Why Operators Filter Fragments and What It Implies

The information below is for an old version of the document
Document Type Expired Internet-Draft (individual)
Last updated 2013-04-18 (latest revision 2012-10-15)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This memo is written to make application developers and network operators aware of the significant probability that IPv6 packets containing fragmentation extension headers will fail to reach their destination. Some assumptions about the ability to use TCP or UDP datagrams larger than a single packet may accordingly need adjustment. This memo provides observational evidence for the dropping of IPv6 fragments along a significant number of paths, explores the operational impact of fragmentation and the reasons why dropping occurs, and considers the effect of fragment dropping on applications particularly including DNS.


Joel Jaeggli (jjaeggli@zynga.com)
Lorenzo Colitti (lorenzo@google.com)
Warren Kumari (warren@kumari.net)
√Čric Vyncke (evyncke@cisco.com)
Merike Kaeo (merike@doubleshotsecurity.com)
Tom Taylor (tom.taylor.stds@gmail.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)