IETF Logo Mail Archive

Re: [Int-area] I-D Action: draft-ietf-intarea-frag-fragile-06.txt

Ron Bonica <rbonica@juniper.net> Thu, 31 January 2019 02:21 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B8F3131045 for <int-area@ietfa.amsl.com>; Wed, 30 Jan 2019 18:21:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.254
X-Spam-Level:
X-Spam-Status: No, score=-5.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, KHOP_DYNAMIC=2, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lh_IGHUY9BWX for <int-area@ietfa.amsl.com>; Wed, 30 Jan 2019 18:20:56 -0800 (PST)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 048FE124D68 for <int-area@ietf.org>; Wed, 30 Jan 2019 18:20:55 -0800 (PST)
Received: from pps.filterd (m0108159.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x0V2HdNm030877; Wed, 30 Jan 2019 18:20:54 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=PPS1017; bh=DAO5egZDhLiDbMj16fyBlrrSzwzfB7m80JK1kVBat80=; b=RWbrFNVtXUD+0P9kk/m72mfgJ8Zxjmc/IbKMz3leMxvrrazZYduQT3zdHkvpp/0kkbzT ZqsoAcGL+0psoiiiViodhy0x4FVgm+LEfiEEvVsmIXGTPkCqaFYNPXGULyD7Su48rY7n PXUz23WkqtYXat/uT28iu0jUD+vQv3fc4k5Qhu90idpnUeVg3ZxyWu3EYu78BVSTmsVJ jLZslBmW3kK5YoPzTWmZWvia8eQ5U5lO+dkNEkFr6KrYZSlVwxoireROGYjnTRRUGeAq IlKmPKVWJotKNu2zam4dL7nkuHC3cJ1ElCj/gKG5x87TJQxObQvCh4SBZudgLO0Z7LqN lw==
Received: from nam03-by2-obe.outbound.protection.outlook.com (mail-by2nam03lp2058.outbound.protection.outlook.com [104.47.42.58]) by mx0a-00273201.pphosted.com with ESMTP id 2qbk6p8f0c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 30 Jan 2019 18:20:54 -0800
Received: from BYAPR05MB4245.namprd05.prod.outlook.com (20.176.252.26) by BYAPR05MB3944.namprd05.prod.outlook.com (52.135.195.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1580.6; Thu, 31 Jan 2019 02:20:53 +0000
Received: from BYAPR05MB4245.namprd05.prod.outlook.com ([fe80::985d:4eee:89c2:a114]) by BYAPR05MB4245.namprd05.prod.outlook.com ([fe80::985d:4eee:89c2:a114%2]) with mapi id 15.20.1580.017; Thu, 31 Jan 2019 02:20:52 +0000
From: Ron Bonica <rbonica@juniper.net>
To: Tom Herbert <tom@herbertland.com>
CC: "int-area@ietf.org" <int-area@ietf.org>, Brian E Carpenter <brian.e.carpenter@gmail.com>
Thread-Topic: I-D Action: draft-ietf-intarea-frag-fragile-06.txt
Thread-Index: AdS43lhj5MWjYv8LSzCW/91hRp6r9QAIXJ0AAALxdfA=
Date: Thu, 31 Jan 2019 02:20:52 +0000
Message-ID: <BYAPR05MB4245604C8E234D72F42E0D8CAE910@BYAPR05MB4245.namprd05.prod.outlook.com>
References: <BYAPR05MB424584AA4D0D11D7D0098B81AE900@BYAPR05MB4245.namprd05.prod.outlook.com> <CALx6S35-F_8L+QCcwN6--3TrrRdE5OG3vUACTEH03AmKYerLSw@mail.gmail.com>
In-Reply-To: <CALx6S35-F_8L+QCcwN6--3TrrRdE5OG3vUACTEH03AmKYerLSw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.1.0.61
dlp-reaction: no-action
