RFC 8900: IP Fragmentation Considered Fragile

0



Web Engineering Job Force (IETF) R. Bonica
Seek details from for Comments: 8900 Juniper Networks
BCP: 230 F. Baker
Category: Most tremendous Present Practice Unaffiliated
ISSN: 2070-1721 G. Huston
APNIC
R. Hinden
Check Point Application
O. Troan
Cisco
F. Gont
SI6 Networks
September 2020

IP Fragmentation Concept about Fragile

Abstract

This document describes IP fragmentation and explains the scheme in which it
introduces fragility to Web dialog.

This document also proposes choices to IP fragmentation and
presents solutions for builders and community operators.

Inform of This Memo

This memo documents an Web Most tremendous Present Practice.

This document is a made out of the Web Engineering Job Force
(IETF). It represents the consensus of the IETF neighborhood. It has
obtained public review and has been well-liked for publication by the
Web Engineering Steering Neighborhood (IESG). Extra details on
BCPs is within the market in Fragment 2 of RFC 7841.

Knowledge in regards to the current characteristic of this document, any errata,
and the most spellbinding formulation to present feedback on it’s going to also be obtained at
https://www.rfc-editor.org/details/rfc8900.

Copyright Look

Copyright (c) 2020 IETF Belief and the folk identified because the
document authors. All rights reserved.

This document is discipline to BCP 78 and the IETF Belief’s Upright
Provisions Touching on to IETF Documents
(https://trustee.ietf.org/license-details) in dangle on the date of
publication of this document. Please review these documents
fastidiously, as they portray your rights and restrictions with appreciate
to this document. Code Parts extracted from this document should always
encompass Simplified BSD License text as described in Fragment 4.e of
the Belief Upright Provisions and are offered without warranty as
described within the Simplified BSD License.

Desk of Contents

1. Introduction
1.1. Requirements Language
2. IP Fragmentation
2.1. Links, Paths, MTU, and PMTU
2.2. Fragmentation Procedures
2.3. Greater-Layer Reliance on IP Fragmentation
3. Elevated Fragility
3.1. Digital Reassembly
3.2. Policy-Essentially basically based fully Routing
3.3. Network Deal with Translation (NAT)
3.4. Stateless Firewalls
3.5. Equal-Stamp Multipath, Link Combination Teams, and Stateless
Load Balancers
3.6. IPv4 Reassembly Errors at High Knowledge Charges
3.7. Security Vulnerabilities
3.8. PMTU Sunless-Holing Consequently of ICMP Loss
3.8.1. Transient Loss
3.8.2. Unsuitable Implementation of Security Policy
3.8.3. Power Loss Precipitated by Anycast
3.8.4. Power Loss Precipitated by Unidirectional Routing
3.9. Sunless-Holing Consequently of Filtering or Loss
4. Doubtless choices to IP Fragmentation
4.1. Transport-Layer Solutions
4.2. Application-Layer Solutions
5. Applications That Depend on IPv6 Fragmentation
5.1. Domain Name Service (DNS)
5.2. Delivery Shortest Direction First (OSPF)
5.3. Packet-in-Packet Encapsulations
5.4. UDP Applications Bettering Performance
6. Solutions
6.1. For Application and Protocol Developers
6.2. For Device Developers
6.3. For Middlebox Developers
6.4. For ECMP, LAG, and Load-Balancer Developers And Operators
6.5. For Network Operators
7. IANA Concerns
8. Security Concerns
9. References
9.1. Normative References
9.2. Informative References
Acknowledgements
Authors’ Addresses

1. Introduction

Operational skills [Kent] [Huston] [RFC7872] unearths that IP
fragmentation introduces fragility to Web dialog. This
document describes IP fragmentation and explains the fragility it
introduces. It also proposes choices to IP fragmentation and
presents solutions for builders and community operators.

Whereas this document identifies considerations related to IP
fragmentation, it would not suggest deprecation. Legacy protocols
that depend on IP fragmentation would dangle effectively to be up-to-the-minute to
purchase that dependency. On the replace hand, some capabilities and environments
(glimpse Fragment 5) require IP fragmentation. In these cases, the
protocol will proceed to depend upon IP fragmentation, however the designer
ought to quiet undergo in solutions that fragmented packets can also lead to sunless holes. A
construct ought to quiet encompass relevant safeguards.

In preference to deprecating IP fragmentation, this document recommends
that higher-layer protocols address the topic of fragmentation at
their layer, reducing their reliance on IP fragmentation to the
ideal diploma likely.

1.1. Requirements Language

The most main phrases “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”,
“SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “NOT RECOMMENDED”, “MAY”, and
“OPTIONAL” in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and simplest when, they look in all
capitals, as shown here.

2. IP Fragmentation

2.1. Links, Paths, MTU, and PMTU

An Web route connects a offer node to a destination node. A
route can also contain hyperlinks and routers. If a route consists of a few
hyperlink, the hyperlinks are connected in sequence, and a router connects every
hyperlink to the subsequent.

Web paths are dynamic. Steal that the path from one node to
one more consists of a characteristic of hyperlinks and routers. If a hyperlink or a router
fails, the path can also moreover change so that it encompasses a a quantity of characteristic
of hyperlinks and routers.

Every hyperlink is constrained by the amount of octets that it’s going to raise
in a single IP packet. This constraint is called the hyperlink Maximum
Transmission Unit (MTU). IPv4 [RFC0791] requires every hyperlink to
increase an MTU of 68 octets or bigger (glimpse NOTE 1). IPv6 [RFC8200]
equally requires every hyperlink to enhance an MTU of 1280 octets or
bigger. These are known as the IPv4 and IPv6 minimum hyperlink MTUs.

Some hyperlinks, and a variety of ways of the express of hyperlinks, lead to extra
variable overhead. For the easy case of tunnels, this document
defers to other documents. For other cases, equivalent to MPLS, this
document considers the hyperlink MTU to encompass relevant allowance for
any such overhead.

Likewise, every Web route is constrained by the amount of octets
that it’s going to raise in a single IP packet. This constraint is called
the Direction MTU (PMTU). For any given route, the PMTU is the identical because the
smallest of its hyperlink MTUs. On myth of Web paths are dynamic, PMTU
can also be dynamic.

For causes described below, offer nodes estimate the PMTU between
themselves and destination nodes. A offer node can produce
extraordinarily conservative PMTU estimates by which:

The estimate for every IPv4 route is the identical because the IPv4 minimum hyperlink
MTU.

