< draft-ietf-intarea-frag-fragile-09.txt   draft-ietf-intarea-frag-fragile-10.txt >
Internet Area WG R. Bonica Internet Area WG R. Bonica
Internet-Draft Juniper Networks Internet-Draft Juniper Networks
Intended status: Best Current Practice F. Baker Intended status: Best Current Practice F. Baker
Expires: August 16, 2019 Unaffiliated Expires: November 15, 2019 Unaffiliated
G. Huston G. Huston
APNIC APNIC
R. Hinden R. Hinden
Check Point Software Check Point Software
O. Troan O. Troan
Cisco Cisco
F. Gont F. Gont
SI6 Networks SI6 Networks
February 12, 2019 May 14, 2019
IP Fragmentation Considered Fragile IP Fragmentation Considered Fragile
draft-ietf-intarea-frag-fragile-09 draft-ietf-intarea-frag-fragile-10
Abstract Abstract
This document describes IP fragmentation and explains how it reduces This document describes IP fragmentation and explains how it
the reliability of Internet communication. introduces fragility to Internet communication.
This document also proposes alternatives to IP fragmentation and This document also proposes alternatives to IP fragmentation and
provides recommendations for developers and network operators. provides recommendations for developers and network operators.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 16, 2019. This Internet-Draft will expire on November 15, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. IP-in-IP Tunnels . . . . . . . . . . . . . . . . . . . . 3
2. IP Fragmentation . . . . . . . . . . . . . . . . . . . . . . 3 2. IP Fragmentation . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Links, Paths, MTU and PMTU . . . . . . . . . . . . . . . 3 2.1. Links, Paths, MTU and PMTU . . . . . . . . . . . . . . . 3
2.2. Fragmentation Procedures . . . . . . . . . . . . . . . . 5 2.2. Fragmentation Procedures . . . . . . . . . . . . . . . . 5
2.3. Upper-Layer Reliance on IP Fragmentation . . . . . . . . 6 2.3. Upper-Layer Reliance on IP Fragmentation . . . . . . . . 6
3. Requirements Language . . . . . . . . . . . . . . . . . . . . 7 3. Requirements Language . . . . . . . . . . . . . . . . . . . . 7
4. Reduced Reliability . . . . . . . . . . . . . . . . . . . . . 7 4. Increased Fragility . . . . . . . . . . . . . . . . . . . . . 7
4.1. Policy-Based Routing . . . . . . . . . . . . . . . . . . 7 4.1. Policy-Based Routing . . . . . . . . . . . . . . . . . . 7
4.2. Network Address Translation (NAT) . . . . . . . . . . . . 8 4.2. Network Address Translation (NAT) . . . . . . . . . . . . 8
4.3. Stateless Firewalls . . . . . . . . . . . . . . . . . . . 9 4.3. Stateless Firewalls . . . . . . . . . . . . . . . . . . . 9
4.4. Equal Cost Multipath, Link Aggregate Groups and Stateless 4.4. Equal Cost Multipath, Link Aggregate Groups and Stateless
Load-Balancers . . . . . . . . . . . . . . . . . . . . . 9 Load-Balancers . . . . . . . . . . . . . . . . . . . . . 9
4.5. IPv4 Reassembly Errors at High Data Rates . . . . . . . . 10 4.5. IPv4 Reassembly Errors at High Data Rates . . . . . . . . 10
4.6. Security Vulnerabilities . . . . . . . . . . . . . . . . 10 4.6. Security Vulnerabilities . . . . . . . . . . . . . . . . 11
4.7. PMTU Blackholing Due to ICMP Loss . . . . . . . . . . . . 11 4.7. PMTU Blackholing Due to ICMP Loss . . . . . . . . . . . . 12
4.7.1. Transient Loss . . . . . . . . . . . . . . . . . . . 12 4.7.1. Transient Loss . . . . . . . . . . . . . . . . . . . 12
4.7.2. Incorrect Implementation of Security Policy . . . . . 12 4.7.2. Incorrect Implementation of Security Policy . . . . . 13
4.7.3. Persistent Loss Caused By Anycast . . . . . . . . . . 13 4.7.3. Persistent Loss Caused By Anycast . . . . . . . . . . 13
4.8. Blackholing Due To Filtering or Loss . . . . . . . . . . 13 4.7.4. Persistent Loss Caused By Unidirectional Routing . . 14
5. Alternatives to IP Fragmentation . . . . . . . . . . . . . . 14 4.8. Blackholing Due To Filtering or Loss . . . . . . . . . . 14
5.1. Transport Layer Solutions . . . . . . . . . . . . . . . . 14 5. Alternatives to IP Fragmentation . . . . . . . . . . . . . . 15
5.2. Application Layer Solutions . . . . . . . . . . . . . . . 15 5.1. Transport Layer Solutions . . . . . . . . . . . . . . . . 15
6. Applications That Rely on IPv6 Fragmentation . . . . . . . . 16 5.2. Application Layer Solutions . . . . . . . . . . . . . . . 16
6.1. DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 6. Applications That Rely on IPv6 Fragmentation . . . . . . . . 17
6.2. OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . 17 6.1. Domain Name Service (DNS) . . . . . . . . . . . . . . . . 17
6.3. Packet-in-Packet Encapsulations . . . . . . . . . . . . . 17 6.2. Open Shortest Path First (OSPF) . . . . . . . . . . . . . 18
6.4. Licklider Transmission Protocol (LTP) . . . . . . . . . . 18 6.3. Packet-in-Packet Encapsulations . . . . . . . . . . . . . 18
6.4. UDP Applications Enhancing Performance . . . . . . . . . 18
7. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 18 7. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 18
7.1. For Application and Protocol Developers . . . . . . . . . 18 7.1. For Application and Protocol Developers . . . . . . . . . 18
7.2. For System Developers . . . . . . . . . . . . . . . . . . 18 7.2. For System Developers . . . . . . . . . . . . . . . . . . 19
7.3. For Middle Box Developers . . . . . . . . . . . . . . . . 19 7.3. For Middle Box Developers . . . . . . . . . . . . . . . . 19
7.4. For ECMP, LAG and Load-Balancer Developers And Operators 19 7.4. For ECMP, LAG and Load-Balancer Developers And Operators 19
7.5. For Network Operators . . . . . . . . . . . . . . . . . . 19 7.5. For Network Operators . . . . . . . . . . . . . . . . . . 20
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20
9. Security Considerations . . . . . . . . . . . . . . . . . . . 20 9. Security Considerations . . . . . . . . . . . . . . . . . . . 20
