v6 DNSSEC fail, was Buying IPv4 blocks

Brandon Martin lists.nanog at monmotha.net
Mon Oct 8 03:55:15 UTC 2018

On 10/7/18 11:47 PM, Naslund, Steve wrote:
> That is true provided that you accept that some people may not be able to respond without the packet getting fragmented due to tunneling or a million other reasons they may not support that MTU.   Nonstandard MTU has always and seems will continue to be problematic.  It all really began with tunneling which by its nature lowers the MTU available to the application.  Firewalls really have to just deal with it and do the re-assembly they need to.  It does create tremendous performance issues for these devices at high bandwidth.  Bottom line is fragmentation sucks and V6 does not make it any better.

Except that, in IPv6-land, anyone with effective MTU < 1280 has the onus 
put on them to "make things work" i.e. come up with an adaptation layer 
or some sort of tunnel-layer transparent fragmentation.  If you're 
relying on The Internet to fragment to <1280 for you, you're bound to 
see breakage.  I'd like to think we can safely ignore this case in terms 
of operations.
Brandon Martin

More information about the NANOG mailing list