The estimate for every IPv6 route is the identical because the IPv6 minimum hyperlink
MTU.

Whereas these conservative estimates are guaranteed to be lower than or
equal to the true PMTU, they’re inclined to be vital lower than the
actual PMTU. This can also adversely occupy an impact on higher-layer protocol
efficiency.

By executing Direction MTU Discovery (PMTUD) procedures [RFC1191]
[RFC8201], a offer node can abet a less conservative estimate of
the PMTU between itself and a destination node. In PMTUD, the provision
node produces an preliminary PMTU estimate. This preliminary estimate is
equal to the MTU of the major hyperlink along the path to the destination
node. It will occupy to be bigger than the true PMTU.

Having produced an preliminary PMTU estimate, the provision node sends non-
fragmentable IP packets to the destination node (glimpse NOTE 2). If one
of those packets is bigger than the true PMTU, a downstream router
is per chance not ready to forward the packet thru the subsequent hyperlink along
the path. Consequently of this truth, the downstream router drops the packet and
sends an Web Management Message Protocol (ICMP) [RFC0792] [RFC4443]
Packet Too Mountainous (PTB) message to the provision node (glimpse NOTE 3). The
ICMP PTB message signifies the MTU of the hyperlink thru which the
packet can also not be forwarded. The provision node makes express of this details
to refine its PMTU estimate.

PMTUD produces a working estimate of the PMTU between a offer node
and a destination node. On myth of PMTU is dynamic, the PMTU estimate
may per chance be bigger than the true PMTU. In divulge to detect PMTU
increases, PMTUD once rapidly resets the PMTU estimate to its preliminary
value and repeats the design described above.

Ideally, PMTUD operates as described above. On the replace hand, in some
eventualities, PMTUD fails. For instance:

PMTUD relies on the community’s ability to bring ICMP PTB messages
to the provision node. If the community can’t bring ICMP PTB
messages to the provision node, PMTUD fails.

PMTUD is at danger of assault because ICMP messages are without considerations
forged [RFC5927] and not authenticated by the receiver. Such
attacks can trigger PMTUD to provide unnecessarily conservative PMTU
estimates.

NOTE 1: In IPv4, every host ought to quiet be ready to reassemble a packet
whose length is lower than or equal to 576 octets. On the replace hand, the
IPv4 minimum hyperlink MTU isn’t 576. Fragment 3.2 of RFC 791
[RFC0791] explicitly states that the IPv4 minimum hyperlink MTU is 68
octets.

NOTE 2: A non-fragmentable packet may per chance be fragmented at its offer.
On the replace hand, it’s going to not be fragmented by a downstream node. An IPv4
packet whose Scheme not Fragment (DF) bit is characteristic to 0 is fragmentable.
An IPv4 packet whose DF bit is characteristic to 1 is non-fragmentable. All
IPv6 packets are also non-fragmentable.

NOTE 3: The ICMP PTB message has two instantiations. In ICMPv4
[RFC0792], the ICMP PTB message is a Destination Unreachable
message with Code equal to 4 (fragmentation important and DF characteristic).
This message became augmented by [RFC1191] to veil the MTU of the
hyperlink thru which the packet can also not be forwarded. In ICMPv6
[RFC4443], the ICMP PTB message is a Packet Too Mountainous Message with
Code equal to 0. This message also signifies the MTU of the hyperlink
thru which the packet can also not be forwarded.

2.2. Fragmentation Procedures

When an higher-layer protocol submits details to the underlying IP
module, and the following IP packet’s length is bigger than the
PMTU, the packet is divided into fragments. Every fragment consists of
an IP header and a fraction of the customary packet.

[RFC0791] describes IPv4 fragmentation procedures. An IPv4 packet
whose DF bit is characteristic to 1 can also be fragmented by the provision node, but
can also not be fragmented by a downstream router. An IPv4 packet whose
DF bit is characteristic to 0 can also be fragmented by the provision node or by a
downstream router. When an IPv4 packet is fragmented, all IP choices
(which can per chance be all over the IPv4 header) appear within the major fragment, but
simplest choices whose “reproduction” bit is characteristic to 1 appear in subsequent
fragments.

[RFC8200], particularly in Fragment 4.5, describes IPv6 fragmentation
procedures. An IPv6 packet can also be fragmented simplest at the provision
node. When an IPv6 packet is fragmented, all extension headers
appear within the major fragment, but simplest per-fragment headers appear in
subsequent fragments. Per-fragment headers encompass the next:

The IPv6 header.

The Hop-by-Hop Alternate choices header (if present).

The Destination Alternate choices header (if present and if it precedes a
Routing header).

The Routing header (if present).

The Fragment header.

In IPv4, the higher-layer header in total appears within the major
fragment, because of the the sizes of the headers enthusiastic. In IPv6, the
higher-layer header should always appear within the major fragment.

2.3. Greater-Layer Reliance on IP Fragmentation

Greater-layer protocols can operate within the next modes:

Attain not depend upon IP fragmentation.

Depend on IP fragmentation by the provision node simplest.

Depend on IP fragmentation by any node.

Greater-layer protocols working over IPv4 can operate within the total
above-talked about modes. Greater-layer protocols working over IPv6 can
operate within the major and 2d modes simplest.

Greater-layer protocols that operate within the major two modes (above)
require access to the PMTU estimate. In divulge to meet this
requirement, they are able to:

Estimate the PMTU to be equal to the IPv4 or IPv6 minimum hyperlink
MTU.

Catch admission to the estimate that PMTUD produced.

Waste PMTUD procedures themselves.

Waste Packetization Layer PMTUD (PLPMTUD) procedures [RFC4821]
[RFC8899].

Constant with PLPMTUD procedures, the higher-layer protocol maintains a
working PMTU estimate. It does so by sending probe packets of
varied sizes to its higher-layer stare and receiving acknowledgements.
This approach differs from PMTUD in that it relies on acknowledgement
of obtained messages, versus ICMP PTB messages touching on
dropped messages. Consequently of this truth, PLPMTUD would not depend upon the community’s
ability to bring ICMP PTB messages to the provision.

3. Elevated Fragility

This share explains how IP fragmentation introduces fragility to
Web dialog.

