ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms

[saku at ytti.fi (Saku Ytti)]

On Tue, Mar 5, 2019 at 12:09 PM Joel Jaeggli <joelja at bogus.com> wrote:

> Parsing the icmp payload was something we considered in  rfc7690 but wasnâ??t one the approaches we pursued (we broadcasted the ptb to all hosts on the segment(s) behind the load balancers in our original implementation).
>
> It actually seems like it is becoming feasible to do in an Ethernet switch ASIC like tofino if that is what you want to burn real estate on. Being worthwhile is another matter.

It is definitely possible in all relevant existing NPUs like Trio,
Solar, FP, EZChip, Lightspeed et.al. As it is within visibility of
lookup engine and it is at fixed offset. So not only possible but also
cheap.

-- 
  ++ytti