draft-ietf-intarea-frag-fragile-15.txt   draft-ietf-intarea-frag-fragile-16.txt 
Internet Area WG R. Bonica Internet Area WG R. Bonica
Internet-Draft Juniper Networks Internet-Draft Juniper Networks
Intended status: Best Current Practice F. Baker Intended status: Best Current Practice F. Baker
Expires: January 7, 2020 Unaffiliated Expires: March 2, 2020 Unaffiliated
G. Huston G. Huston
APNIC APNIC
R. Hinden R. Hinden
Check Point Software Check Point Software
O. Troan O. Troan
Cisco Cisco
F. Gont F. Gont
SI6 Networks SI6 Networks
July 6, 2019 August 30, 2019
IP Fragmentation Considered Fragile IP Fragmentation Considered Fragile
draft-ietf-intarea-frag-fragile-15 draft-ietf-intarea-frag-fragile-16
Abstract Abstract
This document describes IP fragmentation and explains how it This document describes IP fragmentation and explains how it
introduces fragility to Internet communication. introduces fragility to Internet communication.
This document also proposes alternatives to IP fragmentation and This document also proposes alternatives to IP fragmentation and
provides recommendations for developers and network operators. provides recommendations for developers and network operators.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 7, 2020. This Internet-Draft will expire on March 2, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. IP-in-IP Tunnels . . . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
1.2. Requirements Language . . . . . . . . . . . . . . . . . . 3 2. IP Fragmentation . . . . . . . . . . . . . . . . . . . . . . 3
2. IP Fragmentation . . . . . . . . . . . . . . . . . . . . . . 4 2.1. Links, Paths, MTU and PMTU . . . . . . . . . . . . . . . 3
2.1. Links, Paths, MTU and PMTU . . . . . . . . . . . . . . . 4
2.2. Fragmentation Procedures . . . . . . . . . . . . . . . . 6 2.2. Fragmentation Procedures . . . . . . . . . . . . . . . . 6
2.3. Upper-Layer Reliance on IP Fragmentation . . . . . . . . 7 2.3. Upper-Layer Reliance on IP Fragmentation . . . . . . . . 6
3. Increased Fragility . . . . . . . . . . . . . . . . . . . . . 7 3. Increased Fragility . . . . . . . . . . . . . . . . . . . . . 7
3.1. Virtual Reassembly . . . . . . . . . . . . . . . . . . . 7 3.1. Virtual Reassembly . . . . . . . . . . . . . . . . . . . 7
3.2. Policy-Based Routing . . . . . . . . . . . . . . . . . . 8 3.2. Policy-Based Routing . . . . . . . . . . . . . . . . . . 8
3.3. Network Address Translation (NAT) . . . . . . . . . . . . 9 3.3. Network Address Translation (NAT) . . . . . . . . . . . . 9
3.4. Stateless Firewalls . . . . . . . . . . . . . . . . . . . 9 3.4. Stateless Firewalls . . . . . . . . . . . . . . . . . . . 9
3.5. Equal Cost Multipath, Link Aggregate Groups and Stateless 3.5. Equal Cost Multipath, Link Aggregate Groups and Stateless
Load-Balancers . . . . . . . . . . . . . . . . . . . . . 10 Load-Balancers . . . . . . . . . . . . . . . . . . . . . 10
3.6. IPv4 Reassembly Errors at High Data Rates . . . . . . . . 11 3.6. IPv4 Reassembly Errors at High Data Rates . . . . . . . . 11
3.7. Security Vulnerabilities . . . . . . . . . . . . . . . . 11 3.7. Security Vulnerabilities . . . . . . . . . . . . . . . . 11
3.8. PMTU Blackholing Due to ICMP Loss . . . . . . . . . . . . 12 3.8. PMTU Blackholing Due to ICMP Loss . . . . . . . . . . . . 12
skipping to change at page 3, line 4 skipping to change at page 2, line 52
5.1. Domain Name Service (DNS) . . . . . . . . . . . . . . . . 18 5.1. Domain Name Service (DNS) . . . . . . . . . . . . . . . . 18
5.2. Open Shortest Path First (OSPF) . . . . . . . . . . . . . 18 5.2. Open Shortest Path First (OSPF) . . . . . . . . . . . . . 18
5.3. Packet-in-Packet Encapsulations . . . . . . . . . . . . . 18 5.3. Packet-in-Packet Encapsulations . . . . . . . . . . . . . 18
5.4. UDP Applications Enhancing Performance . . . . . . . . . 19 5.4. UDP Applications Enhancing Performance . . . . . . . . . 19
6. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 19 6. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 19
6.1. For Application and Protocol Developers . . . . . . . . . 19 6.1. For Application and Protocol Developers . . . . . . . . . 19
6.2. For System Developers . . . . . . . . . . . . . . . . . . 20 6.2. For System Developers . . . . . . . . . . . . . . . . . . 20
6.3. For Middle Box Developers . . . . . . . . . . . . . . . . 20 6.3. For Middle Box Developers . . . . . . . . . . . . . . . . 20
6.4. For ECMP, LAG and Load-Balancer Developers And Operators 20 6.4. For ECMP, LAG and Load-Balancer Developers And Operators 20
6.5. For Network Operators . . . . . . . . . . . . . . . . . . 21 6.5. For Network Operators . . . . . . . . . . . . . . . . . . 21
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21
8. Security Considerations . . . . . . . . . . . . . . . . . . . 21 8. Security Considerations . . . . . . . . . . . . . . . . . . . 21
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 21 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 21
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 21 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 21
10.1. Normative References . . . . . . . . . . . . . . . . . . 21 10.1. Normative References . . . . . . . . . . . . . . . . . . 22
10.2. Informative References . . . . . . . . . . . . . . . . . 23 10.2. Informative References . . . . . . . . . . . . . . . . . 23
Appendix A. Contributors' Address . . . . . . . . . . . . . . . 26 Appendix A. Contributors' Address . . . . . . . . . . . . . . . 26
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27
1. Introduction 1. Introduction
Operational experience [Kent] [Huston] [RFC7872] reveals that IP Operational experience [Kent] [Huston] [RFC7872] reveals that IP
fragmentation introduces fragility to Internet communication. This fragmentation introduces fragility to Internet communication. This
document describes IP fragmentation and explains the fragility it document describes IP fragmentation and explains the fragility it
introduces. It also proposes alternatives to IP fragmentation and introduces. It also proposes alternatives to IP fragmentation and
provides recommendations for developers and network operators. provides recommendations for developers and network operators.
While this document identifies issues associated with IP While this document identifies issues associated with IP
fragmentation, it does not recommend deprecation. Legacy protocols fragmentation, it does not recommend deprecation. Legacy protocols
that depend upon IP fragmentation SHOULD be updated to remove that that depend upon IP fragmentation would do well to be updated to
dependency. However, some applications and environments (see remove that dependency. However, some applications and environments
Section 5) require IP fragmentation. In these cases, the protocol (see Section 5) require IP fragmentation. In these cases, the
will continue to rely on IP fragmentation, but the designer should to protocol will continue to rely on IP fragmentation, but the designer
be aware that fragmented packets may result in blackholes; a design should to be aware that fragmented packets may result in blackholes;
should include appropriate safeguards. a design should include appropriate safeguards.
