IETF Logo Mail Archive

Re: [Int-area] I-D Action: draft-ietf-intarea-frag-fragile-00.txt

Tom Herbert <tom@herbertland.com> Thu, 16 August 2018 17:56 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3717B130F0B for <int-area@ietfa.amsl.com>; Thu, 16 Aug 2018 10:56:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YD7EstAKRdHD for <int-area@ietfa.amsl.com>; Thu, 16 Aug 2018 10:56:30 -0700 (PDT)
Received: from mail-qk0-x22b.google.com (mail-qk0-x22b.google.com [IPv6:2607:f8b0:400d:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BA66130E40 for <int-area@ietf.org>; Thu, 16 Aug 2018 10:56:30 -0700 (PDT)
Received: by mail-qk0-x22b.google.com with SMTP id t79-v6so4395671qke.4 for <int-area@ietf.org>; Thu, 16 Aug 2018 10:56:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=hDlrdpw0m8PSeI2ZKNa5FwoUw5hrB+ZXqjU822muz0k=; b=l3XSQJd7LNfjPNaqCosdLLHJYDuvnMbeh9L2GyioYuWfzMJjUCnIfQ/3/eKZXyKmB3 Ah9i4nvTNBylrN5AgNcyqfD9wxcHEc/C62z7fnK4+MzNBuUcaxBDMkgjV1zi60OHahZn WQcFBJ9Su3TRXLqbrtu7r7NqzCh5HeQ7R2Zql7L+IjlATR1XAQ0F5KZCp0ljcFDNLFMD nK5agNT+/JlXeao1rwOvhjhy+TBPZVOR9zdRwmPfVWj6ZcuuPPdM9T5x7+93b9P0HQ3j JucHF9e7MqwxMCzQNLFcxUNrnmjvrOwBHq+v5teM6xImbMz4F4hVFZzmM49izaVtCR/W vozw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=hDlrdpw0m8PSeI2ZKNa5FwoUw5hrB+ZXqjU822muz0k=; b=IOuaSFpCfl1vSX4cdOG1H8PO7ArXTaVXBf5BTaKjTo+850moc8lv1thra+6SDRwuTJ ME/UqKuTLsHwE+O+uz53HbJ/ZB22ZPt38VCEWahsrKZJO7oEKedBWDA8ZA1pE4J8lRM5 FVWhmdO8nPrj6SfuAHTEsh4YMCcnW5WbWC7JjGDpbX0o8Ppak+GgTpDUJiO5jZ/YF0s0 uBkzKD2KP12kjfljslC0wesxBwNqwZ95A+8TU0yx0Aj1WUAHVnMjpfEncsKoyexFwuAF KLMi/8PS2yl+qKpUj0eMf0CZxbHBzgselqw566fAsqZjgZK1AueDHDMuDLjxDaoRSCzh zteg==
X-Gm-Message-State: AOUpUlHRLjwUqlYLNZ7ocj2UZAiDeEqSyVX7mFmoIdVAG0NtotrMPz63 m1ly6rv5ovRmWK0xXsDB/s9Tbdsjcn40ZqrSh5uHX426QKQ=
X-Google-Smtp-Source: AA+uWPxGqSC9hThHmdkDY/6HpySIjKdBuri71JnPzzzzBPnxRTZahsE3bColbPJDbdRsFxvYwbSWzpktVGlFVY/nN0c=
X-Received: by 2002:a37:1ae7:: with SMTP id l100-v6mr29281738qkh.248.1534442189309; Thu, 16 Aug 2018 10:56:29 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:ac8:3304:0:0:0:0:0 with HTTP; Thu, 16 Aug 2018 10:56:28 -0700 (PDT)
In-Reply-To: <D6F35FA4-6305-464B-A1A6-667E0CE30985@employees.org>
References: <153434872145.14477.17942361917248825531@ietfa.amsl.com> <2c82b61e-8017-742e-764b-559f2ec4bd37@gmail.com> <alpine.DEB.2.20.1808160735400.19688@uplift.swm.pp.se> <AE241D6E-2379-4EFB-802C-BFBC840273E7@employees.org> <2BB8A510-DEA7-4543-9FF4-6D82D5ADBA53@strayalpha.com> <66DE41F9-32D7-45F2-AADB-37DD19A5F5A5@employees.org> <F15BBC81-F3BF-4762-B27E-61A418EA8356@strayalpha.com> <D6F35FA4-6305-464B-A1A6-667E0CE30985@employees.org>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 16 Aug 2018 10:56:28 -0700
Message-ID: <CALx6S3644Hyo3iz2VWCqOWOo8MTMBTgVVPxrsxv-SZ20D8nxbw@mail.gmail.com>
To: Ole Troan <otroan@employees.org>
Cc: Joe Touch <touch@strayalpha.com>, int-area <int-area@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/bWorG5_CQElAoJfxpk34aUXRFy0>
Subject: Re: [Int-area] I-D Action: draft-ietf-intarea-frag-fragile-00.txt
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Aug 2018 17:56:34 -0000

On Thu, Aug 16, 2018 at 10:02 AM, Ole Troan <otroan@employees.org> wrote:
> Joe,
>
> On 16 Aug 2018, at 15:58, Joe Touch <touch@strayalpha.com> wrote:
>
>
>
> On Aug 16, 2018, at 5:47 AM, Ole Troan <otroan@employees.org> wrote:
>
> Joe,
>
> IPv4 fragments do have a higher drop probability than other packets. Just
> from the fact that multiple end-users are sharing a 16 bit identifier space.
>
>
> It’s really the fact that NATs that process fragments don’t reassemble
> before translating and/or don’t rate limit fragments they generate as
> already required by 791 (as explained in 6884).
>
>
> That’s incorrect.
> See https://tools.ietf.org/html/rfc7597#section-8.3.3
>
>
> You should re-read that RFC. It correctly points out that this is a flaw in
> current devices.
>
> There is a solution - reassemble before NATing, and when issuing the new
> packets, issue then with IDs generated at the NAT.
>
>
> These are not NATs. They are specifically designed to be stateless. Sure you
> can argue that the A+P solutions break the Internet, our answer to that oh
> well, move to IPv6.
>
> The correct behavior is already indicated in RFC 6864, Sec 5.3.1
>
Ole,

The requirement that "Protocols/applications SHOULD avoid IP level
fragmentation." already acknowledges and provides advice on the
realities of the current state of fragmentation support in the
network. IMO, the statement that "Networks MUST support IP level
fragmented packets." is appropriate. It is simply restating the
existing requirement that nodes conform to Internet standards. If we
downgrade this to be "Networks SHOULD support IP level fragmented
packets." then I fear this is the start of making a a bunch of core
protocol requirements optional. I suspect we'll have softening of
other requirements like "Networks SHOULD support extension headers",
or "Networks SHOULD support protocols other than TCP". That would be
accepting and codifying non-conformance as well as the protocol
ossification that entails.

Tom

>
> A NAT that is broken isn’t helping users share addresses. It’s just broken.
>
>
> I wish it was that simple.
>
>
> It’s not simple, but saying that “fragmentation is broken” does not make it
> more simple either.
>
>
> True.
> Regardless, I fear we aren’t going to agree on this, but at least I think we
> have understood each other’s points.
>
> Cheers
> Ole
>
> _______________________________________________
> Int-area mailing list
> Int-area@ietf.org
> https://www.ietf.org/mailman/listinfo/int-area
>

v2.23.0 | Report a Bug | By Email