* Philip Homburg > In your letter dated Mon, 30 Jan 2012 12:18:21 +0100 you wrote: >> Because the network ends up second-guessing the host. RFC 2460 allows >> IPv6 nodes to act on ICMPv6 PTBs w/MTU < 1280 by simply lowering the >> Path MTU for the destination to the indicated value. In other words, an >> IPv6 node can perform Path MTU Discovery for translated IPv4 >> destinations behind IPv4 links that have smaller MTU than 1260. > > From RFC-2460: > "In response to an IPv6 packet that is sent to an IPv4 destination > "(i.e., a packet that undergoes translation from IPv6 to IPv4), the > "originating IPv6 node may receive an ICMP Packet Too Big message > "reporting a Next-Hop MTU less than 1280. In that case, the IPv6 node > "is not required to reduce the size of subsequent packets to less than > "1280, but must include a Fragment header in those packets so that the > "IPv6-to-IPv4 translating router can obtain a suitable Identification > "value to use in resulting IPv4 fragments. Note that this means the > "payload may have to be reduced to 1232 octets (1280 minus 40 for the > "IPv6 header and 8 for the Fragment header), and smaller still if > "additional extension headers are used. > > Yes, it is allowed. But what do you do with hosts that do not do this?
An IPv6 node conforming to the language above must either A) allow PMTUD to work even if the PMTU is <1280, or B) create atomic fragments in order to indicate that it wants the DF flag cleared and IPv4 routers to perform fragmentation. Either approach is valid, and work well today. > And what do you do with the resulting denial of service attack if you allow > anybody to lower your mtu to very small values? Nothing in particular. I haven't had any problems with this in neither IPv4 nor in IPv6, so I can't say I'm terribly concerned about it. In any case, the atomic fragment approach is available for anyone who is concerned about allowing the IPv6 PMTU to drop to IPv4 levels. > You want to import all the bad things of IPv4? Appeal to ridicule / straw man -- Tore Anderson Redpill Linpro AS - http://www.redpill-linpro.com/ -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
