Why Operators Filter Fragments and What It Implies
draft-taylor-v6ops-fragdrop-01

The information below is for an old version of the document
Document Type Active Internet-Draft (individual)
Last updated 2013-06-04
Stream (None)
Intended RFC status (None)
Formats plain text pdf html
Stream Stream state (No stream defined)
Document shepherd None
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Internet Engineering Task Force                               J. Jaeggli
Internet-Draft                                                     Zynga
Intended status: Informational                                L. Colitti
Expires: December 07, 2013                                     W. Kumari
                                                                  Google
                                                               E. Vyncke
                                                                   Cisco
                                                                 M. Kaeo
                                                    Double Shot Security
                                                          T. Taylor, Ed.
                                                     Huawei Technologies
                                                           June 05, 2013

           Why Operators Filter Fragments and What It Implies
                     draft-taylor-v6ops-fragdrop-01

Abstract

   This memo was written to make application developers and network
   operators aware of the significant possibility that IPv6 packets
   containing fragmentation extension headers may fail to reach their
   destination.  Some protocol or application assumptions about the
   ability to use messages larger than a single packet may accordingly
   not be supportable in all networks or circumstances.

   This memo provides observational evidence for the dropping of IPv6
   fragments along a significant number of paths, explores the
   operational impact of fragmentation and the reasons and scenarios
   where drops occur, and considers the effect of fragment drops on
   applications where fragmentation is known to occur, particularly
   including DNS.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

Jaeggli, et al.         Expires December 07, 2013               [Page 1]
Internet-Draft       Why Operators Filter Fragments            June 2013

   This Internet-Draft will expire on December 07, 2013.

Copyright Notice

   Copyright (c) 2013 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Observations and Rationale  . . . . . . . . . . . . . . . . .   3
     2.1.  Possible Causes . . . . . . . . . . . . . . . . . . . . .   3
       2.1.1.  Stateful inspection . . . . . . . . . . . . . . . . .   4
       2.1.2.  Stateless ACLs  . . . . . . . . . . . . . . . . . . .   4
       2.1.3.  Performance considerations  . . . . . . . . . . . . .   4
       2.1.4.  Other considerations  . . . . . . . . . . . . . . . .   4
       2.1.5.  Conclusions . . . . . . . . . . . . . . . . . . . . .   5
     2.2.  Impact on Applications  . . . . . . . . . . . . . . . . .   5
   3.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   5
   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   5
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   6
   6.  Informative References  . . . . . . . . . . . . . . . . . . .   6
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   7

1.  Introduction

   Measurements of whether Internet Service Providers and edge networks
   deliver IPv6 fragments to their destination reveal that for IPv6 in
   particular, fragments are being dropped along a substantial number of
   paths.  The filtering of IPv6 datagrams with fragmentation headers is
   presumed to be a non-issue in the core of the Internet, where
   fragments are routed just like any other IPv6 datagram.  However,
Show full document text