On Thu, 01 Dec 2005 11:53:44 -0500 John Heffner <[EMAIL PROTECTED]> wrote:
> David S. Miller wrote: > > After talking the IPV6 PMTU situation over with Herbert > > this afternoon, we discovered that IPV4 has the same > > problem :-) > > Yes it does, and arguably correctly so. As I see it this really comes > down to a question of cached metrics scope. I had a discussion recently > about this with Fernando Gont. See the thread "Improvement for the > current PMTUD mechanism" at > <http://www1.ietf.org/mail-archive/web/pmtud/current/threads.html>. > > When implementing additional validity checks at a protocol above IP, > these checks are useless if it just uses a cached value from another > protocol which doesn't do any checks. A single cached value is as weak > as your weakest protocol. If you hope to do PMTUD with a stateless > protocol like UDP, there can be no veritication. Using two cache > values, a "strong" and a "weak" one, may be sufficient. A per-protocol > metric for each protocol implementing ICMP checks is another possibility. > > Doing PMTUD at the Packetization Layer (MTU probing) may change the > answer of how best to handle these issues, especially for something like > IPsec since it can work correctly even if all ICMP is discarded. > <http://www.ietf.org/internet-drafts/draft-ietf-pmtud-method-05.txt> > <http://www.psc.edu/~jheffner/projects/mtup/> > > -John Also, there a related IETF draft about ICMP that discusses an number of PMTU related issues. http://www.ietf.org/internet-drafts/draft-gont-tcpm-icmp-attacks-05.txt which has generated lots of discussion on TCPM list, and so far looks ok. -- Stephen Hemminger <[EMAIL PROTECTED]> OSDL http://developer.osdl.org/~shemminger - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