Rather than deprecating IP Fragmentation, this document recommends Rather than deprecating IP Fragmentation, this document recommends
that upper-layer protocols address the problem of fragmentation at that upper-layer protocols address the problem of fragmentation at
their layer, reducing their reliance on IP fragmentation to the their layer, reducing their reliance on IP fragmentation to the
greatest degree possible. greatest degree possible.
1.1. IP-in-IP Tunnels 1.1. Requirements Language
This document acknowledges that in some cases, packets must be
fragmented within IP-in-IP tunnels [I-D.ietf-intarea-tunnels].
Therefore, this document makes no additional recommendations
regarding IP-in-IP tunnels.
1.2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
2. IP Fragmentation 2. IP Fragmentation
2.1. Links, Paths, MTU and PMTU 2.1. Links, Paths, MTU and PMTU
An Internet path connects a source node to a destination node. A An Internet path connects a source node to a destination node. A
path may contain links and routers. If a path contains more than one path may contain links and routers. If a path contains more than one
link, the links are connected in series and a router connects each link, the links are connected in series and a router connects each
link to the next. link to the next.
Internet paths are dynamic. Assume that the path from one node to Internet paths are dynamic. Assume that the path from one node to
another contains a set of links and routers. If a link fails, the another contains a set of links and routers. If a link or a router
path can also change so that it includes a different set of links and fails, the path can also change so that it includes a different set
routers. of links and routers.
Each link is constrained by the number of bytes that it can convey in Each link is constrained by the number of bytes that it can convey in
a single IP packet. This constraint is called the link Maximum a single IP packet. This constraint is called the link Maximum
Transmission Unit (MTU). Whlie the end-to-end Path MTU is the size Transmission Unit (MTU). IPv4 [RFC0791] requires every link to
of a single IPv4 header, IPv4 [RFC0791] requires every link to support at 576 bytes or greater (see NOTE 1). IPv6 [RFC0791]
support at least a specified MTU (see NOTE 1). IPv6 [RFC8200]
similarly requires every link to support an MTU of 1280 bytes or similarly requires every link to support an MTU of 1280 bytes or
greater. These are called the IPv4 and IPv6 minimum link MTU's. greater. These are called the IPv4 and IPv6 minimum link MTU's.
Some links, and some ways of using links, result in additional
variable overhead. For the simple case of tunnels, this document
defers to other documents. For other cases, such as MPLS, this
document considers the Link MTU to include appropriate allowance for
any such overhead.
Likewise, each Internet path is constrained by the number of bytes Likewise, each Internet path is constrained by the number of bytes
that it can convey in a single IP packet. This constraint is called that it can convey in a single IP packet. This constraint is called
the Path MTU (PMTU). For any given path, the PMTU is equal to the the Path MTU (PMTU). For any given path, the PMTU is equal to the
smallest of its link MTU's. Because Internet paths are dynamic, PMTU smallest of its link MTU's. Because Internet paths are dynamic, PMTU
is also dynamic. is also dynamic.
For reasons described below, source nodes estimate the PMTU between For reasons described below, source nodes estimate the PMTU between
themselves and destination nodes. A source node can produce themselves and destination nodes. A source node can produce
extremely conservative PMTU estimates in which: extremely conservative PMTU estimates in which:
skipping to change at page 5, line 42 skipping to change at page 5, line 37
forged [RFC5927] and not authenticated by the receiver. Such forged [RFC5927] and not authenticated by the receiver. Such
attacks can cause PMTUD to produce unnecessarily conservative PMTU attacks can cause PMTUD to produce unnecessarily conservative PMTU
estimates. estimates.
NOTE 1: In IPv4, every host must be capable of receiving a packet NOTE 1: In IPv4, every host must be capable of receiving a packet
whose length is equal to 576 bytes. However, the IPv4 minimum link whose length is equal to 576 bytes. However, the IPv4 minimum link
MTU is not 576. Section 3.2 of RFC 791 explicitly states that the MTU is not 576. Section 3.2 of RFC 791 explicitly states that the
IPv4 minimum link MTU is 68 bytes. But for practical purposes, many IPv4 minimum link MTU is 68 bytes. But for practical purposes, many
network operators consider the IPv4 minimum link MTU to be 576 bytes, network operators consider the IPv4 minimum link MTU to be 576 bytes,
to minimize the requirement for fragmentation en route. So, for the to minimize the requirement for fragmentation en route. So, for the
purposes of this document, we assume that the IPv4 minimum path MTU purposes of this document, we assume that the IPv4 minimum link MTU
is 576 bytes. is 576 bytes.
NOTE 2: A non-fragmentable packet can be fragmented at its source. NOTE 2: A non-fragmentable packet can be fragmented at its source.
However, it cannot be fragmented by a downstream node. An IPv4 However, it cannot be fragmented by a downstream node. An IPv4
packet whose DF-bit is set to 0 is fragmentable. An IPv4 packet packet whose DF-bit is set to 0 is fragmentable. An IPv4 packet
whose DF-bit is set to 1 is non-fragmentable. All IPv6 packets are whose DF-bit is set to 1 is non-fragmentable. All IPv6 packets are
also non-fragmentable. also non-fragmentable.
NOTE 3: The ICMP PTB message has two instantiations. In ICMPv4 NOTE 3: The ICMP PTB message has two instantiations. In ICMPv4
[RFC0792], the ICMP PTB message is a Destination Unreachable message [RFC0792], the ICMP PTB message is a Destination Unreachable message
skipping to change at page 9, line 45 skipping to change at page 9, line 38
A+P [RFC6346] and Carrier Grade NAT (CGN) [RFC6888] are two common A+P [RFC6346] and Carrier Grade NAT (CGN) [RFC6888] are two common
NAT strategies. In both approaches the NAT device must virtually NAT strategies. In both approaches the NAT device must virtually
reassemble fragmented packets in order to translate and forward each reassemble fragmented packets in order to translate and forward each
fragment. (See NOTE 1.) fragment. (See NOTE 1.)
3.4. Stateless Firewalls 3.4. Stateless Firewalls
As discussed in more detail in Section 3.7, IP fragmentation causes As discussed in more detail in Section 3.7, IP fragmentation causes
problems for stateless firewalls whose rules include TCP and UDP problems for stateless firewalls whose rules include TCP and UDP
ports. Because port information is not available in the trailing ports. Because port information is only available in the first
fragments the firewall is limited to the following options: fragment and not available in the subsequent fragments the firewall
is limited to the following options:
o Accept all trailing fragments, possibly admitting certain classes o Accept all trailing subsequent, possibly admitting certain classes
of attack. of attack.
o Block all trailing fragments, possibly blocking legitimate o Block all subsequent fragments, possibly blocking legitimate
traffic. traffic.
