BACKGROUND: After this draft becomes a standard, and implementers have time to update their code, there seems to be a good chance that more fragmented packets will be able to traverse various middleboxes (e.g. firewalls, NATs, whatever else).
Off list feedback indicates that for several middlebox implementers, it is important that the middlebox is able to examine the TCP Flags in any first fragment containing TCP as the terminal payload. Reportedly, checks for invalid TCP Flag combinations are considered essential in deciding whether to allow a packet. For UDP or ESP, however, the first 8 bytes is reportedly sufficient. COMMENT: Various folks makes a persuasive case that this draft ought to more explicitly specify, for each terminating payload type, how many bytes need to be included in the first fragment. However, as someone who has worked on more than one IPv6 implementation, I disagree with Brian that adding a case statement to the existing IPv6 fragmentation code is a big deal in an IPv6 host implementation. While one of those implementations was in an ordinary host, two of those implementations were in embedded systems, so I am familiar with the constraints of embedded systems. In any event, the I-D only needs specify a *minimum* number of bytes for each terminal payload type that is to be included in the first fragment. So, purely for example, if ESP/UDP had a value of 8 bytes minimum, while TCP had a value of 16 bytes minimum, code would be compliant EITHER if it had a case statement OR if it always included at least 16 bytes. PROPOSAL: Perhaps Fernando could edit the draft to specify, on a per terminal payload basis, the minimum number of initial bytes to include in the first fragment. Purely for clarity, and one would hope this would be blatantly obvious already, I'd also suggest adding a sentence explicitly stating that an implementation MAY include more bytes than the minimum in its first fragments. HOPE: One would hope that after those 2 edits are made, then this I-D would be ready to begin WG Last Call. Cheers, Ran -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
