Joe,
> On 16 Aug 2018, at 15:58, Joe Touch <to...@strayalpha.com> wrote:
>
>
>
>> On Aug 16, 2018, at 5:47 AM, Ole Troan <otr...@employees.org> wrote:
>>
>> Joe,
>>
>>>> IPv4 fragments do have a higher drop probability than other packets. Just
>>>> from the fact that multiple end-users are sharing a 16 bit identifier
>>>> space.
>>>
>>> It’s really the fact that NATs that process fragments don’t reassemble
>>> before translating and/or don’t rate limit fragments they generate as
>>> already required by 791 (as explained in 6884).
>>
>> That’s incorrect.
>> See https://tools.ietf.org/html/rfc7597#section-8.3.3
>
> You should re-read that RFC. It correctly points out that this is a flaw in
> current devices.
>
> There is a solution - reassemble before NATing, and when issuing the new
> packets, issue then with IDs generated at the NAT.
These are not NATs. They are specifically designed to be stateless. Sure you
can argue that the A+P solutions break the Internet, our answer to that oh
well, move to IPv6.
> The correct behavior is already indicated in RFC 6864, Sec 5.3.1
>>> A NAT that is broken isn’t helping users share addresses. It’s just broken.
>>
>> I wish it was that simple.
>
> It’s not simple, but saying that “fragmentation is broken” does not make it
> more simple either.
True.
Regardless, I fear we aren’t going to agree on this, but at least I think we
have understood each other’s points.
Cheers
Ole
_______________________________________________
Int-area mailing list
Int-area@ietf.org
https://www.ietf.org/mailman/listinfo/int-area