Neither option is attractive. Neither option is attractive.
3.5. Equal Cost Multipath, Link Aggregate Groups and Stateless Load- 3.5. Equal Cost Multipath, Link Aggregate Groups and Stateless Load-
Balancers Balancers
IP fragmentation causes problems for Equal Cost Multipath (ECMP), IP fragmentation causes problems for Equal Cost Multipath (ECMP),
Link Aggregate Groups (LAG) and other stateless load-distribution Link Aggregate Groups (LAG) and other stateless load-distribution
technologies. In order to assign a packet or packet fragment to a technologies. In order to assign a packet or packet fragment to a
skipping to change at page 12, line 25 skipping to change at page 12, line 22
otherwise stateless protocol. Therefore, it can be exploited by otherwise stateless protocol. Therefore, it can be exploited by
resource exhaustion attacks. An attacker can construct a series of resource exhaustion attacks. An attacker can construct a series of
fragmented packets, with one fragment missing from each packet so fragmented packets, with one fragment missing from each packet so
that the reassembly is impossible. Thus, this attack causes resource that the reassembly is impossible. Thus, this attack causes resource
exhaustion on the destination node, possibly denying reassembly exhaustion on the destination node, possibly denying reassembly
services to other flows. This type of attack can be mitigated by services to other flows. This type of attack can be mitigated by
flushing fragment reassembly buffers when necessary, at the expense flushing fragment reassembly buffers when necessary, at the expense
of possibly dropping legitimate fragments. of possibly dropping legitimate fragments.
Each IP fragment contains an "Identification" field that destination Each IP fragment contains an "Identification" field that destination
nodes use to reassemble fragmented packets. Many implementations set nodes use to reassemble fragmented packets. Some implementations set
the Identification field to a predictable value, thus making it easy the Identification field to a predictable value, thus making it easy
for an attacker to forge malicious IP fragments that would cause the for an attacker to forge malicious IP fragments that would cause the
reassembly procedure for legitimate packets to fail. reassembly procedure for legitimate packets to fail.
NIDS aims at identifying malicious activity by analyzing network NIDS aims at identifying malicious activity by analyzing network
traffic. Ambiguity in the possible result of the fragment reassembly traffic. Ambiguity in the possible result of the fragment reassembly
process may allow an attacker to evade these systems. Many of these process may allow an attacker to evade these systems. Many of these
systems try to mitigate some of these evasion techniques (e.g. By systems try to mitigate some of these evasion techniques (e.g. By
computing all possible outcomes of the fragment reassembly process, computing all possible outcomes of the fragment reassembly process,
at the expense of increased processing requirements). at the expense of increased processing requirements).
3.8. PMTU Blackholing Due to ICMP Loss 3.8. PMTU Blackholing Due to ICMP Loss
As mentioned in Section 2.3, upper-layer protocols can be configured As mentioned in Section 2.3, upper-layer protocols can be configured
to rely on PMTUD. Because PMTUD relies upon the network to deliver to rely on PMTUD. Because PMTUD relies upon the network to deliver
ICMP PTB messages, those protocols also rely on the networks to ICMP PTB messages, those protocols also rely on the networks to
deliver ICMP PTB messages. deliver ICMP PTB messages.
According to [RFC4890], ICMP PTB messages must not be filtered. According to [RFC4890], ICMPv6 PTB messages must not be filtered.
However, ICMP PTB delivery is not reliable. It is subject to both However, ICMP PTB delivery is not reliable. It is subject to both
transient and persistent loss. transient and persistent loss.
Transient loss of ICMP PTB messages can cause transient PMTU black Transient loss of ICMP PTB messages can cause transient PMTU black
holes. When the conditions contributing to transient loss abate, the holes. When the conditions contributing to transient loss abate, the
network regains its ability to deliver ICMP PTB messages and network regains its ability to deliver ICMP PTB messages and
connectivity between the source and destination nodes is restored. connectivity between the source and destination nodes is restored.
Section 3.8.1 of this document describes conditions that lead to Section 3.8.1 of this document describes conditions that lead to
transient loss of ICMP PTB messages. transient loss of ICMP PTB messages.
Persistent loss of ICMP PTB messages can cause persistent black Persistent loss of ICMP PTB messages can cause persistent black
holes. Section 3.8.2, Section 3.8.3, and Section 3.8.4 of this holes. Section 3.8.2, Section 3.8.3, and Section 3.8.4 of this
document describe conditions that lead to persistent loss of ICMP PTB document describe conditions that lead to persistent loss of ICMP PTB
messages. messages.
The problem described in this section is specific to PMTUD. It does The problem described in this section is specific to PMTUD. It does
not occur when the upper-layer protocol obtains its PMTU estimate not occur when the upper-layer protocol obtains its PMTU estimate
skipping to change at page 13, line 31 skipping to change at page 13, line 28
o Network congestion. o Network congestion.
o Packet corruption. o Packet corruption.
o Transient routing loops. o Transient routing loops.
o ICMP rate limiting. o ICMP rate limiting.
The effect of rate limiting may be severe, as RFC 4443 recommends The effect of rate limiting may be severe, as RFC 4443 recommends
strict rate limiting of IPv6 traffic. strict rate limiting of ICMPv6 traffic.
3.8.2. Incorrect Implementation of Security Policy 3.8.2. Incorrect Implementation of Security Policy
Incorrect implementation of security policy can cause persistent loss Incorrect implementation of security policy can cause persistent loss
of ICMP PTB messages. of ICMP PTB messages.
Assume that a Customer Premise Equipment (CPE) router implements the For example assume that a Customer Premise Equipment (CPE) router
following zone-based security policy: implements the following zone-based security policy:
o Allow any traffic to flow from the inside zone to the outside o Allow any traffic to flow from the inside zone to the outside
zone. zone.
o Do not allow any traffic to flow from the outside zone to the o Do not allow any traffic to flow from the outside zone to the
inside zone unless it is part of an existing flow (i.e., it was inside zone unless it is part of an existing flow (i.e., it was
elicited by an outbound packet). elicited by an outbound packet).
When a correct implementation of the above-mentioned security policy When a correct implementation of the above-mentioned security policy
receives an ICMP PTB message, it examines the ICMP PTB payload in receives an ICMP PTB message, it examines the ICMP PTB payload in
order to determine whether the original packet (i.e., the packet that order to determine whether the original packet (i.e., the packet that
elicited the ICMP PTB message) belonged to an existing flow. If the elicited the ICMP PTB message) belonged to an existing flow. If the
original packet belonged to an existing flow, the implementation original packet belonged to an existing flow, the implementation
allows the ICMP PTB to flow from the outside zone to the inside zone. allows the ICMP PTB to flow from the outside zone to the inside zone.
If not, the implementation discards the ICMP PTB message. If not, the implementation discards the ICMP PTB message.
