Why Operators Filter Fragments and What It Implies

Document Type Expired Internet-Draft (individual)
Authors Joel Jaeggli  , Lorenzo Colitti  , Warren Kumari  , Éric Vyncke  , Merike Kaeo  , Tom Taylor 
Last updated 2014-06-06 (latest revision 2013-12-03)
Stream (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This memo was written to make application developers and network operators aware of the significant possibility that IPv6 packets containing fragmentation extension headers may fail to reach their destination. Some protocol or application assumptions about the ability to use messages larger than a single packet may accordingly not be supportable in all networks or circumstances. This memo provides observational evidence for the dropping of IPv6 fragments along a significant number of paths, explores the operational impact of fragmentation and the reasons and scenarios where drops occur, and considers the effect of fragment drops on applications where fragmentation is known to occur, particularly including DNS.


Joel Jaeggli (jjaeggli@zynga.com)
Lorenzo Colitti (lorenzo@google.com)
Warren Kumari (warren@kumari.net)
Éric Vyncke (evyncke@cisco.com)
Merike Kaeo (merike@doubleshotsecurity.com)
Tom Taylor (tom.taylor.stds@gmail.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)