IETF Logo Mail Archive

Re: [Int-area] Stateless devices and IP fragmentation

Ron Bonica <rbonica@juniper.net> Wed, 21 November 2018 13:54 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07B6B128A5C for <int-area@ietfa.amsl.com>; Wed, 21 Nov 2018 05:54:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.172
X-Spam-Level:
X-Spam-Status: No, score=-1.172 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, KHOP_DYNAMIC=1.999, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TFCBGyXv9Vkn for <int-area@ietfa.amsl.com>; Wed, 21 Nov 2018 05:54:01 -0800 (PST)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C198E12777C for <int-area@ietf.org>; Wed, 21 Nov 2018 05:54:01 -0800 (PST)
Received: from pps.filterd (m0108158.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id wALDmgoq017918; Wed, 21 Nov 2018 05:53:59 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=PPS1017; bh=KrwwfW7+orNeuDT9AoW4VEaFZvhHbZDFJhyZBQ8Dxzc=; b=d0XoqC931+8uSBHChmioOD3ccbw9RDMEC5H3FJpfXytEd5s3oNMVISe1K5zcngb6j1te zwi8RopU9CpWuyF2QhgZFNVk8uQXakP+dyPEmnvMHo3Y5/csQ+sn3Ez2aOWy7au+ODJe cgt8kovVrPmNKyhtE9OLuDz68hHxUjVqgiWr+RDtYLogReDrKOXAv0YYti+WZca42AA/ M4lE5kcGFlGrE8LbRWe43WN2EoZGeCYAIF+Du0ZLiDkSuLA43otjGeIkl+hju9z/5zdl Cp2nwVC45ePwNQCXXJnAoEnoHikwLMqEHBPXogVUvUry1oZYsvVh/PN+yihvUqs2Uv4B Eg==
Received: from nam04-co1-obe.outbound.protection.outlook.com (mail-co1nam04lp0051.outbound.protection.outlook.com [216.32.181.51]) by mx0a-00273201.pphosted.com with ESMTP id 2nvu4yh95c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 21 Nov 2018 05:53:59 -0800
Received: from BYAPR05MB4245.namprd05.prod.outlook.com (20.176.252.26) by BYAPR05MB4823.namprd05.prod.outlook.com (52.135.235.97) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1361.12; Wed, 21 Nov 2018 13:53:57 +0000
Received: from BYAPR05MB4245.namprd05.prod.outlook.com ([fe80::9dc7:1844:64f1:65b3]) by BYAPR05MB4245.namprd05.prod.outlook.com ([fe80::9dc7:1844:64f1:65b3%4]) with mapi id 15.20.1339.027; Wed, 21 Nov 2018 13:53:57 +0000
From: Ron Bonica <rbonica@juniper.net>
To: Tom Herbert <tom@herbertland.com>
CC: Brian E Carpenter <brian.e.carpenter@gmail.com>, Joe Touch <touch@strayalpha.com>, int-area <int-area@ietf.org>
Thread-Topic: [Int-area] Stateless devices and IP fragmentation
Thread-Index: AQHUdrQCgJqFJKdYjUmqbaJp1vrsN6VEgH4AgAAErICAAAr2gIAADEEAgAAGtACAAWpYgIAAAdUAgAAHuwCAAAVlgIAAAuIAgAALxACAAHTigIAAA9gAgAVFMYCAAAntAIAAAvWAgABf+ZCAADEMAIAAEdfwgAAWPACAABrRoIABfICAgAF2QYCAAAhIoIAACIkAgAAH9CCAAZNc4IAAZ0gAgAC7EqCAAbXHgIAGFOgQ
Date: Wed, 21 Nov 2018 13:53:57 +0000
Message-ID: <BYAPR05MB4245C3DF780FDD7F3BD34D3FAEDA0@BYAPR05MB4245.namprd05.prod.outlook.com>
References: <CALx6S37r9yeniZcrUcdrqjDuQXYAB2AoamJTJPDVe4GNOFbbLw@mail.gmail.com> <E7F84F7C-0AB9-4BD3-8650-487DC6A51B01@employees.org> <F8A549E4-1803-4502-AAEC-DF72B7167C84@strayalpha.com> <80BCE3A0-3F44-4200-BA5D-C59409F1A51B@employees.org> <85B9F5BE-E978-4946-86B8-3138D1742659@strayalpha.com> <BYAPR05MB4245F80B69226ED92E07F740AEC10@BYAPR05MB4245.namprd05.prod.outlook.com> <CALx6S36y80VbqzJF0obuRE3enu176=-y2tXyatC6D5GAsN+8Qg@mail.gmail.com> <BYAPR05MB4245A3105639AC55D753405DAEC10@BYAPR05MB4245.namprd05.prod.outlook.com> <BYAPR05MB42459E4BE7EBC8F76BCB17FAAEC30@BYAPR05MB4245.namprd05.prod.outlook.com> <CALx6S35Htt62PTRi+Yi0YdEkj-_k6_F7fy3UD+pafaD5-Rhn7A@mail.gmail.com> <BYAPR05MB42453EF690EF271C0E5E868BAEC30@BYAPR05MB4245.namprd05.prod.outlook.com> <CALx6S36EsvBSA8Q6B2KDJFHH5GOETOa2fBt+akOX0Q2pFKDtRg@mail.gmail.com> <BYAPR05MB42450FE554E36F855FF7BCF3AEC30@BYAPR05MB4245.namprd05.prod.outlook.com> <BYAPR05MB42459E26264B24E62CBC9A8EAEDC0@BYAPR05MB4245.namprd05.prod.outlook.com> <97d780c6-a4e8-ca31-6679-bef2265a7985@gmail.com> <BYAPR05MB4245C85C1CCB5E5DC7AF3287AEDD0@BYAPR05MB4245.namprd05.prod.outlook.com> <CALx6S36TfY4keJhaB3nc+O_CcW95iZt9vU-9rDO7uW_LFqx_Wg@mail.gmail.com>
