Templin, Fred L wrote:
Take the simplest case when the host assumes a path MTU of 1280.
If there is a tunnel in the path that crosses another 1280 link,
then the tunnel has to fragment, and the header chain might not
all fit within the first fragment if the host does not allow
headspace room. If the host limits the size of its header chain
to 1280 - 512 = 1024 bytes, then the entire chain should fit
within the first fragment even if there are multiple nested
tunnel ingresses on the path and each one of them fragments.
Why do you think the first fragment is considerably longer
than 1024B?
As is specified in rfc791:
In the above procedure each fragment (except the last) was made
the maximum allowable size. An alternative might produce less
than the maximum size datagrams. For example, one could implement
a fragmentation procedure that repeatly divided large datagrams in
half until the resulting fragments were less than the maximum
transmission unit size.
it is allowed (and is better) to fragment a 1300B packet into two
mostly equally sized (about 700B) packets than two packets of a
1280B (or 1276B) one and a much shorter one.
It is especially so when tunnels with outer MTU of 1280B, which
can carry 700B (but not 1276B/1280B) packets without further
fragmentation, are used.
You should also assume that outer IP of a tunnel may also have
its own lengthy extension headers, length of which must also
be restricted (much below 1280B).
Note also that DNS requires each UDP packet carry a 512B message,
header chain (including UDP header) must be shorter than 989B
(minimum reassembly buffer size of IPv6 is 1500B).
Worse, as some extension headers are inserted without application
control, e.g.:
In that case, the IPv6 node
is not required to reduce the size of subsequent packets to less than
1280, but must include a Fragment header in those packets so that the
IPv6-to-IPv4 translating router can obtain a suitable Identification
value to use in resulting IPv4 fragments. [rfc2460]
and
The Home Address option is carried by the Destination Option
extension header (Next Header value = 60). It is used in a packet
sent by a mobile node while away from home, to inform the recipient
of the mobile node's home address. [rfc3775]
it is really hard, if not impossible, to let transport/application
protocols (such as DNS and TCP) adjust payload size to avoid
fragmentation. As noted above, even with fragmentation, DNS can't
adjust payload size below 512B.
Masataka Ohta