- From: Harald Alvestrand <harald@alvestrand.no>
- Date: Tue, 29 Mar 2011 13:30:53 +0200
On 03/29/11 03:00, Ian Hickson wrote: >> > It is stated that the data size can be up to 65467 bytes in "send()". >> > Our network guys tell us that this is unrealistic to get over such big >> > chunks using UDP. > Is that true? I thought they'd just get fragmented at the IP level, but > would still make it through eventually, am I wrong? > > Obviously you want to avoid fragmentation too if possible, but limiting > all packets to a few bytes seems a bit extreme... A lot of firewalls (including Google's, I believe) drop the subsequent part of fragmented UDP packets, because it's impossible to apply firewall rules to fragments without keeping track of all fragmented UDP packets that are in the process of being transmitted (and keeping track would open the firewalls to an obvious resource exhaustion attack). This has made UDP packets larger than the MTU pretty useless. Harald
Received on Tuesday, 29 March 2011 04:30:53 UTC