IETF Logo Mail Archive

Re: [Int-area] Stateless devices and IP fragmentation

Ron Bonica <rbonica@juniper.net> Fri, 16 November 2018 15:02 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACCEC130ED1 for <int-area@ietfa.amsl.com>; Fri, 16 Nov 2018 07:02:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.171
X-Spam-Level:
X-Spam-Status: No, score=-1.171 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, KHOP_DYNAMIC=1.999, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kMcA9UHHHSry for <int-area@ietfa.amsl.com>; Fri, 16 Nov 2018 07:02:29 -0800 (PST)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E366128BCC for <int-area@ietf.org>; Fri, 16 Nov 2018 07:02:29 -0800 (PST)
Received: from pps.filterd (m0108158.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id wAGExPZV001033; Fri, 16 Nov 2018 07:02:26 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=PPS1017; bh=d+OtB2DdNXASf1klAMAV9SbJ26r9cskhKZaoErOJmJc=; b=shXe6Y2PP9XCEymNcdutSJflHxURW9v7klbfBFsee1fmE66fzuckqJ73rgBhRO9z7Urh taWkPZjSeEwgO+4CYNDnfnVHj48pMllWgVZtEAF4iqowcxqVcS6X07hfvmeJ8oH546wG 8J56GCxPBYSTjiQfn6ifgRmqsiBysa12o3b1K0JujSe+aZYQ/47zWvJcEV7ETE8szpVf MfqbeXfD2LpxiuJUgXb9tIiYcnE1xSuaCQ0JTsA+N6PKyfUb4W6uf5LAFuuauUBM4gl3 HYYioAguCSxvqpzxF8b+zo982EUW6rgRfbH3icUvxfS7xIkbQbNYdSrstJR1tUy1i6Vt aA==
Received: from nam05-by2-obe.outbound.protection.outlook.com (mail-by2nam05lp0241.outbound.protection.outlook.com [216.32.181.241]) by mx0a-00273201.pphosted.com with ESMTP id 2nsv1arbr7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 16 Nov 2018 07:02:26 -0800
Received: from BYAPR05MB4245.namprd05.prod.outlook.com (20.176.252.26) by BYASPR01MB0018.namprd05.prod.outlook.com (20.177.126.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1361.7; Fri, 16 Nov 2018 15:02:24 +0000
Received: from BYAPR05MB4245.namprd05.prod.outlook.com ([fe80::9dc7:1844:64f1:65b3]) by BYAPR05MB4245.namprd05.prod.outlook.com ([fe80::9dc7:1844:64f1:65b3%4]) with mapi id 15.20.1339.021; Fri, 16 Nov 2018 15:02:24 +0000
From: Ron Bonica <rbonica@juniper.net>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, Tom Herbert <tom@herbertland.com>, Joe Touch <touch@strayalpha.com>
CC: int-area <int-area@ietf.org>
Thread-Topic: [Int-area] Stateless devices and IP fragmentation
Thread-Index: AQHUdrQCgJqFJKdYjUmqbaJp1vrsN6VEgH4AgAAErICAAAr2gIAADEEAgAAGtACAAWpYgIAAAdUAgAAHuwCAAAVlgIAAAuIAgAALxACAAHTigIAAA9gAgAVFMYCAAAntAIAAAvWAgABf+ZCAADEMAIAAEdfwgAAWPACAABrRoIABfICAgAF2QYCAAAhIoIAACIkAgAAH9CCAAZNc4IAAZ0gAgAC7EqA=
Date: Fri, 16 Nov 2018 15:02:24 +0000
Message-ID: <BYAPR05MB4245C85C1CCB5E5DC7AF3287AEDD0@BYAPR05MB4245.namprd05.prod.outlook.com>
References: <CALx6S37r9yeniZcrUcdrqjDuQXYAB2AoamJTJPDVe4GNOFbbLw@mail.gmail.com> <E7F84F7C-0AB9-4BD3-8650-487DC6A51B01@employees.org> <F8A549E4-1803-4502-AAEC-DF72B7167C84@strayalpha.com> <80BCE3A0-3F44-4200-BA5D-C59409F1A51B@employees.org> <85B9F5BE-E978-4946-86B8-3138D1742659@strayalpha.com> <BYAPR05MB4245F80B69226ED92E07F740AEC10@BYAPR05MB4245.namprd05.prod.outlook.com> <CALx6S36y80VbqzJF0obuRE3enu176=-y2tXyatC6D5GAsN+8Qg@mail.gmail.com> <BYAPR05MB4245A3105639AC55D753405DAEC10@BYAPR05MB4245.namprd05.prod.outlook.com> <BYAPR05MB42459E4BE7EBC8F76BCB17FAAEC30@BYAPR05MB4245.namprd05.prod.outlook.com> <CALx6S35Htt62PTRi+Yi0YdEkj-_k6_F7fy3UD+pafaD5-Rhn7A@mail.gmail.com> <BYAPR05MB42453EF690EF271C0E5E868BAEC30@BYAPR05MB4245.namprd05.prod.outlook.com> <CALx6S36EsvBSA8Q6B2KDJFHH5GOETOa2fBt+akOX0Q2pFKDtRg@mail.gmail.com> <BYAPR05MB42450FE554E36F855FF7BCF3AEC30@BYAPR05MB4245.namprd05.prod.outlook.com> <BYAPR05MB42459E26264B24E62CBC9A8EAEDC0@BYAPR05MB4245.namprd05.prod.outlook.com> <97d780c6-a4e8-ca31-6679-bef2265a7985@gmail.com>
