IETF Logo Mail Archive

Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation

Andrew McConachie <andrew@depht.com> Thu, 28 July 2022 10:24 UTC

Return-Path: <andrew@depht.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25281C1595E6 for <dnsop@ietfa.amsl.com>; Thu, 28 Jul 2022 03:24:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zdr3AIFsca-X for <dnsop@ietfa.amsl.com>; Thu, 28 Jul 2022 03:24:50 -0700 (PDT)
Received: from mout-b-203.mailbox.org (mout-b-203.mailbox.org [195.10.208.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48BA9C13CCE8 for <dnsop@ietf.org>; Thu, 28 Jul 2022 03:24:49 -0700 (PDT)
Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:b231:465::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-b-203.mailbox.org (Postfix) with ESMTPS id 4Ltmwr4Gs6z9sxB for <dnsop@ietf.org>; Thu, 28 Jul 2022 12:24:44 +0200 (CEST)
From: Andrew McConachie <andrew@depht.com>
To: dnsop@ietf.org
Date: Thu, 28 Jul 2022 12:24:30 +0200
Message-ID: <00A9FAEA-04CA-415E-A206-A7A974080C75@depht.com>
In-Reply-To: <3ECD79E3-36E6-4572-AA46-FFFB1B9ED0FA@pir.org>
References: <3ECD79E3-36E6-4572-AA46-FFFB1B9ED0FA@pir.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 4Ltmwr4Gs6z9sxB
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/5dUL-JuZPI7u1uhnEh18FUtDL84>
Subject: Re: [DNSOP] WGLC for draft-ietf-dnsop-avoid-fragmentation
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jul 2022 10:24:54 -0000

> Path MTU discovery remains widely undeployed due to
>    security issues, and IP fragmentation has exposed weaknesses in
>    application protocols.

PMTUD doesn’t work through NAT and that’s probably the main reason 
why it doesn’t work on the Internet. I think that’s less of a 
security issue than just a general issue with PMTUD not working on the 
modern Internet.

> Currently, DNS is known to be the largest
>    user of IP fragmentation.

Compared to what? I would just drop this sentence because it doesn’t 
add anything to the document and it’s trying to make a point that 
doesn’t need to be made.

>  Most of the Internet and especially the inner core has an MTU of
>  at least 1500 octets.  Maximum DNS/UDP payload size for IPv6 on
>  MTU 1500 ethernet is 1452 (1500 minus 40 (IPv6 header size) minus
>  8 (UDP header size)).  To allow for possible IP options and
>  distant tunnel overhead, authors' recommendation of default
>  maximum DNS/UDP payload size is 1400.

Before I was interested in the DNS I worked for an ethernet switch 
vendor for 8 years, and I often find the way MTU gets talked about in 
IETF documents simply weird. MTU is a measurement of maximum frame size 
for a network segment starting at Layer 2. Yet there’s no discussion 
of layer 2 here. The discussion starts at layer 3 and because of that 
the math doesn’t make any sense to me.

Is there just an assumption that layer 2 will consume 18 bytes? 
(6+6+2+4) (DA+SA+ET+FCS) Can we state this assumption in the document? 
As I read it now it’s not clear how many bytes are assumed to be 
consumed by layer 2 headers.

I said many of these same things in a mail to this list on August 12, 
2020 but never received a response.

Thanks,
Andrew

On 26 Jul 2022, at 23:13, Suzanne Woolf wrote:

> Dear colleagues,
>
>
> This message starts the Working Group Last Call for 
> draft-ietf-dnsop-avoid-fragmentation 
> (https://datatracker.ietf.org/doc/draft-ietf-dnsop-avoid-fragmentation/). 
> The requested status is BCP.
>
> Since we're starting the Last Call during the IETF week, and many 
> folks are on holidays in the next few weeks, the WGLC will end in 
> three weeks (instead of the usual two), on August 16.
>
> Substantive comments to the list, please. It’s fine for minor edits 
> to go direct to the authors. We need to hear positive support to 
> advance it, or your comments on what still needs to be done.
>
>
>
> Thanks,
> Suzanne
> For the chairs
>
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

v2.23.0 | Report a Bug | By Email