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 20 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 20
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 21
11.1. Normative References . . . . . . . . . . . . . . . . . . 20 11.1. Normative References . . . . . . . . . . . . . . . . . . 21
11.2. Informative References . . . . . . . . . . . . . . . . . 21 11.2. Informative References . . . . . . . . . . . . . . . . . 22
Appendix A. Contributors' Address . . . . . . . . . . . . . . . 25 Appendix A. Contributors' Address . . . . . . . . . . . . . . . 25
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25
1. Introduction 1. Introduction
Operational experience [Kent] [Huston] [RFC7872] reveals that IP Operational experience [Kent] [Huston] [RFC7872] reveals that IP
fragmentation reduces the reliability of Internet communication. fragmentation introduces fragility to Internet communication. This
This document describes IP fragmentation and explains how it reduces document describes IP fragmentation and explains how it introduces
the reliability of Internet communication. This document also fragility to Internet communication. This document also proposes
proposes alternatives to IP fragmentation and provides alternatives to IP fragmentation and provides recommendations for
recommendations for developers and network operators. developers and network operators.
While this document identifies issues associated with IP While this document identifies issues associated with IP
fragmentation, it does not recommend deprecation. Some applications fragmentation, it does not recommend deprecation. Some applications
(see Section 6) require IP fragmentation. Furthermore, fragmentation (see Section 6) require IP fragmentation. Furthermore, fragmentation
is expected to work in limited domains where security and is expected to work in domains where security and interoperability
interoperability issues can be addressed. issues are addressed.
Rather than deprecating IP Fragmentation, this document recommends Rather than deprecating IP Fragmentation, this document recommends
that upper-layer protocols address the problem of fragmentation at that upper-layer protocols address the problem of fragmentation at
their layer, reducing their reliance on IP fragmentation to the their layer, reducing their reliance on IP fragmentation to the
greatest degree possible. greatest degree possible.
1.1. IP-in-IP Tunnels
This document acknowledges that in some cases, packets must be
fragmented within IP-in-IP tunnels [I-D.ietf-intarea-tunnels].
Therefore, this document makes no recommendations regarding IP-in-IP
tunnels.
2. IP Fragmentation 2. IP Fragmentation
2.1. Links, Paths, MTU and PMTU 2.1. Links, Paths, MTU and PMTU
An Internet path connects a source node to a destination node. A An Internet path connects a source node to a destination node. A
path can contain links and routers. If a path contains more than one path can contain links and routers. If a path contains more than one
link, the links are connected in series and a router connects each link, the links are connected in series and a router connects each
link to the next. link to the next.
Internet paths are dynamic. Assume that the path from one node to Internet paths are dynamic. Assume that the path from one node to
another contains a set of links and routers. If the network topology another contains a set of links and routers. If a link fails, the
changes, that path can also change so that it includes a different path can also change so that it includes a different set of links and
set of links and routers. routers.
Each link is constrained by the number of bytes that it can convey in Each link is constrained by the number of bytes that it can convey in
a single IP packet. This constraint is called the link Maximum a single IP packet. This constraint is called the link Maximum
Transmission Unit (MTU). IPv4 [RFC0791] requires every link to Transmission Unit (MTU). IPv4 [RFC0791] requires every link to
support a specified MTU (see NOTE 1). IPv6 [RFC8200] requires every support a specified MTU (see NOTE 1). IPv6 [RFC8200] requires every
link to support an MTU of 1280 bytes or greater. These are called link to support an MTU of 1280 bytes or greater. These are called
the IPv4 and IPv6 minimum link MTU's. the IPv4 and IPv6 minimum link MTU's.
Likewise, each Internet path is constrained by the number of bytes Likewise, each Internet path is constrained by the number of bytes
that it can convey in a IP single packet. This constraint is called that it can convey in a IP single packet. This constraint is called
skipping to change at page 5, line 10 skipping to change at page 5, line 16
its initial value and repeats the procedure described above. its initial value and repeats the procedure described above.
Ideally, PMTUD operates as described above. However, in some Ideally, PMTUD operates as described above. However, in some
scenarios, PMTUD fails. For example: scenarios, PMTUD fails. For example:
o PMTUD relies on the network's ability to deliver ICMP PTB messages o PMTUD relies on the network's ability to deliver ICMP PTB messages
to the source node. If the network cannot deliver ICMP PTB to the source node. If the network cannot deliver ICMP PTB
messages to the source node, PMTUD fails. messages to the source node, PMTUD fails.
o PMTUD is susceptible to attack because ICMP messages are easily o PMTUD is susceptible to attack because ICMP messages are easily
forged [RFC5927]. Such attacks can cause PMTUD to produce forged [RFC5927] and not authenticated by the receiver. Such
unnecessarily conservative PMTU estimates. attacks can cause PMTUD to produce unnecessarily conservative PMTU
estimates.
