[Int-area] WGLC on draft-ietf-intarea-frag-fragile-05 (Tom Herbert)
Ron Bonica <rbonica@juniper.net> Wed, 16 January 2019 02:16 UTC
Return-Path: <rbonica@juniper.net>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3875112785F for <int-area@ietfa.amsl.com>; Tue, 15 Jan 2019 18:16:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.254
X-Spam-Level:
X-Spam-Status: No, score=-5.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, KHOP_DYNAMIC=2, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1nwqsVR2oD2n for <int-area@ietfa.amsl.com>; Tue, 15 Jan 2019 18:16:50 -0800 (PST)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 353771200D7 for <int-area@ietf.org>; Tue, 15 Jan 2019 18:16:50 -0800 (PST)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x0G2DvY4003601 for <int-area@ietf.org>; Tue, 15 Jan 2019 18:16:49 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : subject : date : message-id : content-type : content-transfer-encoding : mime-version; s=PPS1017; bh=OqA2ihlgz4K6d0CxUL+Ch14M8YsOekMGWyGjHv5qfDI=; b=JiCzzgqibUhk0KWYttMdq09RcUW2zPGhKVPpzJjI6kGTr9it5KGuyNRFh2+O26/rcLdj l6JDQXfMPRSHBPUaFCf/h1ekuEzfRFx8wZxLoGo2Mh7sC3fvOPtv9uZii6i77xUx9T4M y4zjIbkYTXOlE+qaXuoVxgUXXsA13znRcgnIsyeAReRdAC3Hotw/xCu5cbyBn39fQhgy 8m11ii8J0wBM9HTCRalLCjmBaAUasakKoD0zju1HsHUweJvjULlsmLLexmfYkxnE1cOO gHJpsM9N6MtzAoHilj5rtc/Bfkf40n8tVGl6YQx/aNuXkNIt9guHUD+sctEqjFOAHfp1 5A==
Received: from nam03-dm3-obe.outbound.protection.outlook.com (mail-dm3nam03lp2057.outbound.protection.outlook.com [104.47.41.57]) by mx0a-00273201.pphosted.com with ESMTP id 2q1m0k8n2p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <int-area@ietf.org>; Tue, 15 Jan 2019 18:16:49 -0800
Received: from BYAPR05MB4245.namprd05.prod.outlook.com (20.176.252.26) by BYAPR05MB4024.namprd05.prod.outlook.com (52.135.199.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1537.21; Wed, 16 Jan 2019 02:16:45 +0000
Received: from BYAPR05MB4245.namprd05.prod.outlook.com ([fe80::7598:d648:d84f:9304]) by BYAPR05MB4245.namprd05.prod.outlook.com ([fe80::7598:d648:d84f:9304%3]) with mapi id 15.20.1537.018; Wed, 16 Jan 2019 02:16:45 +0000
From: Ron Bonica <rbonica@juniper.net>
To: "int-area@ietf.org" <int-area@ietf.org>
Thread-Topic: WGLC on draft-ietf-intarea-frag-fragile-05 (Tom Herbert)
Thread-Index: AdStQYYXSZyE1bgJQxWWrsMjLI1zXg==
Date: Wed, 16 Jan 2019 02:16:44 +0000
Message-ID: <BYAPR05MB4245CCEDF88CEB261D6B5D53AE820@BYAPR05MB4245.namprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.1.0.61
dlp-reaction: no-action
x-originating-ip: [66.129.241.11]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BYAPR05MB4024; 6:wedM7yH9LCP3p4Sk4dETf2u2RTadFxwBqpcUx5Dn1Mw+fi7GcjBUQvQbgAiMwKZZwwMWK+wLfGu7uPsQM2Qogu0r9kl9PkNJifJhsnKs48K96UoBT+/NTxaQ+UPAUThwwtq3A65p57xWg36txzqn3Yos81efH3nAvHsDo1Kl2aj5wScSy+6T7Jm4NVo8bpm+8hy3gMUIlKnajhVA53YAhp56Op7mJ2BaRfMEuXXAKELodWfqRGcXYhERPbYUSWHD0f8G6GoMoN6tGJXXm3ZTNFkW35MmICRr2euZLpysq+YWjWem6qALH78Xuitmvame6/iYzuu81GUyBuF8pYKntU/jqS9mfMfUQQdAInzrZZqmXStOWHish6d/tQR8bl1awSXocxZaMZAbt8MH7QvtiaIXJVn/GAEdsAoLgDTZ9L4If6xMdd5nYTA2OV5x+cOwdMzf6A6l4I04Mh2u4bmH3Q==; 5:puxnZmPf+bHOTX7k3cKM6Aa3pyzSwxD7fMCGYLS1yZWR56LqfEqQFkR1U4bcacvB0Pvfo4VBqBgke6X09/r7M41lweNdIEadD0NFIyNcmXi4/c/6PuV2/4t6n8/5yK4h7hldS4BujBaxP98aiBaDaRkhxP6takRYjdn2pbYFhYEM47rJPt6hKSSLHPwRtO4t+uzXMJqEC++6CJFmbTMbtA==; 7:+Lp2rKfiZ+txuN+cvZBDBBOX8tdxcAJfV13HO5YWEatvD8OyLVdiTvTaMVb6LkRFgQ7B2kgst0Z4g5ZE8EpQZYI2SRsN9LAV7SiRQrLKVBWerM3y2m7f2FIFN6vE+exGOtM9FJ/RZmHb9jJhpSghBA==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: d9da76e9-68fa-4ca1-ab89-08d67b58a977
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:BYAPR05MB4024;
