Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.

Avenue4 LLCRead Message Promoted Post

Home / Blogs

Painting Ourselves Into a Corner with Path MTU Discovery

Paul Vixie

In Tony Li's article on path MTU discovery we see this text:

"The next attempt to solve the MTU problem has been Packetization Layer Path MTU Discovery (PLPMTUD). Rather than depending on ICMP messaging, in this approach, the transport layer depends on packet loss to determine that the packet was too big for the network. Heuristics are used to differentiate between MTU problems and congestion. Obviously, this technique is only practical for protocols where the source can determine that there has been packet loss. Unidirectional, unacknowledged transfers, typically using UDP, would not be able to use this mechanism. To date, PLPMTUD hasn't demonstrated a significant improvement in the situation.

Tony's article is (as usual) quite readable and useful, but my specific concern here is DNS, and more specifically Extended DNS (EDNS). I codified EDNS about fifteen years ago in RFC 2671, with the intent of permitting DNS to carry larger messages, such as for example, DNSSEC. Everything Tony described then happened, with the unhappy result that a lot of EDNS packets are dropped by various firewalls, intrusion detectors, or other well-meaning-I'm-sure devices who think they know what a DNS message has to look like. And: EDNS depends on IP fragmentation. And: IP fragmentation fails often enough to put DNSSEC at risk. Ooops.

Chris Kanterjiev and Jeffrey Mogul had previously told us all that Fragmentation (was) Considered Harmful and I in particular had no excuse for using IP fragmentation in the EDNS design, since Chris and Jeff were two of my mentors and bosses back at DECWRL in 1988 or so.

Between the inability to scale up the size of an Ethernet MTU with bandwidth, such that you could fill a 10Mbit/sec thickwire Ethernet using only a few hundred packets per second but to fill up a 100GBit/sec link requires handling several million packet headers per second… and the Internet industry's continued inability to cope with excess buffering, lack of admission control, and other forms of Internet pollution, I am starting to get the feeling that we've painted ourselves into a corner.

Tony Li (remember, were talking about Tony's Path MTU article) once said of IPv6 that it was too little, too soon and when I look at the Internet problems not solved by adding more address space, my level of agreement with Tony's assessment rises every year.

By Paul Vixie, CEO, Farsight Security
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

IP Addressing

Sponsored byAvenue4 LLC

DNS Security

Sponsored byAfilias

Mobile Internet

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

Promoted Post

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.