IETF Logo Mail Archive

Re: [Int-area] I-D Action: draft-ietf-intarea-frag-fragile-06.txt

Ron Bonica <rbonica@juniper.net> Wed, 30 January 2019 20:57 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70107130FEC for <int-area@ietfa.amsl.com>; Wed, 30 Jan 2019 12:57:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.253
X-Spam-Level:
X-Spam-Status: No, score=-5.253 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, KHOP_DYNAMIC=2, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qqBSpvXrA945 for <int-area@ietfa.amsl.com>; Wed, 30 Jan 2019 12:57:06 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35F0E130FE6 for <int-area@ietf.org>; Wed, 30 Jan 2019 12:57:06 -0800 (PST)
Received: from pps.filterd (m0108163.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x0UKqS4k020619; Wed, 30 Jan 2019 12:57:04 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : subject : date : message-id : content-type : content-transfer-encoding : mime-version; s=PPS1017; bh=knjlDRNe1bfLMHUsmYyVekFJIX4BfWiZsX1F9zv88aw=; b=IjX5++dM9E63xGZFi89VcUzrZVHDdRx+A2WbMp2j+RGyVOQ6IzH/GvspirBp1BeWsb9X YAuWHk77TlK46AgSG2mZeaJt12gNrSzkTtuubXJpcWT/m/EiUz8Q41F8Acps5S+cskZ7 yoRfe9eVV+qjLFae8T124l9sboyFpb0amqYUjK29/GrMekrruCciC3Vd1gZM0xxPSoog 5R9A4wlPToIZ7tOsP4u4OkEBCwpwvJRBIvjrEsW06L+SPh2Cr4uHXFldxdYwPdvMdTkv 9bFRD/90DWGWlPjHo6GYUFICddvWMFarG5eYteQR2K1V8b8mZ6SFVq8wP3TitlSoEMmM Zw==
Received: from nam04-sn1-obe.outbound.protection.outlook.com (mail-sn1nam04lp2052.outbound.protection.outlook.com [104.47.44.52]) by mx0b-00273201.pphosted.com with ESMTP id 2qbk6p80t3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 30 Jan 2019 12:57:04 -0800
Received: from BYAPR05MB4245.namprd05.prod.outlook.com (20.176.252.26) by BYASPR01MB0015.namprd05.prod.outlook.com (52.135.241.225) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1580.10; Wed, 30 Jan 2019 20:57:02 +0000
Received: from BYAPR05MB4245.namprd05.prod.outlook.com ([fe80::985d:4eee:89c2:a114]) by BYAPR05MB4245.namprd05.prod.outlook.com ([fe80::985d:4eee:89c2:a114%2]) with mapi id 15.20.1580.017; Wed, 30 Jan 2019 20:57:02 +0000
From: Ron Bonica <rbonica@juniper.net>
To: "int-area@ietf.org" <int-area@ietf.org>, Brian E Carpenter <brian.e.carpenter@gmail.com>, Tom Herbert <tom@herbertland.com>
Thread-Topic: I-D Action: draft-ietf-intarea-frag-fragile-06.txt
Thread-Index: AdS43lhj5MWjYv8LSzCW/91hRp6r9Q==
Date: Wed, 30 Jan 2019 20:57:02 +0000
Message-ID: <BYAPR05MB424584AA4D0D11D7D0098B81AE900@BYAPR05MB4245.namprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.1.0.61
dlp-reaction: no-action
x-originating-ip: [66.129.241.11]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BYASPR01MB0015; 6:F5FnPhWXg1dJxVkM+lfEWCwqeOnH9+HBu3+S36TOj4/1HAx93l1jTFNLt2m2ADd5BIPAcw3xii6Y6pP1xnBXoyFbpjJHsEtm16bi0NBx3pod7Fps2JC51l+mSx6/bGAUxq0+c0DimVpR+BzLoJ6g7uHE5gk38BWMM5vEr86BNLu8yTesIk10lxftB/FVc1NYGuXTo1pU2PWy1RS49fe0v/6vVU+HW4BcyJqyDSPFXFO+acCfh/tjVOi0WnlEeieos4jIjhsYaM85jQAD+K3TwuFoAd6tr2GUZY0ebkkA+X8Cw/kVccVahOK7XIqewq6Ktk+39DpF/14RHkOWP5eB4VkgbgdeuFpgnqtDxku7a/w0QXoRGTEBbMu1cEUJwaZauYJ8zNXx3VSXDNy0XOEKFhlVHhnc/RIU6IxkaCqn+V5wyc+s1BOPrCbBLFZRGr3tclb7O4bjwUgaUtlcHwsCag==; 5:AnUL7rmVM2BhgxuIzrfAzrNJ1ibhV32Y2MRjBZIELGmFlKdibXVG3easwbFHzl60ZsD/Ey6+8BfG3W08XXAOuDvhVim4hP+v4gMMHhHKMhblT6z9vb9TLBjW5mJuP5LMKNa7erdiVV4l0vfSyvJY7gu40zgCmVDVKcUh7u/R6wN7fJ8L+gEZYja7WW+4XcUd1fymoJK85IgcyAi+dsCLTQ==; 7:bXJpbOxkTHM4OFD/7gBVdxogrAKXeTPBRORPkNV8rTmnXbYs6VbTCrWlyQCXgLXrcLo7qdsnDKpWRxWxDg0jsnpo42J5J4dLoYxJsHw2a+LOrPJJSmIOjKp4AifGEAAHytmKoVu9c1nFiAv+sRogSA==
x-ms-office365-filtering-correlation-id: c0eb1e06-967b-4fb4-29c6-08d686f57c17
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605077)(4618075)(2017052603328)(7153060)(7193020); SRVR:BYASPR01MB0015;
x-ms-traffictypediagnostic: BYASPR01MB0015:
x-microsoft-antispam-prvs: <BYASPR01MB00151ADE213EFCA3D215CD43AE900@BYASPR01MB0015.namprd05.prod.outlook.com>
x-forefront-prvs: 0933E9FD8D
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(136003)(39860400002)(396003)(346002)(366004)(189003)(199004)(106356001)(86362001)(6506007)(25786009)(39060400002)(53546011)(229853002)(53936002)(6116002)(97736004)(14444005)(256004)(2906002)(33656002)(105586002)(6246003)(110136005)(26005)(3846002)(71190400001)(71200400001)(102836004)(486006)(9686003)(14454004)(476003)(186003)(8676002)(8936002)(55016002)(305945005)(99286004)(81156014)(7736002)(68736007)(74316002)(2501003)(66066001)(478600001)(6436002)(316002)(7696005)(81166006); DIR:OUT; SFP:1102; SCL:1; SRVR:BYASPR01MB0015; H:BYAPR05MB4245.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: Z3aPmWrP2WeRqLixuzww9ynU6fCTOnAFoU0cy9fqyInVQzfa+bBXGWLhDYRKVWElFj9wHiUAKwu+64v4hrOKI0PkfgjPrbea4XNmy9qF/J3i6yaze+xlKEIzVlecJatTXi+1eU4xNRIBBR3Mm+mUjKADV6gONdchQphPAtycyexIlbFEtFgiLQdjEQFk8DjgNBpGPHbHlJkLUyD2UH4WWKm/9SsgtW+9WFProCWaB4ldw84CZmfpQXawXjeYQusOVXTp+8mYNwsVp/4TcqxSHSgljaQLQjoDTZtd3yWrkOhNg1HCRPzwDxJJywtp8Jq24NcvlaA/GOGGH5TdKKlFIqFCw70olLDBLDUjJqcxZBXIzFhazeCqL4oW70T01ELzDNPbl6YDVu3Dst3FlRdvnmONFG1pQml5h9XpZwUWf98=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: c0eb1e06-967b-4fb4-29c6-08d686f57c17
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jan 2019 20:57:02.5445 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYASPR01MB0015
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-01-30_15:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1901300155
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/WnopY8xqXCsnkgbldlsUWjFJQXU>
Subject: Re: [Int-area] I-D Action: draft-ietf-intarea-frag-fragile-06.txt
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jan 2019 20:57:08 -0000

