Re: NIST and SP800-119

[Douglas Otis <dotis () mail-abuse org>]

On 2/15/11 11:09 PM, Joe Abley wrote:
> On 2011-02-14, at 21:41, William Herrin wrote:
> > On Mon, Feb 14, 2011 at 7:24 PM, TR Shaw<tshaw () oitc com>  wrote:
> > > Just wondering what this community thinks of NIST in
> > > general and their SP800-119 (
> > > http://csrc.nist.gov/publications/nistpubs/800-119/sp800-119.pdf )
> > > writeup about IPv6 in particular.
> > Well, according to this document IPv4 path MTU discovery is,
> > "optional, not widely used."
> Optional seems right. Have there been any recent studies on how widely pMTUd is actually used in v4?
>
> More contentious is that Path MTU discovery is "strongly recommended" in IPv6. Surely it's mandatory whenever you're 
> exchanging datagrams larger than 1280 octets? Otherwise the sender can't fragment.
Routers indicate local MTUs, but minimum MTUs are not assured to have 
1280 octets when IPv4 translation is involved. See Section 5 in 
rfc2460.  (1280 minus 40 for the IPv6 header and 8 for the Fragment 
header.)  Bill suggested this could even be smaller.  This also ignores 
likely limited resources to resolve addresses within a /64.  Public 
facing servers might be placed into much smaller ranges to avoid 
supporting 16M multicast.  Also there might be a need to limit ICMPv6 
functions as well, depending upon the features found in layer-2 switches.

-Doug