3.1. Digital Reassembly

Digital reassembly is a design by which a tool conceptually
reassembles a packet, forwards its fragments, and discards the
reassembled reproduction. In Deal with plus Port (A+P) [RFC6346] and Service
Grade NAT (CGN) [RFC6888], virtual reassembly is required in divulge to
accurately translate fragment addresses. It will occupy to be handy to
address the considerations in Sections 3.2, 3.3, 3.4, and 3.5.

Digital reassembly is computationally expensive and holds insist for
indeterminate lessons of time. Consequently of this truth, it’s at danger of errors and
attacks (Fragment 3.7).

3.2. Policy-Essentially basically based fully Routing

IP fragmentation causes considerations for routers that put into effect policy-
basically basically basically based routing.

When a router receives a packet, it identifies the subsequent hop on route
to the packet’s destination and forwards the packet to that subsequent hop.
In divulge to title the subsequent hop, the router interrogates a local
details structure known as the Forwarding Knowledge Snide (FIB).

On the total, the FIB consists of destination-basically basically basically based entries that scheme a
destination prefix to a subsequent hop. Policy-basically basically basically based routing lets in
destination-basically basically basically based and policy-basically basically basically based entries to coexist within the identical
FIB. A policy-basically basically basically based FIB entry maps a few fields, drawn from
both the IP or transport-layer header, to a subsequent hop.

+=====+===================+=================+=======+===============+
|Entry| Form | Dest. Prefix | Next | Next Hop |
| | | | Hdr / | |
| | | | Dest. | |
| | | | Port | |
+=====+===================+=================+=======+===============+
| 1 | Destination-basically basically basically based | 2001:db8::1/128 | Any / | 2001:db8:2::2 |
| | | | Any | |
+—–+——————-+—————–+——-+—————+
| 2 | Policy-basically basically basically based | 2001:db8::1/128 | TCP / | 2001:db8:3::3 |
| | | | 80 | |
+—–+——————-+—————–+——-+—————+

Desk 1: Policy-Essentially basically based fully Routing FIB

Steal that a router maintains the FIB in Desk 1. The first FIB
entry is destination-basically basically basically based. It maps a destination prefix
2001:db8::1/128 to a subsequent hop 2001:db8:2::2. The 2d FIB entry is
policy-basically basically basically based. It maps the identical destination prefix 2001:db8::1/128
and a destination port (TCP / 80) to a a quantity of subsequent hop
(2001:db8:3::3). The 2d entry is extra particular than the major.

When the router receives the major fragment of a packet that is
destined for TCP port 80 on 2001:db8::1, it interrogates the FIB.
Every FIB entries satisfy the predict. The router selects the 2d
FIB entry because it’s extra particular and forwards the packet to
2001:db8:3::3.

When the router receives the 2d fragment of the packet, it
interrogates the FIB all once more. This time, simplest the major FIB entry
satisfies the predict, for the reason that 2d fragment consists of no
indication that the packet is destined for TCP port 80. Consequently of this truth,
the router selects the major FIB entry and forwards the packet to
2001:db8:2::2.

Policy-basically basically basically based routing is in total identified as filter-basically basically basically based forwarding.

3.3. Network Deal with Translation (NAT)

IP fragmentation causes considerations for Network Deal with Translation
(NAT) devices. When a NAT tool detects a brand new, outbound waft, it
maps that waft’s offer port and IP address to at least one more offer port
and IP address. Having created that mapping, the NAT tool
interprets:

The provision IP address and offer port on every outbound packet.

The destination IP address and destination port on every inbound
packet.

A+P [RFC6346] and Service Grade NAT (CGN) [RFC6888] are two total
NAT strategies. In both approaches, the NAT tool should always virtually
reassemble fragmented packets in divulge to translate and forward every
fragment.

3.4. Stateless Firewalls

As discussed in extra detail in Fragment 3.7, IP fragmentation causes
considerations for stateless firewalls whose principles encompass TCP and UDP
ports. On myth of port details is simplest within the market within the major
fragment and not within the market within the next fragments, the firewall
is limited to the next choices:

Accept all subsequent fragments, per chance admitting certain
lessons of assault.

Block all subsequent fragments, per chance blocking off authentic
traffic.

Neither possibility is graceful.

3.5. Equal-Stamp Multipath, Link Combination Teams, and Stateless Load
Balancers

IP fragmentation causes considerations for Equal-Stamp Multipath (ECMP),
Link Combination Teams (LAG), and other stateless load-distribution
applied sciences. In divulge to avoid losing a packet or packet fragment to a
hyperlink, an intermediate node executes a hash (i.e., load-distributing)
algorithm. The following paragraphs portray a recurrently deployed
hash algorithm.

If the packet or packet fragment consists of a transport-layer header,
the algorithm accepts the next 5-tuple as enter:

IP Source Deal with.

IP Destination Deal with.

IPv4 Protocol or IPv6 Next Header.

transport-layer offer port.

transport-layer destination port.

If the packet or packet fragment would not contain a transport-layer
header, the algorithm accepts simplest the next 3-tuple as enter:

IP Source Deal with.

IP Destination Deal with.

IPv4 Protocol or IPv6 Next Header.

Consequently of this truth, non-fragmented packets belonging to a waft may per chance be assigned
to at least one hyperlink while fragmented packets belonging to the identical waft can
be divided between that hyperlink and one more. This can trigger suboptimal
load distribution.

[RFC6438] presents a partial resolution to this discipline for IPv6 devices
simplest. Constant with [RFC6438]:

| At intermediate routers that fabricate load distribution, the hash
| algorithm old to uncover the outgoing part-hyperlink in an ECMP
| and/or LAG in direction of the subsequent hop MUST minimally encompass the three-tuple
| {dest addr, offer addr, waft designate} and MAY also encompass the
| closing parts of the 5-tuple.

If the algorithm consists of simplest the three-tuple {dest addr, offer addr,
waft designate}, this may save all fragments belonging to a packet to
the identical hyperlink. (Glance [RFC6437] and [RFC7098]).

In divulge to lead obvious of the topic described above, implementations SHOULD
put into effect the solutions offered in Fragment 6.4 of this
document.

3.6. IPv4 Reassembly Errors at High Knowledge Charges

IPv4 fragmentation isn’t sufficiently sturdy to be used below some
prerequisites in lately’s Web. At high details rates, the 16-bit IP
identification discipline isn’t colossal sufficient to forestall replica IDs,
ensuing in frequent incorrectly assembled IP fragments, and the TCP
and UDP checksums are insufficient to forestall the following corrupted
datagrams from being brought to higher-layer protocols. [RFC4963]
describes some without considerations reproduced experiments demonstrating the
discipline and discusses one of the most main operational implications of those
observations.

