Re: [v6ops] Some stats on IPv6 fragments and EH filtering on the Internet
Fernando Gont <fgont@si6networks.com> Tue, 05 November 2013 03:00 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32E7311E80F5 for <v6ops@ietfa.amsl.com>; Mon, 4 Nov 2013 19:00:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.562
X-Spam-Level:
X-Spam-Status: No, score=-2.562 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eT703WM0CYiQ for <v6ops@ietfa.amsl.com>; Mon, 4 Nov 2013 19:00:37 -0800 (PST)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:d10:2000:e::3]) by ietfa.amsl.com (Postfix) with ESMTP id 1119E21E82F9 for <v6ops@ietf.org>; Mon, 4 Nov 2013 19:00:26 -0800 (PST)
Received: from [2001:67c:370:160:517b:6f2e:1bc7:1d4a] by web01.jbserver.net with esmtpsa (TLSv1:DHE-RSA-CAMELLIA256-SHA:256) (Exim 4.80.1) (envelope-from <fgont@si6networks.com>) id 1VdWsD-0007NV-6b; Tue, 05 Nov 2013 04:00:09 +0100
Message-ID: <52785F34.6020606@si6networks.com>
Date: Mon, 04 Nov 2013 19:00:04 -0800
From: Fernando Gont <fgont@si6networks.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: Ole Troan <otroan@employees.org>, Fernando Gont <fernando@gont.com.ar>
References: <5278275C.50206@gont.com.ar> <alpine.DEB.2.02.1311050028410.26054@uplift.swm.pp.se> <52783535.9030200@si6networks.com> <20131105001243.53E28985D0D@rock.dv.isc.org> <527839C6.3000805@viagenie.ca> <2134F8430051B64F815C691A62D98318148100@XCH-BLV-504.nw.nos.boeing.com> <F4AB804C-2C8E-40EF-ACE9-0A901E4F5122@employees.org> <52784DD1.7020106@gont.com.ar> <BD308F06-C9E2-42EB-9D23-CFD3432F1A1D@employees.org>
In-Reply-To: <BD308F06-C9E2-42EB-9D23-CFD3432F1A1D@employees.org>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] Some stats on IPv6 fragments and EH filtering on the Internet
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Nov 2013 03:00:38 -0000
On 11/04/2013 06:23 PM, Ole Troan wrote: >> >> In any case, the interesting (and unfortunate) data if the >> chances of success when you use extension headers or >> fragmentation are in the scale of "unlikely". :-( > > I'm not sure you can draw that conclusion without knowing where > the fragments are dropped. > > e.g. you are not saying that fragmented packets will be dropped > anywhere on the link between your home and mine, are you? I'm certainly not. All tests were against web servers. > I'm for example not concerned about a web server or load balancer > that sets TCP MSS to 1220 and then drop fragments. Certainly, there's much more testing to be done (this is even stated in the slideware :-) ). That said, you might still be concerned about the case you meantion -- at least in theory, that case might arise in a NAT64 (?) case. Also, one of the main points of this slideware is that its not just fragments that are dropped, but extension headers in general. In any case, my goal of sharing the results is to trigger discussion and encourage further testing, rather than coming up with scary or bold statements. Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Simon Perreault
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Mark Andrews
- [v6ops] Some stats on IPv6 fragments and EH filte… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Tim Chown
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Mikael Abrahamsson
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Mikael Abrahamsson
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Templin, Fred L
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Joe Touch
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Ole Troan
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Tim Chown
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Jen Linkova
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Mikael Abrahamsson
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Tim Chown
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Ole Troan
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Templin, Fred L
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Tim Chown
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Templin, Fred L
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Jen Linkova
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Ole Troan
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Tim Chown
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Ole Troan
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Gert Doering
- Re: [v6ops] (RIPE Atlas) Some stats on IPv6 fragm… Vesna Manojlovic
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Nick Hilliard
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Nick Hilliard
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Ole Troan
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Nick Hilliard
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Brian E Carpenter
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Jared Mauch
- Re: [v6ops] Some stats on IPv6 fragments and EH f… joel jaeggli
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Nick Hilliard
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Brian E Carpenter
- Re: [v6ops] Some stats on IPv6 fragments and EH f… sthaug
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Templin, Fred L
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Simon Perreault
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Mikael Abrahamsson
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Joe Touch
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Mikael Abrahamsson
- Re: [v6ops] Some stats on IPv6 fragments and EH f… joel jaeggli
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Simon Perreault
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Pedro Torres
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Hannes Frederic Sowa
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Ronald Bonica
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Brian E Carpenter
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Ronald Bonica
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Brian E Carpenter