IP Fragmentation - Not reliable over the Internet?

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Aug 27 05:02:06 UTC 2013


On Tue, 27 Aug 2013 00:01:45 -0000, Christopher Palmer said:
> What is the probability that a random path between two Internet hosts will
> traverse a middlebox that drops or otherwise barfs on fragmented IPv4 packets?

THe fact you're posting indicates that you already know the practical
answer: "Often enough that you need to take defensive measures".

But there's really several separate questions here:

1) What is the probability that a given path ends up fragging a packet
because it isn't MTU 1500 end-to-end?

2) What is the probability that a frag needed is detected by a router
that then botches it?

2a) What is the probability that the router does it right but the source node
shoots itself in the foot by requesting PMTUD, but then blocks inbound ICMP for
"security reasons"?

3) What is the probability that one router correctly frags a packet, but
a subsequent box (most likely a firewall or target host) botches the
re-assembly or other handling?

4) When confronted with the fact that there's a very high correlation between
the level of technical clue that results in procuring and deploying a broken
device, and the level of technical clue clue available to resolve the problem
when you try to contact them, what's the appropriate beverage?



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20130827/90488e9c/attachment.bin>


More information about the NANOG mailing list