In-Reply-To: <CALx6S36TfY4keJhaB3nc+O_CcW95iZt9vU-9rDO7uW_LFqx_Wg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.0.500.58
dlp-reaction: no-action
x-originating-ip: [66.129.241.12]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BYAPR05MB4823; 6:OU8sj89uxuWyzycb3Xvj1KTnMJWswrbnm87GCxi3T7DUcRkwo3y8XUwFxwyKxNT7TOlifWb25oQUYzBzyHvFhjoULbx0oiYjUphANzlKMe3G2wdKrCdQsecV5QWC1/343aY+IQBh2hs5sWXm+Ws7gKJjszemmGWD+Ef5WVd+wXT9iBjnbyKGRejWdLHc+kxv59cs+CPtLxgzpYwWFdLpo0IEcCDpgKv8R1DTkT2KzpMUVY+82WQne5sxzMNoHBFggXUeGzpeOPSJKSneBpnRD30FNPdK83dx6JyP/wFDHFcHBkuIROUJiaTvJqtymUwU5VIkqvsv1Dyr+HEis85/QTCiz8zbl2Q3Nh5/Jh2HHR0lqVxdsCXhekIJTRVczuCfqmgEWAXZqe+p4T7P57CgxZw84hufPkBS1c5CvLvxuv35JhKnNJMuSQ8jtgfD+1/CZjWUnPgOpXFWepnIp1v3ww==; 5:ItbjnP5GXrCSTxl/Y3FKZ7kkCIy+rDMcZB0pds+bATsUnkuYaEXkGZoWty+NuvREuChKKsyeiRBSBLgxHjh2eWAI8fNi/K+SXVE7wGsqXGK2COfIWot12XmMAFaSkeBSxijoQ7lJ3pUPtYxcqNrANI9MfUG+XyA392vvvHYmLD8=; 7:0MIJ8L7l7fpwWmnQw4fq/noardHnANoX8jUXTCoAJfEI7zYteU3bIKJBhc1n0ryQrxSowPZD6J0FyhodmDjgur0GkA7FFxuOGyZ3oLTf0yopzkbMGWQu21AkwjrpJURtefG/AzJ229jR1ftMZ9rZnw==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 43aa9522-cbd3-4c2b-6bc8-08d64fb8c88b
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390098)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:BYAPR05MB4823;
x-ms-traffictypediagnostic: BYAPR05MB4823:
x-microsoft-antispam-prvs: <BYAPR05MB4823C27CE84D71F77637C0BAAEDA0@BYAPR05MB4823.namprd05.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(3231442)(944501410)(52105112)(10201501046)(3002001)(6055026)(148016)(149066)(150057)(6041310)(20161123558120)(20161123564045)(20161123560045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:BYAPR05MB4823; BCL:0; PCL:0; RULEID:; SRVR:BYAPR05MB4823;
x-forefront-prvs: 08635C03D4
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(136003)(346002)(39860400002)(366004)(396003)(199004)(189003)(13464003)(97736004)(476003)(9686003)(486006)(99286004)(8936002)(446003)(6506007)(53546011)(66066001)(4001150100001)(26005)(102836004)(6246003)(11346002)(93886005)(76176011)(8676002)(71190400001)(33656002)(7696005)(55016002)(71200400001)(2906002)(316002)(186003)(81156014)(7736002)(81166006)(478600001)(74316002)(14454004)(256004)(5660300001)(14444005)(53936002)(229853002)(86362001)(54906003)(39060400002)(6436002)(106356001)(305945005)(3846002)(6116002)(6916009)(68736007)(2900100001)(25786009)(4326008)(105586002); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR05MB4823; H:BYAPR05MB4245.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: sQw5mSD4JxGwNwGsiy6RSleIrvOM403yO81BQbTFEBqz6soaA9FPlWa1nJgk+UytOKJkSN6gqOKfB2HZolXsFsv6olDlY6D6gI/N5JNvmacsvtGLWHXLzZK4jn21TQiuLyUmusZirYF6Morg+EspAIQ7T1l1oLf7DereksyIS+eGQiDvgTf36PaVX4qszjPRr8jtq8RC4MsS3SD58lOZy5hYZ8foqyghEWlntDAksqBEEh7jdqVDAJ/D07K7UYPDN1mUsQXYluF5LHMAgtymYhMmlCklTTPbVgMEzR+ZBpgs8thYl+cml4bxfyCUvHRzjAFtD3XXQ9fir57fpW1NI/GET7lfcQkSYYyIovLVOfI=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 43aa9522-cbd3-4c2b-6bc8-08d64fb8c88b
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Nov 2018 13:53:57.5254 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB4823
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-11-21_05:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1811210122
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/joN_0LlggDBFvNnYSSD_YBJWkC0>
Subject: Re: [Int-area] Stateless devices and IP fragmentation
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Nov 2018 13:54:03 -0000