In-Reply-To: <97d780c6-a4e8-ca31-6679-bef2265a7985@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.0.500.58
dlp-reaction: no-action
x-originating-ip: [66.129.241.13]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BYASPR01MB0018; 6:AkgolFT4Tpr3vA965aGMDwRatho2Ri7UQ+qTCF4wy8qP0peuY1pu84Cp6i+GNTQxpaakskHroqofAiAhJr/zg96Yld6PhQuc/GTQwkvJ04syX01hQcoMVXxU6/1f6lrGgEpY6MglH7G+jwe3qWomWOEsCzTnahDcI07dBoz87+QWLFqgLaCypJQkASYBJIVqCnXGDvrCSYQM/NUUD2bhMco4Ev1yg+/54MUrWmogn/RMW26rhBH3xQsV0QXOXTosLfgMdDwzX3NkiszOp+mdxezHLIfngv1vKp/jmWITGl4e8aTN/ep5cLeWJj8N9Yu73wbe6CIXRuBBMEsY8ELEfe8qz7VGTCFoVHxIkIrU0R44mO/f7Ib7EvmbPtqhhKXaL1to1RjCjw5zPqCz2N7aTOQjFCwqBwQiGPIxRvefaoMPBG6F9l/jYwv12IiyKSL3Ke2hetVk7ceEo7CZ9nPLOw==; 5:9l0BB9PD8FT6/d7npkq9sgXZijKTLouXXEAsj1kIHa6YQUmf6dxgL8snU/C8Pl3J7r95SL+KjlJ4NszryaQNTRbJcHQ0SuIgpKQaO6/99Gre2VlIDFbJ49Ft6zVJEBYAwiAPzaPKd1rV8up8niIv7NfxpdSazSmVy20SKJucFAg=; 7:Rvu7/H4kVrMqrt4sQpA2NHd3PO+gJZL5AkDN3rOAT3iksPWDZ3p/Usimj4pQcEAGV8k2O7zhcXRLRc4pygMN58TwOAObV0DHnl6L0Z40VAAZy8oG2UFkWGcrMZVxi7vGc4lTJiPjWYbgw3P2oRbpYw==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 3aa83f48-61af-4076-6618-08d64bd48456
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390098)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:BYASPR01MB0018;
x-ms-traffictypediagnostic: BYASPR01MB0018:
x-microsoft-antispam-prvs: <BYASPR01MB0018FC3C238E0C8912F8B372AEDD0@BYASPR01MB0018.namprd05.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(3231415)(944501410)(52105112)(6055026)(148016)(149066)(150057)(6041310)(20161123558120)(20161123562045)(20161123560045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:BYASPR01MB0018; BCL:0; PCL:0; RULEID:; SRVR:BYASPR01MB0018;
x-forefront-prvs: 0858FF8026
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(136003)(366004)(376002)(396003)(346002)(189003)(199004)(13464003)(81156014)(3846002)(4001150100001)(11346002)(74316002)(446003)(106356001)(476003)(14444005)(26005)(93886005)(105586002)(86362001)(39060400002)(55016002)(305945005)(256004)(2900100001)(97736004)(186003)(486006)(53936002)(6246003)(66066001)(7736002)(99286004)(71200400001)(71190400001)(8676002)(76176011)(6436002)(25786009)(4326008)(2906002)(8936002)(68736007)(6116002)(33656002)(14454004)(7696005)(316002)(53546011)(81166006)(5660300001)(229853002)(9686003)(6506007)(478600001)(110136005)(102836004); DIR:OUT; SFP:1102; SCL:1; SRVR:BYASPR01MB0018; H:BYAPR05MB4245.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: SrbmRDRQTWPtXZz72hXb6JDK+xBDKQNahysDkyv300mDLEdaFmNPJ50PKz31tRRaA3zS55xhAe6CTQp8ptd7R/C7WJnWVahxZszzJ/gQcinpo+pRUlvn+NcRchEC8/iKQfS2Wh5oG2es2KPaAvGKaiYIjNeptennkDCB0FRp7UlNTUoTBnkAByZ52+8waGUQd2fOojFLu3nmCRtwNp8UVQGoyMvLTydCQizPXau4H1Ey99VXujHlkog1prDtYRxJAgO+C7r3ukqNNvb4eG8EbMUoj/oB7H2PWtu9O7IRw0J4EHClqtWWY4TPNi+QsTuOQOsVta76bbP/s8crWaRgqszncUO8doNyDki3AfVASLw=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 3aa83f48-61af-4076-6618-08d64bd48456
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2018 15:02:24.3971 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYASPR01MB0018
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-11-16_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1811160134
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/IccwvnkWgtfwkywV98-1HoeBG4A>
Subject: Re: [Int-area] Stateless devices and IP fragmentation
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Nov 2018 15:02:32 -0000

