Re: [Hipsec] Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT)

Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 06 April 2020 08:52 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1918E3A0BC4; Mon, 6 Apr 2020 01:52:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.268
X-Spam-Level:
X-Spam-Status: No, score=-2.268 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.168, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00vv1LEyTg3L; Mon, 6 Apr 2020 01:52:04 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2052.outbound.protection.outlook.com [40.107.22.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61A9B3A0BC5; Mon, 6 Apr 2020 01:52:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X6OgGp3g/ghF6GjDoUIvWWsn83rpq+gUcRq+6R6TamTIE/2WokPD/Iz3ct1pBL0VkmX/Qj687dEGqrtuuAiiO9RvsrkHSRAaSjtD68GNJfHNWjqbub7rJsiSuZdhRgjKHX3ai4hEc+7mN539U6JlnsZxsqjSI0m1ZzBPdPWXVP1N8a+aDYTQWItU5JLMEKW9uCLJ0a/zTDz2Cq37rsSgBW8TzRiuIV9ipn03opZS+u9daPK7HrnsvfHcxSE6miVF5pNR+CCFhXuFyk6MqnrmsoyQtrUsoJpP4XGpRY3/IqgHHOHt+ORk8ozc9huzP02GYtWDeZqptN679Cra8jSwdQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ydF9d+8QsVwkx4PYKRWqtz9wpFqLmf17BKpj7PW28n4=; b=nf3j3yKuwvR1Ew7hKNHiTFENpn+KN7vtiz8g90aWu/f30iKdKqTzU7Bdf6n2mci7ecwaYSj0aKjcwYdNpZSw5+TBRd6JKJTYAPih8aTe5KINqC5/obutKJTk9V0QgHctmYNJHfBH6QDERbDuj418cb550sEtBIy3DOnwiGuF8ZnTc+wcBbWotVq2COE2QybaXb5VcjGYd4dL32M4XBT2FqwVkipU5WrmKfAq6pdrHI0f+2x/Ku2g75lMo44iKEbQJ2WzgDry0Ww3bhkPblw2WwWBYk+GO0tGgjC+bh+ZAmhT+KmRjEEbyUCxqS1G6lbc42tLqoI91ZJF3/9JdpQocA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ydF9d+8QsVwkx4PYKRWqtz9wpFqLmf17BKpj7PW28n4=; b=nNQceqn4sg6faDXiIGqCCe58/UL2CdZzsTyIWh2hUZYn0+pgU2y9OffjBOH4IABA9ktSFimZJiWcMiZEjtQ5iKNM9JyZBU3bV5uChyXjR9h79YKwrB98OfDsEhLOhf56j9FAJdctIwr3J6i/H+7TjtiJO6QzF3wjFLIpFzx7UPM=
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com (52.133.7.14) by HE1PR0702MB3530.eurprd07.prod.outlook.com (52.133.5.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.14; Mon, 6 Apr 2020 08:52:01 +0000
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::ec28:2c21:6d78:917a]) by HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::ec28:2c21:6d78:917a%2]) with mapi id 15.20.2900.012; Mon, 6 Apr 2020 08:52:01 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "iesg@ietf.org" <iesg@ietf.org>, Miika Komu <miika.komu@ericsson.com>
CC: "draft-ietf-hip-native-nat-traversal@ietf.org" <draft-ietf-hip-native-nat-traversal@ietf.org>, "hip-chairs@ietf.org" <hip-chairs@ietf.org>, Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>, "hipsec@ietf.org" <hipsec@ietf.org>
Thread-Topic: Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT)
Thread-Index: AQHV8t5jpwo8AfrnzU6oGxAW8ZOYmqhma8gAgAC0MoCAADR7gIADXbKAgAFJX4A=
Date: Mon, 6 Apr 2020 08:52:01 +0000
Message-ID: <7a9890d44949e638b796af989fd06c4eda26d5c2.camel@ericsson.com>
References: <158340648969.14566.11476213026719970345@ietfa.amsl.com> <ef83276e8b16e138f08b19747c54977989bcc1d8.camel@ericsson.com> <1ee7a7a90a590c89583c7ce3e6a61d07f63ad9b1.camel@ericsson.com> <6d093953853f2062d0d31e23807f5116c4748ba3.camel@ericsson.com> <408e58bf1969e7a538e0ee545dd69ff694d81bf0.camel@ericsson.com>
In-Reply-To: <408e58bf1969e7a538e0ee545dd69ff694d81bf0.camel@ericsson.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Evolution 3.28.5-0ubuntu0.18.04.1
authentication-results: spf=none (sender IP is ) smtp.mailfrom=magnus.westerlund@ericsson.com;
x-originating-ip: [158.174.118.23]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4b738978-c470-41bd-0739-08d7da07c5a8
x-ms-traffictypediagnostic: HE1PR0702MB3530:|HE1PR0702MB3530:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <HE1PR0702MB35307C1B797FFED5E858575F95C20@HE1PR0702MB3530.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0365C0E14B
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3772.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(396003)(39860400002)(366004)(376002)(346002)(136003)(76116006)(6486002)(8676002)(36756003)(5660300002)(316002)(86362001)(110136005)(66446008)(6636002)(66946007)(64756008)(66556008)(81166006)(8936002)(81156014)(66616009)(54906003)(66476007)(186003)(26005)(450100002)(4326008)(2616005)(44832011)(99936003)(6506007)(2906002)(71200400001)(6512007)(478600001)(99106002); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4YbI7vU/sbyA6vWev/vEwsugMSLzU6F6+eHdv8tKjEJ3I49QuMbxcy+OFZCr1NBXdP6XxA6t02F0voTZ9IJRx6TRalpQQ89FRFK7dvzr6hmDZwz9D9yVmPWRXao788uLTnywReVgKwxY3upScquvUQmrEZuJy2gryB71/X2zJY9rqAzz8Buzd9VMAO2cusySAKMzyLvKPGAW4qvRHeEsGjKqxgOysY+K4UW5uztydLFD40ltDBwX+/x5OTQflDCXZP1wb7wITgdekacH1x07bsZBPCEA+YwAVg9rI7TTCz0ablMxsGT95eYOPvWCh83aOPTbGeOFr7GaZV/pipGY3n+5lnipmXnzWnvnOqdA6zm61DouymKm47xp8Sn65PeaTqzwjqR3FnVEEL/BdSMUjZ4j+vuXLPaTRo7m62TypyCGXosSRtsDccD/e10ONkwxzyBcxDwYltDYvwDMvtcvUgws+RbX7CgNneNYI+yJyy9gQoNslO/R0dV0gZIg//mU
x-ms-exchange-antispam-messagedata: /Yx4mcDBZG0teBbiX1zv56kZVL/xYn2QeZoztF+pp5QhoDTYYRJn/lkBgJlHSMLnmSGD7WMTl+ddndLa2AOiUTaSkLHzJKIrfbbZJucB87AM41kCzYEZ8pbjRCHm3n/bWicdsLfM5/qUuVeixsI80w==
Content-Type: multipart/signed; micalg="sha-256"; protocol="application/x-pkcs7-signature"; boundary="=-9nUAWfLpE4PDrbEb+fhs"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4b738978-c470-41bd-0739-08d7da07c5a8
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2020 08:52:01.0355 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vNg0I/Ja2gVlKK6zY36bjl9Nk9ZB1jIdUe1t1q2dNoWiNO/1wbnhCRGyD1IDEWvR+03MOflCKd4TmRAzWRAocuUk4S0zGt+PuPKh+jSDMVg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3530
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/2gE6VfpwddIIH0sPPYh0hkzsA8E>
Subject: Re: [Hipsec] Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT)
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Apr 2020 08:52:08 -0000