NOTE 1: In IPv4, every host must be capable of receiving a packet NOTE 1: In IPv4, every host must be capable of receiving a packet
whose length is equal to 576 bytes. However, the IPv4 minimum link whose length is equal to 576 bytes. However, the IPv4 minimum link
MTU is not 576. Section 3.2 of RFC 791 explicitly states that the MTU is not 576. Section 3.2 of RFC 791 explicitly states that the
IPv4 minimum link MTU is 68 bytes. But for practical purposes, many IPv4 minimum link MTU is 68 bytes. But for practical purposes, many
network operators consider the IPv4 minimum link MTU to be 576 bytes. network operators consider the IPv4 minimum link MTU to be 576 bytes.
So, for the purposes of this document, we assume that the IPv4 So, for the purposes of this document, we assume that the IPv4
minimum link MTU is 576 bytes. minimum path MTU is 576 bytes.
NOTE 2: A non-fragmentable packet can be fragmented at its source. NOTE 2: A non-fragmentable packet can be fragmented at its source.
However, it cannot be fragmented by a downstream node. An IPv4 However, it cannot be fragmented by a downstream node. An IPv4
packet whose DF-bit is set to zero is fragmentable. An IPv4 packet packet whose DF-bit is set to zero is fragmentable. An IPv4 packet
whose DF-bit is set to one is non-fragmentable. All IPv6 packets are whose DF-bit is set to one is non-fragmentable. All IPv6 packets are
also non-fragmentable. also non-fragmentable.
NOTE 3:: The ICMP PTB message has two instantiations. In ICMPv4 NOTE 3:: The ICMP PTB message has two instantiations. In ICMPv4
[RFC0792], the ICMP PTB message is Destination Unreachable message [RFC0792], the ICMP PTB message is Destination Unreachable message
with Code equal to (4) fragmentation needed and DF set. This message with Code equal to (4) fragmentation needed and DF set. This message
skipping to change at page 7, line 18 skipping to change at page 7, line 26
ability to deliver ICMP PTB messages to the source. ability to deliver ICMP PTB messages to the source.
3. Requirements Language 3. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
4. Reduced Reliability 4. Increased Fragility
This section explains how IP fragmentation reduces the reliability of This section explains how IP fragmentation introduces fragility to
Internet communication. Internet communication.
4.1. Policy-Based Routing 4.1. Policy-Based Routing
IP Fragmentation causes problems for routers that implement policy- IP Fragmentation causes problems for routers that implement policy-
based routing. based routing.
When a router receives a packet, it identifies the next-hop on route When a router receives a packet, it identifies the next-hop on route
to the packet's destination and forwards the packet to that next-hop. to the packet's destination and forwards the packet to that next-hop.
In order to identify the next-hop, the router interrogates a local In order to identify the next-hop, the router interrogates a local
skipping to change at page 8, line 44 skipping to change at page 9, line 11
translates: translates:
o The Source IP Address and Source Port on each outbound packet. o The Source IP Address and Source Port on each outbound packet.
o The Destination IP Address and Destination Port on each inbound o The Destination IP Address and Destination Port on each inbound
packet. packet.
A+P [RFC6346] and Carrier Grade NAT (CGN) [RFC6888] are two common A+P [RFC6346] and Carrier Grade NAT (CGN) [RFC6888] are two common
NAT strategies. In both approaches the NAT device must virtually NAT strategies. In both approaches the NAT device must virtually
reassemble fragmented packets in order to translate and forward each reassemble fragmented packets in order to translate and forward each
fragment. fragment. (See NOTE 1.)
Virtual reassembly in the network is problematic, because it is Virtual reassembly in the network is problematic, because it is
computationally expensive and because it is prone to attacks computationally expensive and because it is prone to attacks
(Section 4.6). (Section 4.6).
NOTE 1: Virtual reassembly is a procedure in which a device
reassembles a packet, forwards its fragments, and discards the
reassembled copy. In A+P and CGN, virtual reassembly is required in
order to correctly translate fragment addresses.
4.3. Stateless Firewalls 4.3. Stateless Firewalls
IP fragmentation causes problems for stateless firewalls whose rules IP fragmentation causes problems for stateless firewalls whose rules
include TCP and UDP ports. Because port information is not available include TCP and UDP ports. Because port information is not available
in the trailing fragments the firewall is limited to the following in the trailing fragments the firewall is limited to the following
options: options:
o Accept all trailing fragments, possibly admitting certain classes o Accept all trailing fragments, possibly admitting certain classes
of attack. of attack.
skipping to change at page 10, line 23 skipping to change at page 10, line 38
"At intermediate routers that perform load distribution, the hash "At intermediate routers that perform load distribution, the hash
algorithm used to determine the outgoing component-link in an ECMP algorithm used to determine the outgoing component-link in an ECMP
and/or LAG toward the next hop MUST minimally include the 3-tuple and/or LAG toward the next hop MUST minimally include the 3-tuple
{dest addr, source addr, flow label} and MAY also include the {dest addr, source addr, flow label} and MAY also include the
remaining components of the 5-tuple." remaining components of the 5-tuple."
If the algorithm includes only the 3-tuple {dest addr, source addr, If the algorithm includes only the 3-tuple {dest addr, source addr,
flow label}, it will assign all fragments belonging to a packet to flow label}, it will assign all fragments belonging to a packet to
the same link. (See [RFC6437] and [RFC7098]). the same link. (See [RFC6437] and [RFC7098]).
In order to avoid the problem described above, implementations SHOULD
implement the recommendations provided in Section 7.4 of this
document.
