see how 
> hosts react to PTB
> >> smaller than 1280?
> 
> > I conducted such a test and found that 299 (43.46%) of the 688
> > IPv6-capable web servers that I tested did include an IPv6 
> fragmentation
> > header in their response packets after they were sent an ICMPv6 PTB
> > message specifying an MTU < 1280 bytes. The other 389 
> (56.54%) did not.
> 
> > I am happy to answer any questions about the test.
> 
> _______________________________________________
> Behave mailing list
> Behave@ietf.org
> https://www.ietf.org/mailman/listinfo/behave

v2.23.0 | Report a Bug | By Email