In message <m1cf4bw-0000FfC(_at_)stereo(_dot_)hq(_dot_)phicoh(_dot_)net>,
Philip Homburg writes:
Are you saying:
A correct implementation of RFC2460 MUST NOT insert an EH at any point
along the path other than at the packet source.
Or
A correct implementation of RFC2460 MAY insert an EH at any point along
the path.
Ole doesn't, apparently, want to say either of those things.
I want to say the first *as part of the promotion to Internet Standard*
because it was the clear and documented intent of the authors and WG
of RFC 1883, which became RFC 2460. (Documented in the ancient email I dug
out a while back.) And it has been assumed by subsequent work such
as PMTUD and IPsec/AH.
If we want to *change* it, that's a separate discussion from promoting
the current standard. We can do it afterwards.
(And in answer to some other comments, I'll note that RFC 791 does not
forbid NAT, but I bet the authors would have done so if they'd thought
of it. When did forbidding something in an RFC ever prevent people from
implementing it in a limited domain?)
I agree.
Personally, I wish we could allow routers to insert fragmentation headers.
There is some crazy interaction between DNS and fragmentation that doesn't
happen in IPv4.
With IPv4 DF is 0 unless you are running a out of RFC compliance
stack (Yes I'm talking about Linux) so fragmentation is done when
required. Add to that very few paths that actually require PMTUD
even with DF=1 you don't see issues. As IPv4 as a service becomes
more common you will start to see more issues.
For IPv6 you have to play games with DNS. We tried just fragmenting
at 1280 but the idiots with firewalls that drop all fragments made
that not viable. At the moment named is forcing fragmentation at
1280 on DNS/UDP message sizes > 1432 (IPv6 in IPv4 + UDP header).
This removes most of the PMTUD issues without getting DNS/UDP
messages between 1252 and 1432 bytes dropped just because they were
fragmented.
But in any case, a stronger text doesn't have much impact on parties outside
the IETF. If, as a random example, I came to the conclusion that I can
reduce PMTU problems by having one of my routers fragment IPv6 packets, then
that may violate the spec, but it is possible that the gains are worth it.
So the only purpose of a stronger text against inserting extension headers
would be to prevent IETF working groups from publishing RFCs that use
that technique.
Then the question becomes, why would we need to pre-emptively constrain
ourselves?
If we expect that there is some real world use case where insering
extension headers along the way brings a lot of benefit, then it is much
better to prepare for that situation then writing text to disallow it.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka(_at_)isc(_dot_)org