In message <2134f8430051b64f815c691a62d983180e0...@xch-blv-504.nw.nos.boeing.com>, "Templin, Fred L" writes: > > On 08/06/2013 03:07 PM, Templin, Fred L wrote: > > > If we are going to define a new protocol type, let's define one > > > that addresses everything we are currently struggling with and > > > has the extensibility to address additional requirements moving > > > forward into the future. > > > > So in other words let's make all the same mistakes we made with the > > design of IPv6? :) > > Not even. This is about fixing and atoning for mistakes; not > introducing new ones. > > Thanks - Fred > [email protected] > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > [email protected] > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > --------------------------------------------------------------------
There are several issues with getting fragments through firewalls. My draft addresses one of them. Putting all the headers into the initial fragment is another part of fix / reducing the issue. If you don't do something like that firewall will drop initial fragments because that can't be expected to reassemble unless they are doing DPI. Making fragment sizes more even is yet another part of the issue. Allowing tunnel entry points to re-fragment fragments is yet another part of the solution space. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
