Skip to main content

Deprecating the Generation of IPv6 Atomic Fragments

Document Type Replaced Internet-Draft (individual)
Expired & archived
Authors Fernando Gont , Will (Shucheng) LIU , Tore Anderson
Last updated 2015-02-28 (Latest revision 2014-08-27)
Replaced by draft-ietf-6man-deprecate-atomfrag-generation
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-6man-deprecate-atomfrag-generation
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


The core IPv6 specification requires that when a host receives an ICMPv6 "Packet Too Big" message reporting a "Next-Hop MTU" smaller than 1280, the host includes a Fragment Header in all subsequent packets sent to that destination, without reducing the assumed Path- MTU. The simplicity with which ICMPv6 "Packet Too Big" messages can be forged, coupled with the widespread filtering of IPv6 fragments, results in an attack vector that can be leveraged for Denial of Service purposes. This document briefly discusses the aforementioned attack vector, and formally updates RFC2460 such that generation of IPv6 atomic fragments is deprecated, thus eliminating the aforementioned attack vector. Additionally, it formally updates RFC6145 such that the Stateless IP/ICMP Translation Algorithm (SIIT) does not rely on the generation of IPv6 atomic fragments, thus improving the robustness of the protocol.


Fernando Gont
Will (Shucheng) LIU
Tore Anderson

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)