I would note that tunnel mechanisms either need a very good path "size"
reporting mechanism or a way to fragment. As the tunnel entry and exit
are end-points, and as path "size" discovery has many problems, many
tunnel mechanisms do us IP (v4 or v6) fragmentation.
Admittedly, none of them like it, and most recommend that if you can do
path MTU discovery you should, but we want things to work.
Yours,
Joel
On 2/8/16 1:23 PM, Warren Kumari wrote:
On Mon, Feb 8, 2016 at 9:05 AM David Borman <dab@xxxxxxxxxxxxxxxxx
<mailto:dab@xxxxxxxxxxxxxxxxx>> wrote:
> On Feb 8, 2016, at 10:08 AM, Alexey Eromenko <al4321@xxxxxxxxx
<mailto:al4321@xxxxxxxxx>> wrote:
>
> On Mon, Feb 8, 2016 at 5:52 PM, John Levine <johnl@xxxxxxxxx
<mailto:johnl@xxxxxxxxx>> wrote:
> >2. What kind of UDP applications use such big packets, over 1280
bytes ?
>
> >Um, the DNS with EDNS0, and particularly with DNSSEC? Is this a
trick question?
>
>
> Yes.
> The trick lies right there in IPv6 specification:
>
> "A node must be able to accept a fragmented packet that, after
> reassembly, is as large as 1500 octets."
> ... which is not much greater than 1280 bytes defined as minimum
MTU for IPv6.
>
> Basically, Fragmentation, as specified in RFC-2460 (IPv6), solves
the problem ONLY for packet-sized between 1280 and 1500 bytes. Which
is why I doubt if it is useful at all.
That’s the minimum required implementation, which guarantees that
you can send at least a basic ethernet sized packet to any host.
What is omitted in the above qoute is next 2 sentences:
"A node is permitted to
accept fragmented packets that reassemble to more than 1500 octets.
An upper-layer protocol or application that depends on IPv6
fragmentation to send packets larger than the MTU of a path should
not send packets larger than 1500 octets unless it has assurance
that
the destination is capable of reassembling packets of that larger
size.”
So if you are writing an application that needs >1500 octets, use an
IPv6 implementation that supports >1500 octet fragmentation and
reassembly.
... but as an application writer (or, basically anyone else), I have no
control over the "IPv6 implementation". Even if I'm in an environment
where I do control the OS / model of all devices, and I know they
support >1500 octet, it seems like a bad idea to *rely* on that.
Sometime I'm going to want to change OS / add some other device, be able
to interact with some other system. This sounds like vendor lock at its
worst...
W
-David Borman
>
> (I also understand, that IPv4 fragmentation is much more
flexible, yes. It can go as small as 68 byte packets.)