When a incorrect implementation of the above-mentioned security When an incorrect implementation of the above-mentioned security
policy receives an ICMP PTB message, it discards the packet because policy receives an ICMP PTB message, it discards the packet because
its source address is not associated with an existing flow. its source address is not associated with an existing flow.
The security policy described above is implemented incorrectly on The security policy described above has been implemented incorrectly
many consumer CPE routers. on many consumer CPE routers.
3.8.3. Persistent Loss Caused By Anycast 3.8.3. Persistent Loss Caused By Anycast
Anycast can cause persistent loss of ICMP PTB messages. Consider the Anycast can cause persistent loss of ICMP PTB messages. Consider the
example below: example below:
A DNS client sends a request to an anycast address. The network A DNS client sends a request to an anycast address. The network
routes that DNS request to the nearest instance of that anycast routes that DNS request to the nearest instance of that anycast
address (i.e., a DNS Server). The DNS server generates a response address (i.e., a DNS Server). The DNS server generates a response
and sends it back to the DNS client. While the response does not and sends it back to the DNS client. While the response does not
skipping to change at page 15, line 11 skipping to change at page 15, line 8
they would convey packets that contain IPv6 extension headers. they would convey packets that contain IPv6 extension headers.
Sampled paths terminated at popular Internet sites (e.g., popular Sampled paths terminated at popular Internet sites (e.g., popular
web, mail and DNS servers). web, mail and DNS servers).
The study revealed that at least 28% of the sampled paths did not The study revealed that at least 28% of the sampled paths did not
convey packets containing the IPv6 Fragment extension header. In convey packets containing the IPv6 Fragment extension header. In
most cases, fragments were dropped in the destination autonomous most cases, fragments were dropped in the destination autonomous
system. In other cases, the fragments were dropped in transit system. In other cases, the fragments were dropped in transit
autonomous systems. autonomous systems.
Another recent study [Huston] confirmed this finding. It reported Another study [Huston] confirmed this finding. It reported that 37%
that 37% of sampled endpoints used IPv6-capable DNS resolvers that of sampled endpoints used IPv6-capable DNS resolvers that were
were incapable of receiving a fragmented IPv6 response. incapable of receiving a fragmented IPv6 response.
It is difficult to determine why network operators drop fragments. It is difficult to determine why network operators drop fragments.
Possible causes follow: Possible causes follow:
o Hardware inability to process fragmented packets. o Hardware inability to process fragmented packets.
o Failure to change vendor defaults. o Failure to change vendor defaults.
o Unintentional misconfiguration. o Unintentional misconfiguration.
skipping to change at page 16, line 47 skipping to change at page 16, line 45
accept data from an application and divide that data into segments, accept data from an application and divide that data into segments,
with no segment exceeding a maximum size. with no segment exceeding a maximum size.
DCCP offers manual configuration, PMTUD, and PLPMTUD as mechanisms DCCP offers manual configuration, PMTUD, and PLPMTUD as mechanisms
for managing that maximum size. Datagram protocols can also for managing that maximum size. Datagram protocols can also
implement PLPMTUD to estimate the PMTU implement PLPMTUD to estimate the PMTU
via[I-D.ietf-tsvwg-datagram-plpmtud]. This proposes procedures for via[I-D.ietf-tsvwg-datagram-plpmtud]. This proposes procedures for
performing PLPMTUD with UDP, UDP-Options, SCTP, QUIC and other performing PLPMTUD with UDP, UDP-Options, SCTP, QUIC and other
datagram protocols. datagram protocols.
Currently, User Data Protocol (UDP) [RFC0768] lacks a fragmentation Currently, User Datagram Protocol (UDP) [RFC0768] lacks a
mechanism of its own and relies on IP fragmentation. However, fragmentation mechanism of its own and relies on IP fragmentation.
[I-D.ietf-tsvwg-udp-options] proposes a fragmentation mechanism for However, [I-D.ietf-tsvwg-udp-options] proposes a fragmentation
UDP. mechanism for UDP.
4.2. Application Layer Solutions 4.2. Application Layer Solutions
[RFC8085] recognizes that IP fragmentation reduces the reliability of [RFC8085] recognizes that IP fragmentation reduces the reliability of
Internet communication. It also recognizes that UDP lacks a Internet communication. It also recognizes that UDP lacks a
fragmentation mechanism of its own and relies on IP fragmentation. fragmentation mechanism of its own and relies on IP fragmentation.
Therefore, [RFC8085] offers the following advice regarding Therefore, [RFC8085] offers the following advice regarding
applications the run over the UDP. applications the run over the UDP.
"An application SHOULD NOT send UDP datagrams that result in IP "An application SHOULD NOT send UDP datagrams that result in IP
skipping to change at page 17, line 37 skipping to change at page 17, line 37
messages that are shorter than the default effective MTU for sending messages that are shorter than the default effective MTU for sending
(EMTU_S in [RFC1122]). For IPv4, EMTU_S is the smaller of 576 bytes (EMTU_S in [RFC1122]). For IPv4, EMTU_S is the smaller of 576 bytes
and the first-hop MTU. For IPv6, EMTU_S is 1280 bytes [RFC8200]. and the first-hop MTU. For IPv6, EMTU_S is 1280 bytes [RFC8200].
The effective PMTU for a directly connected destination (with no The effective PMTU for a directly connected destination (with no
routers on the path) is the configured interface MTU, which could be routers on the path) is the configured interface MTU, which could be
less than the maximum link payload size. Transmission of minimum- less than the maximum link payload size. Transmission of minimum-
sized UDP datagrams is inefficient over paths that support a larger sized UDP datagrams is inefficient over paths that support a larger
PMTU, which is a second reason to implement PMTU discovery." PMTU, which is a second reason to implement PMTU discovery."
RFC 8085 assumes that for IPv4, an EMTU_S of 576 is sufficiently RFC 8085 assumes that for IPv4, an EMTU_S of 576 is sufficiently
small is sufficiently small to be supported by most current Internet small to be supported by most current Internet paths, even though the
paths, even though the IPv4 minimum link MTU is 68 bytes. IPv4 minimum link MTU is 68 bytes.
This advice applies equally to any application that runs directly This advice applies equally to any application that runs directly
over IP. over IP.
