IETF Discusses Deprecating IPv6 Fragments

The IETF IPv6 maintenance working group has begun discussions about deprecating IPv6 fragmented packets, spurred by the IETF Internet-Draft, “IPv6 Fragment Header Deprecated”. As one can guess, this draft has generated a lot of discussion (Although the Internet Draft discusses deprecation of the IPv6 fragment header, deprecation of the header would effectively deprecate IPv6 fragmented packets).

As I noted in an earlier posting here, fragments in IPv6 can create havoc in networks from an operational and a security perspective, just like they do with IPv4. Unlike IPv4, only the source host computer can fragment IPv6 packets and IPv6 fragmented packets require a special fragment extension header.

In addition to observing the general problems with fragments, the Internet draft noted that fragments may be dropped by firewalls and network operators, which could make network traffic that includes IPv6 fragmented packets fragile. Commenters to the draft noted that fragments are in fact being dropped, regardless of what the IETF or anyone else states is a good operational practice (some of the reasons operators filter fragments is discussed here).

Nobody particularly likes fragments, but it isn’t clear how to outright eliminate them. It appears there are some specific cases where no good alternatives exist to the use of IP fragments. In my opinion, the next steps should be identifying these specific cases and begin working on solutions to eliminate fragments in these cases.

“IPv6 Fragment Header Deprecated” is a worthwhile read for those who have already implemented IPv6 networks and those implementing IPv6 networks. Updates to this draft are promised. It will be interesting to see the path this discussion takes and the impact that it has on the evolution of the Internet Protocol.

Comments are closed.