These reassembly considerations dangle not happen as continuously in IPv6 because
the IPv6 identification discipline is 32 bits prolonged.

3.7. Security Vulnerabilities

Security researchers occupy documented several attacks that exploit IP
fragmentation. The following are examples:

Overlapping fragment attacks [RFC1858] [RFC3128] [RFC5722].

Resource exhaustion attacks.

Attacks in response to predictable fragment identification values
[RFC7739].

Evasion of Network Intrusion Detection Programs (NIDS)
[Ptacek1998].

In the overlapping fragment assault, an attacker constructs a sequence
of packet fragments. The first fragment consists of an IP header, a
transport-layer header, and some transport-layer payload. This
fragment complies with native security policy and is allowed to cross
thru a stateless firewall. A 2d fragment, having a nonzero
offset, overlaps with the major fragment. The 2d fragment also
passes thru the stateless firewall. When the packet is
reassembled, the transport-layer header from the major fragment is
overwritten by details from the 2d fragment. The reassembled packet
would not follow native security policy. Had it traversed the
firewall in one half, the firewall would occupy rejected it.

A stateless firewall can’t defend against the overlapping fragment
assault. On the replace hand, destination nodes can defend against the
overlapping fragment assault by implementing the procedures described
in RFC 1858, RFC 3128, and RFC 8200. These reassembly procedures
detect the overlap and discard the packet.

The fragment reassembly algorithm is a stateful design in an
otherwise stateless protocol. Consequently of this truth, it’s going to be exploited by
resource exhaustion attacks. An attacker can dangle a sequence of
fragmented packets with one fragment lacking from every packet so that
the reassembly could be very not going. Thus, this assault causes resource
exhaustion on the destination node, per chance denying reassembly
products and companies to other flows. This trend of assault may per chance be mitigated by
flushing fragment reassembly buffers when wanted, at the expense
of per chance dropping authentic fragments.

Every IP fragment consists of an “Identification” discipline that destination
nodes express to reassemble fragmented packets. Some implementations characteristic
the Identification discipline to a predictable value, thus making it simple
for an attacker to forge malicious IP fragments that may per chance trigger the
reassembly design for authentic packets to fail.

NIDS objectives at identifying malicious activity by inspecting community
traffic. Ambiguity within the likely outcomes of the fragment reassembly
project can also allow an attacker to evade these systems. Many of those
systems try and mitigate these styles of evasion ways (e.g., by
computing all likely outcomes of the fragment reassembly project,
at the expense of elevated processing requirements).

3.8. PMTU Sunless-Holing Consequently of ICMP Loss

As talked about in Fragment 2.3, higher-layer protocols may per chance be configured
to depend upon PMTUD. On myth of PMTUD relies upon the community to bring
ICMP PTB messages, those protocols also depend upon the networks to
bring ICMP PTB messages.

Constant with [RFC4890], ICMPv6 PTB messages should always not be filtered.
On the replace hand, ICMP PTB offer isn’t authentic. It’s miles discipline to both
transient and protracted loss.

Transient loss of ICMP PTB messages can trigger transient PMTU sunless
holes. When the must haves contributing to transient loss abate, the
community regains its ability to bring ICMP PTB messages and
connectivity between the provision and destination nodes is restored.
Fragment 3.8.1 of this document describes prerequisites that lead to
transient loss of ICMP PTB messages.

Power loss of ICMP PTB messages can trigger chronic sunless
holes. Sections 3.8.2, 3.8.3, and 3.8.4 of this document portray
prerequisites that lead to chronic loss of ICMP PTB messages.

The discipline described in this share is particular to PMTUD. It does
not happen when the higher-layer protocol obtains its PMTU estimate
from PLPMTUD or from another offer.

3.8.1. Transient Loss

The following elements can make contributions to transient loss of ICMP PTB
messages:

Network congestion.

Packet corruption.

Transient routing loops.

ICMP price limiting.

The dangle of price limiting can also be excessive, as RFC 4443 recommends
strict price limiting of ICMPv6 traffic.

3.8.2. Unsuitable Implementation of Security Policy

Unsuitable implementation of security policy can trigger chronic loss
of ICMP PTB messages.

For instance, defend that a Buyer Premises Instruments (CPE) router
implements the next zone-basically basically basically based security policy:

Enable any traffic to waft from the interior zone to the exterior
zone.

Attain not allow any traffic to waft from the exterior zone to the
interior zone except it’s section of an existing waft (i.e., it became
elicited by an outbound packet).

When a gradual implementation of the above-talked about security policy
receives an ICMP PTB message, it examines the ICMP PTB payload in
divulge to uncover whether the customary packet (i.e., the packet that
elicited the ICMP PTB message) belonged to an existing waft. If the
customary packet belonged to an existing waft, the implementation
lets within the ICMP PTB to waft from the exterior zone to the interior zone.
If not, the implementation discards the ICMP PTB message.

When an improper implementation of the above-talked about security
policy receives an ICMP PTB message, it discards the packet because
its offer address isn’t related to an existing waft.

The protection policy described above has been applied incorrectly
on many individual CPE routers.

3.8.3. Power Loss Precipitated by Anycast

Anycast can trigger chronic loss of ICMP PTB messages. Support in solutions the
instance below:

A DNS consumer sends a predict to an anycast address. The community
routes that DNS predict to the nearest instance of that anycast
address (i.e., a DNS server). The DNS server generates a response
and sends it support to the DNS consumer. Whereas the response would not
exceed the DNS server’s PMTU estimate, it does exceed the true
PMTU.

A downstream router drops the packet and sends an ICMP PTB message
the packet’s offer (i.e., the anycast address). The community routes
the ICMP PTB message to the anycast instance closest to the
downstream router. That anycast instance can also not be the DNS server
that originated the DNS response. It will also be one more DNS server with
the identical anycast address. The DNS server that originated the
response can also by no manner bring together the ICMP PTB message and may per chance by no manner update
its PMTU estimate.

3.8.4. Power Loss Precipitated by Unidirectional Routing

Unidirectional routing can trigger chronic loss of ICMP PTB
messages. Support in solutions the instance below:

A offer node sends a packet to a destination node. All intermediate
nodes abet a route to the destination node but dangle not abet a
route to the provision node. On this case, when an intermediate node
encounters an MTU tell, it’s going to not ship an ICMP PTB message to the
offer node.

