Re: Last Call: <draft-ietf-intarea-ipv4-id-update-05.txt> (Updated Specification of the IPv4 ID Field) to Proposed Standard

Joe Touch <touch@isi.edu> Sat, 02 June 2012 01:22 UTC

Return-Path: <touch@isi.edu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 637AD11E8094 for <ietf@ietfa.amsl.com>; Fri, 1 Jun 2012 18:22:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.576
X-Spam-Level:
X-Spam-Status: No, score=-102.576 tagged_above=-999 required=5 tests=[AWL=0.023, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4c1oTy7+3yxl for <ietf@ietfa.amsl.com>; Fri, 1 Jun 2012 18:22:44 -0700 (PDT)
Received: from darkstar.isi.edu (darkstar.isi.edu [128.9.128.127]) by ietfa.amsl.com (Postfix) with ESMTP id D3F6311E8087 for <ietf@ietf.org>; Fri, 1 Jun 2012 18:22:44 -0700 (PDT)
Received: from [128.9.160.166] (abc.isi.edu [128.9.160.166]) (authenticated bits=0) by darkstar.isi.edu (8.13.8/8.13.8) with ESMTP id q521MIqB004562 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 1 Jun 2012 18:22:18 -0700 (PDT)
Message-ID: <4FC96ACA.9040800@isi.edu>
Date: Fri, 01 Jun 2012 18:22:18 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Subject: Re: Last Call: <draft-ietf-intarea-ipv4-id-update-05.txt> (Updated Specification of the IPv4 ID Field) to Proposed Standard
References: <20120531143816.30508.66250.idtracker@ietfa.amsl.com> <Pine.LNX.4.64.1205311957420.31608@shell4.bayarea.net> <4FC9585E.6010205@necom830.hpcl.titech.ac.jp>
In-Reply-To: <4FC9585E.6010205@necom830.hpcl.titech.ac.jp>
Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Jun 2012 01:22:45 -0000

On 6/1/2012 5:03 PM, Masataka Ohta wrote:
> C. M. Heard wrote:
> 
>> My one reservation is that I do not think it is strictly necessary
>> to ban re-use of the IPv4 ID value in retransmitted non-atomic IPv4
>> datagrams.
> 
> Do you mean
> 
>   >>  Sources of non-atomic IPv4 datagrams MUST rate-limit their output
>     to comply with the ID uniqueness requirements.
> 
> is too strict?
> 
> If so, I agree with you.
> 
>> On the other hand, the evidence available to me suggests
>> that existing implementations overwhelmingly comply with this ban
>> anyway, so it does not seem to do any harm.
> 
> I think most NAT boxes do not care ID uniqueness.
> 
> But, it is a lot worse than that.
> 
> Existing routers, which was relying on ID uniqueness of atomic
> packets, are now broken when they fragment the atomic packets.
> 
> So, the requirement may be:
> 
>   >>  Sources of non-atomic IPv4 datagrams SHOULD rate-limit their output
>     to comply with the ID uniqueness requirements.
> 
> or:
> 
>   >>  Sources of non-atomic IPv4 datagrams is encouraged to rate-limit
> their output
>     to comply with the ID uniqueness requirements.

The recommendation in this doc - that such sources MUST rate-limit - is
to comply with the ID uniqueness requirements already in RFC791 that
this doc does not deprecate - e.g., its use to support fragmentation.
It's not that they SHOULD do this in order to comply; if they don't,
they're not in compliance.

We all recognize that there are plenty of non-compliant NAT boxes
(actually, I'd be surprised if there were any compliant ones). Declaring
that non-compliance acceptable is not the purpose of this document.

> In addition, I have one question:
> 
>   Is there some document provided to obsolete the following:
> 
>     The IPv6 fragment header is present
> 
>     when the source has received
>     a "packet too big" ICMPv6 error message when the path cannot support
>     the required minimum 1280-byte IPv6 MTU and is thus subject to
>     translation
> 
>   which is meaningless from the beginning, because length of
>   IPv6 ID is 32 bit, from which it is impossible to generate
>   unique IPv4 ID.

None of which I am aware.

> and one comment:
> 
>   As expired IDs are referenced, may I suggest to add
> 
>     draft-ohta-e2e-nat-00.txt
> 
>   along with [Bo11] and [De11].

The current references - although currently expired - are under current
discussion in INTAREA, and updated versions are expected to be posted by
the time this document is published.

This document is not intended to provide a complete history of A+P
approaches, which would take more than adding a single long expired
reference.

Joe