option 212 for 6RD

Mark Townsley mark at townsley.net
Tue Jan 15 12:55:36 CET 2013


Implementing the MSS clamp only in the BR won't help for CE to CE connections within the 6rd domain. 

- Mark

On Jan 15, 2013, at 9:26 AM, Tore Anderson wrote:

> * Mikael Abrahamsson
> 
>>> TCP MSS clamping, on the other hand, could be done by the 6RD BR,
>>> and yield beneficial results for all the subscribers (regardless of
>>> their HGWs implementing the RA LAN MTU trick or not).
>> 
>> Well, that is a problem because some of the best 6RD platforms are 
>> completely stateless and don't do MSS rewrite. You have to look into 
>> every packet to do this, consuming resources.
> 
> The 6RD BR does not need to maintain state to determine whether or not a
> packet is TCP SYN, it only has to look into the layer 4 header. And if
> you're doing any stateless ACLs such as dropping 25/tcp or 137/tcp and
> so on, it's doing that already anyway.
> 
> It would appear to me that asking your 6RD BR vendor to implement TCP
> MSS clamping is likely a much easier way to accomplish the goal, than
> asking every HGW manufacturers on the planet to lower the LAN MTU (or
> implement IPv6 TCP MSS clamping for that matter) is. After all, you
> won't have many different BR vendors to deal with. Compare that to the
> gazillion of HGW manufacturers out there.
> 
> Take it from me, I attempted to persuade several HGW manufacturers to
> stop doing 6to4...it's simply not worth the effort to be honest, and in
> those cases something was actually done, the already shipped units are
> still out there and will likely never be upgraded to a fixed version.
> 
> -- 
> Tore Anderson




More information about the ipv6-ops mailing list