x-originating-ip: [66.129.241.11]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BYAPR05MB3944; 6:+D/Fd1E1PVDZYgHl02oRiiiMSktJVPWzIXMbw9/TVIBWzWJpcb3cBKe4Y30kpUzPecDdyz5ZmeQOhGl7qUiOTCRx5tGSvquHMfjYkGmAt2wMMLKSUA5PLdZNmBeEVVe81EgmnbEx43+tA92u0cDOW5cfQmmbfTt+0sGSVb78OwbKzXY+GzxCcMBiauljDoaylOiacxvQ6M/4put7e9ueEAccSqowbBzZUQ8V5wDvy+kgsC9/VYPqNg3ikKJwCGAL2WfXqdfL2OLjCN7ZppJukH2e7U186DSi0wjVrD78bvtFoorfWou4Z54St2Fc7AeN6Et+bfFZyvGc114HTdAO1VHl4jWPXOPUAes/aWi2kk4UegOv07f1KIT6UYILvQBbPOckLLG5WSZJpkQ2r2KlRg4J1JL6Rm8EnAPw6b6dobQ7TP6xOM64lgVrs4AZn8tdGjeAyl/8yUS9t0chQifhsg==; 5:t35Ra6ZE79ScfWoNd3pabbNnxDkcMHAd1vyhwr1yE1bhHsBPfB8OzxnK85lKMt80LMGnfx39mMurD7nbMvMnAddemFhkCOSfZ2muJ40Cc/wQAETGq5dw6nbBJKtFkq3G2RQCAzACDB9vJ7h/f95yGH40TGGxdUiP2EVvZWSHjY/NsixafisPFkhIodaBk6RTWcFKnIabmJWacOzKm4ijlQ==; 7:fFs4o48ZabUJQpiUFGVTrsSZCv1PBaICciM0yCJcpEISm5JqagXIw0ZHWplYpOLjmA5SoXro1oGZfzZSJNyDTiJZp4JoXJgr/7gs4Nczf776Kmaoq9rYGATs4SThCcJr09F4/x9jyv82BKn3z8FLQQ==
x-ms-office365-filtering-correlation-id: 7918d5c0-9205-4ee5-3ffd-08d68722b976
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605077)(4618075)(2017052603328)(7153060)(7193020); SRVR:BYAPR05MB3944;
x-ms-traffictypediagnostic: BYAPR05MB3944:
x-microsoft-antispam-prvs: <BYAPR05MB39447FE0B8F5DCC639FE22B2AE910@BYAPR05MB3944.namprd05.prod.outlook.com>
x-forefront-prvs: 09347618C4
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(366004)(39860400002)(376002)(346002)(136003)(189003)(13464003)(199004)(68736007)(102836004)(9686003)(86362001)(55016002)(186003)(26005)(33656002)(97736004)(105586002)(66066001)(6506007)(229853002)(106356001)(6436002)(6246003)(2906002)(8936002)(99286004)(76176011)(53546011)(54906003)(53936002)(8676002)(81156014)(7696005)(11346002)(7736002)(316002)(305945005)(478600001)(446003)(6916009)(81166006)(39060400002)(6116002)(4326008)(14454004)(71200400001)(256004)(71190400001)(3846002)(486006)(476003)(25786009)(74316002)(14444005); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR05MB3944; H:BYAPR05MB4245.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: c1rShujhseE0x30+aJeP46UNjk9Sr9LwoWTcJIfEJ8BLSkTw+7BccNTeWd3OvOx84PaA0QSm+yiF22sz7uISyK5Vokw37LbXXOViImW8ys/XeP5AMYw0Y7P3hfya1Lqf48wUvqxNoc3JjCLyTaTcGGaWLoFes4kg9+YxulU3CAJf6Rt3clqmPN2VtYXM/edgMJWTnyHD7VYgty5LJN6+unJdjxGyWbdMs7U+dCcjl/ovpBPGcMMIsvI0jESSKo8lOed8d9QCP2ajIbiiHNUBxIlc9a1+F8m2ij/4C6rHWdJmVy861tdesUsUmjo17YPahpmjaOCZtR63KfHvm/TLg3lvQeGTcvM4YjkAkOc0eBAhz6e6qTKGmBS/7C7fjqV0HGl5ZkRoXLdYMPUCH9d59K6hxfMwdHMsbh6KT5h5kO8=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 7918d5c0-9205-4ee5-3ffd-08d68722b976
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Jan 2019 02:20:52.8495 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB3944
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-01-31_01:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1901310016
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/iJ7D-A6gEBbBxZsMfajqtfXwqsw>
Subject: Re: [Int-area] I-D Action: draft-ietf-intarea-frag-fragile-06.txt
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Jan 2019 02:21:04 -0000

