Re: Is Fragmentation at IP layer even needed ?
Phillip Hallam-Baker <phill@hallambaker.com> Thu, 11 February 2016 18:19 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB1031B38B3 for <ietf@ietfa.amsl.com>; Thu, 11 Feb 2016 10:19:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UFMsGF8NsMIH for <ietf@ietfa.amsl.com>; Thu, 11 Feb 2016 10:19:20 -0800 (PST)
Received: from mail-lb0-x236.google.com (mail-lb0-x236.google.com [IPv6:2a00:1450:4010:c04::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 764491B38B1 for <ietf@ietf.org>; Thu, 11 Feb 2016 10:19:20 -0800 (PST)
Received: by mail-lb0-x236.google.com with SMTP id cw1so32635915lbb.1 for <ietf@ietf.org>; Thu, 11 Feb 2016 10:19:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=wFaWofzFEiQpDikNFb+QGJuPLbROrM+b5ysKyGmCs2A=; b=iSEkHfkz84K7PwQs1XSipnPmU+ahtDWlDDVjjy9jFD8IDPMwccTX9bHOtu5fM3g9YW T58VAi2SbYD60SfOnEoCctXBMslMp2Il4waC1IT4HJYLGKWINWLePJdt2eYsk8Kn9/xj slvabxOx08UTLTbSmuewEeq26oyn8nSNJVyNti2G887tixnPbs91KipXPZ10OpCOTO3b XHo7VmveZW/GgwKwkSCN8utcHRy6qEAmLp/NquHRi3EwRICb2xGvvsw2u5s8LvtOPQEf BWBCV4u4P44e7aviWSS7VdLaUIedA2eSEppLiqFNDfp3/XZhRiuFCncJqUyujfm007cL 3c6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=wFaWofzFEiQpDikNFb+QGJuPLbROrM+b5ysKyGmCs2A=; b=WUSr9d7hP1TZmhgio9Bg3l4ZQokUliWIT85RI0p3cG5w2KviylJFuj7+IG8BRQVCY6 +u2T1040jxLx49Tp75WMc4AeTZfVAZauv+ckn1Tp2WnmOrMSSf9q1+T4o882BrmhIdbA WXcQ3F+0LBSA4Si1Zo4Dtbs92oYF9FL2zYgcwk2f22o5mkyksIgugyiw+0olPh2VXxca G6H9wfRbtttBphF5jH+PlahSBbTopaKXLgon6d04jQhChN89mgFOSTGDWTI6jwhkcNoB /XFOoVxgSF1Icxs6YuZVqTlCb1o1PJ+aS013MqIGgYm6WIIokxLb9T29jzgFN072Ksb1 MCzw==
X-Gm-Message-State: AG10YOQf8hD/95X1QU633RnEhJvM5H6n+7wPc5cnHxSRNXNRCiiTF8n6U6wfbv8il4yO0Fu682bsoMNm5lEY+A==
MIME-Version: 1.0
X-Received: by 10.112.166.100 with SMTP id zf4mr19214951lbb.58.1455214758521; Thu, 11 Feb 2016 10:19:18 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.49.80 with HTTP; Thu, 11 Feb 2016 10:19:18 -0800 (PST)
In-Reply-To: <56BCCBB4.4050909@isi.edu>
References: <CAOJ6w=EvzE3dM4Y2mFFR=9YyPBdmFu_jkF4-42LjkdbRd3yz_w@mail.gmail.com> <BLUPR05MB1985F5F2BB3118362C67B921AED50@BLUPR05MB1985.namprd05.prod.outlook.com> <20160208200943.A615941B5B96@rock.dv.isc.org> <CAMm+LwgLoYpQ1TNOTOuJzh+cu+GyRBf9=y_K7K35boQ9WcZKjA@mail.gmail.com> <56B92A96.9050200@si6networks.com> <CAMm+LwifTXvVd1mPZOfcOOR03Fnj-82H9aDVS01=wGezePtnXw@mail.gmail.com> <56BA4BC7.1010002@isi.edu> <CAMm+Lwi-n=be4AWGibs+Zq9egYw5pSDmPGb-4P0LDEcX1E6osA@mail.gmail.com> <56BA68CE.7090304@isi.edu> <CAMm+LwiM2sFUeejgJZe650UQbVHrh7EHrEF2omvPrZJPodgJLA@mail.gmail.com> <56BA739D.7060309@isi.edu> <CAMm+Lwij1dOkK0b2ZnJiPMtba=wc823WgYjqw0iwAApa3KBYcg@mail.gmail.com> <56BA95C7.8060109@isi.edu> <56BAD6CC.2030209@necom830.hpcl.titech.ac.jp> <56BBAAF7.6020903@isi.edu> <56BC9516.6050305@necom830.hpcl.titech.ac.jp> <56BCCBB4.4050909@isi.edu>
Date: Thu, 11 Feb 2016 13:19:18 -0500
X-Google-Sender-Auth: Pl3a3QGf51yYeSelFf7VamxQNSk
Message-ID: <CAMm+Lwh-2v+MVDSt8GWa98ykH9ZH49Y01d=3rTZXvgD16JKDtg@mail.gmail.com>
Subject: Re: Is Fragmentation at IP layer even needed ?
