Re: [Hipsec] Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT)
Miika Komu <miika.komu@ericsson.com> Fri, 03 April 2020 06:41 UTC
Return-Path: <miika.komu@ericsson.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 492AF3A10B2; Thu, 2 Apr 2020 23:41:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oXu7jufNEw2e; Thu, 2 Apr 2020 23:41:13 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70050.outbound.protection.outlook.com [40.107.7.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 855E53A10B4; Thu, 2 Apr 2020 23:41:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NgaPSI/sa5e1KsMLn8f0JP65OUkr4Wed+m57kv/2lYMYikaScRkoWPGIFgHl4IHQ/oW/4GloYcprIcHF0R+Bndh21mTJ/ZASWif3BGsfI/SzPzWzaxiQuhYz+1JBjKkUZ1WS2D5jM4mZwYkrlSKKDbrKtA0boEVUrASKwloTde0yy/iF+zMarl6F/uIkFTBX/fD4b6JYLUAAB6Cn0EkGTHY/yimlLVDCeNFH0NLRNfbj2+iS/s8+2F/grW/C62gaiwJmX8ArXqyO0Du2cBzI9AV5E9rbVafYxGhY56Pb1ZvGO1LwdZ9g5ZgIKvahMYXtVlCwLTV4IdYbm+VhD3zA8Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VicodJUG0GcYuraUCJei41eLLHMrX6vSQUMy//Bgg04=; b=IYIbOscv3tOSboNyFHUH3+6jRMDjsLJHMZbPyfLPEbZBd3LOxTRUEcqN0GGxjv3FzAMIkVgZIXvuIsml6JMpSn7jrshYALV1fJuH6TuWHSkhnVk9Bh8UHS8vPUTxcuz30j+UWGpEEtKpDJX5bv5nJx/gADFaj/0fK93hSfi127dcO1VqawXJNilcIVxvD2cSdPJnfhKMsSexlamnPQRQIIGzbH+ju83yGh5MOdnvh0gOvkcDTa0DK3CoYximx3idktGfyDdj4jjbJVW9UqfOSCsq7f7SFD8Wvj6RkNH/evA8NcBJA3PKjQtACIGtWpmET96xQhTABgk48VFOsKY6Ww==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VicodJUG0GcYuraUCJei41eLLHMrX6vSQUMy//Bgg04=; b=qgEnPX6n/nAOK+d8oKTENFvSWc4IzT1IcuFZdkpdx7rnRr4ZvwAk4W6wnnjGDLexsC8bIB7eN3HIAF0JXskSDQdPb7U/N6K4BQ2Q/UbZ4kyf+oh/cL6ytTD5LVCRNFgkAZLmL48gizD1vKmMHLUAJ5bSL3CfYO9xQCie3sY3Jrg=
Received: from AM0PR07MB3876.eurprd07.prod.outlook.com (52.134.81.144) by AM0PR07MB3841.eurprd07.prod.outlook.com (52.134.84.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.15; Fri, 3 Apr 2020 06:41:10 +0000
Received: from AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::c93a:7b44:e182:cef6]) by AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::c93a:7b44:e182:cef6%6]) with mapi id 15.20.2878.014; Fri, 3 Apr 2020 06:41:10 +0000
From: Miika Komu <miika.komu@ericsson.com>
To: "iesg@ietf.org" <iesg@ietf.org>, Magnus Westerlund <magnus.westerlund@ericsson.com>
CC: "draft-ietf-hip-native-nat-traversal@ietf.org" <draft-ietf-hip-native-nat-traversal@ietf.org>, "hip-chairs@ietf.org" <hip-chairs@ietf.org>, Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>, "hipsec@ietf.org" <hipsec@ietf.org>
Thread-Topic: Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT)
Thread-Index: AQHV8t5gg3Zvxq1PeEaWx2XZsfEZi6hma8SAgAC0NIA=
Date: Fri, 03 Apr 2020 06:41:09 +0000
Message-ID: <1ee7a7a90a590c89583c7ce3e6a61d07f63ad9b1.camel@ericsson.com>
References: <158340648969.14566.11476213026719970345@ietfa.amsl.com> <ef83276e8b16e138f08b19747c54977989bcc1d8.camel@ericsson.com>
In-Reply-To: <ef83276e8b16e138f08b19747c54977989bcc1d8.camel@ericsson.com>
Accept-Language: fi-FI, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Evolution 3.28.5-0ubuntu0.18.04.1
authentication-results: spf=none (sender IP is ) smtp.mailfrom=miika.komu@ericsson.com;
x-originating-ip: [88.148.205.35]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 991c386c-04ff-465b-86ff-08d7d799febd
x-ms-traffictypediagnostic: AM0PR07MB3841:|AM0PR07MB3841:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM0PR07MB3841DB5BB181EAEC4C5F8A75FCC70@AM0PR07MB3841.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0362BF9FDB
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR07MB3876.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(396003)(136003)(39860400002)(376002)(346002)(366004)(186003)(81156014)(26005)(66446008)(8676002)(4326008)(36756003)(316002)(86362001)(81166006)(110136005)(6512007)(6636002)(54906003)(6506007)(2906002)(5660300002)(71200400001)(66476007)(91956017)(8936002)(2616005)(450100002)(6486002)(66946007)(66556008)(76116006)(44832011)(64756008)(478600001)(99106002); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ZlpSjpK5/+yzcycznLxPTf0RnFbptviUkjlOyxO/C+Wyu1PtAjCLeSRO5vJK84x/4Yr+8QPIFQ+JxKQDXYv7BV9e7MevPkrhxG7k6XVW1UpQuZYJV4svRhuzHcsgKApASMzEWlNRYXMrg35T6axzqBz9i1yqqpAEBujlDznxU4/GGmiGhTiQWtDIcwgxcUhePlOemmI4cjaMvtBGSaKpnrRTvZyQ4WjmM+4A7P59PyB3ReHpQkrkZ2hlMP2haFiC6JFeiiNprH0ZMySrC21eje4EFfXag11MjS4898NlfcOf8+ZrAtF+2zCZ5KaB3t9Er7gXT/Xpr4aCqYG+9etbe4sS4/hc/LtEqseCOZfiOGRi8HnNS5KS0JWD5kSp6AjEQ7yOC6Nooz0+A7KupCVRmQrj53VJnquZmRsIFOnub2GMzyILWGaFNL/orGxlYVFiacdCAZ/VwUNRB0a7YCU43BCaMPZokzbL47WTFCf9p5NzKKRwOdxMUVoRmHTL+QtG
