nanog mailing list archives
RE: v6 DNSSEC fail, was Buying IPv4 blocks
From: "Naslund, Steve" <SNaslund () medline com>
Date: Mon, 8 Oct 2018 03:47:25 +0000
On 10/5/18 1:53 AM, Mark Andrews wrote: If you don’t want fragmented IPv6 UDP responses use server ::/0 { edns-udp-size 1232; }; That’s 1280 - IPv6 header - UDP header. Anything bigger than that can theoretically be fragmented. You will then have to deal with PMTUD failures as the servers switch over to TCP.
That is true provided that you accept that some people may not be able to respond without the packet getting fragmented due to tunneling or a million other reasons they may not support that MTU. Nonstandard MTU has always and seems will continue to be problematic. It all really began with tunneling which by its nature lowers the MTU available to the application. Firewalls really have to just deal with it and do the re-assembly they need to. It does create tremendous performance issues for these devices at high bandwidth. Bottom line is fragmentation sucks and V6 does not make it any better. Steven Naslund Chicago IL
Current thread:
- Re: Buying IPv4 blocks, (continued)
- Re: Buying IPv4 blocks Ross Tajvar (Oct 04)
- Re: Buying IPv4 blocks Matt Harris (Oct 04)
- Re: Buying IPv4 blocks John Levine (Oct 04)
- Re: Buying IPv4 blocks Marco Davids via NANOG (Oct 04)
- Re: v6 DNSSEC fail, was Buying IPv4 blocks John Levine (Oct 04)
- Re: v6 DNSSEC fail, was Buying IPv4 blocks Mark Tinka (Oct 04)
- Re: v6 DNSSEC fail, was Buying IPv4 blocks Mark Andrews (Oct 04)
- Re: v6 DNSSEC fail, was Buying IPv4 blocks Brandon Martin (Oct 04)
- Re: v6 DNSSEC fail, was Buying IPv4 blocks Mark Andrews (Oct 05)
- Re: v6 DNSSEC fail, was Buying IPv4 blocks Brandon Martin (Oct 05)
- RE: v6 DNSSEC fail, was Buying IPv4 blocks Naslund, Steve (Oct 07)
- Re: v6 DNSSEC fail, was Buying IPv4 blocks Brandon Martin (Oct 07)
- Re: v6 DNSSEC fail, was Buying IPv4 blocks Bryce Wilson (Oct 09)