|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: MTU path discovery and IPSec
[email protected] wrote: On Thu, 04 Dec 2003 18:03:38 EST, Barney Wolff said:As I have said previously, some reasons are that A) Your fragmenting the packet anyways, thus there will be extra header overhead. Splitting that overhead into 1 big and 1 small packet does not seem to be a performance win**. B) Fragmenting into equal sizes may mean that equipment can treat them more equaly and may reduce Out of Order fragments, which is easier on state keeping devices. C) Equal buffer treatment may mean easier handling of switching and reassembly, I havent thought this through. D) And the best part, avoid the insult to injury by lessening the chance that further fragmentation will occur on the packet. Picture a packet coming in from ATM to Ethernet to PPPoE through Ipsec. How many fragments is that? How much overhead? As far as code goes how is that a problem? One assumes the length of the packet is there already. SO all we have to do is divide in half use that number and use it instead of the value of next_hop_mtu. And we use different numbers because when DF is set our only option is telling the sender to lower. Lower to what? Well to what we know is good. How do we know the next hop isnt even lower? Well we should know if its in the same AS, otherwise we just do our best. And besides, PMTUD is a performance orientated feature. One would like to avoid compromising the performance gains. The precise maximum path MTU is exactly what the sender wants to find out. So give it. But IP without DF is best attempt delivery. So do whatever will be best compromise. And we are fragmenting anyway... (GOTO START) **But, one case where this could be undesired is by causing buffer fragmentation.
|