Re: Is Fragmentation at IP layer even needed ?
Joe Touch <touch@isi.edu> Fri, 12 February 2016 19:21 UTC
Return-Path: <touch@isi.edu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6A231A88E2 for <ietf@ietfa.amsl.com>; Fri, 12 Feb 2016 11:21:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hEaFS1K7xSkG for <ietf@ietfa.amsl.com>; Fri, 12 Feb 2016 11:21:07 -0800 (PST)
Received: from nitro.isi.edu (nitro.isi.edu [128.9.208.207]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 415361A88D9 for <ietf@ietf.org>; Fri, 12 Feb 2016 11:21:07 -0800 (PST)
Received: from [128.9.184.137] ([128.9.184.137]) (authenticated bits=0) by nitro.isi.edu (8.13.8/8.13.8) with ESMTP id u1CJKoOI000393 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 12 Feb 2016 11:20:50 -0800 (PST)
From: Joe Touch <touch@isi.edu>
Subject: Re: Is Fragmentation at IP layer even needed ?
To: Warren Kumari <warren@kumari.net>, Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>, ietf@ietf.org
References: <CAOJ6w=EvzE3dM4Y2mFFR=9YyPBdmFu_jkF4-42LjkdbRd3yz_w@mail.gmail.com> <BLUPR05MB1985F5F2BB3118362C67B921AED50@BLUPR05MB1985.namprd05.prod.outlook.com> <20160208200943.A615941B5B96@rock.dv.isc.org> <CAMm+LwgLoYpQ1TNOTOuJzh+cu+GyRBf9=y_K7K35boQ9WcZKjA@mail.gmail.com> <56B92A96.9050200@si6networks.com> <CAMm+LwifTXvVd1mPZOfcOOR03Fnj-82H9aDVS01=wGezePtnXw@mail.gmail.com> <56BA4BC7.1010002@isi.edu> <CAMm+Lwi-n=be4AWGibs+Zq9egYw5pSDmPGb-4P0LDEcX1E6osA@mail.gmail.com> <56BA68CE.7090304@isi.edu> <CAMm+LwiM2sFUeejgJZe650UQbVHrh7EHrEF2omvPrZJPodgJLA@mail.gmail.com> <56BA739D.7060309@isi.edu> <CAMm+Lwij1dOkK0b2ZnJiPMtba=wc823WgYjqw0iwAApa3KBYcg@mail.gmail.com> <56BA95C7.8060109@isi.edu> <56BAD6CC.2030209@necom830.hpcl.titech.ac.jp> <56BBAAF7.6020903@isi.edu> <56BC9516.6050305@necom830.hpcl.titech.ac.jp> <56BCCBB4.4050909@isi.edu> <56BCF514.6040401@necom830.hpcl.titech.ac.jp> <56BE23F0.4090403@isi.edu> <CAHw9_i+gjL=Wq8M8y3aiu9gqLPnzVD_jG-zct7ZMDvWm=Umb7w@mail.gmail.com>
Message-ID: <56BE3090.8080503@isi.edu>
Date: Fri, 12 Feb 2016 11:20:48 -0800
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <CAHw9_i+gjL=Wq8M8y3aiu9gqLPnzVD_jG-zct7ZMDvWm=Umb7w@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-MailScanner-ID: u1CJKoOI000393
X-ISI-4-69-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/j64MiPsKiYAjx8htBURAD4QSBFk>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Feb 2016 19:21:08 -0000
On 2/12/2016 11:10 AM, Warren Kumari wrote: > > > On Fri, Feb 12, 2016 at 1:27 PM Joe Touch <touch@isi.edu > <mailto:touch@isi.edu>> wrote: ... > Routers shouldn't reassemble, but then routers aren't supposed to look > beyond L3. You cannot have it both ways. > > You keep saying that.... and then a bunch of operators say "Yeah, but I > have an actual network to run, and I need to look beyond L3 because my > customers want me to mitigate their DoS, I want to filter on L4 before > handing data to internal services, and I use ECMP and need L4 because I > cannot rely on flow labels". Operators who don't want to pay for the devices that will actually do the work involved to support the filtering model they want to employ. This is a lot like selling empty boxes of cereal - because I need to sell boxes of cereal, and the cost of the food is getting in the way. > Once you inspect L4, you *are* acting as a host. > > So, this entire thread (which has reminded me why I stopped > participating in v6ops) is just a terminology issue? ;-) It's about what level of work you should be expected to expend to produce a desired behavior. Ultimately, it's about the conceptual Internet architecture. ... > As Mark pointed out, you don't need to strictly reassemble (i.e., to > emit a corresponding reassembled packet). You just need to reassemble > the information. > > Which requires keeping state, yes? This is not realistic in modern large > network devices. Translation: finding a place to keep all that cereal isn't realistic when what I really want to do is make money. Sorry - ante up. If you want to