Done

> -----Original Message-----
> From: Tom Herbert <tom@herbertland.com>
> Sent: Wednesday, January 30, 2019 7:56 PM
> To: Ron Bonica <rbonica@juniper.net>
> Cc: int-area@ietf.org; Brian E Carpenter <brian.e.carpenter@gmail.com>
> Subject: Re: I-D Action: draft-ietf-intarea-frag-fragile-06.txt
> 
> On Wed, Jan 30, 2019 at 12:57 PM Ron Bonica <rbonica@juniper.net> wrote:
> >
> > Inline......
> >
> > > Message: 3
> > > Date: Tue, 29 Jan 2019 11:45:45 -0800
> > > From: Tom Herbert <tom@herbertland.com>
> > > To: int-area <int-area@ietf.org>
> > > Subject: [Int-area] Comments on draft-ietf-intarea-frag-fragile-06
> > > Message-ID:
> > >       <CALx6S35kwvHL5iE4Ci10LQbPzun3k1C-
> > > T4m5B55yAyL+nP4sdQ@mail.gmail.com>
> > > Content-Type: text/plain; charset="UTF-8"
> > >
> > > Hello,
> > >
> > > I have suggested text for the draft to address some previous
> > > comments made on the list.
> > >
> > > Last paragraph in section 4.3:
> > >
> > > "This problem does not occur in stateful firewalls or Network
> > > Address Translation (NAT) devices. Such devices maintain state so
> > > that they can afford identical treatment to each fragment that
> > > belongs to a packet. Note, however, that stateful firewalls and NAT
> > > devices impose the external requirement that all packets of a flow
> > > and fragments of a packets for a flow must traverse the same stateful
> device; stateless devices do not force this requirement."
> > >
> >
> > The first two sentence that you suggest already appear in version 06 of the
> document.
> >
> > I would prefer to omit the final sentence for the following reasons:
> >
> > - It isn't absolutely necessary
> > - It opens another can of worms that I don't want to address. Specifically,
> some stateful firewalls perform virtual reassembly but don't maintain TCP
> session state. Some stateful firewalls perform virtual reassemble and maintain
> TCP state. You third sentence is true for one firewall type and false for the
> other.
> >
> Yes, but as Fred mentioned, the current text is a blanket statement that
> stateful firewalls don't have this problem. Some firewalls may have
> implemented virtual reassembly, but others may not and might not do
> anything we'd consider reasonable for handling fragments. So similarly the
> statement in the draft may be "true for one firewall type and false for the
> other". Also, any implication that people should swap out their stateless
> devices for stateful ones because they solve one problem without mentioning
> that they introduce other problems would be a disservice IMO.
> 
> To avoid the can of worms, I suggest the whole paragraph and any discussion
> about stateful devices could be removed from the draft without loss of
> content.
> 
> Tom
> 
> > > Section 4.5:
> > > "IP fragmentation causes problems for some routers that support
> > > Equal Cost Multipath (ECMP). Many routers that support ECMP execute
> > > the algorithm described in Section 4.4 in order to perform flow
> > > based forwarding; therefore, the exhibit they same problematic
> > > behaviors described in Section 4.4. In IPv6, the flow label may
> > > alternatively used as input to the algorithm as opposed to parsing
> > > the transport layer of packets to discern port numbers. The flow
> > > label should be consistently set for a packets of flow including
> > > fragments, such that a device does not need to parse packets beyond the
> IP header for the purposes of ECMP."
> >
> > This comment is almost identical to one made by Brian Carpenter. I have
> addressed his comment in Section 4.4. Rather than repeating the same text in
> Section 4.5, I have merged the two sections.
> >
> > >
> > > Add to section 7.3:
> > >
> > > "Routers SHOULD use IPv6 flow label for ECMP routing as described in
> > > [RFC6438]."
> >
> > Brian suggested similar text, but in a new section. Look for the new
> > section in version 07
> >
> >

v2.23.0 | Report a Bug | By Email