Hi Mark, > > Actually fragmentation works well unless you have a firewall that drops > fragments. When they are not being deliberately blocked the packets get > through and are reassembled. It is also not many operators. It is some > operators. > The words "many" and "some" don't do justice to the conversation. https://tools.ietf.org/html/draft-ietf-v6ops-ipv6-ehs-in-real-world-02 provides more concrete numbers from real-world observation. Beyond that, I agree that IPv6 fragmentation works perfectly unless firewalls are configured to make it stop working. Sadly, the number of network in which firewalls are so configured is too large to ignore. See the draft mentioned above. > Additionally there is zero reasons why firewalls can't open <src, dst, frag > offset != 0> when they open <src, dst, proto, src port, dst port> for reply > traffic for those that are paranoid about just letting all non-zero fragment > offset through. I just let the non-zero offset fragments through. > > You might get a few extra packet through. > So, you are voicing support for Option 2a (i.e., Convince operators not to drop fragmented packets). This will clearly take time. Do you think that we should do anything else in the interim? Maybe 1b) Write an RFC informing developers of UDP applications of the problem and advising them not to rely on protocol MTU > 1280. Ron