Re: Is Fragmentation at IP layer even needed ?

[Fernando Gont <fgont@si6networks.com>]

On 02/08/2016 05:09 PM, Mark Andrews wrote:
> In message <BLUPR05MB1985F5F2BB3118362C67B921AED50@BLUPR05MB1985.namprd05.prod.
> outlook.com>, Ronald Bonica writes:
>> Hi Alexey,
>>
>> This question comes up every few years. The short answer is:
>>
>>
>> -          The vast majority of Internet traffic rides over TCP or UDP
>>
>> -          Generally speaking, traffic that rides over TCP does not rely
>> on IP fragmentation
>>
>> -          However, traffic the rides over UDP absolutely relies on IP
>> fragmentation
>>
>> So, as things stand, IP fragmentation is required to support UDP.
>> However, the conversation doesnt end at that.
>>
>> Operational experience has taught us that IPv6 fragmentation does not
>> work so well. Unlike IPv4, IPv6 encodes fragmentation information in an
>> IPv6 extension header. Sadly, many operators discard packets containing
>> that extension header. So, as specified, IPv6 provides fragmentation
>> services, but as deployed, it does not.
> 
> Actually fragmentation works well unless you have a firewall that
> drops fragments.  When they are not being deliberately blocked the
> packets get through and are reassembled.  It is also not many
> operators.  It is some operators.
> 
> Additionally there is zero reasons why firewalls can't open <src,
> dst, frag offset != 0> when they open <src, dst, proto, src port,
> dst port> for reply traffic for those that are paranoid about just
> letting all non-zero fragment offset through.  I just let the
> non-zero offset fragments through.

If and only if the packets do not employ other EHs and all the nodes
behind the fw implement RFC5722...

-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492