Turn off IPV6_USE_MIN_MTU?

Shane Kerr shane at time-travellers.org
Tue May 31 08:16:31 UTC 2016


Hello,

Geoff Huston has done some work recently looking at IPv6 fragmentation,
and there seem to be a number of cases where IPv6 fragments do not
work:

https://ripe72.ripe.net/archives/video/164/

(The link says "video" but there are also slides there.)

This is likely because of middleboxes; if you want to do deep-packet
inspection, you need to look at the reassembled packets, which mean
additional state and processing for the boxes. A simpler solution is
just to disable IPv6 fragments, since TCP doesn't need it and UDP is
unreliable anyway. :-P

Anyway, Geoff's measurement was that 1400 byte packets work the same as
1280 byte packets for delivery. He also measured that if you fragment
larger packets at 1280 then the failure rate goes way up.

The summary seems to be that setting MTU to 1280 decreases the ability
to deliver packets, rather than increasing it. A simple fix would be to
stop setting IPV6_USE_MIN_MTU, at least for the UDP case. We live in a
1500-byte packet size world (or in the case of IPv6, maybe a 1420-byte
packet size world, because tunnels).

While I think removing this call the best solution, in keeping with
BIND 9 tradition maybe making a configurable knob for people who really
want it is reasonable. Would a patch for this be rejected out of hand
or should I pursue it?

Cheers,

--
Shane
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-workers/attachments/20160531/5a109f17/attachment.bin>


More information about the bind-workers mailing list