have the benefit of acting like a host, you need to do the work of a host. And note that some commercial devices do already support this sort of state, so it's not theoretical. > Saying "vendors should jolly well do a better job and redesign their > gear so that it can, and operators should simply pay whatever the cost > is... oh, and redesign their networks for flow consistency, because > *that's what the specifications require*" is likely to continue having > people say "Yeah, sure, whatever. But I've got a real network to run...." There are real profits to be made. All that cereal is getting in the way. It's a lot more profitable to sell empty boxes. The real issue here is the lack of compliance testing and certification. If we had that, vendors wouldn't be able to sell boxes that didn't comply with requirements and operators wouldn't be able to make promises they can't keep. ... > Again, the model leads you to the correct conclusions. > > ... and yet we see lots of evidence that fragments (and EH) have issues > in real world testing. What we see is operator and vendor greed being incompatible with Internet architecture. We need to push back on *that*, not water down our definition of the Internet to support their current business model. Joe
- Re: Is Fragmentation at IP layer even needed ? John Levine
- Re: Is Fragmentation at IP layer even needed ? Yoav Nir
- Re: Is Fragmentation at IP layer even needed ? Alexey Eromenko
- Re: Is Fragmentation at IP layer even needed ? Yoav Nir
- Is Fragmentation at IP layer even needed ? Alexey Eromenko
- RE: Is Fragmentation at IP layer even needed ? Templin, Fred L
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Alexey Eromenko
- Re: Is Fragmentation at IP layer even needed ? David Borman
- RE: Is Fragmentation at IP layer even needed ? Ronald Bonica
- Re: Is Fragmentation at IP layer even needed ? Warren Kumari
- Re: Is Fragmentation at IP layer even needed ? David Borman
- Re: Is Fragmentation at IP layer even needed ? Mark Andrews
- Re: Is Fragmentation at IP layer even needed ? Mark Andrews
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- RE: Is Fragmentation at IP layer even needed ? Ronald Bonica
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Carsten Bormann
- Re: Is Fragmentation at IP layer even needed ? Joel M. Halpern
- Re: Is Fragmentation at IP layer even needed ? Theodore V Faber
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Ted Hardie
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? Warren Kumari
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Yoav Nir
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Harald Alvestrand
- Re: Is Fragmentation at IP layer even needed ? Tony Finch
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Warren Kumari
- Re: Is Fragmentation at IP layer even needed ? Harald Alvestrand
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Doug Royer
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Not EUI-64 [was Re: Is Fragmentation at IP layer … Brian E Carpenter
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? joel jaeggli
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Fernando Gont
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- RE: Is Fragmentation at IP layer even needed ? Templin, Fred L
- Re: Is Fragmentation at IP layer even needed ? Alexey Eromenko
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- RE: Is Fragmentation at IP layer even needed ? Templin, Fred L
- Re: Is Fragmentation at IP layer even needed ? Phillip Hallam-Baker
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Mark Andrews
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Mark Andrews
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Warren Kumari
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Joe Touch
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Brian E Carpenter
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Masataka Ohta
- Re: Is Fragmentation at IP layer even needed ? Mark Andrews