nanog mailing list archives
Re: NIST and SP800-119
From: Douglas Otis <dotis () mail-abuse org>
Date: Thu, 17 Feb 2011 07:52:12 +0800
On 2/16/11 10:57 PM, Joe Abley wrote:
Bill makes a good point. Ensuring a minimum MTU of 1280 octets over v6 connections carrying protocol 41 will not allow subsequent v4 routers to fragment based upon discovered PMTUs. This could influence maximum UDP packets from a DNS server for example, where path MTU discovery is impractical. To be assured of continued operation for critical infrastructure, minimum MTUs of 1280 for v6 connections that might handle protocol 41 packets, becomes 1280 - 40 - 8 = 1232 or less as indicated in RFC2460. As suggested, there might be another 18 octet header, like L2TP, where the maximum MTU safely assumed becomes 1214.On 2011-02-16, at 02:44, Douglas Otis wrote:Routers indicate local MTUs, but minimum MTUs are not assured to have 1280 octets when IPv4 translation is involved. See Section 5 in rfc2460.I've heard that interpretation of 2460 before from Bill Manning, but I still don't see it myself. The text seems fairly clear that 1280 is the minimum MTU for any interface, regardless of the type of interface (tunnel, PPP, whatever). In particular, Links that have a configurable MTU (for example, PPP links [RFC- 1661]) must be configured to have an MTU of at least 1280 octets; it is recommended that they be configured with an MTU of 1500 octets or greater, to accommodate possible encapsulations (i.e., tunneling) without incurring IPv6-layer fragmentation. That same section indicates that pMTUd is strongly recommended in IPv6 rather than mandatory, but in the context of embedded devices that can avoid implementing pMTUd by never sending a packet larger than the minimum MTU. Such devices would break if there was an interface (of any kind) in the path with a sub-1280 MTU.
Perhaps IPv6 should have specified a required minimum of 1346 octets, where 1280 octets could be safely assumed available. A SHOULD is not a MUST, but critical operations MUST be based upon the MUSTs. How much longer will native v4 be carried over the Internet anyway? :^)
-Doug
Current thread:
- Re: NIST and SP800-119, (continued)
- Re: NIST and SP800-119 William Herrin (Feb 14)
- Re: NIST and SP800-119 Joe Abley (Feb 15)
- Re: NIST and SP800-119 William Herrin (Feb 15)
- Re: NIST and SP800-119 Joe Abley (Feb 15)
- Re: NIST and SP800-119 Steven Bellovin (Feb 15)
- Re: NIST and SP800-119 Mohacsi Janos (Feb 15)
- Re: NIST and SP800-119 Mans Nilsson (Feb 15)
- Re: NIST and SP800-119 Joe Abley (Feb 15)
- Re: NIST and SP800-119 Jared Mauch (Feb 15)
- Re: NIST and SP800-119 William Herrin (Feb 14)
- Re: NIST and SP800-119 Douglas Otis (Feb 15)
- Re: NIST and SP800-119 Joe Abley (Feb 16)
- Re: NIST and SP800-119 Douglas Otis (Feb 16)