[165340] in North American Network Operators' Group
Re: IP Fragmentation - Not reliable over the Internet?
daemon@ATHENA.MIT.EDU (Masataka Ohta)
Fri Aug 30 02:40:56 2013
Date: Fri, 30 Aug 2013 15:39:39 +0900
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
To: nanog@nanog.org
In-Reply-To: <20130830011600.1091838FEF4F@drugs.dv.isc.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Mark Andrews wrote:
> Ensure that the firealls at both ends pass ICMP/ICMPv6 PTB. Only
> idiots block all ICMP/ICMPv6. Yes there are a lot of idiots in the
> world.
The worst idiots are people who designed ICMPv6 [RFC2463] as:
(e.2) a packet destined to an IPv6 multicast address (there are
two exceptions to this rule: (1) the Packet Too Big
Message - Section 3.2 - to allow Path MTU discovery to
work for IPv6 multicast, and (2) the Parameter Problem
Message, Code 2 - Section 3.4 - reporting an unrecognized
IPv6 option that has the Option Type highest-order two
bits set to 10), or
which makes it necessary, unless you are idiots, to filter ICMPv6
PTB against certain packets, including but not limited to,
multicast ones.
Masataka Ohta
