IETF Logo Mail Archive

Re: [DNSOP] [Int-area] Please review draft-ietf-dnsop-avoid-fragmentation

"touch@strayalpha.com" <touch@strayalpha.com> Sat, 06 August 2022 16:21 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A95C4C157903; Sat, 6 Aug 2022 09:21:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.324
X-Spam-Level:
X-Spam-Status: No, score=-1.324 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q5ambAeiSqQv; Sat, 6 Aug 2022 09:21:00 -0700 (PDT)
Received: from server217-2.web-hosting.com (server217-2.web-hosting.com [198.54.115.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E4BCC14F729; Sat, 6 Aug 2022 09:20:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=x7F/2TmtUhjY2mrNyOqVZ7hJ+9AhT7nqU+LZ1ogQSbc=; b=IgZUaOgdPEPH8DrMYgbNuzEoma CT2C8cuJ6oW3IIixqz2CDCMfmlMBzZmLNg5cfcvCkC6PTpeNhGDuqwvKmXE5MsR93Yo6GaV6aPq0g xJT7egBEdOMTKXHwWRKvBilUZKTi1ee7GLvnsx8Bizr2niJhiUx7dnuhn8j6KUI6xOHZt9s+hrLkn 95J26PO9uZYrdjdUzL8BXbEG1UlZGbAomC1J30TzUBlIeFMkQJIv4IcYGjGnw30iWCM6bXn10hhpt z6CGg2FnCh+0omytSeFeXtSBugVK9MquCaUSSZryxGBRhtm2i0yc3Kxhqb426fvv/3m6sfL/rqg3R 9fDyMkvw==;
Received: from cpe-172-114-237-88.socal.res.rr.com ([172.114.237.88]:59634 helo=smtpclient.apple) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <touch@strayalpha.com>) id 1oKMXl-00Dqvm-AL; Sat, 06 Aug 2022 12:20:58 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_43D88055-AFE3-487E-A600-8B6DCA6DD2DC"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: "touch@strayalpha.com" <touch@strayalpha.com>
In-Reply-To: <20220729.211236.1112281904300036081.fujiwara@jprs.co.jp>
Date: Sat, 06 Aug 2022 09:20:51 -0700
Cc: IETF intarea WG <int-area@ietf.org>, dnsop@ietf.org
Message-Id: <90B5AF9A-DFCB-4A28-AD91-2F8A619FE439@strayalpha.com>
References: <20220729.211236.1112281904300036081.fujiwara@jprs.co.jp>
To: Kazunori Fujiwara <fujiwara@jprs.co.jp>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/vmyJFlh-iuXNsDrT42muX8RGXEI>
Subject: Re: [DNSOP] [Int-area] Please review draft-ietf-dnsop-avoid-fragmentation
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Aug 2022 16:21:03 -0000

Some comments:

The doc starts by grouping ICMP-based path MTU discovery (PMTUD) with in-band discovery (PLPMTUD), but asserts (in the first paragraph) that the group term “path MTU discovery” isn’t deployed due to security concerns. I have seen no such concerns about PLPMTUD - if you are aware of them, they should be cited. More broadly, however, these two mechanisms should NOT be lumped together.

IP fragmentation is controlled at both the system (as a default for all new sockets) and per-socket level; this should be discussed. 

I disagree with “MAY probe to find path MTU”; IMO, they SHOULD.

Appendix C implies that there is a way to know the path MTU by direct request. Unless this is verified with probes (as in PLPMTUD), any value returned is at best a hint and could be incorrect. This should be noted.

It wouldn’t hurt (IMO) to point out the potential to use higher level fragmentation that avoids the issues with IP fragmentation. I’m not a DNS wonk but I’m surprised to see this doc imply that there isn’t such a mechanism at the application layer. Additionally, we are working on a mechanism at the UDP layer (UDP options) that may be useful in the future (not to recommend now, of course).

Joe

—
Dr. Joe Touch, temporal epistemologist
www.strayalpha.com

> On Jul 29, 2022, at 5:12 AM, Kazunori Fujiwara <fujiwara@jprs.co.jp> wrote:
> 
> Dear intarea WG,
> 
> dnsop WG is working on a document to avoid IP fragmentation in DNS.
> Now, the draft is on Working Group Last call in dnsop WG (until August 16).
> 
> The draft attempt to advance the goals of RFC 8900 IP Fragmentation
> Considered Fragile. (Section 5.1 Domain Name System (DNS))
> 
> As one of the co-authors of the draft, I would like advices from
> intarea because there may be inadequate descriptions related to path
> MTU discovery and DF bit / IPV6_DONTFRAG.
> 
> Fragmentation Avoidance in DNS
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-avoid-fragmentation/
> 
> 
> (1) About DF bit, IPV6DONTFRAG
> 
> | 1.  Introduction
> |
> |  This document proposes to set IP_DONTFRAG / IPV6_DONTFRAG in DNS/UDP
> |  messages in order to avoid IP fragmentation, and describes how to
> |  avoid packet losses due to IP_DONTFRAG / IPV6_DONTFRAG.
> 
> | 2.  Terminology
> | 
> |  IP_DONTFRAG option is not defined by any RFCs.  It is similar to
> |  IPV6_DONTFRAG option defined in [RFC3542].  IP_DONTFRAG option is
> |  used on BSD systems to set the Don't Fragment bit [RFC0791] when
> |  sending IPv4 packets.  On Linux systems this is done via
> |  IP_MTU_DISCOVER and IP_PMTUDISC_DO.
> 
> | 3.1.  Recommendations for UDP responders
> |
> |  *  UDP responders SHOULD send DNS responses with IP_DONTFRAG /
> |     IPV6_DONTFRAG [RFC3542] options.
> 
> (2) about path MTU discovery
> 
> | 2.  Terminology
> |
> |  "Path MTU" is the minimum link MTU of all the links in a path between
> |  a source node and a destination node.  (Quoted from [RFC8201])
> |
> |  In this document, the term "Path MTU discovery" includes Classical
> |  Path MTU discovery [RFC1191], [RFC8201], Packetization Layer Path MTU
> |  discovery [RFC8899] and as well as similar methods.
> 
> | 3.2.  Recommendations for UDP requestors
> |
> |  *  UDP requestors MAY probe to discover the real MTU value per
> |     destination.  (Path MTU discovery per destionation) Then,
> |     calculate their maximum DNS/UDP payload size as the reported path
> |     MTU minus IPv4/IPv6 header size (20 or 40) minus UDP header size
> |     (8).  If the path MTU discovery failed or is impossible, use the
> |     default maximum DNS/UDP payload size 1400.
> 
> ------------
> 
> Regards
> 
> --
> Kazunori Fujiwara, JPRS <fujiwara@jprs.co.jp>
> 
> _______________________________________________
> Int-area mailing list
> Int-area@ietf.org
> https://www.ietf.org/mailman/listinfo/int-area

v2.23.0 | Report a Bug | By Email