[157584] in North American Network Operators' Group
Re: IP tunnel MTU
daemon@ATHENA.MIT.EDU (Masataka Ohta)
Tue Oct 30 00:08:48 2012
Date: Tue, 30 Oct 2012 13:07:19 +0900
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
To: nanog@nanog.org
In-Reply-To: <E1829B60731D1740BB7A0626B4FAF0A65E0E03E664@XCH-NW-01V.nw.nos.boeing.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Templin, Fred L wrote:
>> I wish you luck in getting your host IP stacks to work properly without
>> ICMP, especially as you deploy IPv6.
>>From what I've heard, ICMPv6 is already being filtered, including
> PTBs.
As v6 PTBs are specified to be generated even against
multicast packets, it is of course that they are dropped
to prevent ICMP implosions.
But, it is a very serious problem of not only tunnels but
entire IPv6.
That is, if PMTUD is unavailable, IPv6 hosts are prohibited
to send packets larger than 1280B.
Then, ignoring the prohibition, tunnel end points may send
packets a little larger than 1280B, which means physical link
MTU of 1500B or a little smaller than that is enough for
nested tunnels.
Thus, no new tunneling protocol is necessary.
The harder part of the job is to disable PMTUD on all the
IPv6 implementations.
> I have also heard that IPv6 fragments are also being dropped
> unconditionally along some paths.
Again, it is not a problem of tunnels only.
If that is the operational reality, specifications on
fragmentation must be dropped from IPv6 specification.
Masataka Ohta
