[165227] in North American Network Operators' Group
Re: IP Fragmentation - Not reliable over the Internet?
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Aug 27 01:02:49 2013
To: Christopher Palmer <Christopher.Palmer@microsoft.com>
In-Reply-To: Your message of "Tue, 27 Aug 2013 00:01:45 -0000."
<6e53114d968f40f097a83640d90f9acf@BN1PR03MB171.namprd03.prod.outlook.com>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 27 Aug 2013 01:02:06 -0400
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1377579726_7399P
Content-Type: text/plain; charset=us-ascii
On Tue, 27 Aug 2013 00:01:45 -0000, Christopher Palmer said:
> What is the probability that a random path between two Internet hosts will
> traverse a middlebox that drops or otherwise barfs on fragmented IPv4 packets?
THe fact you're posting indicates that you already know the practical
answer: "Often enough that you need to take defensive measures".
But there's really several separate questions here:
1) What is the probability that a given path ends up fragging a packet
because it isn't MTU 1500 end-to-end?
2) What is the probability that a frag needed is detected by a router
that then botches it?
2a) What is the probability that the router does it right but the source node
shoots itself in the foot by requesting PMTUD, but then blocks inbound ICMP for
"security reasons"?
3) What is the probability that one router correctly frags a packet, but
a subsequent box (most likely a firewall or target host) botches the
re-assembly or other handling?
4) When confronted with the fact that there's a very high correlation between
the level of technical clue that results in procuring and deploying a broken
device, and the level of technical clue clue available to resolve the problem
when you try to contact them, what's the appropriate beverage?
--==_Exmh_1377579726_7399P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iQIVAwUBUhwyzgdmEQWDXROgAQJ3DRAAteqB6kymZhpHthBelxbRtbhcYlhH6B8i
GEDFixTKD+czNf/ibH44TgGcWJSLvVRlRF8/zgiR+MW/n8FD6Nvs9CzCZacVU+KO
JYIc2ouEs0rqca9Z3eOh37u/PvAdTN3OB/Fj4HL2jAfNkRJiaHRd51WgqAS5Ehu1
stp4zs4CnHmF3s4YPsAkz+ZV6nLjcT4CXavbGNFHo5NpMCBb2eObpLY6moi5MZ21
CEldqWBw9N8lpCcAJPFJzjb5Cd4he7/7q2SdkbI3+e2NNnLycYJwFZE5XllkM791
qxXz2kgtN/L18ov/yqkWRwJj4LmudhktIfRFic6voebv4oEAQHA+HieyXTlgGjPN
s+VwDHDsw8DcerHPDFCVyTx8gCjblrbnpERhZilA/j+10q8YINWnu1L8ieT5ZAKv
w/UwrtdVVh+/+8Fqk3xEV/WNHR+ALF0+TyC4sujAmbY2gasoJJwcg/Dl2lK2T1K+
jf0A9qIvPjy+37OJ599KAJlcACIfXAzCXoQ7It4JKrGlPGISlnrratYLQA8S8vPc
CzOkzuyKvwdWrL4CfG3SoTwT3IcOLUCcxAyokIVEUTxkMJ6WDepug53g+ZdkO7kp
HnlfVc/g8vjdHZZsWpmB13sxCJqBx0rwIOUrUoDXxnr9zekkCUmsQZnG2LQFA0iD
Lmbdkl6mZW8=
=8F7N
-----END PGP SIGNATURE-----
--==_Exmh_1377579726_7399P--