x-ms-exchange-antispam-messagedata: XDbFnvT1euZgA77KLIFoTBJq22aYTEMGg7cSsURa+vhEV5ZHD1rOsfHVOTTlqJtFoiPfgeOLif5yqxYPsbGyRdXzkgB9rKKNuUMtJeiWrT0vOLxOXwgXoYohS2+E1ZzBbVcJ4YhxpVvFjShd9XfeZQ==
Content-Type: text/plain; charset="utf-8"
Content-ID: <36FED5C5A816E24FA21C8802C0BB0589@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 991c386c-04ff-465b-86ff-08d7d799febd
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2020 06:41:09.9586 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: LKI2i1hYtTo1hpRc/KzdLGyhmOFoQ4xh0OqXca/mJFetZ1UHM75MjH+n2nCAazE5kgZbxkTxXwZxen+quORS+Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB3841
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/JolS9U8zrEe1JtKaAMbcFr22VpY>
Subject: Re: [Hipsec] Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT)
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2020 06:41:15 -0000
Hi Magnus, to, 2020-04-02 kello 22:56 +0300, Miika Komu kirjoitti: > > > 4. MTU impact of NAT traversal. > > > > Section 5.1 states > > "It is worth noting that UDP encapsulation of HIP packets reduces > > the > > Maximum Transfer Unit (MTU) size of the control plane by 12 > > bytes." > > > > There is also a similar text in Section 5.11: > > > > It is worth noting that UDP encapsulation of ESP reduces the MTU > > size > > of data plane by 8 bytes. > > > > I think the document needs a discussion and impact on MTU which > > this > > NAT > > traversal has on the HIP packets being sent. - First of all there > > appears to be > > more packet expansions happening in some cases, for example the > > RELAY_HMAC > > option expands packets on one leg. - Secondly, HIP requires IP > > fragementation > > support, however IP fragmentation through NAT is commonly not > > working. Thus an > > HIP packet being UDP encapsulated that results in packet exceeding > > MTU will > > likely end up in an MTU black hole on path. > > > > The addition of the NAT traversal encapsulation actually increases > > the need for > > MTU discovery or care in MTU handling by the HIP initiator. I think > > there need > > to be discussion of that in the document. > > I am stil iterating some text on this, I hope Jeff Ahrenholz can help > with this. I got text from Jeff Ahrenholz and Robert Moskowitz: Section 5.2 replaced this: It is worth noting that UDP encapsulation of HIP packets reduces the Maximum Transfer Unit (MTU) size of the control plane by 12 bytes. with: UDP encapsulation of HIP packets reduces the Maximum Transfer Unit (MTU) size of the control plane by 12 bytes (8-byte UDP header plus 4-byte zero SPI marker), and the data plane by 8 bytes. This encapsulation overhead increases the need for MTU discovery. A HIP host SHOULD have the option to enable ICMP path MTU discovery (PMTUD) [RFC1063] [RFC8201]. Otherwise, support for IP fragmentation is required, which may not be commonly supported through NATs. When HIP encapsulation is implemented using a virtual tunneling interface, consider using a reduced MTU (e.g. 1400) by default. Additional HIP relay parameters, such as RELAY_HMAC, RELAY_UDP_HIP, RELAY_UDP_ESP, etc., further increase the size of certain HIP packets. It is worth noting that further HIP extensions can trim off 8 bytes in the ESP header by negotiating implicit IV support in the ESP_TRANSFORM parameter as described in [RFC8750]. Does this address your concerns? Btw, I would remove the following redundant statement in "RELAYED_ADDRESS and MAPPED_ADDRESS Parameters" section: It is worth noting that UDP encapsulation of ESP reduces the MTU size of data plane by 8 bytes.
- [Hipsec] Magnus Westerlund's Discuss on draft-iet… Magnus Westerlund via Datatracker
- Re: [Hipsec] Magnus Westerlund's Discuss on draft… Ari Keränen
- Re: [Hipsec] Magnus Westerlund's Discuss on draft… Miika Komu
- Re: [Hipsec] Magnus Westerlund's Discuss on draft… Miika Komu
- Re: [Hipsec] Magnus Westerlund's Discuss on draft… Magnus Westerlund
- Re: [Hipsec] Magnus Westerlund's Discuss on draft… Magnus Westerlund
- Re: [Hipsec] Magnus Westerlund's Discuss on draft… Jeff Ahrenholz
- Re: [Hipsec] Magnus Westerlund's Discuss on draft… Miika Komu
- Re: [Hipsec] Magnus Westerlund's Discuss on draft… Miika Komu
- Re: [Hipsec] Magnus Westerlund's Discuss on draft… Magnus Westerlund
- Re: [Hipsec] Magnus Westerlund's Discuss on draft… Miika Komu