nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPv6 day and tunnels

From: Joel Maslak <jmaslak () antelope net>
Date: Mon, 4 Jun 2012 08:16:32 -0600
On Jun 4, 2012, at 1:01 AM, Owen DeLong <owen () delong com> wrote:


Any firewall/security device manufacturer that says it is will not get any
business from me (or anyone else who considers their requirements
properly before purchasing).


Unfortunately many technology people seem to have the idea, "If I don't understand it, it's a hacker" when it comes to 
network traffic.  And often they don't understand ICMP (or at least PMTU).  So anything not understood gets blocked.  
Then there is the Law of HTTP...

The Law of HTTP is pretty simple: Anything that isn't required for *ALL* HTTP connections on day one of protocol 
implementation will never be able to be used universally.

This includes, sadly, PMTU.  If reaching all possible endpoints is important to your application, you better do it via 
HTTP and better not require PMTU.  It's also why protocols typically can't be extended today at any layer other than 
the "HTTP" layer.

As for the IETF trying to not have people reset DF...good luck with that one...besides, I think there is more broken 
ICMP handling than there are paths that would allow a segment to bounce around for 120 seconds...
Previous By Date Next
Previous By Thread Next

Current thread: