Re: [Hipsec] Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT)

Miika Komu <miika.komu@ericsson.com> Fri, 03 April 2020 06:41 UTC

Return-Path: <miika.komu@ericsson.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 492AF3A10B2; Thu, 2 Apr 2020 23:41:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oXu7jufNEw2e; Thu, 2 Apr 2020 23:41:13 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70050.outbound.protection.outlook.com [40.107.7.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 855E53A10B4; Thu, 2 Apr 2020 23:41:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NgaPSI/sa5e1KsMLn8f0JP65OUkr4Wed+m57kv/2lYMYikaScRkoWPGIFgHl4IHQ/oW/4GloYcprIcHF0R+Bndh21mTJ/ZASWif3BGsfI/SzPzWzaxiQuhYz+1JBjKkUZ1WS2D5jM4mZwYkrlSKKDbrKtA0boEVUrASKwloTde0yy/iF+zMarl6F/uIkFTBX/fD4b6JYLUAAB6Cn0EkGTHY/yimlLVDCeNFH0NLRNfbj2+iS/s8+2F/grW/C62gaiwJmX8ArXqyO0Du2cBzI9AV5E9rbVafYxGhY56Pb1ZvGO1LwdZ9g5ZgIKvahMYXtVlCwLTV4IdYbm+VhD3zA8Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VicodJUG0GcYuraUCJei41eLLHMrX6vSQUMy//Bgg04=; b=IYIbOscv3tOSboNyFHUH3+6jRMDjsLJHMZbPyfLPEbZBd3LOxTRUEcqN0GGxjv3FzAMIkVgZIXvuIsml6JMpSn7jrshYALV1fJuH6TuWHSkhnVk9Bh8UHS8vPUTxcuz30j+UWGpEEtKpDJX5bv5nJx/gADFaj/0fK93hSfi127dcO1VqawXJNilcIVxvD2cSdPJnfhKMsSexlamnPQRQIIGzbH+ju83yGh5MOdnvh0gOvkcDTa0DK3CoYximx3idktGfyDdj4jjbJVW9UqfOSCsq7f7SFD8Wvj6RkNH/evA8NcBJA3PKjQtACIGtWpmET96xQhTABgk48VFOsKY6Ww==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VicodJUG0GcYuraUCJei41eLLHMrX6vSQUMy//Bgg04=; b=qgEnPX6n/nAOK+d8oKTENFvSWc4IzT1IcuFZdkpdx7rnRr4ZvwAk4W6wnnjGDLexsC8bIB7eN3HIAF0JXskSDQdPb7U/N6K4BQ2Q/UbZ4kyf+oh/cL6ytTD5LVCRNFgkAZLmL48gizD1vKmMHLUAJ5bSL3CfYO9xQCie3sY3Jrg=
Received: from AM0PR07MB3876.eurprd07.prod.outlook.com (52.134.81.144) by AM0PR07MB3841.eurprd07.prod.outlook.com (52.134.84.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.15; Fri, 3 Apr 2020 06:41:10 +0000
Received: from AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::c93a:7b44:e182:cef6]) by AM0PR07MB3876.eurprd07.prod.outlook.com ([fe80::c93a:7b44:e182:cef6%6]) with mapi id 15.20.2878.014; Fri, 3 Apr 2020 06:41:10 +0000
From: Miika Komu <miika.komu@ericsson.com>
To: "iesg@ietf.org" <iesg@ietf.org>, Magnus Westerlund <magnus.westerlund@ericsson.com>
CC: "draft-ietf-hip-native-nat-traversal@ietf.org" <draft-ietf-hip-native-nat-traversal@ietf.org>, "hip-chairs@ietf.org" <hip-chairs@ietf.org>, Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>, "hipsec@ietf.org" <hipsec@ietf.org>
Thread-Topic: Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT)
Thread-Index: AQHV8t5gg3Zvxq1PeEaWx2XZsfEZi6hma8SAgAC0NIA=
Date: Fri, 3 Apr 2020 06:41:09 +0000
Message-ID: <1ee7a7a90a590c89583c7ce3e6a61d07f63ad9b1.camel@ericsson.com>
References: <158340648969.14566.11476213026719970345@ietfa.amsl.com> <ef83276e8b16e138f08b19747c54977989bcc1d8.camel@ericsson.com>
In-Reply-To: <ef83276e8b16e138f08b19747c54977989bcc1d8.camel@ericsson.com>
Accept-Language: fi-FI, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Evolution 3.28.5-0ubuntu0.18.04.1
authentication-results: spf=none (sender IP is ) smtp.mailfrom=miika.komu@ericsson.com;
x-originating-ip: [88.148.205.35]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 991c386c-04ff-465b-86ff-08d7d799febd
x-ms-traffictypediagnostic: AM0PR07MB3841:|AM0PR07MB3841:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM0PR07MB3841DB5BB181EAEC4C5F8A75FCC70@AM0PR07MB3841.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0362BF9FDB
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR07MB3876.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(396003)(136003)(39860400002)(376002)(346002)(366004)(186003)(81156014)(26005)(66446008)(8676002)(4326008)(36756003)(316002)(86362001)(81166006)(110136005)(6512007)(6636002)(54906003)(6506007)(2906002)(5660300002)(71200400001)(66476007)(91956017)(8936002)(2616005)(450100002)(6486002)(66946007)(66556008)(76116006)(44832011)(64756008)(478600001)(99106002); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ZlpSjpK5/+yzcycznLxPTf0RnFbptviUkjlOyxO/C+Wyu1PtAjCLeSRO5vJK84x/4Yr+8QPIFQ+JxKQDXYv7BV9e7MevPkrhxG7k6XVW1UpQuZYJV4svRhuzHcsgKApASMzEWlNRYXMrg35T6axzqBz9i1yqqpAEBujlDznxU4/GGmiGhTiQWtDIcwgxcUhePlOemmI4cjaMvtBGSaKpnrRTvZyQ4WjmM+4A7P59PyB3ReHpQkrkZ2hlMP2haFiC6JFeiiNprH0ZMySrC21eje4EFfXag11MjS4898NlfcOf8+ZrAtF+2zCZ5KaB3t9Er7gXT/Xpr4aCqYG+9etbe4sS4/hc/LtEqseCOZfiOGRi8HnNS5KS0JWD5kSp6AjEQ7yOC6Nooz0+A7KupCVRmQrj53VJnquZmRsIFOnub2GMzyILWGaFNL/orGxlYVFiacdCAZ/VwUNRB0a7YCU43BCaMPZokzbL47WTFCf9p5NzKKRwOdxMUVoRmHTL+QtG
x-ms-exchange-antispam-messagedata: XDbFnvT1euZgA77KLIFoTBJq22aYTEMGg7cSsURa+vhEV5ZHD1rOsfHVOTTlqJtFoiPfgeOLif5yqxYPsbGyRdXzkgB9rKKNuUMtJeiWrT0vOLxOXwgXoYohS2+E1ZzBbVcJ4YhxpVvFjShd9XfeZQ==
Content-Type: text/plain; charset="utf-8"
Content-ID: <36FED5C5A816E24FA21C8802C0BB0589@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 991c386c-04ff-465b-86ff-08d7d799febd
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2020 06:41:09.9586 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: LKI2i1hYtTo1hpRc/KzdLGyhmOFoQ4xh0OqXca/mJFetZ1UHM75MjH+n2nCAazE5kgZbxkTxXwZxen+quORS+Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB3841
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/JolS9U8zrEe1JtKaAMbcFr22VpY>
Subject: Re: [Hipsec] Magnus Westerlund's Discuss on draft-ietf-hip-native-nat-traversal-30: (with DISCUSS and COMMENT)
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2020 06:41:15 -0000

Hi Magnus,

to, 2020-04-02 kello 22:56 +0300, Miika Komu kirjoitti:
> 
> > 4. MTU impact of NAT traversal.
> > 
> > Section 5.1 states
> > "It is worth noting that UDP encapsulation of HIP packets reduces
> > the
> >    Maximum Transfer Unit (MTU) size of the control plane by 12
> > bytes."
> > 
> > There is also a similar text in Section 5.11:
> > 
> >    It is worth noting that UDP encapsulation of ESP reduces the MTU
> > size
> >    of data plane by 8 bytes.
> > 
> > I think the document needs a discussion and impact on MTU which
> > this
> > NAT
> > traversal has on the HIP packets being sent. - First of all there
> > appears to be
> > more packet expansions happening in some cases, for example the
> > RELAY_HMAC
> > option expands packets on one leg. - Secondly, HIP requires IP
> > fragementation
> > support, however IP fragmentation through NAT is commonly not
> > working. Thus an
> > HIP packet being UDP encapsulated that results in packet exceeding
> > MTU will
> > likely end up in an MTU black hole on path.
> > 
> > The addition of the NAT traversal encapsulation actually increases
> > the need for
> > MTU discovery or care in MTU handling by the HIP initiator. I think
> > there need
> > to be discussion of that in the document.
> 
> I am stil iterating some text on this, I hope Jeff Ahrenholz can help
> with this.

I got text from Jeff Ahrenholz and Robert Moskowitz:

Section 5.2

replaced this:

It is worth noting that UDP encapsulation of HIP packets reduces the
Maximum Transfer Unit (MTU) size of the control plane by 12 bytes.

with:

UDP encapsulation of HIP packets reduces the Maximum Transfer Unit
(MTU) size of the control plane by 12 bytes (8-byte UDP header plus
4-byte zero SPI marker), and the data plane by 8 bytes.  This
encapsulation overhead increases the need for MTU discovery.  A HIP
host SHOULD have the option to enable ICMP path MTU discovery (PMTUD)
[RFC1063] [RFC8201].  Otherwise, support for IP fragmentation is
required, which may not be commonly supported through NATs.  When HIP
encapsulation is implemented using a virtual tunneling interface,
consider using a reduced MTU (e.g. 1400) by default.  Additional HIP
relay parameters, such as RELAY_HMAC, RELAY_UDP_HIP, RELAY_UDP_ESP,
etc., further increase the size of certain HIP packets.  It is worth
noting that further HIP extensions can trim off 8 bytes in the ESP
header by negotiating implicit IV support in the ESP_TRANSFORM
parameter as described in [RFC8750].

Does this address your concerns?

Btw, I would remove the following redundant statement in
"RELAYED_ADDRESS and MAPPED_ADDRESS Parameters" section:

It is worth noting that UDP encapsulation of ESP reduces
the MTU size of data plane by 8 bytes.