v6 DNSSEC fail, was Buying IPv4 blocks

• Previous message (by thread): v6 DNSSEC fail, was Buying IPv4 blocks
• Next message (by thread): v6 DNSSEC fail, was Buying IPv4 blocks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/7/18 11:47 PM, Naslund, Steve wrote:
> That is true provided that you accept that some people may not be able to respond without the packet getting fragmented due to tunneling or a million other reasons they may not support that MTU.   Nonstandard MTU has always and seems will continue to be problematic.  It all really began with tunneling which by its nature lowers the MTU available to the application.  Firewalls really have to just deal with it and do the re-assembly they need to.  It does create tremendous performance issues for these devices at high bandwidth.  Bottom line is fragmentation sucks and V6 does not make it any better.

Except that, in IPv6-land, anyone with effective MTU < 1280 has the onus 
put on them to "make things work" i.e. come up with an adaptation layer 
or some sort of tunnel-layer transparent fragmentation.  If you're 
relying on The Internet to fragment to <1280 for you, you're bound to 
see breakage.  I'd like to think we can safely ignore this case in terms 
of operations.
-- 
Brandon Martin

• Previous message (by thread): v6 DNSSEC fail, was Buying IPv4 blocks
• Next message (by thread): v6 DNSSEC fail, was Buying IPv4 blocks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]