x-ms-traffictypediagnostic: BYAPR05MB4024:
x-microsoft-antispam-prvs: <BYAPR05MB4024D4C3E2D4BF13BC84A8AEAE820@BYAPR05MB4024.namprd05.prod.outlook.com>
x-forefront-prvs: 091949432C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(39860400002)(346002)(366004)(136003)(396003)(189003)(199004)(2501003)(106356001)(7736002)(71190400001)(68736007)(5660300001)(71200400001)(33656002)(2906002)(86362001)(305945005)(2351001)(105586002)(8936002)(81166006)(8676002)(3846002)(74316002)(97736004)(81156014)(6116002)(6916009)(316002)(486006)(14454004)(186003)(99286004)(102836004)(478600001)(66066001)(53936002)(25786009)(9686003)(55016002)(256004)(6436002)(7696005)(6506007)(26005)(476003)(5640700003); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR05MB4024; H:BYAPR05MB4245.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: UlGICcx0z1Uy1l9OXwbOVUC4d1QM4z1FEn+7ojyVrDF14F5PWrSWpZ8MZ7V2XxG/hYb/FtEuKhY0QPssAtrJGB9zkpCrLdYH1f4YhLnMxgxQEKP2RlyP8C/DejXq1TdShOP62NA3loYFo+adAV9FpxiCniI2Gtr3cvKJ1hpLGhrLLg6zsh0LjVW3kyK5JQ5qrFy3NVXCc2TnCdkxMNSnH1SyasdMUYCGEKj8UjllnvgSIPIRRJ3VOqGFraIq7QoXOFlEHhtBsYBq+IiU41boKrPGYRb2p3Wc3h7Z+TfJe0eemPSvc8vbevgFv9A53MnDyGM1d/Y0iNKdC0W/N1iomeLhW1/OXR/HYMH4FWHono8wkzrK0d03EtZxMbrmFhgi4ZFOT9ygXCoZIMezmY5L+3Q7Tb2nW8Jo8ZJ6WNSaetU=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: d9da76e9-68fa-4ca1-ab89-08d67b58a977
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jan 2019 02:16:44.8763 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB4024
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-01-16_01:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=607 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1901160015
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/ZUduxshpcFClfq1BFdxuViNhiSU>
Subject: [Int-area] WGLC on draft-ietf-intarea-frag-fragile-05 (Tom Herbert)
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Jan 2019 02:16:52 -0000
Tom,
Please take a look at Section 4.3 (Stateless Firewalls). How can the stateless firewall behave optimally without maintaining state?
While flow labels may help in the case of load balancers, the don't help at all in the case of stateless firewalls.
Ron
> Secondly, the only specified interaction between fragmentation and
> intermediate nodes is that routers can fragment packets in IPv4. Other than
> that, a middlebox that complies with RFC791 and RFC8200 does not process
> or consider fragmentation of packets. Given that, it's unclear to me why
> middle boxes would need to maintain state to be protocol compliant. It's
> possible that the implicit exception of the requirement is that middleboxes
> might perform "in-network reassembly"
> or "virtual reassemlby" which would require state. If that is indeed the case
> then the requirements for the mechanisms should be spelled out.
>
> For stateless load balancing (described in section 4.4), the IPv6 flow label
> obviates the need for DPI. It is sufficient to hash over the three tuple <saddr,
> daddr, flow label> to get good load balancing. All major OSes have been
> updated to set flow labels, and there are devices that already support this.
> IMO, the draft should make using flow label for stateless load balancing a
> SHOULD.
>
> Tom
- [Int-area] WGLC on draft-ietf-intarea-frag-fragil… Ron Bonica
- Re: [Int-area] WGLC on draft-ietf-intarea-frag-fr… Tom Herbert
- Re: [Int-area] WGLC on draft-ietf-intarea-frag-fr… Ron Bonica
- Re: [Int-area] WGLC on draft-ietf-intarea-frag-fr… Tom Herbert
- Re: [Int-area] WGLC on draft-ietf-intarea-frag-fr… Ron Bonica
- Re: [Int-area] WGLC on draft-ietf-intarea-frag-fr… Joe Touch
- Re: [Int-area] WGLC on draft-ietf-intarea-frag-fr… Fernando Gont