3.9. Sunless-Holing Consequently of Filtering or Loss

In RFC 7872, researchers sampled Web paths to uncover whether
they’d raise packets that contain IPv6 extension headers.
Sampled paths terminated at trendy Web websites (e.g., trendy
web, mail, and DNS servers).

The scrutinize printed that not lower than 28% of the sampled paths didn’t
raise packets containing the IPv6 Fragment extension header. In
most cases, fragments were dropped within the destination self sufficient
machine. In other cases, the fragments were dropped in transit
self sufficient systems.

One more scrutinize [Huston] confirmed this discovering. It reported that 37%
of sampled endpoints old IPv6-marvelous DNS resolvers that were
incapable of receiving a fragmented IPv6 response.

It’s miles advanced to uncover why community operators tumble fragments.
Doubtless causes observe:

Hardware lack of ability to project fragmented packets.

Failure to interchange vendor defaults.

Unintended misconfiguration.

Intentional configuration (e.g., community operators consciously
chooses to tumble IPv6 fragments in divulge to address the considerations
raised in Sections 3.2 thru 3.8, above.)

4. Doubtless choices to IP Fragmentation

4.1. Transport-Layer Solutions

The Transport Management Protocol (TCP) [RFC0793]) may per chance be operated in a
mode that would not require IP fragmentation.

Applications post a circulate of details to TCP. TCP divides that circulate
of details into segments, and not utilizing a section exceeding the TCP Maximum
Segment Size (MSS). Every section is encapsulated in a TCP header and
submitted to the underlying IP module. The underlying IP module
prepends an IP header and forwards the following packet.

If the TCP MSS is sufficiently diminutive, then the underlying IP module
by no manner produces a packet whose length is bigger than the true PMTU.
Consequently of this truth, IP fragmentation isn’t required.

TCP presents the next mechanisms for MSS management:

Handbook configuration.

PMTUD.

PLPMTUD.

Handbook configuration is consistently relevant. If the MSS is configured
to a sufficiently low value, the IP layer will by no manner produce a packet
whose length is bigger than the protocol minimum hyperlink MTU. On the replace hand,
e-book configuration prevents TCP from making the most of larger
hyperlink MTUs.

Greater-layer protocols can put into effect PMTUD in divulge to peep and
receive advantage of larger Direction MTUs. On the replace hand, as talked about in
Fragment 2.1, PMTUD relies upon the community to bring ICMP PTB
messages. Consequently of this truth, PMTUD can simplest provide an estimate of the PMTU
in environments where the chance of ICMP PTB loss is suitable (e.g.,
identified to not be filtered).

By distinction, PLPMTUD would not depend upon the community’s ability to
bring ICMP PTB messages. It makes use of probe messages sent as TCP
segments to uncover whether the probed PMTU may per chance be successfully
old all over the community route. In PLPMTUD, probing is separated from
congestion defend an eye fixed on, so that loss of a TCP probe section would not
trigger a discount of the congestion defend an eye fixed on window. [RFC4821]
defines PLPMTUD procedures for TCP.

Whereas TCP will by no manner knowingly trigger the underlying IP module to emit
a packet that is bigger than the PMTU estimate, it’s going to trigger the
underlying IP module to emit a packet that is bigger than the true
PMTU. For instance, if routing adjustments and for this reason the PMTU
turns into smaller, TCP will not know till the ICMP PTB message
arrives. If this occurs, the packet is dropped, the PMTU estimate is
up-to-the-minute, the section is divided into smaller segments, and each
smaller section is submitted to the underlying IP module.

The Datagram Congestion Management Protocol (DCCP) [RFC4340] and the
Circulate Management Transmission Protocol (SCTP) [RFC4960] also may per chance be
operated in a mode that would not require IP fragmentation. They both
accept details from an application and divide that details into segments,
and not utilizing a section exceeding a maximum size.

DCCP presents e-book configuration, PMTUD, and PLPMTUD as mechanisms
for managing that maximum size. Datagram protocols can also moreover
put into effect PLPMTUD to estimate the PMTU by scheme of [RFC8899]. This proposes
procedures for performing PLPMTUD with UDP, UDP choices, SCTP, QUIC,
and other datagram protocols.

Currently, Particular person Datagram Protocol (UDP) [RFC0768] lacks a
fragmentation mechanism of its maintain and relies on IP fragmentation.
On the replace hand, [UDP-OPTIONS] proposes a fragmentation mechanism for UDP.

4.2. Application-Layer Solutions

[RFC8085] acknowledges that IP fragmentation reduces the reliability of
Web dialog. It also acknowledges that UDP lacks a
fragmentation mechanism of its maintain and relies on IP fragmentation.
Consequently of this truth, [RFC8085] presents the next tricks concerning
capabilities the slip over the UDP:

| An application SHOULD NOT ship UDP datagrams that lead to IP
| packets that exceed the Maximum Transmission Unit (MTU) along the
| route to the destination. Consequently, an application SHOULD
| both express the path MTU details offered by the IP layer or
| put into effect Direction MTU Discovery (PMTUD) itself [RFC1191] [RFC1981]
| [RFC4821] to uncover whether the path to a destination will
| increase its desired message size without fragmentation.

RFC 8085 continues:

| Applications that dangle not observe the advice to dangle PMTU/
| PLPMTUD discovery SHOULD quiet steer obvious of sending UDP datagrams that
| would lead to IP packets that exceed the path MTU. For the reason that
| actual route MTU is unknown, such capabilities SHOULD tumble support to
| sending messages which can per chance be shorter than the default tremendous MTU
| for sending (EMTU_S in [RFC1122]). For IPv4, EMTU_S is the
| smaller of 576 bytes and the major-hop MTU [RFC1122]. For IPv6,
| EMTU_S is 1280 bytes [RFC2460]. The tremendous PMTU for a actual now
| connected destination (and not utilizing a routers on the path) is the
| configured interface MTU, that may per chance be lower than the maximum
| hyperlink payload size. Transmission of minimum-sized UDP datagrams is
| inefficient over paths that increase an even bigger PMTU, which is a
| 2d motive to place into effect PMTU discovery.

RFC 8085 assumes that for IPv4 an EMTU_S of 576 is sufficiently diminutive
to be supported by most veil Web paths, despite the indisputable truth that the IPv4
minimum hyperlink MTU is 68 octets.

This recommendation applies equally to any application that runs actual now
over IP.

