Home page logo
/

nanog logo nanog mailing list archives

Re: Common operational misconceptions
From: Masataka Ohta <mohta () necom830 hpcl titech ac jp>
Date: Thu, 16 Feb 2012 15:11:32 +0900

Mark Andrews wrote:

Well you need to go out of your way to get a ICMP PTB for IPv6
multicast as the default is to fragment multicast packets at the
source at network minimum mtu (RFC3542 - May 2003).  That's not to
say it won't happen.

Yes, it will happen, because RFC3542 was, as was discussed
in IETF, written not to prohibit multicast PMTUD.

So, the problem is real.

As for generation of PTB you rate limit them the way you do for
IPv4.

A problem is that a lot of ICMP packet too big against unicast
is generated, because PMTUD requires hosts periodically try to
send a packet a little larger than the current PMTU.

BTW, that's why IPv6, which inhibit fragmentation by routers,
is no better than IPv4 with fragmentation enabled, because,
periodic generation of ICMP packet too big by routers is as
painful as periodic fragmentation by routers.

Note also that some network processors can't efficiently
distinguish ICMP packets generated against multicast and
unicast.

And why do you need to distingish them?

We don't need to. Instead, we can just give up to use PMTUD
entirely and just send packets of 1280B or less. A problem
is that a tunnel over 1280B PMTU must always fragment 1280B
payload.

You look at the inner
packet not the ICMP source if you want to rate limit return traffic.

That is a possible problem.

Destination address of inner packet is located far inside
of the ICMP (beyond 64B) that it can not be used for
intrinsic filtering capability of some network processors.

                                        Masataka Ohta


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault