[dns-operations] v6, fragmentation, DNS

Paul Vixie vixie at isc.org
Sun May 23 17:34:43 UTC 2010

> Date: Sun, 23 May 2010 17:23:56 +0000
> From: bmanning at vacation.karoshi.com
> On Sun, May 23, 2010 at 04:47:06PM +0200, Joe Abley wrote:
> > I realise that it's not exactly unusual for people to bend the spec and
> > see what they can get away with. However, someone who chooses to build
> > an IPv6 interface with an MTU lower than 1280 and notices that some
> > things break really only has themselves to blame.
> > 
> > [from RFC 2460]
> > 
> > 5. Packet Size Issues
> > 
> >    IPv6 requires that every link in the internet have an MTU of 1280
> >    octets or greater.  On any link that cannot convey a 1280-octet
> >    packet in one piece, link-specific fragmentation and reassembly must
> >    be provided at a layer below IPv6.
> 	Yup, thats the spec.  pragmaticially, in real life, when you put
> 	IPv6 inside a VPN, a tunnel, or other encaps, the "wrapper" takes
> 	about 60 bytes - so you end up with 1220. Real Life Implementations
> 	don't always follow the spec.  When we can do away with VPNs - then
> 	I'm comfortable with your take on following the spec.

if you want to do vpn's which result in an mtu lower than 1280, then the
spec says you have to do link-specific fragmentation and reassembly.

an ipv6 in ipv4 tunnel tends to have an mtu in the 1440 octet size range.
we are years beyond the point where someone doing ipv6 in ipv6, yielding
an effective mtu of 1220, has any right to ask anyone else to help them.
(helping others with this kind of lame misconfiguration would be "folly".)

More information about the dns-operations mailing list