Hi, I have done some looking around on linux and found two more sources of IPv6 fragmentation. First, unless explicitly told not to, 'ping6' will use IPv6 fragmentation to ensure that ICMPv6 echo request packets larger than the path MTU are delivered to the final destination. The destination then gets to reassemble the ICMPv6 echo request packets first, and then turns around and uses IPv6 fragmentation to ensure that its ICMPv6 echo replies get back to the source.
Secondly, a router at the head end of an IPv6 IPsec tunnel can in some cases fragment the inner IPv6 packet before encapsulation; the final destination then gets to reassemble. Since this is a tunnel mode operation, the fragmentation occurs regardless of the inner transport layer protocol. This bears some further consideration, because IPv6 routers are not supposed to fragment IPv6 packets in transit. The best I can figure is that an IPsec tunnel router is usually the sole egress point for an IPv6 host located in the protected network so the router can act as if it is a "proxy host". It is then the router (and not the protected host) that inserts the IPv6 fragment header and sets the Identification value. Again, the final destination gets to perform reassembly, and this could be for any transport protocol type; not just for UDP. I believe what I am seeing from my experiments that yielded the above observations is accurate, but would welcome any comments or corrections. Thanks - Fred fred.l.temp...@boeing.com -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
