On Mon, 2007-10-22 at 12:04 +0200, Henning Brauer wrote: > * Claudio Jeker <[EMAIL PROTECTED]> [2007-10-22 08:17]: > > Fragment Reassembly does not happen in the forwarding plane, it happens on > > the end system. By doing "flow" based forwarding on the router you're no > > longer able to do all the additional checks that pf(4) is doing in its > > stateful forwarding path. > > and we don't actually need these on a non-edge router. I'd go so far > to say they hurt in that case.
I agree. Just to confirm... you do not encourage the use of fragment reassembly at forwarding points other than the network periphery? We recently ran into some intermittent TCP connection stalls in a network where end point systems were behind as many a three PF systems end-point to end-point. "pfctl -x loud" had a direct correlation to the stalls and reassemble debug activity output. We didn't debug it too much because there was a mix of 3.7, 3.9, and 4.1 systems and we wanted to standardize on 4.2 before filing any superfluous bug reports. ~BAS > > > There is probably a huge market out there for a commodity standards > > > based hardware (if it could be done) > > I doubt it, the necessary HW is just to expensive and complex. > > I totlly agree with the statement that there is a huge market for > that - but getting supported, fully working hardware at reasonable > prices for it is indeed a gigantic challenge.