4.5. IPv4 Reassembly Errors at High Data Rates 4.5. IPv4 Reassembly Errors at High Data Rates
IPv4 fragmentation is not sufficiently robust for use under some IPv4 fragmentation is not sufficiently robust for use under some
conditions in today's Internet. At high data rates, the 16-bit IP conditions in today's Internet. At high data rates, the 16-bit IP
identification field is not large enough to prevent frequent identification field is not large enough to prevent frequent
incorrectly assembled IP fragments, and the TCP and UDP checksums are incorrectly assembled IP fragments, and the TCP and UDP checksums are
insufficient to prevent the resulting corrupted datagrams from being insufficient to prevent the resulting corrupted datagrams from being
delivered to higher protocol layers. [RFC4963] describes some easily delivered to higher protocol layers. [RFC4963] describes some easily
reproduced experiments demonstrating the problem, and discusses some reproduced experiments demonstrating the problem, and discusses some
of the operational implications of these observations. of the operational implications of these observations.
skipping to change at page 11, line 20 skipping to change at page 11, line 40
overwritten by data from the second fragment. The reassembled packet overwritten by data from the second fragment. The reassembled packet
does not comply with local security policy. Had it traversed the does not comply with local security policy. Had it traversed the
firewall in one piece, the firewall would have rejected it. firewall in one piece, the firewall would have rejected it.
A stateless firewall cannot protect against the overlapping fragment A stateless firewall cannot protect against the overlapping fragment
attack. However, destination nodes can protect against the attack. However, destination nodes can protect against the
overlapping fragment attack by implementing the procedures described overlapping fragment attack by implementing the procedures described
in RFC 1858, RFC 3128 and RFC 8200. These reassembly procedures in RFC 1858, RFC 3128 and RFC 8200. These reassembly procedures
detect the overlap and discard the packet. detect the overlap and discard the packet.
The fragment reassembly algorithm is a stateful procedure for an The fragment reassembly algorithm is a stateful procedure in an
otherwise stateless protocol. Therefore, it can be exploited by otherwise stateless protocol. Therefore, it can be exploited by
resource exhaustion attacks. An attacker can construct a series of resource exhaustion attacks. An attacker can construct a series of
fragmented packets, with one fragment missing from each packet so fragmented packets, with one fragment missing from each packet so
that the reassembly is impossible. Thus, this attack causes resource that the reassembly is impossible. Thus, this attack causes resource
exhaustion on the destination node, possibly denying reassembly exhaustion on the destination node, possibly denying reassembly
services to other flows. This type of attack can be mitigated by services to other flows. This type of attack can be mitigated by
flushing fragment reassembly buffers when necessary, at the expense flushing fragment reassembly buffers when necessary, at the expense
of possibly dropping legitimate fragments. of possibly dropping legitimate fragments.
Each IP fragment contains an "Identification" field that destination Each IP fragment contains an "Identification" field that destination
skipping to change at page 13, line 45 skipping to change at page 14, line 10
A downstream router drops the packet and sends an ICMP PTB message A downstream router drops the packet and sends an ICMP PTB message
the packet's source (i.e., the anycast address). The network routes the packet's source (i.e., the anycast address). The network routes
the ICMP PTB message to the anycast instance closest to the the ICMP PTB message to the anycast instance closest to the
downstream router. That anycast instance may not be the DNS server downstream router. That anycast instance may not be the DNS server
that originated the DNS response. It may be another DNS server with that originated the DNS response. It may be another DNS server with
the same anycast address. The DNS server that originated the the same anycast address. The DNS server that originated the
response may never receive the ICMP PTB message and may never update response may never receive the ICMP PTB message and may never update
its PMTU estimate. its PMTU estimate.
4.7.4. Persistent Loss Caused By Unidirectional Routing
Unidirectional routing can cause persistent loss of ICMP PTB
messages. Consider the example below:
A source node sends a packet to a destination node. All intermediate
nodes maintain a route to the destination node, but do not maintain a
route to the source node. In this case, when an intermediate node
encounters an MTU issue, it cannot send an ICMP PTB message to the
source node.
4.8. Blackholing Due To Filtering or Loss 4.8. Blackholing Due To Filtering or Loss
In RFC 7872, researchers sampled Internet paths to determine whether In RFC 7872, researchers sampled Internet paths to determine whether
they would convey packets that contain IPv6 extension headers. they would convey packets that contain IPv6 extension headers.
Sampled paths terminated at popular Internet sites (e.g., popular Sampled paths terminated at popular Internet sites (e.g., popular
web, mail and DNS servers). web, mail and DNS servers).
The study revealed that at least 28% of the sampled paths did not The study revealed that at least 28% of the sampled paths did not
convey packets containing the IPv6 Fragment extension header. In convey packets containing the IPv6 Fragment extension header. In
most cases, fragments were dropped in the destination autonomous most cases, fragments were dropped in the destination autonomous
skipping to change at page 15, line 4 skipping to change at page 15, line 29
produces a packet whose length is greater than the actual PMTU. produces a packet whose length is greater than the actual PMTU.
Therefore, IP fragmentation is not required. Therefore, IP fragmentation is not required.
TCP offers the following mechanisms for MSS management: TCP offers the following mechanisms for MSS management:
o Manual configuration o Manual configuration
o PMTUD o PMTUD
o PLPMTUD o PLPMTUD
Manual configuration is always applicable. If the MSS is configured Manual configuration is always applicable. If the MSS is configured
to a sufficiently low value, the IP layer will never produce a packet to a sufficiently low value, the IP layer will never produce a packet
whose length is greater than the protocol minimum link MTU. However, whose length is greater than the protocol minimum link MTU. However,
manual configuration prevents TCP from taking advantage of larger manual configuration prevents TCP from taking advantage of larger
link MTU's. link MTU's.
Upper-layer protocols can implement PMTUD in order to discover and Upper-layer protocols can implement PMTUD in order to discover and
take advantage of larger path MTUs. However, as mentioned in take advantage of larger path MTUs. However, as mentioned in
Section 2.1, PMTUD relies upon the network to deliver ICMP PTB Section 2.1, PMTUD relies upon the network to deliver ICMP PTB
messages. Therefore, PMTUD is applicable only in environments where messages. Therefore, PMTUD is applicable only in environments where
the risk of ICMP PTB loss is acceptable. the risk of ICMP PTB loss is acceptable.
