IETF Logo Mail Archive

Re: Is Fragmentation at IP layer even needed ?

Phillip Hallam-Baker <phill@hallambaker.com> Thu, 11 February 2016 18:19 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB1031B38B3 for <ietf@ietfa.amsl.com>; Thu, 11 Feb 2016 10:19:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UFMsGF8NsMIH for <ietf@ietfa.amsl.com>; Thu, 11 Feb 2016 10:19:20 -0800 (PST)
Received: from mail-lb0-x236.google.com (mail-lb0-x236.google.com [IPv6:2a00:1450:4010:c04::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 764491B38B1 for <ietf@ietf.org>; Thu, 11 Feb 2016 10:19:20 -0800 (PST)
Received: by mail-lb0-x236.google.com with SMTP id cw1so32635915lbb.1 for <ietf@ietf.org>; Thu, 11 Feb 2016 10:19:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=wFaWofzFEiQpDikNFb+QGJuPLbROrM+b5ysKyGmCs2A=; b=iSEkHfkz84K7PwQs1XSipnPmU+ahtDWlDDVjjy9jFD8IDPMwccTX9bHOtu5fM3g9YW T58VAi2SbYD60SfOnEoCctXBMslMp2Il4waC1IT4HJYLGKWINWLePJdt2eYsk8Kn9/xj slvabxOx08UTLTbSmuewEeq26oyn8nSNJVyNti2G887tixnPbs91KipXPZ10OpCOTO3b XHo7VmveZW/GgwKwkSCN8utcHRy6qEAmLp/NquHRi3EwRICb2xGvvsw2u5s8LvtOPQEf BWBCV4u4P44e7aviWSS7VdLaUIedA2eSEppLiqFNDfp3/XZhRiuFCncJqUyujfm007cL 3c6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=wFaWofzFEiQpDikNFb+QGJuPLbROrM+b5ysKyGmCs2A=; b=WUSr9d7hP1TZmhgio9Bg3l4ZQokUliWIT85RI0p3cG5w2KviylJFuj7+IG8BRQVCY6 +u2T1040jxLx49Tp75WMc4AeTZfVAZauv+ckn1Tp2WnmOrMSSf9q1+T4o882BrmhIdbA WXcQ3F+0LBSA4Si1Zo4Dtbs92oYF9FL2zYgcwk2f22o5mkyksIgugyiw+0olPh2VXxca G6H9wfRbtttBphF5jH+PlahSBbTopaKXLgon6d04jQhChN89mgFOSTGDWTI6jwhkcNoB /XFOoVxgSF1Icxs6YuZVqTlCb1o1PJ+aS013MqIGgYm6WIIokxLb9T29jzgFN072Ksb1 MCzw==
X-Gm-Message-State: AG10YOQf8hD/95X1QU633RnEhJvM5H6n+7wPc5cnHxSRNXNRCiiTF8n6U6wfbv8il4yO0Fu682bsoMNm5lEY+A==
MIME-Version: 1.0
X-Received: by 10.112.166.100 with SMTP id zf4mr19214951lbb.58.1455214758521; Thu, 11 Feb 2016 10:19:18 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.49.80 with HTTP; Thu, 11 Feb 2016 10:19:18 -0800 (PST)
In-Reply-To: <56BCCBB4.4050909@isi.edu>
References: <CAOJ6w=EvzE3dM4Y2mFFR=9YyPBdmFu_jkF4-42LjkdbRd3yz_w@mail.gmail.com> <BLUPR05MB1985F5F2BB3118362C67B921AED50@BLUPR05MB1985.namprd05.prod.outlook.com> <20160208200943.A615941B5B96@rock.dv.isc.org> <CAMm+LwgLoYpQ1TNOTOuJzh+cu+GyRBf9=y_K7K35boQ9WcZKjA@mail.gmail.com> <56B92A96.9050200@si6networks.com> <CAMm+LwifTXvVd1mPZOfcOOR03Fnj-82H9aDVS01=wGezePtnXw@mail.gmail.com> <56BA4BC7.1010002@isi.edu> <CAMm+Lwi-n=be4AWGibs+Zq9egYw5pSDmPGb-4P0LDEcX1E6osA@mail.gmail.com> <56BA68CE.7090304@isi.edu> <CAMm+LwiM2sFUeejgJZe650UQbVHrh7EHrEF2omvPrZJPodgJLA@mail.gmail.com> <56BA739D.7060309@isi.edu> <CAMm+Lwij1dOkK0b2ZnJiPMtba=wc823WgYjqw0iwAApa3KBYcg@mail.gmail.com> <56BA95C7.8060109@isi.edu> <56BAD6CC.2030209@necom830.hpcl.titech.ac.jp> <56BBAAF7.6020903@isi.edu> <56BC9516.6050305@necom830.hpcl.titech.ac.jp> <56BCCBB4.4050909@isi.edu>
Date: Thu, 11 Feb 2016 13:19:18 -0500
X-Google-Sender-Auth: Pl3a3QGf51yYeSelFf7VamxQNSk
Message-ID: <CAMm+Lwh-2v+MVDSt8GWa98ykH9ZH49Y01d=3rTZXvgD16JKDtg@mail.gmail.com>
Subject: Re: Is Fragmentation at IP layer even needed ?
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Joe Touch <touch@isi.edu>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/bihS-IpvucRIo4KeajVITcP-Iqk>
Cc: IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2016 18:19:22 -0000

On Thu, Feb 11, 2016 at 12:58 PM, Joe Touch <touch@isi.edu> wrote:
>
>
> On 2/11/2016 6:05 AM, Masataka Ohta wrote:
>> Joe Touch wrote:
>>
>>> I repeat: nodes that encap or decap are acting as sources or sinks, not
>>> relays.
>>
>> I'm afraid firewalls are relays.
>
> A firewall that filters on L3 is a router regardless of which side you
> look at.

Using 'layers' to describe Internet architecture can be very
misleading because the Internet isn't layered according to the ISO
model and the layers don't necessarily stack up the way people expect
once tunneling is involved.

For example, if I have an SSH channel to a system (or a TLS firewall),
I have a transport layer protocol that is presenting a packet layer
interface.

So if we number the layers, we have 1, 2, 3, 4, 5, 3 [4, 5, 7].


One of the things I learned early on programming Microsoft BASIC was
to not use sequential line numbers. And I was really glad to get rid
of line numbers when I moved to machines with decent amounts of RAM.
Seems to me that the numbered layer model confuses rather than
clarifies and especially so when tunneling is being discussed.

A tunnel should be a tunnel. If you fragment at the tunnel ingress,
you should defragment at the egress. Otherwise you are simply pushing
your state maintenance requirements onto the receiving endpoint in a
way that isn't scaleable.

v2.23.0 | Report a Bug | By Email