5. Applications That Depend on IPv6 Fragmentation

The following capabilities depend upon IPv6 fragmentation:

DNS [RFC1035].

OSPFv2 [RFC2328].

OSPFv3 [RFC5340].

Packet-in-packet encapsulations.

Every of those capabilities relies on IPv6 fragmentation to a varying
diploma. In some cases, that reliance is wanted and can’t be
damaged without essentially altering the protocol. In other cases,
that reliance is incidental, and most implementations already receive
relevant steps to lead obvious of fragmentation.

This checklist isn’t total, and other protocols that depend upon IP
fragmentation can also exist. They don’t appear to be particularly considered within the
context of this document.

5.1. Domain Name Service (DNS)

DNS relies on UDP for efficiency, and the extinguish result’s the usage of
IP fragmentation for colossal responses, to boot-liked by the Extension
Mechanisms for DNS (EDNS0) choices within the predict. It’s miles doable to
mitigate the tell of fragmentation-basically basically basically based packet loss by having
queries express smaller EDNS0 UDP buffer sizes or by having the DNS
server restrict the scale of its UDP responses to some self-imposed
maximum packet size that will also be lower than the preferred EDNS0 UDP
buffer size. In both cases, colossal responses are truncated within the
DNS, signaling to the patron to re-predict the express of TCP to compose the
full response. On the replace hand, the operational tell of the partial
level of increase for DNS over TCP, in particular within the case where
IPv6 transport is being old, turns into a limiting a part of the
efficacy of this implies [Damas].

Elevated DNS responses can in total be averted by aggressively pruning
the Extra share of DNS responses. One scenario where such
pruning is ineffective is within the usage of DNSSEC, where colossal key sizes
act to lengthen the response size to certain DNS queries. There may be
no tremendous response to this discipline all over the DNS as an alternative of
the express of smaller cryptographic keys and adopting of DNSSEC
administrative practices that try and defend DNS response as quick
as likely.

5.2. Delivery Shortest Direction First (OSPF)

OSPF implementations can emit messages colossal sufficient to trigger
fragmentation. On the replace hand, in divulge to optimize efficiency, most OSPF
implementations restrict their maximum message size to a imprint that
will not trigger fragmentation.

5.3. Packet-in-Packet Encapsulations

This document acknowledges that in some cases, packets ought to quiet be
fragmented interior IP-in-IP tunnels. Consequently of this truth, this document makes
no extra solutions concerning IP-in-IP tunnels.

On this document, packet-in-packet encapsulations encompass IP-in-IP
[RFC2003], Generic Routing Encapsulation (GRE) [RFC2784], GRE-in-UDP
[RFC8086], and Generic Packet Tunneling in IPv6 [RFC2473]. [RFC4459]
describes fragmentation considerations related to the total above-
talked about encapsulations.

The fragmentation approach described for GRE in [RFC7588] has been
deployed for the total above-talked about encapsulations. This
approach would not depend upon IP fragmentation moreover in one nook case.
(Glance Fragment 3.3.2.2 of [RFC7588] and Fragment 7.1 of [RFC2473].)
Fragment 3.3 of [RFC7676] extra describes this nook case.

Glance [TUNNELS] for extra dialogue.

5.4. UDP Applications Bettering Performance

Some UDP capabilities depend upon IP fragmentation to dangle acceptable
ranges of efficiency. These capabilities express UDP datagram sizes
which can per chance be bigger than the Direction MTU so that extra details may per chance be conveyed
between the applying and the kernel in a single machine call.

To fetch one instance, the Licklider Transmission Protocol (LTP)
[RFC5326], which is in present express on the International Inform Attach
(ISS), makes express of UDP datagram sizes bigger than the Direction MTU to dangle
acceptable ranges of efficiency despite the indisputable truth that this invokes IP
fragmentation. Extra in total, SNMP and video capabilities can also
transmit an application-layer quantum of details, reckoning on the
community layer to fragment and reassemble as important.

6. Solutions

6.1. For Application and Protocol Developers

Developers SHOULD NOT create new protocols or capabilities that rely
on IP fragmentation. When a brand new protocol or application is deployed
in an environment that would not fully increase IP fragmentation, it
SHOULD operate accurately, both in its default configuration or in a
specified replace configuration.

Whereas there can also be managed environments where IP fragmentation
works reliably, that is a deployment tell and can’t be identified to
somebody rising a brand new protocol or application. It will not be
suggested that new protocols or capabilities be developed that rely
on IP fragmentation. Protocols and capabilities that depend upon IP
fragmentation will work less reliably on the Web.

Legacy protocols that depend on IP fragmentation SHOULD be up-to-the-minute
to destroy that dependency. On the replace hand, in some cases, there can also be no
viable replace to IP fragmentation (e.g., IPSEC tunnel mode, IP-
in-IP encapsulation). Applications and protocols can’t necessarily
know or defend an eye fixed on whether or not they express lower layers or community paths that
depend upon such fragmentation. In these cases, the protocol will
proceed to depend upon IP fragmentation but ought to quiet simplest be old in
environments where IP fragmentation is identified to be supported.

Protocols can also be ready to lead obvious of IP fragmentation by the express of a
sufficiently diminutive MTU (e.g., The protocol minimum hyperlink MTU),
disabling IP fragmentation, and ensuring that the transport protocol
in express adapts its section size to the MTU. Other protocols can also
deploy a sufficiently authentic PMTU discovery mechanism (e.g.,
PLPMTUD).

UDP capabilities SHOULD abide by the solutions acknowledged in
Fragment 3.2 of [RFC8085].

6.2. For Device Developers

Application libraries SHOULD encompass provision for PLPMTUD for every
supported transport protocol.

6.3. For Middlebox Developers

Middleboxes, which can per chance be systems that “transparently” fabricate policy
capabilities on passing traffic but dangle not participate within the routing
machine, ought to quiet project IP fragments in a trend that is constant
with [RFC0791] and [RFC8200]. In many cases, middleboxes should always
abet insist in divulge to dangle this fair.

Stamp and efficiency concerns continuously encourage community
operators to deploy stateless middleboxes. These stateless
middleboxes can also fabricate suboptimally, project IP fragments in a
manner that isn’t compliant with RFC 791 or RFC 8200, or even
discard IP fragments fully. Such behaviors are NOT RECOMMENDED.
If a middlebox implements nonstandard behavior with appreciate to IP
fragmentation, then that behavior MUST be clearly documented.

