Re: [Int-area] Alissa Cooper's No Objection on draft-ietf-intarea-frag-fragile-16: (with COMMENT)

"Templin (US), Fred L" <> Wed, 04 September 2019 15:27 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 64BA1120123; Wed, 4 Sep 2019 08:27:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5nFWWYIiBpus; Wed, 4 Sep 2019 08:27:14 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 230C912016E; Wed, 4 Sep 2019 08:27:03 -0700 (PDT)
Received: from localhost (localhost []) by (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id x84FR00W031226; Wed, 4 Sep 2019 11:27:00 -0400
Received: from ( []) by (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id x84FQshV030998 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL); Wed, 4 Sep 2019 11:26:54 -0400
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1713.5; Wed, 4 Sep 2019 08:26:53 -0700
Received: from ([fe80::1522:f068:5766:53b5]) by ([fe80::1522:f068:5766:53b5%2]) with mapi id 15.01.1713.004; Wed, 4 Sep 2019 08:26:53 -0700
From: "Templin (US), Fred L" <>
To: Ole Troan <>
CC: Bob Hinden <>, Tom Herbert <>, "Joel Halpern" <>, "" <>, "" <>
Thread-Topic: [Int-area] Alissa Cooper's No Objection on draft-ietf-intarea-frag-fragile-16: (with COMMENT)
Thread-Index: AQHVYleCBj1oQLuY7U2rnGqsdj7a9acaci8A//+QwwCAAJHEgP//wU8wgAAZmpyAAAHqEIAAel8AgACZknCAAIekAP//kwhQ
Date: Wed, 4 Sep 2019 15:26:53 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
x-tm-snts-smtp: 3FD7D178AE63B3F9D74ACEBD493D0C5C73966CE9D0213C47B3B7D48648551C012000:8
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [Int-area] Alissa Cooper's No Objection on draft-ietf-intarea-frag-fragile-16: (with COMMENT)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 04 Sep 2019 15:27:17 -0000

Hi Ole,

> -----Original Message-----
> From: Ole Troan []
> Sent: Wednesday, September 04, 2019 7:37 AM
> To: Templin (US), Fred L <>
> Cc: Bob Hinden <>om>; Tom Herbert <>om>; Joel Halpern <>om>; draft-
> Subject: Re: [Int-area] Alissa Cooper's No Objection on draft-ietf-intarea-frag-fragile-16: (with COMMENT)
> Fred,
> I removed the IESG from this list, as we seem to have drifted into a more general fragmentation discussion as opposed to discussing
> the exact changes to this draft.
> >>>> Why is that more useful than what is in 3.5? If it’s not making a recommendation, why call this out in the introduction.  There are
> lot
> >> of
> >>>> other things it doesn’t make recommendations about that aren’t in the Introduction either.
> >>>
> >>> Because it sets a more appropriate tone and lets the reader know from the onset that
> >>> fragmentation and encapsulation go hand in hand. And tunnel fragmentation avoids the
> >>> issues raised by others in this thread.
> >>
> >> While inner fragmentation ensures the fragment will reach the tunnel tail end, a tunnel endpoint will typically not reassemble that
> >> fragment, so will generate fragments after the tunnel hop.
> >> Inner fragmentation is only available on IPv4.
> >
> > Not true. For IPv6 packets, simply insert a GUE header or an RFC2473 header and
> > fragment on that. The fragments will be reassembled by the tunnel tail end, then
> > passed to the next hop as a whole IPv6 packet. The fragmentation footprint is
> > therefore the same as the tunnel footprint.
> Is that not the exact definition of outer fragmentation?

No. I am talking about outer header (OH) followed by tunnel header (TH) followed
by inner packet (IP). Recipe:

  1) wrap the IP in a TH to create a tunnel packet (TP)
  2) fragment the TP
  3) encapsulate each tunnel fragment in an independent OH
  4) send each outer packet (OP). These will look like ordinary
       unfragmented IP packets, but will contain a tunnel fragment

> >> Outer fragmentation will look like any other fragmented packet,
> >
> > I am not talking about outer fragmentation.
> Ehm?


> >> albeit that the tunnel tail now has to reassemble. At speeds typically
> >> much higher than a typical end host.
> >
> > Using iperf3, I can show fragmentation and reassembly at near line-rate on 10Gbps
> > Ethernet gear. That seems pretty good to me. Which shows that implementers
> > have taken IP fragmentation seriously and put in the hard work necessary to
> > optimize the performance.
> On what hardware?

Nothing special. I get good performance even in network emulations where the
(virtual) links do not have a maximum bandwidth restriction.

> 10G is not at all very much, and given fragmentation you have large packets anyway.
> You need to compare the forwarding performance unfragmented versus fragmented.
> Then impact of out of order fragments. Fragment chains that don't reassemble, etc etc.
> Proving that it performs (or not as I would claim) does require quite a bit of work.

I have shown applications that get better performance by sending fragmented
large IP packets than by sending unfragmented small IP packets.

> >> Tunnels within a controlled domain may use fragmentation, although it still will have problems.
> >> Which is why you see most tunnel specifications for controlled domains, state that the network MTU must be "well managed".
> >
> > We should be able to tunnel within any domain, be it controlled or over the open Internet.
> > Inner fragmentation (with nested encapsulation if necessary) accomplishes that.
> Sure, you can just slap a UDP header in between. It still be outer fragmentation, but you have hidden it from the intermediate
> network.
> Then you might as well invent your own shim tunnel fragment header, and we could deprecate the IPv6 one. (slight smiley on that
> idea:)

To make it clearer, I should be calling it tunnel fragmentation (not inner
fragmentation) - but it is clearly not outer fragmentation. All the network
sees are whole (outer) IP packets with no indication that a tunnel fragment
is being carried inside.


> Cheers,
> Ole