By contrast, PLPMTUD does not rely upon the network's ability to By contrast, PLPMTUD does not rely upon the network's ability to
deliver ICMP PTB messages. However, in many loss-based TCP deliver ICMP PTB messages. It utilises probe messages sent as TCP
congestion control algorithms, the dropping of a packet may cause the segments to determine if the probed PMTU can be successfully used
TCP control algorithm to drop the congestion control window, or even across the network path. In PLPMTUD, probing is separated from
re-start with the entire slow start process. For high capacity, long congestion control, so that loss of a TCP probe segment does not
round-trip time, large volume TCP streams, the deliberate probing cause a reduction of the congestion control window. [RFC4821]
with large packets and the consequent packet drop may impose too defines PLPMTUD procedures for TCP.
harsh a penalty on total TCP throughput for it to be a viable
approach. [RFC4821] defines PLPMTUD procedures for TCP.
While TCP will never cause the underlying IP module to emit a packet While TCP will never cause the underlying IP module to emit a packet
that is larger than the PMTU estimate, it can cause the underlying IP that is larger than the PMTU estimate, it can cause the underlying IP
module to emit a packet that is larger than the actual PMTU. If this module to emit a packet that is larger than the actual PMTU. If this
occurs, the packet is dropped, the PMTU estimate is updated, the occurs, the packet is dropped, the PMTU estimate is updated, the
segment is divided into smaller segments and each smaller segment is segment is divided into smaller segments and each smaller segment is
submitted to the underlying IP module. submitted to the underlying IP module.
The Datagram Congestion Control Protocol (DCCP) [RFC4340] and the The Datagram Congestion Control Protocol (DCCP) [RFC4340]. the Stream
Stream Control Protocol (SCP) [RFC4960] also can be operated in a Control Protocol (SCP) [RFC4960], and the Stream Control Transport
mode that does not require IP fragmentation. They both accept data Protocol (SCTP) [RFC4960] also can be operated in a mode that does
from an application and divide that data into segments, with no not require IP fragmentation. They both accept data from an
segment exceeding a maximum size. Both DCCP and SCP offer manual application and divide that data into segments, with no segment
exceeding a maximum size. Both DCCP and SCP offer manual
configuration, PMTUD and PLPMTUD as mechanisms for managing that configuration, PMTUD and PLPMTUD as mechanisms for managing that
maximum size. [I-D.ietf-tsvwg-datagram-plpmtud] proposes PLPMTUD maximum size. [I-D.ietf-tsvwg-datagram-plpmtud] proposes PLPMTUD
procedures for DCCP and SCP. procedures for DCCP and SCP.
Currently, User Data Protocol (UDP) [RFC0768] lacks a fragmentation Currently, User Data Protocol (UDP) [RFC0768] lacks a fragmentation
mechanism of its own and relies on IP fragmentation. However, mechanism of its own and relies on IP fragmentation. However,
[I-D.ietf-tsvwg-udp-options] proposes a fragmentation mechanism for [I-D.ietf-tsvwg-udp-options] proposes a fragmentation mechanism for
UDP. UDP.
5.2. Application Layer Solutions 5.2. Application Layer Solutions
skipping to change at page 17, line 9 skipping to change at page 17, line 32
Each of these applications relies on IPv6 fragmentation to a varying Each of these applications relies on IPv6 fragmentation to a varying
degree. In some cases, that reliance is essential, and cannot be degree. In some cases, that reliance is essential, and cannot be
broken without fundamentally changing the protocol. In other cases, broken without fundamentally changing the protocol. In other cases,
that reliance is incidental, and most implementations already take that reliance is incidental, and most implementations already take
appropriate steps to avoid fragmentation. appropriate steps to avoid fragmentation.
This list is not comprehensive, and other protocols that rely on IP This list is not comprehensive, and other protocols that rely on IP
fragmentation may exist. They are not specifically considered in the fragmentation may exist. They are not specifically considered in the
context of this document. context of this document.
6.1. DNS 6.1. Domain Name Service (DNS)
DNS relies on UDP for efficiency, and the consequence is the use of DNS relies on UDP for efficiency, and the consequence is the use of
IP fragmentation for large responses, as permitted by the DNS EDNS(0) IP fragmentation for large responses, as permitted by the DNS EDNS(0)
options in the query. It is possible to mitigate the issue of options in the query. It is possible to mitigate the issue of
fragmentation-based packet loss by having queries use smaller EDNS(0) fragmentation-based packet loss by having queries use smaller EDNS(0)
UDP buffer sizes, or by having the DNS server limit the size of its UDP buffer sizes, or by having the DNS server limit the size of its
UDP responses to some self-imposed maximum packet size that may be UDP responses to some self-imposed maximum packet size that may be
less than the preferred EDNS(0) UDP Buffer Size. In both cases, less than the preferred EDNS(0) UDP Buffer Size. In both cases,
large responses are truncated in the DNS, signalling to the client to large responses are truncated in the DNS, signalling to the client to
re-query using TCP to obtain the complete response. However, the re-query using TCP to obtain the complete response. However, the
skipping to change at page 17, line 33 skipping to change at page 18, line 8
Larger DNS responses can normally be avoided by aggressively pruning Larger DNS responses can normally be avoided by aggressively pruning
the Additional section of DNS responses. One scenario where such the Additional section of DNS responses. One scenario where such
pruning is ineffective is in the use of DNSSEC, where large key sizes pruning is ineffective is in the use of DNSSEC, where large key sizes
act to increase the response size to certain DNS queries. There is act to increase the response size to certain DNS queries. There is
no effective response to this situation within the DNS other than no effective response to this situation within the DNS other than
using smaller cryptographic keys and adoption of DNSSEC using smaller cryptographic keys and adoption of DNSSEC
administrative practices that attempt to keep DNS response as short administrative practices that attempt to keep DNS response as short
as possible. as possible.
