Re: [Int-area] Discussion about Section 6.1 in draft-ietf-intarea-frag-fragile

Joe Touch <> Sat, 07 September 2019 17:35 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 66DC81200EC; Sat, 7 Sep 2019 10:35:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.219
X-Spam-Status: No, score=-1.219 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id cAwugEY1ow2D; Sat, 7 Sep 2019 10:35:45 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DD0541200C7; Sat, 7 Sep 2019 10:35:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;; s=default; h=To:References:Message-Id: Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:Sender:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=TZK9l8USKfMwJZQ7oyyPsKXlNzGNADksNNWyhrNBqzQ=; b=K+SA6alojh0bf0LeXCYRwl5/0 mmT5B9XOCY8rzLwIJsrHTXGZ7Aul7440e7xUqcIhZkXyeIrvhg52/yg7dsxDR8Wurou021eBmCjiz RQ7ogiPiGZGB5nRvzKd1zDYoVst11otL205A2GsvuuC1VQTnTcrIBZVN2i+MHQhSPb1A0EhfUXVIP ln3MXm6u9RUWG4QgKGXul8EEjZqkuEBgwj/nFL3LeSoFptkgfIKyB3ScCejwwDroVzGYayih4zr4Q Hhqu04kSVjf6xr8iBuO8qTkaF6unsklmNgjMBuL2FI3qpZqNWPwwogM4gxxPKnHy/OKhbTQXNarVE HjIGZzggg==;
Received: from ([]:59510 helo=[]) by with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from <>) id 1i6ecd-000RJ0-GR; Sat, 07 Sep 2019 13:35:43 -0400
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Joe Touch <>
In-Reply-To: <>
Date: Sat, 7 Sep 2019 10:35:37 -0700
Cc: =?utf-8?Q?Ole_Tr=C3=B8an?= <>, "" <>, IESG <>, "" <>, Suresh Krishnan <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <>
To: Bob Hinden <>
X-Mailer: Apple Mail (2.3445.9.1)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
X-Get-Message-Sender-Via: authenticated_id:
X-From-Rewrite: unmodified, already matched
Archived-At: <>
Subject: Re: [Int-area] Discussion about Section 6.1 in draft-ietf-intarea-frag-fragile
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 07 Sep 2019 17:35:48 -0000

FWIW, in general:

With all the concern not detecting when frag fails, I’d like to point out that it’s equally impossible to detect when it works, e.g., when it happens on tunnels that start more than one hop away or more than one layer of intermediate headers.

E.g, PLPMTUD turns of frag *on the connected interface*. There’s no way to disable source fragmentation that happens later in the network (as it would at tunnel ingresses) or deeper in the stack (when what you think is your interface is locally tunneled over a layer you don’t even know about).

So *all* systems that try to backoff and use smaller MTUs are actually *already* testing whether fragmentation already works in those cases. Even if your app sends a 1-byte packet you have no idea that some set of layers inflates the headers (e.g., with signatures or key exchanges) beyond the MTU somewhere.

Thus claiming that “fragmentation must be avoided at all costs” is simply not even possible anyway. That’s why it’s reasonable to bring encapsulation up. It works - even when you don’t know.


> On Sep 7, 2019, at 10:25 AM, Bob Hinden <> wrote:
> Ole,
>> On Sep 6, 2019, at 9:03 AM, Ole Troan <> wrote:
>> This document should not recommend IP in UDP in IP encapsulation to achieve end to end IP fragmentation for new applications.
> The document doesn’t say that, nor is the document recommending this.  The current text Joe and I proposed to the list was:
>  The risks of IP fragmentation can also be mitigated
>  through the use of encapsulation, e.g., by transmitting IP fragments
>  as payloads.
> If this was recommended it would have included the word “recommended” or SHOULD/MUST terminology.
> It’s only mentioning this, along with other approaches, as a possible approach for mitigating the problems.
> Bob