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Joe Touch <touch@isi.edu>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/bihS-IpvucRIo4KeajVITcP-Iqk>
Cc: IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2016 18:19:22 -0000
On Thu, Feb 11, 2016 at 12:58 PM, Joe Touch <touch@isi.edu> wrote: > > > On 2/11/2016 6:05 AM, Masataka Ohta wrote: >> Joe Touch wrote: >> >>> I repeat: nodes that encap or decap are acting as sources or sinks, not >>> relays. >> >> I'm afraid firewalls are relays. > > A firewall that filters on L3 is a router regardless of which side you > look at. Using 'layers' to describe Internet architecture can be very misleading because the Internet isn't layered according to the ISO model and the layers don't necessarily stack up the way people expect once tunneling is involved. For example, if I have an SSH channel to a system (or a TLS firewall), I have a transport layer protocol that is presenting a packet layer interface. So if we number the layers, we have 1, 2, 3, 4, 5, 3 [4, 5, 7]. One of the things I learned early on programming Microsoft BASIC was to not use sequential line numbers. And I was really glad to get rid of line numbers when I moved to machines with decent amounts of RAM. Seems to me that the numbered layer model confuses rather than clarifies and especially so when tunneling is being discussed. A tunnel should be a tunnel. If you fragment at the tunnel ingress, you should defragment at the egress. Otherwise you are simply pushing your state maintenance requirements onto the receiving endpoint in a way that isn't scaleable.
- Re: Is Fragmentation at IP layer even needed ? John Levine
- Re: Is Fragmentation at IP layer even needed ? Yoav Nir
- Re: Is Fragmentation at IP layer even needed ? Alexey Eromenko
- Re: Is Fragmentation at IP layer even needed ? Yoav Nir
- Is Fragmentation at IP layer even needed ? Alexey Eromenko
- RE: Is Fragmentation at IP layer even needed ? Templin, Fred L
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Alexey Eromenko
- Re: Is Fragmentation at IP layer even needed ? David Borman
- RE: Is Fragmentation at IP layer even needed ? Ronald Bonica
- Re: Is Fragmentation at IP layer even needed ? Warren Kumari
- Re: Is Fragmentation at IP layer even needed ? David Borman
- Re: Is Fragmentation at IP layer even needed ? Mark Andrews
- Re: Is Fragmentation at IP layer even needed ? Mark Andrews
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- RE: Is Fragmentation at IP layer even needed ? Ronald Bonica
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Carsten Bormann
- Re: Is Fragmentation at IP layer even needed ? Joel M. Halpern
- Re: Is Fragmentation at IP layer even needed ? Theodore V Faber
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Ted Hardie
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? Warren Kumari
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Yoav Nir
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Harald Alvestrand
- Re: Is Fragmentation at IP layer even needed ? Tony Finch
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Warren Kumari
- Re: Is Fragmentation at IP layer even needed ? Harald Alvestrand
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Doug Royer
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Not EUI-64 [was Re: Is Fragmentation at IP layer … Brian E Carpenter
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? joel jaeggli
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- RE: Is Fragmentation at IP layer even needed ? Templin, Fred L
- Re: Is Fragmentation at IP layer even needed ? Alexey Eromenko
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- RE: Is Fragmentation at IP layer even needed ? Templin, Fred L
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Mark Andrews
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Mark Andrews
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Warren Kumari
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Brian E Carpenter
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Mark Andrews