IETF Logo Mail Archive

Re: [Int-area] I-D Action: draft-ietf-intarea-frag-fragile-00.txt

Joe Touch <touch@strayalpha.com> Thu, 16 August 2018 13:58 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D6AC126BED for <int-area@ietfa.amsl.com>; Thu, 16 Aug 2018 06:58:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level:
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8uFv0jyyWcfq for <int-area@ietfa.amsl.com>; Thu, 16 Aug 2018 06:58:30 -0700 (PDT)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BCAA120049 for <int-area@ietf.org>; Thu, 16 Aug 2018 06:58:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=usuVoUiipuC5NvxkeHxkPnCN1FlkfZthxl+NiUmXTIs=; b=kNrz9z1pnsvD+XDA0I1rQEDhs 3iIlFg9343C+vvxAvZY/HXVoIDeO28v5tczBK6gb7xMK95xOB+1XXUcfzffJ2FKmrweo4FGIg3dqT y7vtqsFSTqXMuolXP/xHpcOBZVYZZ3H7E+Z9c14xDuJe0o/H+t3hTIOcxX9BvNM1MS2f7FLhA8mba QPuhMcVse5HNrTCSeuDW/eILwr0w8S9Dd+kXUhF+DiiEgi5mjyBT4YfjW8adTYF9tmcBCGIul+3Kt l+IMoM8zg3z7q1+aTAhN4jLVHsNCk6ezmyvwLd6/kgBYYyXcmlcthHSt9ClTiSK++Afji9n0bq3yQ imzHOVGfQ==;
Received: from cpe-172-250-240-132.socal.res.rr.com ([172.250.240.132]:50130 helo=[192.168.1.77]) by server217.web-hosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from <touch@strayalpha.com>) id 1fqInC-0009dj-Qe; Thu, 16 Aug 2018 09:58:29 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_FD597AEC-171C-4762-92BC-1CD3876C86BB"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Joe Touch <touch@strayalpha.com>
In-Reply-To: <66DE41F9-32D7-45F2-AADB-37DD19A5F5A5@employees.org>
Date: Thu, 16 Aug 2018 06:58:25 -0700
Cc: Mikael Abrahamsson <swmike@swm.pp.se>, int-area@ietf.org
Message-Id: <F15BBC81-F3BF-4762-B27E-61A418EA8356@strayalpha.com>
References: <153434872145.14477.17942361917248825531@ietfa.amsl.com> <2c82b61e-8017-742e-764b-559f2ec4bd37@gmail.com> <alpine.DEB.2.20.1808160735400.19688@uplift.swm.pp.se> <AE241D6E-2379-4EFB-802C-BFBC840273E7@employees.org> <2BB8A510-DEA7-4543-9FF4-6D82D5ADBA53@strayalpha.com> <66DE41F9-32D7-45F2-AADB-37DD19A5F5A5@employees.org>
To: Ole Troan <otroan@employees.org>
X-Mailer: Apple Mail (2.3445.9.1)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/9i8TrH_HKrwV1aHYz4OjSqVNvL0>
Subject: Re: [Int-area] I-D Action: draft-ietf-intarea-frag-fragile-00.txt
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Aug 2018 13:58:32 -0000


> On Aug 16, 2018, at 5:47 AM, Ole Troan <otroan@employees.org> wrote:
> 
> Joe,
> 
>>> IPv4 fragments do have a higher drop probability than other packets. Just from the fact that multiple end-users are sharing a 16 bit identifier space.
>> 
>> It’s really the fact that NATs that process fragments don’t reassemble before translating and/or don’t rate limit fragments they generate as already required by 791 (as explained in 6884).
> 
> That’s incorrect.
> See https://tools.ietf.org/html/rfc7597#section-8.3.3 <https://tools.ietf.org/html/rfc7597#section-8.3.3>

You should re-read that RFC. It correctly points out that this is a flaw in current devices. 

There is a solution - reassemble before NATing, and when issuing the new packets, issue then with IDs generated at the NAT.

The correct behavior is already indicated in RFC 6864, Sec 5.3.1

> 
>> A NAT that is broken isn’t helping users share addresses. It’s just broken.
> 
> I wish it was that simple.

It’s not simple, but saying that “fragmentation is broken” does not make it more simple either.

Joe

v2.23.0 | Report a Bug | By Email