Re: [Int-area] I-D Action: draft-ietf-intarea-frag-fragile-06.txt
Ron Bonica <rbonica@juniper.net> Thu, 31 January 2019 02:21 UTC
Return-Path: <rbonica@juniper.net>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B8F3131045 for <int-area@ietfa.amsl.com>; Wed, 30 Jan 2019 18:21:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.254
X-Spam-Level:
X-Spam-Status: No, score=-5.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, KHOP_DYNAMIC=2, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lh_IGHUY9BWX for <int-area@ietfa.amsl.com>; Wed, 30 Jan 2019 18:20:56 -0800 (PST)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 048FE124D68 for <int-area@ietf.org>; Wed, 30 Jan 2019 18:20:55 -0800 (PST)
Received: from pps.filterd (m0108159.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x0V2HdNm030877; Wed, 30 Jan 2019 18:20:54 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=PPS1017; bh=DAO5egZDhLiDbMj16fyBlrrSzwzfB7m80JK1kVBat80=; b=RWbrFNVtXUD+0P9kk/m72mfgJ8Zxjmc/IbKMz3leMxvrrazZYduQT3zdHkvpp/0kkbzT ZqsoAcGL+0psoiiiViodhy0x4FVgm+LEfiEEvVsmIXGTPkCqaFYNPXGULyD7Su48rY7n PXUz23WkqtYXat/uT28iu0jUD+vQv3fc4k5Qhu90idpnUeVg3ZxyWu3EYu78BVSTmsVJ jLZslBmW3kK5YoPzTWmZWvia8eQ5U5lO+dkNEkFr6KrYZSlVwxoireROGYjnTRRUGeAq IlKmPKVWJotKNu2zam4dL7nkuHC3cJ1ElCj/gKG5x87TJQxObQvCh4SBZudgLO0Z7LqN lw==
Received: from nam03-by2-obe.outbound.protection.outlook.com (mail-by2nam03lp2058.outbound.protection.outlook.com [104.47.42.58]) by mx0a-00273201.pphosted.com with ESMTP id 2qbk6p8f0c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 30 Jan 2019 18:20:54 -0800
Received: from BYAPR05MB4245.namprd05.prod.outlook.com (20.176.252.26) by BYAPR05MB3944.namprd05.prod.outlook.com (52.135.195.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1580.6; Thu, 31 Jan 2019 02:20:53 +0000
Received: from BYAPR05MB4245.namprd05.prod.outlook.com ([fe80::985d:4eee:89c2:a114]) by BYAPR05MB4245.namprd05.prod.outlook.com ([fe80::985d:4eee:89c2:a114%2]) with mapi id 15.20.1580.017; Thu, 31 Jan 2019 02:20:52 +0000
From: Ron Bonica <rbonica@juniper.net>
To: Tom Herbert <tom@herbertland.com>
CC: "int-area@ietf.org" <int-area@ietf.org>, Brian E Carpenter <brian.e.carpenter@gmail.com>
Thread-Topic: I-D Action: draft-ietf-intarea-frag-fragile-06.txt
Thread-Index: AdS43lhj5MWjYv8LSzCW/91hRp6r9QAIXJ0AAALxdfA=
Date: Thu, 31 Jan 2019 02:20:52 +0000
Message-ID: <BYAPR05MB4245604C8E234D72F42E0D8CAE910@BYAPR05MB4245.namprd05.prod.outlook.com>
References: <BYAPR05MB424584AA4D0D11D7D0098B81AE900@BYAPR05MB4245.namprd05.prod.outlook.com> <CALx6S35-F_8L+QCcwN6--3TrrRdE5OG3vUACTEH03AmKYerLSw@mail.gmail.com>
In-Reply-To: <CALx6S35-F_8L+QCcwN6--3TrrRdE5OG3vUACTEH03AmKYerLSw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.1.0.61
dlp-reaction: no-action
x-originating-ip: [66.129.241.11]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BYAPR05MB3944; 6:+D/Fd1E1PVDZYgHl02oRiiiMSktJVPWzIXMbw9/TVIBWzWJpcb3cBKe4Y30kpUzPecDdyz5ZmeQOhGl7qUiOTCRx5tGSvquHMfjYkGmAt2wMMLKSUA5PLdZNmBeEVVe81EgmnbEx43+tA92u0cDOW5cfQmmbfTt+0sGSVb78OwbKzXY+GzxCcMBiauljDoaylOiacxvQ6M/4put7e9ueEAccSqowbBzZUQ8V5wDvy+kgsC9/VYPqNg3ikKJwCGAL2WfXqdfL2OLjCN7ZppJukH2e7U186DSi0wjVrD78bvtFoorfWou4Z54St2Fc7AeN6Et+bfFZyvGc114HTdAO1VHl4jWPXOPUAes/aWi2kk4UegOv07f1KIT6UYILvQBbPOckLLG5WSZJpkQ2r2KlRg4J1JL6Rm8EnAPw6b6dobQ7TP6xOM64lgVrs4AZn8tdGjeAyl/8yUS9t0chQifhsg==; 5:t35Ra6ZE79ScfWoNd3pabbNnxDkcMHAd1vyhwr1yE1bhHsBPfB8OzxnK85lKMt80LMGnfx39mMurD7nbMvMnAddemFhkCOSfZ2muJ40Cc/wQAETGq5dw6nbBJKtFkq3G2RQCAzACDB9vJ7h/f95yGH40TGGxdUiP2EVvZWSHjY/NsixafisPFkhIodaBk6RTWcFKnIabmJWacOzKm4ijlQ==; 7:fFs4o48ZabUJQpiUFGVTrsSZCv1PBaICciM0yCJcpEISm5JqagXIw0ZHWplYpOLjmA5SoXro1oGZfzZSJNyDTiJZp4JoXJgr/7gs4Nczf776Kmaoq9rYGATs4SThCcJr09F4/x9jyv82BKn3z8FLQQ==
x-ms-office365-filtering-correlation-id: 7918d5c0-9205-4ee5-3ffd-08d68722b976
