[153265] in North American Network Operators' Group
Re: IPv6 day and tunnels
daemon@ATHENA.MIT.EDU (Joel Maslak)
Mon Jun 4 10:17:36 2012
In-Reply-To: <D80CB26F-73C1-4B06-89F0-006BB6876C01@delong.com>
From: Joel Maslak <jmaslak@antelope.net>
Date: Mon, 4 Jun 2012 08:16:32 -0600
To: Owen DeLong <owen@delong.com>
Cc: North American Networking and Offtopic Gripes List <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jun 4, 2012, at 1:01 AM, Owen DeLong <owen@delong.com> wrote:
> Any firewall/security device manufacturer that says it is will not get any=
> business from me (or anyone else who considers their requirements
> properly before purchasing).
Unfortunately many technology people seem to have the idea, "If I don't unde=
rstand it, it's a hacker" when it comes to network traffic. And often they d=
on't understand ICMP (or at least PMTU). So anything not understood gets bl=
ocked. Then there is the Law of HTTP...
The Law of HTTP is pretty simple: Anything that isn't required for *ALL* HTT=
P connections on day one of protocol implementation will never be able to be=
used universally.
This includes, sadly, PMTU. If reaching all possible endpoints is important=
to your application, you better do it via HTTP and better not require PMTU.=
It's also why protocols typically can't be extended today at any layer oth=
er than the "HTTP" layer.
As for the IETF trying to not have people reset DF...good luck with that one=
...besides, I think there is more broken ICMP handling than there are paths t=
hat would allow a segment to bounce around for 120 seconds...
