Re: [Int-area] I-D Action: draft-ietf-intarea-tunnels-05.txt

Joe Touch <touch@isi.edu> Wed, 03 May 2017 20:40 UTC

Return-Path: <touch@isi.edu>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9199129B4C for <int-area@ietfa.amsl.com>; Wed, 3 May 2017 13:40:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2_reehbcnToh for <int-area@ietfa.amsl.com>; Wed, 3 May 2017 13:40:49 -0700 (PDT)
Received: from nitro.isi.edu (nitro.isi.edu [128.9.208.207]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B5CD129C62 for <int-area@ietf.org>; Wed, 3 May 2017 13:38:44 -0700 (PDT)
Received: from [128.9.184.18] ([128.9.184.18]) (authenticated bits=0) by nitro.isi.edu (8.13.8/8.13.8) with ESMTP id v43KcQER000848 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 3 May 2017 13:38:26 -0700 (PDT)
To: "Templin, Fred L" <Fred.L.Templin@boeing.com>
Cc: "int-area@ietf.org" <int-area@ietf.org>
References: <149062888196.30638.8369941985115982808@ietfa.amsl.com> <f5ab0422-fd49-9082-147b-8312e974de7e@isi.edu> <4d2a86f4948c4dc49ab3b0729743d028@XCH15-06-08.nw.nos.boeing.com> <583e59d2-f846-6cd6-8e15-f3a0888889ac@isi.edu> <6ede932f07ca4b8ebd17f82e17eb4cf4@XCH15-06-08.nw.nos.boeing.com> <340d81c0-8af9-b353-44ec-f40c722745f5@isi.edu> <5a8c5001421e45d086107f208f08f2d2@XCH15-06-08.nw.nos.boeing.com> <03f6765b-a2c9-ae67-2aba-08c7f5e22a9c@isi.edu> <c2d3942118774ad9b302fdb7d609c053@XCH15-06-08.nw.nos.boeing.com>
From: Joe Touch <touch@isi.edu>
Message-ID: <09d9f8ab-0d2b-c1d8-d075-e0c36d4669cf@isi.edu>
Date: Wed, 3 May 2017 13:38:26 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0
MIME-Version: 1.0
In-Reply-To: <c2d3942118774ad9b302fdb7d609c053@XCH15-06-08.nw.nos.boeing.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-MailScanner-ID: v43KcQER000848
X-ISI-4-69-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/CJCuP2xoZ8CUtm3cunRyFemq2SM>
Subject: Re: [Int-area] I-D Action: draft-ietf-intarea-tunnels-05.txt
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 May 2017 20:40:51 -0000

HI, Fred,

On 5/3/2017 1:07 PM, Templin, Fred L wrote:
> Hi Joe,
>
>> -----Original Message-----
>> From: Joe Touch [mailto:touch@isi.edu]
>> Sent: Wednesday, May 03, 2017 11:47 AM
>> To: Templin, Fred L <Fred.L.Templin@boeing.com>
>> Cc: int-area@ietf.org
>> Subject: Re: [Int-area] I-D Action: draft-ietf-intarea-tunnels-05.txt
>>
>> Hi, Fred,
>>
>> Your response keeps raising the same issues that I think we agree upon:
>>
>>     - PMTUD always has the possibility of creating black holes (whether
>> in the presence of multipath or not)
>>
>>     - PLPMTUD can generate cases where the MIN isn't actually detected
>>
>> and some claims with which I disagree:
>>
>>     - that PMPMTUD probes travel different paths than the data
> I think I have already said this many times, but let me try again. The
> tunnel ingress is not the source of the transit packet; it is only the
> source of the tunnel packet. And, the ingress may have to tunnel
> a wide variety of transit packets sourced by many original sources.
> So, if ECMP somewhere within the tunnel peeks at the transit
> packet, then the packet could take a very different path within
> the tunnel than the ingress' PLPMTUD probes took. 
OK, so we have to separate things out.

PLPMTUD E2E will still work fine - or not - and isn't affected by the
presence of a tunnel per se.

The same is true for PMTUD E2E.

The issue is how the  tunnel itself figures out MTU values larger than
the required minimums for transit to the egress. There are two cases:
    - for egress reassembly, a tunnel protocol can communicate that
reassembly MTU explicitly (and the MIN taken for multipoint tunnels, as
with multicast)
    - for transit between ingress and egress, the tunnel would need to
either use PMTUD (and be susceptible to black holes) or PLPMTUD
        - if it uses PLPMTUD, then steps need to be taken to either
establish the ingress-egress as a single flow (so that ECMP would treat
it as such) or to somehow try to manage subsets of arriving flows as a
single flow
            and any such method needs to be careful to ensure that the
probe packets are not distinguishable from non-probes, or could create
false information

Would that be sufficient?
...
>
>> Those probes should be used to determine an MTU only for a
>> given flow; the potential hazards of sharing that information across
>> flows is already discussed in that RFC.
> I don't think RFC4821 does enough to take ECMP into account when it
> talks about storing and sharing discovered MTUs.
While I agree, this document is not intended to update that nor to
account for its deficiencies, so I'm not sure what to add other than as
stated above.

...
>
>> I don't yet see any explanation as to why this would be true.
>>
>> So I'm left with the following, which I propose as the way forward:
>>
>>     - the text will be clear about the potential issues for multipath
>> potentially taking a long time to converge
> It's not that it could take a long time to converge - it is that it might
> never converge if some paths of the multipath block ICMPs.
If the path can't differentiate data and probes (see above), I can't see
how they can be prevented from converging.

...
> ...
> The tunnel ingress is only the source of the tunnel packets; it is not the
> source of the transit packets. The only way for PLPMTUD to function
> properly in the presence of ECMP would be for the source of the transit
> packets to do the RFC4821 probing - not the tunnel ingress.
Agreed - the only reason the ingress would want to do PLPMTUD probing is
to increase the size of the chunks sent to the egress.

Joe