5. Applications That Rely on IPv6 Fragmentation 5. Applications That Rely on IPv6 Fragmentation
The following applications rely on IPv6 fragmentation: The following applications rely on IPv6 fragmentation:
o DNS [RFC1035] o DNS [RFC1035]
skipping to change at page 18, line 23 skipping to change at page 18, line 23
5.1. Domain Name Service (DNS) 5.1. Domain Name Service (DNS)
DNS relies on UDP for efficiency, and the consequence is the use of DNS relies on UDP for efficiency, and the consequence is the use of
IP fragmentation for large responses, as permitted by the DNS EDNS0 IP fragmentation for large responses, as permitted by the DNS EDNS0
options in the query. It is possible to mitigate the issue of options in the query. It is possible to mitigate the issue of
fragmentation-based packet loss by having queries use smaller EDNS0 fragmentation-based packet loss by having queries use smaller EDNS0
UDP buffer sizes, or by having the DNS server limit the size of its UDP buffer sizes, or by having the DNS server limit the size of its
UDP responses to some self-imposed maximum packet size that may be UDP responses to some self-imposed maximum packet size that may be
less than the preferred EDNS0 UDP Buffer Size. In both cases, large less than the preferred EDNS0 UDP Buffer Size. In both cases, large
responses are truncated in the DNS, signalling to the client to re- responses are truncated in the DNS, signaling to the client to re-
query using TCP to obtain the complete response. However, the query using TCP to obtain the complete response. However, the
operational issue of the partial level of support for DNS over TCP, operational issue of the partial level of support for DNS over TCP,
particularly in the case where IPv6 transport is being used, becomes particularly in the case where IPv6 transport is being used, becomes
a limiting factor of the efficacy of this approach [Damas]. a limiting factor of the efficacy of this approach [Damas].
Larger DNS responses can normally be avoided by aggressively pruning Larger DNS responses can normally be avoided by aggressively pruning
the Additional section of DNS responses. One scenario where such the Additional section of DNS responses. One scenario where such
pruning is ineffective is in the use of DNSSEC, where large key sizes pruning is ineffective is in the use of DNSSEC, where large key sizes
act to increase the response size to certain DNS queries. There is act to increase the response size to certain DNS queries. There is
no effective response to this situation within the DNS other than no effective response to this situation within the DNS other than
skipping to change at page 19, line 38 skipping to change at page 19, line 38
6. Recommendations 6. Recommendations
6.1. For Application and Protocol Developers 6.1. For Application and Protocol Developers
Developers SHOULD NOT develop new protocols or applications that rely Developers SHOULD NOT develop new protocols or applications that rely
on IP fragmentation. When a new protocol or application is deployed on IP fragmentation. When a new protocol or application is deployed
in an environment that does not fully support IP fragmentation, it in an environment that does not fully support IP fragmentation, it
SHOULD operate correctly, either in its default configuration or in a SHOULD operate correctly, either in its default configuration or in a
specified alternative configuration. specified alternative configuration.
Developers MAY develop new protocols or applications that rely on IP While there may be controlled environments where IP fragmentation
fragmentation if the protocol or application is to be run only in works reliably, this is a deployment issue and can not be known to
environments where IP fragmentation is known to be supported. someone developing a new protocol or application. It is not
recommended that new protocols or applications be developed that rely
on IP fragmentation. Protocols and applications that rely on IP
fragmentation will fail to work on the Internet.
Legacy protocols that depend upon IP fragmentation SHOULD be updated Legacy protocols that depend upon IP fragmentation SHOULD be updated
to break that dependency. However, in some cases, there may be no to break that dependency. However, in some cases, there may be no
viable alternative to IP fragmentation (e.g., IPSEC tunnel mode, IP- viable alternative to IP fragmentation (e.g., IPSEC tunnel mode, IP-
in-IP encapsulation). In these cases, the protocol will continue to in-IP encapsulation). In these cases, the protocol will continue to
rely on IP fragmentation but should only be used in environments rely on IP fragmentation but should only be used in environments
where IP fragmentation is known to be supported. where IP fragmentation is known to be supported.
Protocols may be able to avoid IP fragmentation by using a Protocols may be able to avoid IP fragmentation by using a
sufficiently small MTU (e.g. The protocol minimum link MTU), sufficiently small MTU (e.g. The protocol minimum link MTU),
skipping to change at page 20, line 17 skipping to change at page 20, line 22
UDP applications SHOULD abide by the recommendations stated in UDP applications SHOULD abide by the recommendations stated in
Section 3.2 of [RFC8085]. Section 3.2 of [RFC8085].
6.2. For System Developers 6.2. For System Developers
Software libraries SHOULD include provision for PLPMTUD for each Software libraries SHOULD include provision for PLPMTUD for each
supported transport protocol. supported transport protocol.
6.3. For Middle Box Developers 6.3. For Middle Box Developers
Middle boxes should process IP fragments in a manner that is Middle boxes, which are systems that "transparently" perform policy
consistent with [RFC0791] and [RFC8200]. In many cases, middle boxes functions on passing traffic but do not participate in the routing
must maintain state in order to achieve this goal. system, should process IP fragments in a manner that is consistent
with [RFC0791] and [RFC8200]. In many cases, middle boxes must
maintain state in order to achieve this goal.
Price and performance considerations frequently motivate network Price and performance considerations frequently motivate network
operators to deploy stateless middle boxes. These stateless middle operators to deploy stateless middle boxes. These stateless middle
boxes may perform sub-optimally, process IP fragments in a manner boxes may perform sub-optimally, process IP fragments in a manner
that is not compliant with RFC 791 or RFC 8200, or even discard IP that is not compliant with RFC 791 or RFC 8200, or even discard IP
fragments completely. Such behaviors are NOT RECOMMENDED. If a fragments completely. Such behaviors are NOT RECOMMENDED. If a
middleboxes implements non-standard behavior with respect to IP middleboxes implements non-standard behavior with respect to IP
fragmentation, then that behavior MUST be clearly documented. fragmentation, then that behavior MUST be clearly documented.
6.4. For ECMP, LAG and Load-Balancer Developers And Operators 6.4. For ECMP, LAG and Load-Balancer Developers And Operators
skipping to change at page 21, line 10 skipping to change at page 21, line 13
Operators SHOULD deploy these devices in their default configuration. Operators SHOULD deploy these devices in their default configuration.
These recommendations are similar to those presented in [RFC6438] and These recommendations are similar to those presented in [RFC6438] and
[RFC7098]. They differ in that they specify a default configuration. [RFC7098]. They differ in that they specify a default configuration.
6.5. For Network Operators 6.5. For Network Operators
Operators MUST ensure proper PMTUD operation in their network, Operators MUST ensure proper PMTUD operation in their network,
including making sure the network generates PTB packets when dropping including making sure the network generates PTB packets when dropping
packets too large compared to outgoing interface MTU. However, packets too large compared to outgoing interface MTU. However,
implementations MAY rate limit ICMP messages as per [RFC1812] and implementations MAY rate limit the generation of ICMP messages as per
[RFC4443]. [RFC1812] and [RFC4443].
As per RFC 4890, network operators MUST NOT filter ICMPv6 PTB As per RFC 4890, network operators MUST NOT filter ICMPv6 PTB
messages unless they are known to be forged or otherwise messages unless they are known to be forged or otherwise
illegitimate. As stated in Section 3.8, filtering ICMPv6 PTB packets illegitimate. As stated in Section 3.8, filtering ICMPv6 PTB packets
causes PMTUD to fail. Many upper-layer protocols rely on PMTUD. causes PMTUD to fail. Many upper-layer protocols rely on PMTUD.
As per RFC 8200, network operators MUST NOT deploy IPv6 links whose As per RFC 8200, network operators MUST NOT deploy IPv6 links whose
MTU is less than 1280 bytes. MTU is less than 1280 bytes.
