On Sun, 29 Jul 2018, Joe Touch wrote:
You’re engaging in a game of escalation - whatever layer you add
fragmentation will end up being a layer that a vendor puts a device that
does DPI that fails.
Yes, but I can filter those UDP packets by looking in the UDP header,
that's all the DPI I need in that box. It doesn't need to understand the
upper-protocol level fragmentation, because I do not require it to
understand that protocol at all. I just need for it to understand that
it's UDP and look at the UDP port number.
The biggest mistake of TCP and UDP combined with IP level fragmentation is
that the port information isn't available in every packet.
--
Mikael Abrahamsson email: swm...@swm.pp.se
_______________________________________________
Int-area mailing list
Int-area@ietf.org
https://www.ietf.org/mailman/listinfo/int-area