Inline......

> Message: 3
> Date: Tue, 29 Jan 2019 11:45:45 -0800
> From: Tom Herbert <tom@herbertland.com>
> To: int-area <int-area@ietf.org>
> Subject: [Int-area] Comments on draft-ietf-intarea-frag-fragile-06
> Message-ID:
> 	<CALx6S35kwvHL5iE4Ci10LQbPzun3k1C-
> T4m5B55yAyL+nP4sdQ@mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
> 
> Hello,
> 
> I have suggested text for the draft to address some previous comments made
> on the list.
> 
> Last paragraph in section 4.3:
> 
> "This problem does not occur in stateful firewalls or Network Address
> Translation (NAT) devices. Such devices maintain state so that they can afford
> identical treatment to each fragment that belongs to a packet. Note, however,
> that stateful firewalls and NAT devices impose the external requirement that
> all packets of a flow and fragments of a packets for a flow must traverse the
> same stateful device; stateless devices do not force this requirement."
> 

The first two sentence that you suggest already appear in version 06 of the document. 

I would prefer to omit the final sentence for the following reasons:

- It isn't absolutely necessary
- It opens another can of worms that I don't want to address. Specifically, some stateful firewalls perform virtual reassembly but don't maintain TCP session state. Some stateful firewalls perform virtual reassemble and maintain TCP state. You third sentence is true for one firewall type and false for the other.

> Section 4.5:
> "IP fragmentation causes problems for some routers that support Equal Cost
> Multipath (ECMP). Many routers that support ECMP execute the algorithm
> described in Section 4.4 in order to perform flow based forwarding; therefore,
> the exhibit they same problematic behaviors described in Section 4.4. In IPv6,
> the flow label may alternatively used as input to the algorithm as opposed to
> parsing the transport layer of packets to discern port numbers. The flow label
> should be consistently set for a packets of flow including fragments, such that
> a device does not need to parse packets beyond the IP header for the
> purposes of ECMP."

This comment is almost identical to one made by Brian Carpenter. I have addressed his comment in Section 4.4. Rather than repeating the same text in Section 4.5, I have merged the two sections.

> 
> Add to section 7.3:
> 
> "Routers SHOULD use IPv6 flow label for ECMP routing as described in
> [RFC6438]."

Brian suggested similar text, but in a new section. Look for the new section in version 07

v2.23.0 | Report a Bug | By Email