On 02/08/2016 05:09 PM, Mark Andrews wrote:
In message
<BLUPR05MB1985F5F2BB3118362C67B921AED50(_at_)BLUPR05MB1985(_dot_)namprd05(_dot_)prod.
outlook.com>, Ronald Bonica writes:
Hi Alexey,
This question comes up every few years. The short answer is:
- The vast majority of Internet traffic rides over TCP or UDP
- Generally speaking, traffic that rides over TCP does not rely
on IP fragmentation
- However, traffic the rides over UDP absolutely relies on IP
fragmentation
So, as things stand, IP fragmentation is required to support UDP.
However, the conversation doesnt end at that.
Operational experience has taught us that IPv6 fragmentation does not
work so well. Unlike IPv4, IPv6 encodes fragmentation information in an
IPv6 extension header. Sadly, many operators discard packets containing
that extension header. So, as specified, IPv6 provides fragmentation
services, but as deployed, it does not.
Actually fragmentation works well unless you have a firewall that
drops fragments. When they are not being deliberately blocked the
packets get through and are reassembled. It is also not many
operators. It is some operators.
Additionally there is zero reasons why firewalls can't open <src,
dst, frag offset != 0> when they open <src, dst, proto, src port,
dst port> for reply traffic for those that are paranoid about just
letting all non-zero fragment offset through. I just let the
non-zero offset fragments through.
If and only if the packets do not employ other EHs and all the nodes
behind the fw implement RFC5722...
--
Fernando Gont
SI6 Networks
e-mail: fgont(_at_)si6networks(_dot_)com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492