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605077)(4618075)(2017052603328)(7153060)(7193020); SRVR:BYAPR05MB3944;
x-ms-traffictypediagnostic: BYAPR05MB3944:
x-microsoft-antispam-prvs: <BYAPR05MB39447FE0B8F5DCC639FE22B2AE910@BYAPR05MB3944.namprd05.prod.outlook.com>
x-forefront-prvs: 09347618C4
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(366004)(39860400002)(376002)(346002)(136003)(189003)(13464003)(199004)(68736007)(102836004)(9686003)(86362001)(55016002)(186003)(26005)(33656002)(97736004)(105586002)(66066001)(6506007)(229853002)(106356001)(6436002)(6246003)(2906002)(8936002)(99286004)(76176011)(53546011)(54906003)(53936002)(8676002)(81156014)(7696005)(11346002)(7736002)(316002)(305945005)(478600001)(446003)(6916009)(81166006)(39060400002)(6116002)(4326008)(14454004)(71200400001)(256004)(71190400001)(3846002)(486006)(476003)(25786009)(74316002)(14444005); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR05MB3944; H:BYAPR05MB4245.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: c1rShujhseE0x30+aJeP46UNjk9Sr9LwoWTcJIfEJ8BLSkTw+7BccNTeWd3OvOx84PaA0QSm+yiF22sz7uISyK5Vokw37LbXXOViImW8ys/XeP5AMYw0Y7P3hfya1Lqf48wUvqxNoc3JjCLyTaTcGGaWLoFes4kg9+YxulU3CAJf6Rt3clqmPN2VtYXM/edgMJWTnyHD7VYgty5LJN6+unJdjxGyWbdMs7U+dCcjl/ovpBPGcMMIsvI0jESSKo8lOed8d9QCP2ajIbiiHNUBxIlc9a1+F8m2ij/4C6rHWdJmVy861tdesUsUmjo17YPahpmjaOCZtR63KfHvm/TLg3lvQeGTcvM4YjkAkOc0eBAhz6e6qTKGmBS/7C7fjqV0HGl5ZkRoXLdYMPUCH9d59K6hxfMwdHMsbh6KT5h5kO8=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 7918d5c0-9205-4ee5-3ffd-08d68722b976
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Jan 2019 02:20:52.8495 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB3944
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-01-31_01:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1901310016
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/iJ7D-A6gEBbBxZsMfajqtfXwqsw>
Subject: Re: [Int-area] I-D Action: draft-ietf-intarea-frag-fragile-06.txt
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Jan 2019 02:21:04 -0000
Done > -----Original Message----- > From: Tom Herbert <tom@herbertland.com> > Sent: Wednesday, January 30, 2019 7:56 PM > To: Ron Bonica <rbonica@juniper.net> > Cc: int-area@ietf.org; Brian E Carpenter <brian.e.carpenter@gmail.com> > Subject: Re: I-D Action: draft-ietf-intarea-frag-fragile-06.txt > > On Wed, Jan 30, 2019 at 12:57 PM Ron Bonica <rbonica@juniper.net> wrote: > > > > Inline...... > > > > > Message: 3 > > > Date: Tue, 29 Jan 2019 11:45:45 -0800 > > > From: Tom Herbert <tom@herbertland.com> > > > To: int-area <int-area@ietf.org> > > > Subject: [Int-area] Comments on draft-ietf-intarea-frag-fragile-06 > > > Message-ID: > > > <CALx6S35kwvHL5iE4Ci10LQbPzun3k1C- > > > T4m5B55yAyL+nP4sdQ@mail.gmail.com> > > > Content-Type: text/plain; charset="UTF-8" > > > > > > Hello, > > > > > > I have suggested text for the draft to address some previous > > > comments made on the list. > > > > > > Last paragraph in section 4.3: > > > > > > "This problem does not occur in stateful firewalls or Network > > > Address Translation (NAT) devices. Such devices maintain state so > > > that they can afford identical treatment to each fragment that > > > belongs to a packet. Note, however, that stateful firewalls and NAT > > > devices impose the external requirement that all packets of a flow > > > and fragments of a packets for a flow must traverse the same stateful > device; stateless devices do not force this requirement." > > > > > > > The first two sentence that you suggest already appear in version 06 of the > document. > > > > I would prefer to omit the final sentence for the following reasons: > > > > - It isn't absolutely necessary > > - It opens another can of worms that I don't want to