|
|
Subscribe / Log in / New account

So you think you understand IP fragmentation?

So you think you understand IP fragmentation?

Posted Feb 9, 2024 17:21 UTC (Fri) by paulj (subscriber, #341)
In reply to: So you think you understand IP fragmentation? by farnz
Parent article: So you think you understand IP fragmentation?

Well, yeah, firewalls always suck. They were still uncommon even in the 90s though when I was first online IVR - i don't know about the 80s. The idiotic middle-boxes only seemed to really become common in the v late 90s and 00s, with the Internet going mainstream. Again, my vague, hand-wavy, recollection.

The data-plane level support was fine though, until IETF moved to deprecate, and then vendors of course did.

to post comments

So you think you understand IP fragmentation?

Posted Feb 9, 2024 17:34 UTC (Fri) by farnz (subscriber, #17727) [Link] (3 responses)

My experience was that they were always present, and become more and more of an issue throughout the 90s, until they were basically making fragmentation unusable unless the path was either between two academic institutions or between my ISP at the time and an academic institution.

Additionally, long before middleboxes became widespread, the dataplane support already sucked; there were plenty of Cisco routers that could do forwarding in hardware, but did fragmentation in software on a slow path. Not a problem from home, where my modem was the bottleneck, but a very noticeable issue when at an academic institution where the "wrong" MTU could bring speeds down from megabits per second to tens of kilobits per second.

So you think you understand IP fragmentation?

Posted Feb 9, 2024 17:39 UTC (Fri) by paulj (subscriber, #341) [Link] (2 responses)

Well, fragmentation being slow is not a problem. It's expected that frags will be slow-path - but at least communication is still possible. Piece-meal upgrades of the common MTU are at least /possible/ then.

Slow but working beats the mess we have today: We will never be able to default to >1500 MTUs, and even then we still don't have reliable networking (VPNs, etc.), and because of that the awesome networking tool of encapsulation is restricted in utility.

So you think you understand IP fragmentation?

Posted Feb 9, 2024 17:40 UTC (Fri) by paulj (subscriber, #341) [Link]

And that's not to say we should go back to data-plane fragmentation. Impossible, and it might not be technically the best solution anyway. But the current situation is a mess and unfortunate.

So you think you understand IP fragmentation?

Posted Feb 9, 2024 17:58 UTC (Fri) by farnz (subscriber, #17727) [Link]

By 1990, it was already the case IME that communication was not possible if there were smaller MTUs in the path, unless you were lucky enough to have a path where everything was run by sensible netadmins (usually true of academia), or you were on dial-up (where you had the bottleneck MTU).

And one of the many issues back then was routers with multi-MTU paths that were configured explicitly to not fragment packets because it could overload the CPU; packets were either pre-fragmented, or were dropped. Add in people configuring routers to drop fragments "because security" (which got worse after the ping of death vulnerability was discovered, since that depended on buggy fragment handling), and fragmentation became useless.

The IETF, by limiting fragmentation to the endpoints, were reacting to the state of play in 1990, where many routers already didn't fragment, but dropped packets that were too big.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds