nanog mailing list archives
Re: IP Fragmentation - Not reliable over the Internet?
From: Mark Andrews <marka () isc org>
Date: Fri, 30 Aug 2013 11:15:59 +1000
In message <a708ea6a03eb4ca7a14f5b16e4ce8dda () BN1PR03MB171 namprd03 prod.outlook .com>, Christopher Palmer writes:
This is what I'm concerned about: """ 1. If I originate IP packet fragments, such as an 8000 byte NFS packet broken into 1500 byte fragments, what's the probability of some host before the other endpoint dropping one or all of those fragments? """
For wide area NFS I would be using TCP not UDP. If you can't use TCP you should ensure that the firewalls at both ends pass fragmented UDP packet. NFS is generally not open to the world so fragmentation and NFS is essentially a local issue. Fragments don't get routinely dropped in the core. Ensure that the firealls at both ends pass ICMP/ICMPv6 PTB. Only idiots block all ICMP/ICMPv6. Yes there are a lot of idiots in the world.
Big thanks to everyone who has sent thoughts already, really quite helpful. -----Original Message----- From: wherrin () gmail com [mailto:wherrin () gmail com] On Behalf Of William Herrin Sent: Tuesday, August 27, 2013 10:45 AM To: Christopher Palmer Cc: North American Network Operators' Group Subject: Re: IP Fragmentation - Not reliable over the Internet? On Mon, Aug 26, 2013 at 8:01 PM, Christopher Palmer <Christopher.Palmer () microsoft com> wrote:What is the probability that a random path between two Internet hosts will traverse a middlebox that drops or otherwise barfs on fragmented IPv4 packets?Hi Christopher, I think there might be three rather different questions here: 1. If I originate IP packet fragments, such as an 8000 byte NFS packet broken into 1500 byte fragments, what's the probability of some host before the other endpoint dropping one or all of those fragments? 2. If I send an IP packet that's too large for the path and *don't* set the don't-fragment bit, what' the chance that the router with the too-small next hop will fail to correctly fragment that packet (or that the correctly fragmented packet will fall into trap #1 above)? 3. If I send an IP packet that's too large for the path and *do* set the don't-fragment bit, what's the chance of failing to receive the "packet too big" message it causes the intermediate router to send? Are you after the answer to one in particular? Regards, Bill Herrin -- William D. Herrin ................ herrin () dirtside com bill () herrin us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Re: IP Fragmentation - Not reliable over the Internet?, (continued)
- Re: IP Fragmentation - Not reliable over the Internet? Benno Overeinder (Aug 29)
- Re: IP Fragmentation - Not reliable over the Internet? Randy Bush (Aug 30)
- Re: IP Fragmentation - Not reliable over the Internet? Benno Overeinder (Aug 30)
- Re: IP Fragmentation - Not reliable over the Internet? Emile Aben (Aug 31)
- Re: IP Fragmentation - Not reliable over the Internet? Randy Bush (Aug 31)
- Re: IP Fragmentation - Not reliable over the Internet? Randy Bush (Aug 31)
- Re: IP Fragmentation - Not reliable over the Internet? Jaap Akkerhuis (Aug 27)
- RE: IP Fragmentation - Not reliable over the Internet? Christopher Palmer (Aug 29)
- Re: IP Fragmentation - Not reliable over the Internet? Mark Andrews (Aug 29)
- Re: IP Fragmentation - Not reliable over the Internet? Owen DeLong (Aug 29)
- Re: IP Fragmentation - Not reliable over the Internet? Masataka Ohta (Aug 29)