On Tue, 26 Aug 2008, Ralf Weber wrote:
> Moin!
>
> On Aug 26, 2008, at 21:02 , Dean Anderson wrote:
> > Large UDP packets (think EDNSO DNSSEC as a good example of large UDP
> > packets almost certain to be fragmented) suffer the same problem, as
> > they can be fragmented by PMTU discovery. The server (operating
> > system) has to maintain UDP state for PMTUD to work. If the ICMP
> > fragmentation needed is lost due to Anycast, PMTUD will fail. Lost
> > UDP fragments are fatal to the UDP transaction.
> Ack that's the reason why the MTUs in todays networks get bigger and
> bigger.
Possibly. But MTU size should properly be a matter of latency vs
overhead. Only one packet can be transmitted at once. The larger the
packet, the greater the latency before a higher priority packet can be
transmitted. Smaller packet have lower latency, but are less efficient
due to repeated overhead of mac addrs, ip addrs, etc. Adjusting MTU to
prevent fragmentation is sometimes possible, but a bad idea.
> > FIB entries change at every hop. The more hops away, the more often
> > the paths can change. What works close by, might not work far away,
> > and vice versa.
> FIB and path changes only matter when the final IP destination
> changes, again not a problem in todays network where IP is just one
> overlay transport of an underlying label switched network. And thus
> the path changes, but the final (anycasted) destination does not.
The FIB entries can change at *any* router, and a FIB change *anywhere*
_can_ result in a different exit from an intermediate network; a
different exit also means there may be a different entry into the final
destination network, which usually changes the anycast host. FIB
changes always matter.
> While I get paid for that it does work four our customers, so this
> obviously this is my first concern.
I doubt that many of your customers use TCP DNS. You only *think* it
works, because you didn't do adequate testing to see it doesn't work.
That isn't the same as 'works for our customers'.
Are your resolvers public? Would it be OK if I test them?
--Dean
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
