Re: [v6ops] Last Call: <draft-ietf-v6ops-ra-guard-implementation-04.txt> (Implementation Advice for IPv6 Router Advertisement Guard (RA-Guard)) to Best Current Practice

[Fernando Gont <fgont@si6networks.com>]

Hi, Ron,

On 05/31/2012 12:16 PM, Ronald Bonica wrote:
> 1) Hosts MUST NOT fragment ICMPv6 Router Solicitation, Router
> Advertisement, Neighbor Solicitation, Neighbor Advertisement or
> Redirect messages.

This one is correct.

Note that in draft-gont-6man-nd-extension-headers, we're currently
saying "SHOULD NOT", but this should probably be changed to "MUST NOT",
as you indicate.



> 1) Hosts MUST NOT fragment any other ICMPv6 message unless the IPv6
> header, all extension headers, the ICMPv6 type, code, and checksum
> are included in the first fragment

This one is a subset of "3)" below, so need for special requirements
here -- i.e., we don't need to make ICMPv6 a special case.



> 3) Hosts MUST NOT fragment packets carrying any next-layer protocol
> unless the IPv6 header, all extension headers, the entire next-layer
> protocol header are included in the first fragment. TCP and UDP are
> examples of next-layer protocols.

This is correct.

We have expressed this requirement (in
draft-gont-6man-oversized-header-chain-01.txt) as:

   All IPv6 packets MUST contain the entire IPv6 header chain within the
   first "assumed Path-MTU" bytes of the packet.  If a packet is
   fragmented, the first fragment of the packet (i.e., that with a
   Fragment Offset of 0) must contain the entire IPv6 header chain
   within the first "assumed Path-MTU" [RFC1981] [RFC4821] bytes of the
   packet.


> Do I have this right?

Yes.

Cheers,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492