Network operators SHOULD NOT filter IP fragments if they are known to Network operators SHOULD NOT filter IP fragments if they are known to
skipping to change at page 21, line 40 skipping to change at page 21, line 43
8. Security Considerations 8. Security Considerations
This document mitigates some of the security considerations This document mitigates some of the security considerations
associated with IP fragmentation by discouraging its use. It does associated with IP fragmentation by discouraging its use. It does
not introduce any new security vulnerabilities, because it does not not introduce any new security vulnerabilities, because it does not
introduce any new alternatives to IP fragmentation. Instead, it introduce any new alternatives to IP fragmentation. Instead, it
recommends well-understood alternatives. recommends well-understood alternatives.
9. Acknowledgements 9. Acknowledgements
Thanks to Mikael Abrahamsson, Brian Carpenter, Silambu Chelvan, Thanks to Mikael Abrahamsson, Brian Carpenter, Silambu Chelvan, Joel
Lorenzo Colitti, Gorry Fairhurst, Mike Heard, Tom Herbert, Tatuya Halpern, Lorenzo Colitti, Gorry Fairhurst, Mike Heard, Tom Herbert,
Jinmei, Jen Linkova, Paolo Lucente, Manoj Nayak, Eric Nygren, Fred Tatuya Jinmei, Suresh Krishnan, Jen Linkova, Paolo Lucente, Manoj
Templin and Joe Touch for their comments. Nayak, Eric Nygren, Fred Templin and Joe Touch for their comments.
10. References 10. References
10.1. Normative References 10.1. Normative References
[I-D.ietf-tsvwg-datagram-plpmtud] [I-D.ietf-tsvwg-datagram-plpmtud]
Fairhurst, G., Jones, T., Tuexen, M., Ruengeler, I., and Fairhurst, G., Jones, T., Tuexen, M., Ruengeler, I., and
T. Voelker, "Packetization Layer Path MTU Discovery for T. Voelker, "Packetization Layer Path MTU Discovery for
Datagram Transports", draft-ietf-tsvwg-datagram-plpmtud-08 Datagram Transports", draft-ietf-tsvwg-datagram-plpmtud-08
(work in progress), June 2019. (work in progress), June 2019.
[RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, DOI
DOI 10.17487/RFC0768, August 1980, 10.17487/RFC0768, August 1980, <https://www.rfc-
<https://www.rfc-editor.org/info/rfc768>. editor.org/info/rfc768>.
[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, DOI
DOI 10.17487/RFC0791, September 1981, 10.17487/RFC0791, September 1981, <https://www.rfc-
<https://www.rfc-editor.org/info/rfc791>. editor.org/info/rfc791>.
[RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5,
RFC 792, DOI 10.17487/RFC0792, September 1981, RFC 792, DOI 10.17487/RFC0792, September 1981,
<https://www.rfc-editor.org/info/rfc792>. <https://www.rfc-editor.org/info/rfc792>.
[RFC0793] Postel, J., "Transmission Control Protocol", STD 7, [RFC0793] Postel, J., "Transmission Control Protocol", STD 7, RFC
RFC 793, DOI 10.17487/RFC0793, September 1981, 793, DOI 10.17487/RFC0793, September 1981,
<https://www.rfc-editor.org/info/rfc793>. <https://www.rfc-editor.org/info/rfc793>.
[RFC1035] Mockapetris, P., "Domain names - implementation and [RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
November 1987, <https://www.rfc-editor.org/info/rfc1035>. November 1987, <https://www.rfc-editor.org/info/rfc1035>.
[RFC1191] Mogul, J. and S. Deering, "Path MTU discovery", RFC 1191, [RFC1191] Mogul, J. and S. Deering, "Path MTU discovery", RFC 1191,
DOI 10.17487/RFC1191, November 1990, DOI 10.17487/RFC1191, November 1990, <https://www.rfc-
<https://www.rfc-editor.org/info/rfc1191>. editor.org/info/rfc1191>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/
DOI 10.17487/RFC2119, March 1997, RFC2119, March 1997, <https://www.rfc-editor.org/info/
<https://www.rfc-editor.org/info/rfc2119>. rfc2119>.
[RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet
Control Message Protocol (ICMPv6) for the Internet Control Message Protocol (ICMPv6) for the Internet
Protocol Version 6 (IPv6) Specification", STD 89, Protocol Version 6 (IPv6) Specification", STD 89, RFC
RFC 4443, DOI 10.17487/RFC4443, March 2006, 4443, DOI 10.17487/RFC4443, March 2006, <https://www.rfc-
<https://www.rfc-editor.org/info/rfc4443>. editor.org/info/rfc4443>.
[RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU
Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007, Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007,
<https://www.rfc-editor.org/info/rfc4821>. <https://www.rfc-editor.org/info/rfc4821>.
[RFC6437] Amante, S., Carpenter, B., Jiang, S., and J. Rajahalme, [RFC6437] Amante, S., Carpenter, B., Jiang, S., and J. Rajahalme,
"IPv6 Flow Label Specification", RFC 6437, "IPv6 Flow Label Specification", RFC 6437, DOI 10.17487/
DOI 10.17487/RFC6437, November 2011, RFC6437, November 2011, <https://www.rfc-editor.org/info/
<https://www.rfc-editor.org/info/rfc6437>. rfc6437>.
[RFC6438] Carpenter, B. and S. Amante, "Using the IPv6 Flow Label [RFC6438] Carpenter, B. and S. Amante, "Using the IPv6 Flow Label
for Equal Cost Multipath Routing and Link Aggregation in for Equal Cost Multipath Routing and Link Aggregation in
Tunnels", RFC 6438, DOI 10.17487/RFC6438, November 2011, Tunnels", RFC 6438, DOI 10.17487/RFC6438, November 2011,
<https://www.rfc-editor.org/info/rfc6438>. <https://www.rfc-editor.org/info/rfc6438>.
[RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage [RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage
Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085, Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085,
March 2017, <https://www.rfc-editor.org/info/rfc8085>. March 2017, <https://www.rfc-editor.org/info/rfc8085>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", STD 86, RFC 8200, (IPv6) Specification", STD 86, RFC 8200, DOI 10.17487/
DOI 10.17487/RFC8200, July 2017, RFC8200, July 2017, <https://www.rfc-editor.org/info/
<https://www.rfc-editor.org/info/rfc8200>. rfc8200>.
[RFC8201] McCann, J., Deering, S., Mogul, J., and R. Hinden, Ed., [RFC8201] McCann, J., Deering, S., Mogul, J., and R. Hinden, Ed.,
"Path MTU Discovery for IP version 6", STD 87, RFC 8201, "Path MTU Discovery for IP version 6", STD 87, RFC 8201,
DOI 10.17487/RFC8201, July 2017, DOI 10.17487/RFC8201, July 2017, <https://www.rfc-
<https://www.rfc-editor.org/info/rfc8201>. editor.org/info/rfc8201>.
