IETF Logo Mail Archive

Re: [Int-area] Proxy function for PTB messages on the tunnel end

Joseph Touch <touch@strayalpha.com> Tue, 23 March 2021 14:59 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3577A3A1174; Tue, 23 Mar 2021 07:59:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.399
X-Spam-Level: *
X-Spam-Status: No, score=1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HAS_X_OUTGOING_SPAM_STAT=2.517, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P6i0Iy9DysMv; Tue, 23 Mar 2021 07:59:16 -0700 (PDT)
Received: from server217-4.web-hosting.com (server217-4.web-hosting.com [198.54.116.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18B263A1191; Tue, 23 Mar 2021 07:59:16 -0700 (PDT)
Received: from cpe-172-250-225-198.socal.res.rr.com ([172.250.225.198]:64901 helo=[192.168.1.14]) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94) (envelope-from <touch@strayalpha.com>) id 1lOiUu-001tix-DC; Tue, 23 Mar 2021 10:59:13 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_9CCB3DD4-7E0D-43EF-B277-23C12C4932D0"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
From: Joseph Touch <touch@strayalpha.com>
In-Reply-To: <eb63d427f4d34e44908ccee2c2d14073@huawei.com>
Date: Tue, 23 Mar 2021 07:59:07 -0700
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, int-area <int-area@ietf.org>
Message-Id: <F158C443-6E73-4FC6-ADCA-6D28EE8F0A30@strayalpha.com>
References: <0b61deabe8f3420eba1b5794b024e914@huawei.com> <A063E98C-0D6C-49B2-B871-E2B39A097FD5@strayalpha.com> <37059faadd6e441cb98f6ec7e01ecef9@huawei.com> <9D23C833-46C5-4B93-A204-D2D4F54689DF@strayalpha.com> <1e6ecd3b468d4255bda65d519190135d@huawei.com> <3B48413C-A47D-4F3F-B9E4-7ED4D33AA66B@strayalpha.com> <22bb7bf129694ccfbbad441d8d22e05c@huawei.com> <A5F62B47-DBA3-457D-89CD-D570EA2EA886@strayalpha.com> <eb63d427f4d34e44908ccee2c2d14073@huawei.com>
To: Vasilenko Eduard <vasilenko.eduard@huawei.com>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/NRCvKS__8Pi5HvbqY-guIr6JZek>
Subject: Re: [Int-area] Proxy function for PTB messages on the tunnel end
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Mar 2021 14:59:20 -0000


> On Mar 23, 2021, at 2:18 AM, Vasilenko Eduard <vasilenko.eduard@huawei.com> wrote:
> 
> Hi Joseph,
> I still do not understand why you believe that any tunnel has a second MTU restriction now.

All tunnels - like all links, have both:
	- a largest message that can traverse the internal hops of that link
	- a largest message that can be reassembled at the egress of that link

These are generally referred to as “path MTU” and “EMTU_R” for IP.

> The rest of your logic is based on this assumption that I do understand how you come to it. But the rest does not make sense to discuss if the initial assumption is not right.
> 1.       It could not be the case for tunneling that does not support fragmentation (L2TPv3, MPLS, VxLAN). Fragmentation buffer is just not needed in principle. Second restriction is not needed in principle.

That’s just the case where pathMTU == EMTU_R.

That means the EMTU_R is not needed *in practice*, but in principle it still exists.

> 2.       Reassembly buffer is needed for tunneling that does support fragmentation (NVO3, IPv6 GRE). But under no circumstances it should have any relationship to EMTU_R developed for TCP stack on the host. Vendors have chosen this fragmentation buffer always much bigger than maximum MTU for not to have another reason for fragmentation.

EMTU_R is the IP reassembly buffer, as defined in RFC1122; it is not developed for TCP.

Vendors (and protocol designers) set EMTU_R > pathMTU so that fragmentation allows recursive tunneling (IPv4-in-IPv4, IPv6-in-IPv6). If they are equal, then you can never have direct recursive tunneling (you need a shim layer that creates a separate tunnel with fragmentation and reassembly).

For IPv4, min EMTU_R is 576 and min pathMTU is 68.
For IPv6, min EMTU_R is 1500 and min pathMTU is 1500.

These are different for a reason.

> That’s it – no second MTU restriction to pay attention to. It is the reason why this is not documented in any vendor’s documentation: no problem – no need to document.

RFC791 and RFC 2460 (and 8200) all define these.

> But you have assumed that vendors did always have fragmentation buffer with limited size related to EMTU_R. It is just not the case. Data Plane has no TCP stack to inherit TCP restrictions.

EMTU_R is the end-of-path reassembly. Vendors all implement this for packets terminating at routers. Vendors should (MUST) also implement this for tunnels that egress at the router; some do, some have an *implementation error* if they do not.

> Again: the current standards and implementations have only 1 MTU restriction per tunnel.

Any tunnel where pathMTU == EMTU_R cannot be used to tunnel over itself. That is a standards and implementation flaw, not a feature.

> It does permit to inform the host about oversized packets (by PTB).

PTB means only “I *cannot* deliver packets this big”, not “if you send me packets that are smaller, I won’t have to fragment them over tunnels. If you can fragment over tunnels, you CAN deliver packets that big and sending PTB would be incorrect.

> draft-ietf-intarea-tunnels proposes new solutions with 2 MTU restrictions per tunnel (small/restricted reassembly buffer size and MTU on the tunnel path) that pushes for fragmentation between these restrictions.

Draft-tunnels describes what already exists, in terms that allow us to have conversations about these properties.

It describes how current ICMP messages are insufficient to support your tunneling concerns. 

Joe

v2.23.0 | Report a Bug | By Email