From: Fernando Gont <fernando@gont.com.ar>
To: Rick Jones <rick.jones2@hp.com>
Cc: David Miller <davem@davemloft.net>,
eric.dumazet@gmail.com, security@kernel.org, eugeneteo@kernel.sg,
netdev@vger.kernel.org, mpm@selenic.com
Subject: Re: [PATCH net-next-2.6] ipv6: make fragment identifications less predictable
Date: Thu, 21 Jul 2011 22:18:09 -0300 [thread overview]
Message-ID: <4E28CFD1.2030504@gont.com.ar> (raw)
In-Reply-To: <4E28C58E.1080501@hp.com>
On 07/21/2011 09:34 PM, Rick Jones wrote:
>> That scenario assumes packet reordering and/or packet loss.
>
> Isn't that a given?
I mean that if these "collisions" of Identification numbers are of
concern, then, then, at such bandwidth rates, fragmentation itself would
be a concern.
Chances of collisions are proportional to reordering and losses. That
means that at such bandwidths, you'd need to be able to queue a huge
number of packets (which you might not be able to queue, becacuse of
lack of resources), etc.
> And indeed, fragmentation is considered bad, and was considered bad
> enough that the "revenge of the router guys" that is IPv6 punted it to
> the end systems, and yes, one should use PMTUD. Which is all well and
> good when 999 times out of 1 traffic is flowing over a transport that
> does its own segmentation and reassembly.
And provided that there's no ICMPv6 filtering out there (which there is)
-- at which point you need to implement some for of blackhole detection
a la PLMPTUD.
> And when IPv6 got spec'ed it
> looked to all the world that UDP was on the way out - NFS was migrating
> over to TCP, and DNS was "never" more than 512 byte messages. No problem
> right? But since then we've gotten things like EDNS which will be
> sending DNS messages in UDP datagrams that will have to be fragmented,
> PMTUD notwithstanding.
Hopefully you won't have the aforementioned 40GB traffic rate between
two DNS servers ;-)
Thanks,
--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
next prev parent reply other threads:[~2011-07-22 1:18 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <4E24BE94.7010301@gont.com.ar>
[not found] ` <1311082696.2375.26.camel@edumazet-HP-Compaq-6005-Pro-SFF-PC>
[not found] ` <1311089463.2375.42.camel@edumazet-HP-Compaq-6005-Pro-SFF-PC>
2011-07-19 20:47 ` [PATCH net-next-2.6] ipv6: make fragment identifications less predictable Eric Dumazet
2011-07-19 20:56 ` Matt Mackall
2011-07-20 6:50 ` Eric Dumazet
2011-07-20 8:25 ` Eric Dumazet
2011-07-20 10:27 ` Eric Dumazet
2011-07-21 1:32 ` Fernando Gont
2011-07-21 22:17 ` David Miller
2011-07-21 22:46 ` Rick Jones
2011-07-21 23:13 ` David Miller
2011-07-21 23:37 ` Fernando Gont
2011-07-22 0:07 ` David Miller
2011-07-22 0:34 ` Rick Jones
2011-07-22 1:18 ` Fernando Gont [this message]
2011-07-22 4:26 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E28CFD1.2030504@gont.com.ar \
--to=fernando@gont.com.ar \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=eugeneteo@kernel.sg \
--cc=mpm@selenic.com \
--cc=netdev@vger.kernel.org \
--cc=rick.jones2@hp.com \
--cc=security@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.