[165229] in North American Network Operators' Group
Re: IP Fragmentation - Not reliable over the Internet?
daemon@ATHENA.MIT.EDU (Owen DeLong)
Tue Aug 27 03:36:37 2013
From: Owen DeLong <owen@delong.com>
In-Reply-To: <70257.1377579726@turing-police.cc.vt.edu>
Date: Tue, 27 Aug 2013 00:34:57 -0700
To: Valdis.Kletnieks@vt.edu
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Aug 26, 2013, at 22:02 , Valdis.Kletnieks@vt.edu wrote:
> On Tue, 27 Aug 2013 00:01:45 -0000, Christopher Palmer said:
>> What is the probability that a random path between two Internet hosts =
will
>> traverse a middlebox that drops or otherwise barfs on fragmented IPv4 =
packets?
>=20
> THe fact you're posting indicates that you already know the practical
> answer: "Often enough that you need to take defensive measures".
>=20
> But there's really several separate questions here:
>=20
> 1) What is the probability that a given path ends up fragging a packet
> because it isn't MTU 1500 end-to-end?
>=20
> 2) What is the probability that a frag needed is detected by a router
> that then botches it?
>=20
> 2a) What is the probability that the router does it right but the =
source node
> shoots itself in the foot by requesting PMTUD, but then blocks inbound =
ICMP for
> "security reasons"?
>=20
> 3) What is the probability that one router correctly frags a packet, =
but
> a subsequent box (most likely a firewall or target host) botches the
> re-assembly or other handling?
>=20
> 4) When confronted with the fact that there's a very high correlation =
between
> the level of technical clue that results in procuring and deploying a =
broken
> device, and the level of technical clue clue available to resolve the =
problem
> when you try to contact them, what's the appropriate beverage?
>=20
>=20
>=20
That's a lot of questions he didn't ask.
As I read it, the question he asked is:
If I send a packet out as a legitimate series of fragments, what is the =
chance
that they will get dropped somewhere in the middle of the path between =
the
emitting host and the receiving host?
To my thinking, the answer to that question is basically "pretty close =
to 0 and
if that changes in the core, very bad things will happen."
Owen
