On Nov 1, 2019, at 12:39 AM, Joe Touch <[email protected]> wrote: > On Oct 31, 2019, at 5:07 PM, Erik Kline <[email protected]> wrote: >> >> It may be folly to try to modify IPv4 implementations at this point. I >> have no objections if you wish to try pushing this big rock up hill, but I >> doubt you will be successful. >> >> BTW, what *actually* prevents a middlebox from doing IPv6 fragmentation? > > Expecting it to work. That middlebox has no idea what packets are going > through other middleboxes from the same endpoint. There’s no way it can pick > IDs to avoid collision, the way the origin can. That’s why both IPv4 and IPv6 > rely on the origin creating those IDs. > > The result would either be significantly increased reassembly errors, sort of > like accidental poisoning of the receiver’s cache, or potentially resulting > in incorrect packets (the latter could be more likely in some cases, e.g., > when the fragment happens to have a zero IP checksum).
I don't especially disagree with you, BUT... Thinking about middlebox fragmentation. OK, suppose I am a company with N middleboxen. Suppose I configured the middleboxes to generate N disjoint ranges of IDs. If I have a datagram arriving at a middle box and being fragmented into two or more, and the ID generated is within the range assigned to the middle box, I don't think the results you predict actually transpire. Note that I'm not writing a draft about that. I'm not sure I want anyone thinking it's a great idea and needs to be implemented. _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