10.2. Informative References 10.2. Informative References
[Damas] Damas, J. and G. Huston, "Measuring ATR", April 2018, [Damas] Damas, J. and G. Huston, "Measuring ATR", April 2018,
<http://www.potaroo.net/ispcol/2018-04/atr.html>. <http://www.potaroo.net/ispcol/2018-04/atr.html>.
[Huston] Huston, G., "IPv6, Large UDP Packets and the DNS [Huston] Huston, G., "IPv6, Large UDP Packets and the DNS
http://www.potaroo.net/ispcol/2017-08/xtn-hdrs.html", http://www.potaroo.net/ispcol/2017-08/xtn-hdrs.html",
August 2017. August 2017.
skipping to change at page 24, line 18 skipping to change at page 24, line 18
10.1145/55483.55524", August 1987, 10.1145/55483.55524", August 1987,
<http://www.hpl.hp.com/techreports/Compaq-DEC/ <http://www.hpl.hp.com/techreports/Compaq-DEC/
WRL-87-3.pdf>. WRL-87-3.pdf>.
[Ptacek1998] [Ptacek1998]
Ptacek, T. and T. Newsham, "Insertion, Evasion and Denial Ptacek, T. and T. Newsham, "Insertion, Evasion and Denial
of Service: Eluding Network Intrusion Detection", 1998, of Service: Eluding Network Intrusion Detection", 1998,
<http://www.aciri.org/vern/Ptacek-Newsham-Evasion-98.ps>. <http://www.aciri.org/vern/Ptacek-Newsham-Evasion-98.ps>.
[RFC1122] Braden, R., Ed., "Requirements for Internet Hosts - [RFC1122] Braden, R., Ed., "Requirements for Internet Hosts -
Communication Layers", STD 3, RFC 1122, Communication Layers", STD 3, RFC 1122, DOI 10.17487/
DOI 10.17487/RFC1122, October 1989, RFC1122, October 1989, <https://www.rfc-editor.org/info/
<https://www.rfc-editor.org/info/rfc1122>. rfc1122>.
[RFC1812] Baker, F., Ed., "Requirements for IP Version 4 Routers", [RFC1812] Baker, F., Ed., "Requirements for IP Version 4 Routers",
RFC 1812, DOI 10.17487/RFC1812, June 1995, RFC 1812, DOI 10.17487/RFC1812, June 1995,
<https://www.rfc-editor.org/info/rfc1812>. <https://www.rfc-editor.org/info/rfc1812>.
[RFC1858] Ziemba, G., Reed, D., and P. Traina, "Security [RFC1858] Ziemba, G., Reed, D., and P. Traina, "Security
Considerations for IP Fragment Filtering", RFC 1858, Considerations for IP Fragment Filtering", RFC 1858, DOI
DOI 10.17487/RFC1858, October 1995, 10.17487/RFC1858, October 1995, <https://www.rfc-
<https://www.rfc-editor.org/info/rfc1858>. editor.org/info/rfc1858>.
[RFC2003] Perkins, C., "IP Encapsulation within IP", RFC 2003, [RFC2003] Perkins, C., "IP Encapsulation within IP", RFC 2003, DOI
DOI 10.17487/RFC2003, October 1996, 10.17487/RFC2003, October 1996, <https://www.rfc-
<https://www.rfc-editor.org/info/rfc2003>. editor.org/info/rfc2003>.
[RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, DOI 10.17487/
DOI 10.17487/RFC2328, April 1998, RFC2328, April 1998, <https://www.rfc-editor.org/info/
<https://www.rfc-editor.org/info/rfc2328>. rfc2328>.
[RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in [RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in
IPv6 Specification", RFC 2473, DOI 10.17487/RFC2473, IPv6 Specification", RFC 2473, DOI 10.17487/RFC2473,
December 1998, <https://www.rfc-editor.org/info/rfc2473>. December 1998, <https://www.rfc-editor.org/info/rfc2473>.
[RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P. [RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P.
Traina, "Generic Routing Encapsulation (GRE)", RFC 2784, Traina, "Generic Routing Encapsulation (GRE)", RFC 2784,
DOI 10.17487/RFC2784, March 2000, DOI 10.17487/RFC2784, March 2000, <https://www.rfc-
<https://www.rfc-editor.org/info/rfc2784>. editor.org/info/rfc2784>.
[RFC3128] Miller, I., "Protection Against a Variant of the Tiny [RFC3128] Miller, I., "Protection Against a Variant of the Tiny
Fragment Attack (RFC 1858)", RFC 3128, Fragment Attack (RFC 1858)", RFC 3128, DOI 10.17487/
DOI 10.17487/RFC3128, June 2001, RFC3128, June 2001, <https://www.rfc-editor.org/info/
<https://www.rfc-editor.org/info/rfc3128>. rfc3128>.
[RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram [RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram
Congestion Control Protocol (DCCP)", RFC 4340, Congestion Control Protocol (DCCP)", RFC 4340, DOI
DOI 10.17487/RFC4340, March 2006, 10.17487/RFC4340, March 2006, <https://www.rfc-
<https://www.rfc-editor.org/info/rfc4340>. editor.org/info/rfc4340>.
[RFC4459] Savola, P., "MTU and Fragmentation Issues with In-the- [RFC4459] Savola, P., "MTU and Fragmentation Issues with In-the-
Network Tunneling", RFC 4459, DOI 10.17487/RFC4459, April Network Tunneling", RFC 4459, DOI 10.17487/RFC4459, April
2006, <https://www.rfc-editor.org/info/rfc4459>. 2006, <https://www.rfc-editor.org/info/rfc4459>.
[RFC4890] Davies, E. and J. Mohacsi, "Recommendations for Filtering [RFC4890] Davies, E. and J. Mohacsi, "Recommendations for Filtering
ICMPv6 Messages in Firewalls", RFC 4890, ICMPv6 Messages in Firewalls", RFC 4890, DOI 10.17487/
DOI 10.17487/RFC4890, May 2007, RFC4890, May 2007, <https://www.rfc-editor.org/info/
<https://www.rfc-editor.org/info/rfc4890>. rfc4890>.
[RFC4960] Stewart, R., Ed., "Stream Control Transmission Protocol", [RFC4960] Stewart, R., Ed., "Stream Control Transmission Protocol",
RFC 4960, DOI 10.17487/RFC4960, September 2007, RFC 4960, DOI 10.17487/RFC4960, September 2007,
<https://www.rfc-editor.org/info/rfc4960>. <https://www.rfc-editor.org/info/rfc4960>.
[RFC4963] Heffner, J., Mathis, M., and B. Chandler, "IPv4 Reassembly [RFC4963] Heffner, J., Mathis, M., and B. Chandler, "IPv4 Reassembly
Errors at High Data Rates", RFC 4963, Errors at High Data Rates", RFC 4963, DOI 10.17487/
DOI 10.17487/RFC4963, July 2007, RFC4963, July 2007, <https://www.rfc-editor.org/info/
<https://www.rfc-editor.org/info/rfc4963>. rfc4963>.