6.2. OSPF 6.2. Open Shortest Path First (OSPF)
OSPF implementations can emit messages large enough to cause OSPF implementations can emit messages large enough to cause
fragmentation. However, in order to optimize performance, most OSPF fragmentation. However, in order to optimize performance, most OSPF
implementations restrict their maximum message size to a value that implementations restrict their maximum message size to a value that
will not cause fragmentation. will not cause fragmentation.
6.3. Packet-in-Packet Encapsulations 6.3. Packet-in-Packet Encapsulations
In this document, packet-in-packet encapsulations include IP-in-IP In this document, packet-in-packet encapsulations include IP-in-IP
[RFC2003], Generic Routing Encapsulation (GRE) [RFC2784], GRE-in-UDP [RFC2003], Generic Routing Encapsulation (GRE) [RFC2784], GRE-in-UDP
skipping to change at page 18, line 7 skipping to change at page 18, line 31
mentioned encapsulations. mentioned encapsulations.
The fragmentation strategy described for GRE in [RFC7588] has been The fragmentation strategy described for GRE in [RFC7588] has been
deployed for all of the above-mentioned encapsulations. This deployed for all of the above-mentioned encapsulations. This
strategy does not rely on IP fragmentation except in one corner case. strategy does not rely on IP fragmentation except in one corner case.
(see Section 3.3.2.2 of RFC 7588 and Section 7.1 of RFC 2473). (see Section 3.3.2.2 of RFC 7588 and Section 7.1 of RFC 2473).
Section 3.3 of [RFC7676] further describes this corner case. Section 3.3 of [RFC7676] further describes this corner case.
See [I-D.ietf-intarea-tunnels] for further discussion. See [I-D.ietf-intarea-tunnels] for further discussion.
6.4. Licklider Transmission Protocol (LTP) 6.4. UDP Applications Enhancing Performance
Some UDP applications rely on IP fragmentation to achieve acceptable Some UDP applications rely on IP fragmentation to achieve acceptable
levels of performance. These applications use UDP datagram sizes levels of performance. These applications use UDP datagram sizes
that are larger than the path MTU so that more data can be conveyed that are larger than the path MTU so that more data can be conveyed
between the application and the kernel in a single system call. between the application and the kernel in a single system call.
For example, the Licklider Transmission Protocol (LTP) [RFC5326] For example, the Licklider Transmission Protocol (LTP) [RFC5326]
which is in current use on the International Space Station (ISS) uses which is in current use on the International Space Station (ISS) uses
UDP datagram sizes larger than the path MTU to achieve acceptable UDP datagram sizes larger than the path MTU to achieve acceptable
levels of performance even though this invokes IP fragmentation. levels of performance even though this invokes IP fragmentation.
skipping to change at page 18, line 47 skipping to change at page 19, line 23
rely on IP fragmentation but should only be used in environments rely on IP fragmentation but should only be used in environments
where IP fragmentation is known to be supported. where IP fragmentation is known to be supported.
Protocols may be able to avoid IP fragmentation by using a Protocols may be able to avoid IP fragmentation by using a
sufficiently small MTU (e.g. The protocol minimum link MTU), sufficiently small MTU (e.g. The protocol minimum link MTU),
disabling IP fragmentation, and ensuring that the transport protocol disabling IP fragmentation, and ensuring that the transport protocol
in use adapts its segment size to the MTU. Other protocols may in use adapts its segment size to the MTU. Other protocols may
deploy a sufficiently reliable PMTU discovery mechanism deploy a sufficiently reliable PMTU discovery mechanism
(e.g.,PLMPTUD). (e.g.,PLMPTUD).
UDP applications SHOULD abide by the recommendations state in
Section 3.2 of [RFC8085].
7.2. For System Developers 7.2. For System Developers
Software libraries SHOULD include provision for PLPMTUD for each Software libraries SHOULD include provision for PLPMTUD for each
supported transport protocol. supported transport protocol.
7.3. For Middle Box Developers 7.3. For Middle Box Developers
Middle boxes SHOULD process IP fragments in a manner that is Middle boxes should process IP fragments in a manner that is
consistent with [RFC0791] and [RFC8200]. In many cases, middle boxes consistent with [RFC0791] and [RFC8200]. In many cases, middle boxes
must maintain state in order to achieve this goal. must maintain state in order to achieve this goal.
Price and performance considerations frequently motivate network Price and performance considerations frequently motivate network
operators to deploy stateless middle boxes. These stateless middle operators to deploy stateless middle boxes. These stateless middle
boxes may perform sub-optimally, process IP fragments in a manner boxes may perform sub-optimally, process IP fragments in a manner
that is not compliant with RFC 791 or RFC 8200, or even discard IP that is not compliant with RFC 791 or RFC 8200, or even discard IP
fragments completely. Such behaviors are NOT RECOMMENDED. If a fragments completely. Such behaviors are NOT RECOMMENDED. If a
middleboxes implements non-standard behavior with respect to IP middleboxes implements non-standard behavior with respect to IP
fragmentation, then that behavior MUST be clearly documented. fragmentation, then that behavior MUST be clearly documented.
skipping to change at page 19, line 34 skipping to change at page 20, line 11
input to their hash algorithm: input to their hash algorithm:
o IP Source Address. o IP Source Address.
o IP Destination Address. o IP Destination Address.
o Flow Label. o Flow Label.
Operators SHOULD deploy these devices in their default configuration. Operators SHOULD deploy these devices in their default configuration.
These recommendations are similar to those presented in [RFC6438] and
[RFC7098]. They differ in that they specify a default configuration.
7.5. For Network Operators 7.5. For Network Operators
Operators MUST ensure proper PMTUD operation in their network, Operators MUST ensure proper PMTUD operation in their network,
including making sure the network generates PTB packets when dropping including making sure the network generates PTB packets when dropping
packets too large compared to outgoing interface MTU. packets too large compared to outgoing interface MTU. However,
implementations MAY rate limit ICMP messages as per [RFC1812] and
[RFC4443].
