IETF Logo Mail Archive

Re: [Int-area] WGLC on draft-ietf-intarea-frag-fragile-05

Tom Herbert <tom@herbertland.com> Tue, 15 January 2019 01:44 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0034124408 for <int-area@ietfa.amsl.com>; Mon, 14 Jan 2019 17:44:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.042
X-Spam-Level:
X-Spam-Status: No, score=-2.042 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Osyei1v6Hm_C for <int-area@ietfa.amsl.com>; Mon, 14 Jan 2019 17:44:17 -0800 (PST)
Received: from mail-qt1-x82f.google.com (mail-qt1-x82f.google.com [IPv6:2607:f8b0:4864:20::82f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BAC4123FFD for <int-area@ietf.org>; Mon, 14 Jan 2019 17:44:17 -0800 (PST)
Received: by mail-qt1-x82f.google.com with SMTP id y20so1286758qtm.13 for <int-area@ietf.org>; Mon, 14 Jan 2019 17:44:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=uFglYygNcPR0S+DcnYJRFPkoMHLRAW7oMFu9glncrwM=; b=o7NsE5o8B8Q/lJEiqk6hgz1E7aFi/rxsaXga9PsHFfJygNavs1qUAxuTjIKQZR+HV/ 20ZTdhDdsnBaZvwZIZXZunFbyCTzeb6D9gQGvEPGI2BqDl6Mqkvia3nAq39LsJTkP6Ot 3DAQn6ZW4VCaa7oRSEZCMaQwT8u7R/sxU2l84U5CfzpkAxPwNYSHHhxb2QXMJLrMJ6C/ lf5cttfF3O1/JngY0h/9ShDaLi0C7NO9BKIvlcEu6VBVw4hmkxWAmq8BPUbfVQceagdC mJZG0bBJdqSxf2Gi6ycyzgyTQvdXCB04fPBzQFuBwCPHv3BA+qQTFnUH6F2hoHezGZyT sGLw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=uFglYygNcPR0S+DcnYJRFPkoMHLRAW7oMFu9glncrwM=; b=HpWgrHy6NqtQBPP3+qqT6Kb/3Cku0+QThXg22qZh0H6UXiXMj71v4tpf61OsBkZmkQ NiKB2j+wJIG2G+4+7Rslta58UpjRUeznLFeRvAzppWTLaTcx6nWmzCI6kVWFzhJMV9EL GD8JPjAf9bZ/HGBYPceTAzzv8po6WGs4o4bQF3pZBe1MAkSk5R4kJCtD2L4ZNERwUW0r IKmb8Xnq9YR5yGOPzlpjosyFk79UmIyFFpUnvC1Jpq1Rh6EBF0QexLVt4Rpk2I9D+Ale y7ETNls8xBCYA3os+Kfl7QlLUtOFj4ujO8BswWOFIsyWdqGhddIkGNxDPCtbAKUDFTLw 4xYg==
X-Gm-Message-State: AJcUukeSgpIvZgQ9U0Jj6z4psijmHypzpFbT1IJuGMxs15cX4oSjKggy MhZYsy2AcX2gbzJnYaHLCjEg/TlcvJQaeFZNSr+5ZQ==
X-Google-Smtp-Source: ALg8bN45WpT7jyvg/QrQK8Ou7UH3spOxdIP6B16knH6GW1B6qxzJIZGeGcoK8hspGZvCvVGFOfnxe1juYWATUL9QUWI=
X-Received: by 2002:a0c:b24f:: with SMTP id k15mr1141723qve.72.1547516656214; Mon, 14 Jan 2019 17:44:16 -0800 (PST)
MIME-Version: 1.0
References: <D060DC26-15C7-4D3F-A3C5-641072C75CC5@ericsson.com> <4a283194-98f5-8f38-211a-29cfbc4c9c3e@joelhalpern.com> <CALx6S36btHxs0UTjahSMXEmOgfnQMAD+xYVFam=vKvQQfvOVdQ@mail.gmail.com> <0bb095ac-4511-d3a9-31f1-7bf382bfd318@gmail.com>
In-Reply-To: <0bb095ac-4511-d3a9-31f1-7bf382bfd318@gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Mon, 14 Jan 2019 17:44:06 -0800
Message-ID: <CALx6S34g787C-FixZHTt9uDXNduQgEch7vr4qrhHcDxVANPyCg@mail.gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: "Joel M. Halpern" <jmh@joelhalpern.com>, "internet-area@ietf.org" <int-area@ietf.org>, "intarea-chairs@ietf.org" <intarea-chairs@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/0lf_Mon0DLHTsP4TI1zVajwixP8>
Subject: Re: [Int-area] WGLC on draft-ietf-intarea-frag-fragile-05
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jan 2019 01:44:21 -0000