[RFC5326] Ramadas, M., Burleigh, S., and S. Farrell, "Licklider [RFC5326] Ramadas, M., Burleigh, S., and S. Farrell, "Licklider
Transmission Protocol - Specification", RFC 5326, Transmission Protocol - Specification", RFC 5326, DOI
DOI 10.17487/RFC5326, September 2008, 10.17487/RFC5326, September 2008, <https://www.rfc-
<https://www.rfc-editor.org/info/rfc5326>. editor.org/info/rfc5326>.
[RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008, for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008,
<https://www.rfc-editor.org/info/rfc5340>. <https://www.rfc-editor.org/info/rfc5340>.
[RFC5722] Krishnan, S., "Handling of Overlapping IPv6 Fragments", [RFC5722] Krishnan, S., "Handling of Overlapping IPv6 Fragments",
RFC 5722, DOI 10.17487/RFC5722, December 2009, RFC 5722, DOI 10.17487/RFC5722, December 2009,
<https://www.rfc-editor.org/info/rfc5722>. <https://www.rfc-editor.org/info/rfc5722>.
[RFC5927] Gont, F., "ICMP Attacks against TCP", RFC 5927, [RFC5927] Gont, F., "ICMP Attacks against TCP", RFC 5927, DOI
DOI 10.17487/RFC5927, July 2010, 10.17487/RFC5927, July 2010, <https://www.rfc-
<https://www.rfc-editor.org/info/rfc5927>. editor.org/info/rfc5927>.
[RFC6346] Bush, R., Ed., "The Address plus Port (A+P) Approach to [RFC6346] Bush, R., Ed., "The Address plus Port (A+P) Approach to
the IPv4 Address Shortage", RFC 6346, the IPv4 Address Shortage", RFC 6346, DOI 10.17487/
DOI 10.17487/RFC6346, August 2011, RFC6346, August 2011, <https://www.rfc-editor.org/info/
<https://www.rfc-editor.org/info/rfc6346>. rfc6346>.
[RFC6888] Perreault, S., Ed., Yamagata, I., Miyakawa, S., Nakagawa, [RFC6888] Perreault, S., Ed., Yamagata, I., Miyakawa, S., Nakagawa,
A., and H. Ashida, "Common Requirements for Carrier-Grade A., and H. Ashida, "Common Requirements for Carrier-Grade
NATs (CGNs)", BCP 127, RFC 6888, DOI 10.17487/RFC6888, NATs (CGNs)", BCP 127, RFC 6888, DOI 10.17487/RFC6888,
April 2013, <https://www.rfc-editor.org/info/rfc6888>. April 2013, <https://www.rfc-editor.org/info/rfc6888>.
[RFC7098] Carpenter, B., Jiang, S., and W. Tarreau, "Using the IPv6 [RFC7098] Carpenter, B., Jiang, S., and W. Tarreau, "Using the IPv6
Flow Label for Load Balancing in Server Farms", RFC 7098, Flow Label for Load Balancing in Server Farms", RFC 7098,
DOI 10.17487/RFC7098, January 2014, DOI 10.17487/RFC7098, January 2014, <https://www.rfc-
<https://www.rfc-editor.org/info/rfc7098>. editor.org/info/rfc7098>.
[RFC7424] Krishnan, R., Yong, L., Ghanwani, A., So, N., and B. [RFC7424] Krishnan, R., Yong, L., Ghanwani, A., So, N., and B.
Khasnabish, "Mechanisms for Optimizing Link Aggregation Khasnabish, "Mechanisms for Optimizing Link Aggregation
Group (LAG) and Equal-Cost Multipath (ECMP) Component Link Group (LAG) and Equal-Cost Multipath (ECMP) Component Link
Utilization in Networks", RFC 7424, DOI 10.17487/RFC7424, Utilization in Networks", RFC 7424, DOI 10.17487/RFC7424,
January 2015, <https://www.rfc-editor.org/info/rfc7424>. January 2015, <https://www.rfc-editor.org/info/rfc7424>.
[RFC7588] Bonica, R., Pignataro, C., and J. Touch, "A Widely [RFC7588] Bonica, R., Pignataro, C., and J. Touch, "A Widely
Deployed Solution to the Generic Routing Encapsulation Deployed Solution to the Generic Routing Encapsulation
(GRE) Fragmentation Problem", RFC 7588, (GRE) Fragmentation Problem", RFC 7588, DOI 10.17487/
DOI 10.17487/RFC7588, July 2015, RFC7588, July 2015, <https://www.rfc-editor.org/info/
<https://www.rfc-editor.org/info/rfc7588>. rfc7588>.
[RFC7676] Pignataro, C., Bonica, R., and S. Krishnan, "IPv6 Support [RFC7676] Pignataro, C., Bonica, R., and S. Krishnan, "IPv6 Support
for Generic Routing Encapsulation (GRE)", RFC 7676, for Generic Routing Encapsulation (GRE)", RFC 7676, DOI
DOI 10.17487/RFC7676, October 2015, 10.17487/RFC7676, October 2015, <https://www.rfc-
<https://www.rfc-editor.org/info/rfc7676>. editor.org/info/rfc7676>.
[RFC7739] Gont, F., "Security Implications of Predictable Fragment [RFC7739] Gont, F., "Security Implications of Predictable Fragment
Identification Values", RFC 7739, DOI 10.17487/RFC7739, Identification Values", RFC 7739, DOI 10.17487/RFC7739,
February 2016, <https://www.rfc-editor.org/info/rfc7739>. February 2016, <https://www.rfc-editor.org/info/rfc7739>.
[RFC7872] Gont, F., Linkova, J., Chown, T., and W. Liu, [RFC7872] Gont, F., Linkova, J., Chown, T., and W. Liu,
"Observations on the Dropping of Packets with IPv6 "Observations on the Dropping of Packets with IPv6
Extension Headers in the Real World", RFC 7872, Extension Headers in the Real World", RFC 7872, DOI
DOI 10.17487/RFC7872, June 2016, 10.17487/RFC7872, June 2016, <https://www.rfc-
<https://www.rfc-editor.org/info/rfc7872>. editor.org/info/rfc7872>.
[RFC8086] Yong, L., Ed., Crabbe, E., Xu, X., and T. Herbert, "GRE- [RFC8086] Yong, L., Ed., Crabbe, E., Xu, X., and T. Herbert, "GRE-
in-UDP Encapsulation", RFC 8086, DOI 10.17487/RFC8086, in-UDP Encapsulation", RFC 8086, DOI 10.17487/RFC8086,
March 2017, <https://www.rfc-editor.org/info/rfc8086>. March 2017, <https://www.rfc-editor.org/info/rfc8086>.
Appendix A. Contributors' Address Appendix A. Contributors' Address
Authors' Addresses Authors' Addresses
Ron Bonica Ron Bonica
Juniper Networks Juniper Networks
 End of changes. 60 change blocks. 
140 lines changed or deleted 140 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/