address. Specifically, > some stateful firewalls perform virtual reassembly but don't maintain TCP > session state. Some stateful firewalls perform virtual reassemble and maintain > TCP state. You third sentence is true for one firewall type and false for the > other. > > > Yes, but as Fred mentioned, the current text is a blanket statement that > stateful firewalls don't have this problem. Some firewalls may have > implemented virtual reassembly, but others may not and might not do > anything we'd consider reasonable for handling fragments. So similarly the > statement in the draft may be "true for one firewall type and false for the > other". Also, any implication that people should swap out their stateless > devices for stateful ones because they solve one problem without mentioning > that they introduce other problems would be a disservice IMO. > > To avoid the can of worms, I suggest the whole paragraph and any discussion > about stateful devices could be removed from the draft without loss of > content. > > Tom > > > > Section 4.5: > > > "IP fragmentation causes problems for some routers that support > > > Equal Cost Multipath (ECMP). Many routers that support ECMP execute > > > the algorithm described in Section 4.4 in order to perform flow > > > based forwarding; therefore, the exhibit they same problematic > > > behaviors described in Section 4.4. In IPv6, the flow label may > > > alternatively used as input to the algorithm as opposed to parsing > > > the transport layer of packets to discern port numbers. The flow > > > label should be consistently set for a packets of flow including > > > fragments, such that a device does not need to parse packets beyond the > IP header for the purposes of ECMP." > > > > This comment is almost identical to one made by Brian Carpenter. I have > addressed his comment in Section 4.4. Rather than repeating the same text in > Section 4.5, I have merged the two sections. > > > > > > > > Add to section 7.3: > > > > > > "Routers SHOULD use IPv6 flow label for ECMP routing as described in > > > [RFC6438]." > > > > Brian suggested similar text, but in a new section. Look for the new > > section in version 07 > > > >
- [Int-area] I-D Action: draft-ietf-intarea-frag-fr… internet-drafts
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Brian E Carpenter
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Ron Bonica
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Ron Bonica
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Brian E Carpenter
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Tom Herbert
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Ron Bonica
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Joe Touch
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Tom Herbert
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Joe Touch
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Tom Herbert
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Joe Touch
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Tom Herbert
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Templin (US), Fred L
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Tom Herbert
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Ole Troan
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Templin (US), Fred L
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Joe Touch
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Joe Touch
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Tom Herbert
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Joe Touch
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Templin (US), Fred L
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Tom Herbert
- Re: [Int-area] I-D Action: draft-ietf-intarea-fra… Templin (US), Fred L