6.4. For ECMP, LAG, and Load-Balancer Developers And Operators

In their default configuration, when the IPv6 Trip along side the circulate Impress isn’t equal
to zero, IPv6 devices that put into effect Equal-Stamp Multipath (ECMP)
Routing as described in OSPF [RFC2328] and other routing protocols,
Link Aggregation Grouping (LAG) [RFC7424], or other load-distribution
applied sciences SHOULD accept simplest the next fields as enter to
their hash algorithm:

IP Source Deal with.

IP Destination Deal with.

Trip along side the circulate Impress.

Operators SHOULD deploy these devices of their default configuration.

These solutions are much like those presented in [RFC6438] and
[RFC7098]. They differ in that they specify a default configuration.

6.5. For Network Operators

Operators MUST make certain steady PMTUD operation of their community,
at the side of guaranteeing the community generates PTB packets when dropping
packets too colossal when compared to outgoing interface MTU. On the replace hand,
implementations MAY price restrict the technology of ICMP messages per
[RFC1812] and [RFC4443].

As per RFC 4890, community operators MUST NOT filter ICMPv6 PTB
messages except they’re identified to be forged or otherwise
illegitimate. As acknowledged in Fragment 3.8, filtering ICMPv6 PTB packets
causes PMTUD to fail. Many higher-layer protocols depend upon PMTUD.

As per RFC 8200, community operators MUST NOT deploy IPv6 hyperlinks whose
MTU is lower than 1280 octets.

Network operators SHOULD NOT filter IP fragments if they’re identified to
occupy originated at a web site title server or be destined for a web site
title server. It’s miles because area title products and companies are important to
operation of the Web.

7. IANA Concerns

This document has no IANA actions.

8. Security Concerns

This document mitigates one of the most main security concerns
related to IP fragmentation by discouraging its express. It does
not introduce any new security vulnerabilities, because it would not
introduce any new choices to IP fragmentation. As a replace, it
recommends effectively-understood choices.

9. References

9.1. Normative References

[RFC0768] Postel, J., “Particular person Datagram Protocol”, STD 6, RFC 768,
DOI 10.17487/RFC0768, August 1980,
.

[RFC0791] Postel, J., “Web Protocol”, STD 5, RFC 791,
DOI 10.17487/RFC0791, September 1981,
.

[RFC0792] Postel, J., “Web Management Message Protocol”, STD 5,
RFC 792, DOI 10.17487/RFC0792, September 1981,
.

[RFC0793] Postel, J., “Transmission Management Protocol”, STD 7,
RFC 793, DOI 10.17487/RFC0793, September 1981,
.

[RFC1035] Mockapetris, P., “Domain names – implementation and
specification”, STD 13, RFC 1035, DOI 10.17487/RFC1035,
November 1987, .

[RFC1191] Mogul, J. and S. Deering, “Direction MTU discovery”, RFC 1191,
DOI 10.17487/RFC1191, November 1990,
.

[RFC2119] Bradner, S., “Key phrases to be used in RFCs to Uncover
Requirement Ranges”, BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
.

[RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., “Web
Management Message Protocol (ICMPv6) for the Web
Protocol Model 6 (IPv6) Specification”, STD 89,
RFC 4443, DOI 10.17487/RFC4443, March 2006,
.

[RFC4821] Mathis, M. and J. Heffner, “Packetization Layer Direction MTU
Discovery”, RFC 4821, DOI 10.17487/RFC4821, March 2007,
.

[RFC6437] Amante, S., Chippie, B., Jiang, S., and J. Rajahalme,
“IPv6 Trip along side the circulate Impress Specification”, RFC 6437,
DOI 10.17487/RFC6437, November 2011,
.

[RFC6438] Chippie, B. and S. Amante, “Using the IPv6 Trip along side the circulate Impress
for Equal Stamp Multipath Routing and Link Aggregation in
Tunnels”, RFC 6438, DOI 10.17487/RFC6438, November 2011,
.

[RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, “UDP Usage
Pointers”, BCP 145, RFC 8085, DOI 10.17487/RFC8085,
March 2017, .

[RFC8174] Leiba, B., “Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Phrases”, BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May per chance well well also 2017, .

[RFC8200] Deering, S. and R. Hinden, “Web Protocol, Model 6
(IPv6) Specification”, STD 86, RFC 8200,
DOI 10.17487/RFC8200, July 2017,
.

[RFC8201] McCann, J., Deering, S., Mogul, J., and R. Hinden, Ed.,
“Direction MTU Discovery for IP version 6”, STD 87, RFC 8201,
DOI 10.17487/RFC8201, July 2017,
.

[RFC8899] Fairhurst, G., Jones, T., Tüxen, M., Rüngeler, I., and T.
Völker, “Packetization Layer Direction MTU Discovery for
Datagram Transports”, RFC 8899, DOI 10.17487/RFC8899,
September 2020, .

9.2. Informative References

[Damas] Damas, J. and G. Huston, “Measuring ATR”, April 2018,
.

[Huston] Huston, G., “IPv6, Tidy UDP Packets and the DNS”, August
2017,
.

[Kent] Kent, C. and J. Mogul, “Fragmentation Concept about Wicked”,
SIGCOMM ’87: Complaints of the ACM workshop on Frontiers
in laptop communications technology,
DOI 10.1145/55482.55524, August 1987,
.

[Ptacek1998]
Ptacek, T. H. and T. N. Newsham, “Insertion, Evasion and
Denial of Service: Eluding Network Intrusion Detection”,
1998,
.

[RFC1122] Braden, R., Ed., “Requirements for Web Hosts –
Communication Layers”, STD 3, RFC 1122,
DOI 10.17487/RFC1122, October 1989,
.

[RFC1812] Baker, F., Ed., “Requirements for IP Model 4 Routers”,
RFC 1812, DOI 10.17487/RFC1812, June 1995,
.

[RFC1858] Ziemba, G., Reed, D., and P. Traina, “Security
Concerns for IP Fragment Filtering”, RFC 1858,
DOI 10.17487/RFC1858, October 1995,
.

[RFC1981] McCann, J., Deering, S., and J. Mogul, “Direction MTU Discovery
for IP version 6”, RFC 1981, DOI 10.17487/RFC1981, August
1996, .

[RFC2003] Perkins, C., “IP Encapsulation interior IP”, RFC 2003,
DOI 10.17487/RFC2003, October 1996,
.

[RFC2328] Moy, J., “OSPF Model 2”, STD 54, RFC 2328,
DOI 10.17487/RFC2328, April 1998,
.

