-----Original Message-----
From: Ronald Bonica [mailto:rbonica(_at_)juniper(_dot_)net]
Sent: Tuesday, October 08, 2013 5:46 PM
To: Ole Troan; Templin, Fred L
Cc: ipv6(_at_)ietf(_dot_)org; ietf(_at_)ietf(_dot_)org
Subject: RE: Last Call: <draft-ietf-6man-oversized-header-chain-08.txt>
(Implications of Oversized IPv6 Header Chains) to Proposed Standard
I agree with Ole.
How so? A tunnel that crosses a 1280 MTU link MUST fragment
in order to satisfy the IPv6 minMTU. If it must fragment, then
an MTU-length IPv6 header chain would not fit within the first
fragment, and we have opened an attack vector against tunnels.
This is not a matter to be agreed or disagreed with - it is
a simple fact.
Thanks - Fred
fred(_dot_)l(_dot_)templin(_at_)boeing(_dot_)com
Ron
-----Original Message-----
From: ipv6-bounces(_at_)ietf(_dot_)org
[mailto:ipv6-bounces(_at_)ietf(_dot_)org] On Behalf
Of
Ole Troan
Sent: Tuesday, October 08, 2013 12:17 PM
To: Templin, Fred L
Cc: ipv6(_at_)ietf(_dot_)org; ietf(_at_)ietf(_dot_)org; IETF-Announce
Subject: Re: Last Call: <draft-ietf-6man-oversized-header-chain-
08.txt>
(Implications of Oversized IPv6 Header Chains) to Proposed Standard
Fred,
Hi, I would like to make a small amendment to what I said in my
previous message as follows:
4) Section 5, change the final paragraph to:
"As a result of the above mentioned requirements, a packet's
header
chain length MUST fit within the Path MTU associated with its
destination. Hosts MAY discover the Path MTU, using procedures
such
as those defined in [RFC1981] and [RFC4821]. However, if a host
does
not discover the Path MTU, it MUST assume the IPv6 minumum MTU of
1280 bytes [RFC2460]. The host MUST then limit each packet's
header
chain length to the Path MTU minus 256 bytes in case additional
encapsulation headers are inserted by tunnels on the path."
I would claim that additional encapsulation headers are already
considered in the 1280 minimum MTU.
as in: 1500 - 1280.
cheers,
Ole