Hi,

I think the below text looks good. If you are reasonably confident that HIP
supports the capabilities required for implementing PLP MTUD requirements then I
think that pargraph is good hint.

So I believe I will have no issues with clearing when a document with the
discussed updates are made available.

Thanks

Magnus 

On Sun, 2020-04-05 at 13:13 +0000, Miika Komu wrote:
> Hi Magnus,
> 
> 
> I tried to merge your feedback with text from Jeff and Robert, so now
> it is as follows:
> 
> UDP encapsulation of HIP packets reduces the Maximum Transfer Unit
> (MTU) size of the control plane by 12 bytes (8-byte UDP header plus
> 4-byte zero SPI marker), and the data plane by 8 bytes.  Additional
> HIP relay parameters, such as RELAY_HMAC, RELAY_UDP_HIP,
> RELAY_UDP_ESP, etc., further increase the size of certain HIP
> packets.  In regard to MTU, the following aspects need to be
> considered in an implementation:
> 
> o  A HIP host SHOULD implement ICMP message handling to support path
>    MTU discovery (PMTUD) discovery as described in [RFC1063]
>    [RFC8201]
> 
> o  Reliance on IP fragmentation is unlikely to be a viable strategy
>    through NATs.  If ICMP MTU discovery is not working, MTU related
>    path black holes may occur.
> 
> o  A mitigation strategy is to constrain the MTU, especially for
>    virtual interfaces, to expected safe MTU values, e.g., 1400 bytes
>    for the underlying interfaces that support 1500 bytes MTU.
> 
> o  Further extensions to this specification may define a HIP-based
>    mechanism to find a working path MTU without unnecessary
>    constraining that size using Packetization Layer Path MTU
>    Discovery for Datagram Transports
>    [I-D.ietf-tsvwg-datagram-plpmtud].  For instance, such mechanism
>    could be implemented between a HIP Relay Client and HIP Relay
>    Server.
> 
> o  It is worth noting that further HIP extensions can trim off 8
>    bytes in the ESP header by negotiating implicit IV support in the
>    ESP_TRANSFORM parameter as described in [RFC8750].
-- 
Cheers

Magnus Westerlund 


----------------------------------------------------------------------
Networks, Ericsson Research
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Torshamnsgatan 23           | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------