nanog mailing list archives
Re: Internet Exchanges supporting jumbo frames?
From: Mark Andrews <marka () isc org>
Date: Sun, 13 Mar 2016 08:28:27 +1100
In message <CADb+6TAqqYc2yLUGV7n4Qiioq8qasriNsBtCRNNvB2K1A-t1rw () mail gmail com> , Joel Maslak writes:
On Wed, Mar 9, 2016 at 9:27 AM, joel jaeggli <joelja () bogus com> wrote:PMTU blackhole detection implemented in all hosts. IPv4 is lost cause inmy opinion (although it's strange how many hosts that seem to get away with 1492 (or is it 1496) MTU because they're using PPPoE).if your adv_mss is set accordingly you can get away with a lot.At least for TCP. EDNS with sizes > 14xx bytes just plain doesn't universally work across the internet, yet it's the default everywhere.
If you fix your own firewall to accept fragmented packets EDNS basically works. Over the years I've see a couple of sites which can't emit fragmented EDNS but they are few and far between. Firewall vendors could also do the correct thing and support installing slits as well as than pinholes when generating reply traffic acceptance rules on the fly. They could be honest and acknowledge that legitimate reply traffic includes packet fragments and build their boxes to support it. Outbound allow proto udp from any to any 53 keep-state permit-frags could generate allow proto udp from dst 53 to src src-port and allow proto udp from dst to src frag offset != 0 You still have the protocol and the source and destination addresses. You also don't allow full packets to reassemble via the slit rule. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Re: Internet Exchanges supporting jumbo frames?, (continued)
- Re: Internet Exchanges supporting jumbo frames? Stefan Neufeind (Mar 09)
- Re: Internet Exchanges supporting jumbo frames? Nick Hilliard (Mar 09)
- Re: Internet Exchanges supporting jumbo frames? Mikael Abrahamsson (Mar 09)
- Re: Internet Exchanges supporting jumbo frames? David Bass (Mar 09)
- Re: Internet Exchanges supporting jumbo frames? Mikael Abrahamsson (Mar 09)
- Re: Internet Exchanges supporting jumbo frames? Nick Hilliard (Mar 09)
- Re: Internet Exchanges supporting jumbo frames? William Herrin (Mar 09)
- Re: Internet Exchanges supporting jumbo frames? joel jaeggli (Mar 09)
- Re: Internet Exchanges supporting jumbo frames? Joel Maslak (Mar 10)
- Re: Internet Exchanges supporting jumbo frames? Mark Andrews (Mar 12)
- Re: Internet Exchanges supporting jumbo frames? Kurt Kraut via NANOG (Mar 09)
- Re: Internet Exchanges supporting jumbo frames? Niels Bakker (Mar 09)
- Re: Internet Exchanges supporting jumbo frames? Tassos Chatzithomaoglou (Mar 09)
- Re: Internet Exchanges supporting jumbo frames? Frank Habicht (Mar 12)
- Re: Internet Exchanges supporting jumbo frames? Chris Woodfield (Mar 17)
- Re: Internet Exchanges supporting jumbo frames? Nikolay Shopik (Mar 17)
- Re: Internet Exchanges supporting jumbo frames? Baldur Norddahl (Mar 17)