As per RFC 4890, network operators MUST NOT filter ICMPv6 PTB As per RFC 4890, network operators MUST NOT filter ICMPv6 PTB
messages unless they are known to be forged or otherwise messages unless they are known to be forged or otherwise
illegitimate. As stated in Section 4.7, filtering ICMPv6 PTB packets illegitimate. As stated in Section 4.7, filtering ICMPv6 PTB packets
causes PMTUD to fail. Many upper-layer protocols rely on PMTUD. causes PMTUD to fail. Many upper-layer protocols rely on PMTUD.
As per RFC 8200, network operators MUST NOT deploy IPv6 links whose As per RFC 8200, network operators MUST NOT deploy IPv6 links whose
MTU is less than 1280 bytes. MTU is less than 1280 bytes.
Network operators SHOULD NOT filter IP fragments if they originated Network operators SHOULD NOT filter IP fragments if they originated
at a domain name server or are destined for a domain name server. at a domain name server or are destined for a domain name server.
This is because domain name services are critical to operation of the
Internet.
8. IANA Considerations 8. IANA Considerations
This document makes no request of IANA. This document makes no request of IANA.
9. Security Considerations 9. Security Considerations
This document mitigates some of the security considerations This document mitigates some of the security considerations
associated with IP fragmentation by discouraging its use. It does associated with IP fragmentation by discouraging its use. It does
not introduce any new security vulnerabilities, because it does not not introduce any new security vulnerabilities, because it does not
introduce any new alternatives to IP fragmentation. Instead, it introduce any new alternatives to IP fragmentation. Instead, it
recommends well-understood alternatives. recommends well-understood alternatives.
10. Acknowledgements 10. Acknowledgements
Thanks to Mikael Abrahamsson, Brian Carpenter, Silambu Chelvan, Thanks to Mikael Abrahamsson, Brian Carpenter, Silambu Chelvan,
Lorenzo Colitti, Mike Heard, Tom Herbert, Tatuya Jinmei, Jen Linkova, Lorenzo Colitti, Gorry Fairhurst, Mike Heard, Tom Herbert, Tatuya
Paolo Lucente, Manoj Nayak, Eric Nygren, Fred Templin and Joe Touch Jinmei, Jen Linkova, Paolo Lucente, Manoj Nayak, Eric Nygren, Fred
for their comments. Templin and Joe Touch for their comments.
11. References 11. References
11.1. Normative References 11.1. Normative References
[I-D.ietf-tsvwg-datagram-plpmtud]
Fairhurst, G., Jones, T., Tuexen, M., Ruengeler, I., and
T. Voelker, "Packetization Layer Path MTU Discovery for
Datagram Transports", draft-ietf-tsvwg-datagram-plpmtud-07
(work in progress), February 2019.
[RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
DOI 10.17487/RFC0768, August 1980, DOI 10.17487/RFC0768, August 1980,
<https://www.rfc-editor.org/info/rfc768>. <https://www.rfc-editor.org/info/rfc768>.
[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791,
DOI 10.17487/RFC0791, September 1981, DOI 10.17487/RFC0791, September 1981,
<https://www.rfc-editor.org/info/rfc791>. <https://www.rfc-editor.org/info/rfc791>.
[RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5,
RFC 792, DOI 10.17487/RFC0792, September 1981, RFC 792, DOI 10.17487/RFC0792, September 1981,
skipping to change at page 21, line 25 skipping to change at page 22, line 10
[RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU
Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007, Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007,
<https://www.rfc-editor.org/info/rfc4821>. <https://www.rfc-editor.org/info/rfc4821>.
[RFC6437] Amante, S., Carpenter, B., Jiang, S., and J. Rajahalme, [RFC6437] Amante, S., Carpenter, B., Jiang, S., and J. Rajahalme,
"IPv6 Flow Label Specification", RFC 6437, "IPv6 Flow Label Specification", RFC 6437,
DOI 10.17487/RFC6437, November 2011, DOI 10.17487/RFC6437, November 2011,
<https://www.rfc-editor.org/info/rfc6437>. <https://www.rfc-editor.org/info/rfc6437>.
[RFC6438] Carpenter, B. and S. Amante, "Using the IPv6 Flow Label
for Equal Cost Multipath Routing and Link Aggregation in
Tunnels", RFC 6438, DOI 10.17487/RFC6438, November 2011,
<https://www.rfc-editor.org/info/rfc6438>.
[RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage [RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage
Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085, Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085,
March 2017, <https://www.rfc-editor.org/info/rfc8085>. March 2017, <https://www.rfc-editor.org/info/rfc8085>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", STD 86, RFC 8200, (IPv6) Specification", STD 86, RFC 8200,
skipping to change at page 22, line 10 skipping to change at page 22, line 47
[Huston] Huston, G., "IPv6, Large UDP Packets and the DNS [Huston] Huston, G., "IPv6, Large UDP Packets and the DNS
(http://www.potaroo.net/ispcol/2017-08/xtn-hdrs.html)", (http://www.potaroo.net/ispcol/2017-08/xtn-hdrs.html)",
August 2017. August 2017.
[I-D.ietf-intarea-tunnels] [I-D.ietf-intarea-tunnels]
Touch, J. and M. Townsley, "IP Tunnels in the Internet Touch, J. and M. Townsley, "IP Tunnels in the Internet
Architecture", draft-ietf-intarea-tunnels-09 (work in Architecture", draft-ietf-intarea-tunnels-09 (work in
progress), July 2018. progress), July 2018.
[I-D.ietf-tsvwg-datagram-plpmtud]
Fairhurst, G., Jones, T., Tuexen, M., and I. Ruengeler,
"Packetization Layer Path MTU Discovery for Datagram
Transports", draft-ietf-tsvwg-datagram-plpmtud-06 (work in
progress), November 2018.
