Re: Last Call: <draft-ietf-6man-rfc2460bis-08.txt> (Internet Protocol, Version 6 (IPv6) Specification) to Internet Standard

[Mark Andrews <marka@isc.org>]

In message <m1cf4bw-0000FfC@stereo.hq.phicoh.net>et>, Philip Homburg writes:
> >> Are you saying:
> >> 
> >> A correct implementation of RFC2460 MUST NOT insert an EH at any point 
> >> along the path other than at the packet source.
> >> 
> >> Or
> >> 
> >> A correct implementation of RFC2460 MAY insert an EH at any point along 
> >> the path.
> >
> >Ole doesn't, apparently, want to say either of those things.
> >
> >I want to say the first *as part of the promotion to Internet Standard*
> >because it was the clear and documented intent of the authors and WG
> >of RFC 1883, which became RFC 2460. (Documented in the ancient email I dug
> >out a while back.) And it has been assumed by subsequent work such
> >as PMTUD and IPsec/AH.
> >
> >If we want to *change* it, that's a separate discussion from promoting
> >the current standard. We can do it afterwards.
> >
> >(And in answer to some other comments, I'll note that RFC 791 does not
> >forbid NAT, but I bet the authors would have done so if they'd thought
> >of it. When did forbidding something in an RFC ever prevent people from
> >implementing it in a limited domain?)
> 
> I agree.
> 
> Personally, I wish we could allow routers to insert fragmentation headers.
> There is some crazy interaction between DNS and fragmentation that doesn't
> happen in IPv4.

With IPv4 DF is 0 unless you are running a out of RFC compliance
stack (Yes I'm talking about Linux) so fragmentation is done when
required. Add to that very few paths that actually require PMTUD
even with DF=1 you don't see issues.  As IPv4 as a service becomes
more common you will start to see more issues.

For IPv6 you have to play games with DNS.  We tried just fragmenting
at 1280 but the idiots with firewalls that drop all fragments made
that not viable.  At the moment named is forcing fragmentation at
1280 on DNS/UDP message sizes > 1432 (IPv6 in IPv4 + UDP header).
This removes most of the PMTUD issues without getting DNS/UDP
messages between 1252 and 1432 bytes dropped just because they were
fragmented.

> But in any case, a stronger text doesn't have much impact on parties outside
> the IETF. If, as a random example, I came to the conclusion that I can
> reduce PMTU problems by having one of my routers fragment IPv6 packets, then
> that may violate the spec, but it is possible that the gains are worth it.
> 
> So the only purpose of a stronger text against inserting extension headers
> would be to prevent IETF working groups from publishing RFCs that use
> that technique. 
> 
> Then the question becomes, why would we need to pre-emptively constrain
> ourselves? 
> 
> If we expect that there is some real world use case where insering
> extension headers along the way brings a lot of benefit, then it is much
> better to prepare for that situation then writing text to disallow it.
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org