Generation of IPv6 Atomic Fragments Considered Harmful
RFC 8021

Document Type RFC - Informational (January 2017; No errata)
Last updated 2017-01-06
Stream IETF
Formats plain text pdf html bibtex
Reviews
Stream WG state Submitted to IESG for Publication
Document shepherd Robert Hinden
Shepherd write-up Show (last changed 2016-09-01)
IESG IESG state RFC 8021 (Informational)
Consensus Boilerplate Yes
Telechat date
Responsible AD Suresh Krishnan
Send notices to "Robert M. Hinden" <bob.hinden@gmail.com>
IANA IANA review state Version Changed - Review Needed
IANA action state No IC
Internet Engineering Task Force (IETF)                           F. Gont
Request for Comments: 8021                        SI6 Networks / UTN-FRH
Category: Informational                                           W. Liu
ISSN: 2070-1721                                      Huawei Technologies
                                                             T. Anderson
                                                          Redpill Linpro
                                                            January 2017

         Generation of IPv6 Atomic Fragments Considered Harmful

Abstract

   This document discusses the security implications of the generation
   of IPv6 atomic fragments and a number of interoperability issues
   associated with IPv6 atomic fragments.  It concludes that the
   aforementioned functionality is undesirable and thus documents the
   motivation for removing this functionality from an upcoming revision
   of the core IPv6 protocol specification (RFC 2460).

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are a candidate for any level of Internet
   Standard; see Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc8021.

Gont, et al.                  Informational                     [Page 1]
RFC 8021        IPv6 Atomic Fragments Considered Harmful    January 2017

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1. Introduction ....................................................2
   2. Security Implications of the Generation of IPv6 Atomic
      Fragments .......................................................3
   3. Additional Considerations .......................................5
   4. Conclusions .....................................................8
   5. Security Considerations .........................................8
   6. References ......................................................9
      6.1. Normative References .......................................9
      6.2. Informative References ....................................10
   Acknowledgements ..................................................12
   Authors' Addresses ................................................12

1.  Introduction

   [RFC2460] specifies the IPv6 fragmentation mechanism, which allows
   IPv6 packets to be fragmented into smaller pieces such that they can
   fit in the Path MTU to the intended destination(s).

   A legacy IPv4/IPv6 translator implementing the Stateless IP/ICMP
   Translation Algorithm [RFC6145] may legitimately generate ICMPv6
   "Packet Too Big" (PTB) error messages [RFC4443] advertising an MTU
   smaller than 1280 (the minimum IPv6 MTU).  Section 5 of [RFC2460]
   states that, upon receiving such an ICMPv6 error message, hosts are
   not required to reduce the assumed Path MTU but must simply include a
   Fragment Header in all subsequent packets sent to that destination.
   The resulting packets will thus *not* be actually fragmented into
   several pieces; rather, they will be "atomic" fragments [RFC6946]
   (i.e., they will just include a Fragment Header with both the
   "Fragment Offset" and the "M" flag set to 0).  [RFC6946] requires
   that these atomic fragments be essentially processed by the
   destination host(s) as non-fragmented traffic (since there are not

Gont, et al.                  Informational                     [Page 2]
RFC 8021        IPv6 Atomic Fragments Considered Harmful    January 2017

   really any fragments to be reassembled).  The goal of these atomic
   fragments is simply to convey an appropriate Identification value to
Show full document text