Hi Brian,

Fair enough. Does the following text work?

                                   Ron

7.3.  For Middle Box Developers

Middle boxes SHOULD process IP fragments in a manner that is compliant with RFC 791 and RFC 8200. In many cases, middle boxes must maintain state in order to achieve this goal.

Price and performance considerations frequently motivate network operators to deploy stateless middle boxes.  These stateless middle boxes may perform sub-optimally, process IP fragments in a manner that is not compliant with RFC 791 or RFC 8200, or even discard IP fragments completely. Providers of such middle boxes MUST document product's their behavior.

The behaviors exhibited by the above-mentioned devices are not desirable. However, one behavior may be acceptable to one network operator while another behavior is acceptable to another network operator. Middle box vendors MUST provide network operators with all of the information required to  make intelligent middle box deployment decisions.

> -----Original Message-----
> From: Brian E Carpenter <brian.e.carpenter@gmail.com>
> Sent: Thursday, November 15, 2018 10:44 PM
> To: Ron Bonica <rbonica@juniper.net>; Tom Herbert
> <tom@herbertland.com>; Joe Touch <touch@strayalpha.com>
> Cc: int-area <int-area@ietf.org>
> Subject: Re: [Int-area] Stateless devices and IP fragmentation
> 
> >  These stateless middle boxes may perform sub-optimally or process IP
> > fragments in a manner that is not compliant with RFC 791 or RFC 8200.
> 
> That seems to skirt round the real concern. Middleboxes don't exist in the
> world assumed by RFC 791 or 8200, so those RFCs don't place any compliance
> requirements on middleboxes. It's simply implicit that datagrams get delivered
> whether fragmented or not. RFC 1812 doesn't seem to mention that routers
> MUST forward fragments, presumably because it's blindingly obvious. Same
> for draft-ietf-6man-rfc6434-bis and draft-v6ops-ipv6rtr-reqs.
> 
> So at least can we say:
> 
> These stateless middle boxes may perform sub-optimally, process IP fragments
> in a manner that is not compliant with RFC 791 or RFC 8200, or even discard
> IP fragments completely.
> 
> Regards
>    Brian
> 
> On 2018-11-16 10:35, Ron Bonica wrote:
> > Tom, Joe, Brian,
> >
> > I haven't seen a response to this message. Can I assume that you are OK with
> this text?
> >
> >                                      Ron
> >
> >
> >> -----Original Message-----
> >> From: Ron Bonica
> >> Sent: Wednesday, November 14, 2018 4:35 PM
> >> To: Tom Herbert <tom@herbertland.com>
> >> Cc: int-area <int-area@ietf.org>; Joe Touch <touch@strayalpha.com>
> >> Subject: RE: [Int-area] Stateless devices and IP fragmentation
> >>
> >> Folks,
> >>
> >> We thrashing over the example. Can everybody agree to the following
> text?
> >>
> >>                                                Ron
> >>
> >> 7.3.  For Middle Box Developers
> >>
> >> Middle boxes SHOULD process IP fragments in a manner that is
> >> compliant with RFC 791 and RFC 8200. In many cases, middle boxes must
> >> maintain state in order to achieve this goal.
> >>
> >> Price and performance considerations frequently motivate network
> >> operators to deploy stateless middle boxes. These stateless middle
> >> boxes may perform sub-optimally or process IP fragments in a manner
> >> that is not compliant with RFC 791 or RFC 8200. Providers of such
> >> middle boxes MUST document product's their behavior.
> >>
> >> The behaviors exhibited by the above-mentioned devices are not desirable.
> >> However, one behavior may be acceptable to one network operator while
> >> another behavior is acceptable to another network operator. Middle
> >> box vendors MUST provide network operators with all of the
> >> information required to  make intelligent middle box deployment decisions.

v2.23.0 | Report a Bug | By Email