[RFC2460] Deering, S. and R. Hinden, “Web Protocol, Model 6
(IPv6) Specification”, RFC 2460, DOI 10.17487/RFC2460,
December 1998, .

[RFC2473] Conta, A. and S. Deering, “Generic Packet Tunneling in
IPv6 Specification”, RFC 2473, DOI 10.17487/RFC2473,
December 1998, .

[RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P.
Traina, “Generic Routing Encapsulation (GRE)”, RFC 2784,
DOI 10.17487/RFC2784, March 2000,
.

[RFC3128] Miller, I., “Protection In opposition to a Variant of the Slight
Fragment Assault (RFC 1858)”, RFC 3128,
DOI 10.17487/RFC3128, June 2001,
.

[RFC4340] Kohler, E., Handley, M., and S. Floyd, “Datagram
Congestion Management Protocol (DCCP)”, RFC 4340,
DOI 10.17487/RFC4340, March 2006,
.

[RFC4459] Savola, P., “MTU and Fragmentation Points with In-the-
Network Tunneling”, RFC 4459, DOI 10.17487/RFC4459, April
2006, .

[RFC4890] Davies, E. and J. Mohacsi, “Solutions for Filtering
ICMPv6 Messages in Firewalls”, RFC 4890,
DOI 10.17487/RFC4890, May per chance well well also 2007,
.

[RFC4960] Stewart, R., Ed., “Circulate Management Transmission Protocol”,
RFC 4960, DOI 10.17487/RFC4960, September 2007,
.

[RFC4963] Heffner, J., Mathis, M., and B. Chandler, “IPv4 Reassembly
Errors at High Knowledge Charges”, RFC 4963,
DOI 10.17487/RFC4963, July 2007,
.

[RFC5326] Ramadas, M., Burleigh, S., and S. Farrell, “Licklider
Transmission Protocol – Specification”, RFC 5326,
DOI 10.17487/RFC5326, September 2008,
.

[RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, “OSPF
for IPv6”, RFC 5340, DOI 10.17487/RFC5340, July 2008,
.

[RFC5722] Krishnan, S., “Handling of Overlapping IPv6 Fragments”,
RFC 5722, DOI 10.17487/RFC5722, December 2009,
.

[RFC5927] Gont, F., “ICMP Attacks against TCP”, RFC 5927,
DOI 10.17487/RFC5927, July 2010,
.

[RFC6346] Bush, R., Ed., “The Deal with plus Port (A+P) Technique to
the IPv4 Deal with Scarcity”, RFC 6346,
DOI 10.17487/RFC6346, August 2011,
.

[RFC6888] Perreault, S., Ed., Yamagata, I., Miyakawa, S., Nakagawa,
A., and H. Ashida, “Traditional Requirements for Service-Grade
NATs (CGNs)”, BCP 127, RFC 6888, DOI 10.17487/RFC6888,
April 2013, .

[RFC7098] Chippie, B., Jiang, S., and W. Tarreau, “Using the IPv6
Trip along side the circulate Impress for Load Balancing in Server Farms”, RFC 7098,
DOI 10.17487/RFC7098, January 2014,
.

[RFC7424] Krishnan, R., Yong, L., Ghanwani, A., So, N., and B.
Khasnabish, “Mechanisms for Optimizing Link Aggregation
Neighborhood (LAG) and Equal-Stamp Multipath (ECMP) Ingredient Link
Utilization in Networks”, RFC 7424, DOI 10.17487/RFC7424,
January 2015, .

[RFC7588] Bonica, R., Pignataro, C., and J. Touch, “A Widely
Deployed Resolution to the Generic Routing Encapsulation
(GRE) Fragmentation Arena”, RFC 7588,
DOI 10.17487/RFC7588, July 2015,
.

[RFC7676] Pignataro, C., Bonica, R., and S. Krishnan, “IPv6 Pork up
for Generic Routing Encapsulation (GRE)”, RFC 7676,
DOI 10.17487/RFC7676, October 2015,
.

[RFC7739] Gont, F., “Security Implications of Predictable Fragment
Identification Values”, RFC 7739, DOI 10.17487/RFC7739,
February 2016, .

[RFC7872] Gont, F., Linkova, J., Chown, T., and W. Liu,
“Observations on the Shedding of Packets with IPv6
Extension Headers within the Trusty World”, RFC 7872,
DOI 10.17487/RFC7872, June 2016,
.

[RFC8086] Yong, L., Ed., Crabbe, E., Xu, X., and T. Herbert, “GRE-
in-UDP Encapsulation”, RFC 8086, DOI 10.17487/RFC8086,
March 2017, .

[TUNNELS] Touch, J. and M. Townsley, “IP Tunnels within the Web
Architecture”, Work in Growth, Web-Draft, draft-
ietf-intarea-tunnels-10, 12 September 2019,
.

[UDP-OPTIONS]
Touch, J., “Transport Alternate choices for UDP”, Work in Growth,
Web-Draft, draft-ietf-tsvwg-udp-choices-08, 12
September 2019, .

Acknowledgements

Consequently of Mikael Abrahamsson, Brian Chippie, Silambu Chelvan,
Lorenzo Colitti, Gorry Fairhurst, Joel Halpern, Mike Heard, Tom
Herbert, Tatuya Jinmei, Suresh Krishnan, Jen Linkova, Paolo Lucente,
Manoj Nayak, Eric Nygren, Fred Templin, and Joe Touch for their
feedback.

Authors’ Addresses

Ron Bonica
Juniper Networks
2251 Corporate Park Pressure
Herndon, Virginia 20171
United States of The usa

Email: rbonica@juniper.procure

Fred Baker
Unaffiliated
Santa Barbara, California 93117
United States of The usa

Email: FredBaker.IETF@gmail.com

Geoff Huston
APNIC
6 Cordelia St
Brisbane 4101 QLD
Australia

Email: gih@apnic.procure

Robert M. Hinden
Check Point Application
959 Skyway Avenue
San Carlos, California 94070
United States of The usa

Email: bob.hinden@gmail.com

Ole Troan
Cisco
Philip Pedersens vei 1
N-1366 Lysaker
Norway

Email: ot@cisco.com

Fernando Gont
SI6 Networks
Evaristo Carriego 2644
Haedo
Provincia de Buenos Aires
Argentina

Email: fgont@si6networks.com

Read More

Leave A Reply

Your email address will not be published.