[I-D.ietf-tsvwg-udp-options] [I-D.ietf-tsvwg-udp-options]
Touch, J., "Transport Options for UDP", draft-ietf-tsvwg- Touch, J., "Transport Options for UDP", draft-ietf-tsvwg-
udp-options-05 (work in progress), July 2018. udp-options-07 (work in progress), March 2019.
[Kent] Kent, C. and J. Mogul, ""Fragmentation Considered [Kent] Kent, C. and J. Mogul, ""Fragmentation Considered
Harmful", In Proc. SIGCOMM '87 Workshop on Frontiers in Harmful", In Proc. SIGCOMM '87 Workshop on Frontiers in
Computer Communications Technology, DOI Computer Communications Technology, DOI
10.1145/55483.55524", August 1987, 10.1145/55483.55524", August 1987,
<http://www.hpl.hp.com/techreports/Compaq-DEC/ <http://www.hpl.hp.com/techreports/Compaq-DEC/
WRL-87-3.pdf>. WRL-87-3.pdf>.
[Ptacek1998] [Ptacek1998]
Ptacek, T. and T. Newsham, "Insertion, Evasion and Denial Ptacek, T. and T. Newsham, "Insertion, Evasion and Denial
of Service: Eluding Network Intrusion Detection", 1998, of Service: Eluding Network Intrusion Detection", 1998,
<http://www.aciri.org/vern/Ptacek-Newsham-Evasion-98.ps>. <http://www.aciri.org/vern/Ptacek-Newsham-Evasion-98.ps>.
[RFC1122] Braden, R., Ed., "Requirements for Internet Hosts - [RFC1122] Braden, R., Ed., "Requirements for Internet Hosts -
Communication Layers", STD 3, RFC 1122, Communication Layers", STD 3, RFC 1122,
DOI 10.17487/RFC1122, October 1989, DOI 10.17487/RFC1122, October 1989,
<https://www.rfc-editor.org/info/rfc1122>. <https://www.rfc-editor.org/info/rfc1122>.
[RFC1812] Baker, F., Ed., "Requirements for IP Version 4 Routers",
RFC 1812, DOI 10.17487/RFC1812, June 1995,
<https://www.rfc-editor.org/info/rfc1812>.
[RFC1858] Ziemba, G., Reed, D., and P. Traina, "Security [RFC1858] Ziemba, G., Reed, D., and P. Traina, "Security
Considerations for IP Fragment Filtering", RFC 1858, Considerations for IP Fragment Filtering", RFC 1858,
DOI 10.17487/RFC1858, October 1995, DOI 10.17487/RFC1858, October 1995,
<https://www.rfc-editor.org/info/rfc1858>. <https://www.rfc-editor.org/info/rfc1858>.
[RFC2003] Perkins, C., "IP Encapsulation within IP", RFC 2003, [RFC2003] Perkins, C., "IP Encapsulation within IP", RFC 2003,
DOI 10.17487/RFC2003, October 1996, DOI 10.17487/RFC2003, October 1996,
<https://www.rfc-editor.org/info/rfc2003>. <https://www.rfc-editor.org/info/rfc2003>.
[RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328,
skipping to change at page 24, line 14 skipping to change at page 24, line 50
[RFC5927] Gont, F., "ICMP Attacks against TCP", RFC 5927, [RFC5927] Gont, F., "ICMP Attacks against TCP", RFC 5927,
DOI 10.17487/RFC5927, July 2010, DOI 10.17487/RFC5927, July 2010,
<https://www.rfc-editor.org/info/rfc5927>. <https://www.rfc-editor.org/info/rfc5927>.
[RFC6346] Bush, R., Ed., "The Address plus Port (A+P) Approach to [RFC6346] Bush, R., Ed., "The Address plus Port (A+P) Approach to
the IPv4 Address Shortage", RFC 6346, the IPv4 Address Shortage", RFC 6346,
DOI 10.17487/RFC6346, August 2011, DOI 10.17487/RFC6346, August 2011,
<https://www.rfc-editor.org/info/rfc6346>. <https://www.rfc-editor.org/info/rfc6346>.
[RFC6438] Carpenter, B. and S. Amante, "Using the IPv6 Flow Label [RFC6864] Touch, J., "Updated Specification of the IPv4 ID Field",
for Equal Cost Multipath Routing and Link Aggregation in RFC 6864, DOI 10.17487/RFC6864, February 2013,
Tunnels", RFC 6438, DOI 10.17487/RFC6438, November 2011, <https://www.rfc-editor.org/info/rfc6864>.
<https://www.rfc-editor.org/info/rfc6438>.
[RFC6888] Perreault, S., Ed., Yamagata, I., Miyakawa, S., Nakagawa, [RFC6888] Perreault, S., Ed., Yamagata, I., Miyakawa, S., Nakagawa,
A., and H. Ashida, "Common Requirements for Carrier-Grade A., and H. Ashida, "Common Requirements for Carrier-Grade
NATs (CGNs)", BCP 127, RFC 6888, DOI 10.17487/RFC6888, NATs (CGNs)", BCP 127, RFC 6888, DOI 10.17487/RFC6888,
April 2013, <https://www.rfc-editor.org/info/rfc6888>. April 2013, <https://www.rfc-editor.org/info/rfc6888>.
[RFC7098] Carpenter, B., Jiang, S., and W. Tarreau, "Using the IPv6 [RFC7098] Carpenter, B., Jiang, S., and W. Tarreau, "Using the IPv6
Flow Label for Load Balancing in Server Farms", RFC 7098, Flow Label for Load Balancing in Server Farms", RFC 7098,
DOI 10.17487/RFC7098, January 2014, DOI 10.17487/RFC7098, January 2014,
<https://www.rfc-editor.org/info/rfc7098>. <https://www.rfc-editor.org/info/rfc7098>.
 End of changes. 44 change blocks. 
73 lines changed or deleted 121 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/