On Mon, Jan 14, 2019 at 5:30 PM Brian E Carpenter
<brian.e.carpenter@gmail.com> wrote:
>
> On 2019-01-15 11:04, Tom Herbert wrote:
> > Hello. I have a couple of comments:
> >
> >>From the draft:
> > "Middle boxes SHOULD process IP fragments in a manner that is
> > compliant with RFC 791 and RFC 8200.  In many cases, middle boxes must
> > maintain state in order to achieve this goal."
> >
> > This requirement is confusing to me on several accounts.
>
> Me too. I think the root of the problem is the word "compliant". To
> be compliant with the IP model, middleboxes should not exist. I think
> what the text is trying to say is more like:
>
> "Middle boxes SHOULD process IP fragments in a manner that is
> consistent with RFC 791 and RFC 8200."
>
> That's a requirement for effective transparency, not for compliance.
>
> > First of all,
> > there are a lot of requirements about fragmentation in both RFC791 and
> > RFC8200, including some MUSTs. This requirement seems to be updating
> > and possibly relaxing some of those requirements, but is not specific.
> > This seems ambiguous as a normative requirement.
> >
> > Secondly, the only specified interaction between fragmentation and
> > intermediate nodes is that routers can fragment packets in IPv4. Other
> > than that, a middlebox that complies with RFC791 and RFC8200 does not
> > process or consider fragmentation of packets. Given that, it's unclear
> > to me why middle boxes would need to maintain state to be protocol
> > compliant. It's possible that the implicit exception of the
> > requirement is that middleboxes might perform "in-network reassembly"
> > or "virtual reassemlby" which would require state. If that is indeed
> > the case then the requirements for the mechanisms should be spelled
> > out.
> >
> > For stateless load balancing (described in section 4.4), the IPv6 flow
> > label obviates the need for DPI. It is sufficient to hash over the
> > three tuple <saddr, daddr, flow label> to get good load balancing. All
> > major OSes have been updated to set flow labels, and there are devices
> > that already support this. IMO, the draft should make using flow label
> > for stateless load balancing a SHOULD.
>
> Agreed, and the text would need to be a bit reorganized for that, by
> separating the v4 and v6 cases completely. Also things are rather
> different for in-transit load balancing (including ECMP and LAG) and
> server load balancing, but I don't think that changes the recommendation.
> The draft could cite RFC7098 for the server case. In RFC7098, we
> assumed that the balancer could revert to the old DPI method if the flow
> label is zero, which may lead to a fail if the packet is fragmented.
> But for in-transit load balancing of large numbers of flows, the
> {source, dest, flow_label} tuple will provide entropy even if the
> flow label is zero.

Right, if flow label is zero the algorithm just falls back to hashing
over the 2-tuple which is already what devices do today when then
can't parse the transport layer ports to get an L4 hash (e.g. for an
IPsec or GRE/IP packet).

Tom

>
>   Brian
>
> >
> > Tom
> >
> > On Mon, Jan 14, 2019 at 11:55 AM Joel M. Halpern <jmh@joelhalpern.com> wrote:
> >>
> >> I have re-read this document.  I think it is a useful document that
> >> captures that state of a complex tradeoff and makes effective
> >> recommendations. I support publishing it as a BCP.
> >>
> >> If the authors make further additions, adding a mention of ECMP as a
> >> particular case of stateless load balancers might further improve the
> >> document.
> >>
> >> Yours,
> >> Joel
> >>
> >> On 1/14/19 1:13 PM, Wassim Haddad wrote:
> >>> Dear all,
> >>>
> >>> This email starts an Int-Area WG Last Call on the latest version of "IP Fragmentation Considered Fragile” draft:
> >>>
> >>> https://tools.ietf.org/html/draft-ietf-intarea-frag-fragile-05
> >>>
> >>> Please respond to this email to support the document and/or send comments by 2019-01-28.
> >>>
> >>> Please indicate if you are personally aware of any IPR that applies to draft-ietf-intarea-frag-fragile-xx?
> >>> If so, has this IPR been disclosed in compliance with IETF IPR rules?
> >>>
> >>>
> >>> Regards,
> >>>
> >>> Juan & Wassim
> >>> _______________________________________________
> >>> Int-area mailing list
> >>> Int-area@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/int-area
> >>>
> >>
> >> _______________________________________________
> >> Int-area mailing list
> >> Int-area@ietf.org
> >> https://www.ietf.org/mailman/listinfo/int-area
> >
> > _______________________________________________
> > Int-area mailing list
> > Int-area@ietf.org
> > https://www.ietf.org/mailman/listinfo/int-area
> >
>

v2.23.0 | Report a Bug | By Email