NIST and SP800-119
dotis at mail-abuse.org
Wed Feb 16 01:44:11 CST 2011
On 2/15/11 11:09 PM, Joe Abley wrote:
> On 2011-02-14, at 21:41, William Herrin wrote:
>> On Mon, Feb 14, 2011 at 7:24 PM, TR Shaw<tshaw at oitc.com> wrote:
>>> Just wondering what this community thinks of NIST in
>>> general and their SP800-119 (
>>> http://csrc.nist.gov/publications/nistpubs/800-119/sp800-119.pdf )
>>> writeup about IPv6 in particular.
>> Well, according to this document IPv4 path MTU discovery is,
>> "optional, not widely used."
> Optional seems right. Have there been any recent studies on how widely pMTUd is actually used in v4?
> More contentious is that Path MTU discovery is "strongly recommended" in IPv6. Surely it's mandatory whenever you're exchanging datagrams larger than 1280 octets? Otherwise the sender can't fragment.
Routers indicate local MTUs, but minimum MTUs are not assured to have
1280 octets when IPv4 translation is involved. See Section 5 in
rfc2460. (1280 minus 40 for the IPv6 header and 8 for the Fragment
header.) Bill suggested this could even be smaller. This also ignores
likely limited resources to resolve addresses within a /64. Public
facing servers might be placed into much smaller ranges to avoid
supporting 16M multicast. Also there might be a need to limit ICMPv6
functions as well, depending upon the features found in layer-2 switches.
More information about the NANOG