nanog mailing list archives
Re: IP Fragmentation - Not reliable over the Internet?
From: Valdis.Kletnieks () vt edu
Date: Tue, 27 Aug 2013 01:02:06 -0400
On Tue, 27 Aug 2013 00:01:45 -0000, Christopher Palmer said:
What is the probability that a random path between two Internet hosts will traverse a middlebox that drops or otherwise barfs on fragmented IPv4 packets?
THe fact you're posting indicates that you already know the practical answer: "Often enough that you need to take defensive measures". But there's really several separate questions here: 1) What is the probability that a given path ends up fragging a packet because it isn't MTU 1500 end-to-end? 2) What is the probability that a frag needed is detected by a router that then botches it? 2a) What is the probability that the router does it right but the source node shoots itself in the foot by requesting PMTUD, but then blocks inbound ICMP for "security reasons"? 3) What is the probability that one router correctly frags a packet, but a subsequent box (most likely a firewall or target host) botches the re-assembly or other handling? 4) When confronted with the fact that there's a very high correlation between the level of technical clue that results in procuring and deploying a broken device, and the level of technical clue clue available to resolve the problem when you try to contact them, what's the appropriate beverage?
Attachment:
_bin
Description:
Current thread:
- IP Fragmentation - Not reliable over the Internet? Christopher Palmer (Aug 26)
- Re: IP Fragmentation - Not reliable over the Internet? Valdis . Kletnieks (Aug 26)
- Re: IP Fragmentation - Not reliable over the Internet? Owen DeLong (Aug 27)
- Re: IP Fragmentation - Not reliable over the Internet? Valdis . Kletnieks (Aug 27)
- Re: IP Fragmentation - Not reliable over the Internet? Blake Dunlap (Aug 27)
- Re: IP Fragmentation - Not reliable over the Internet? Owen DeLong (Aug 27)
- Re: IP Fragmentation - Not reliable over the Internet? Tore Anderson (Aug 27)
- Re: IP Fragmentation - Not reliable over the Internet? Emile Aben (Aug 28)
- Re: IP Fragmentation - Not reliable over the Internet? Owen DeLong (Aug 28)
- Re: IP Fragmentation - Not reliable over the Internet? Emile Aben (Aug 29)
- Re: IP Fragmentation - Not reliable over the Internet? Owen DeLong (Aug 27)
- Re: IP Fragmentation - Not reliable over the Internet? Valdis . Kletnieks (Aug 26)
- Re: IP Fragmentation - Not reliable over the Internet? Emile Aben (Aug 27)