Tom,

Fair enough...

Section 7.3 now reads as follows:

7.3.  For Middle Box Developers

   Middle boxes SHOULD process IP fragments in a manner that is
   compliant with RFC 791 and RFC 8200.  In many cases, middle boxes
   must maintain state in order to achieve this goal.

   Price and performance considerations frequently motivate network
   operators to deploy stateless middle boxes.  These stateless middle
   boxes may perform sub-optimally, process IP fragments in a manner
   that is not compliant with RFC 791 or RFC 8200, or even discard IP
   fragments completely.  Such behaviors are NOT RECOMMENDED.  If a
   middleboxes implements non-standard behavior with respect to IP
   fragmentation, then that behavior MUST be clearly documented.

                            Ron


> -----Original Message-----
> From: Tom Herbert <tom@herbertland.com>
> Sent: Saturday, November 17, 2018 12:01 PM
> To: Ron Bonica <rbonica@juniper.net>
> Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>; Joe Touch
> <touch@strayalpha.com>; int-area <int-area@ietf.org>
> Subject: Re: [Int-area] Stateless devices and IP fragmentation
> 
> On Fri, Nov 16, 2018 at 7:02 AM Ron Bonica <rbonica@juniper.net> wrote:
> >
> > Hi Brian,
> >
> > Fair enough. Does the following text work?
> >
> >                                    Ron
> >
> > 7.3.  For Middle Box Developers
> >
> > Middle boxes SHOULD process IP fragments in a manner that is compliant
> with RFC 791 and RFC 8200. In many cases, middle boxes must maintain state
> in order to achieve this goal.
> >
> Ron,
> 
> Devices that maintain protocol state in the network aren't protocol compliant
> either.
> 
> > Price and performance considerations frequently motivate network
> operators to deploy stateless middle boxes.  These stateless middle boxes may
> perform sub-optimally, process IP fragments in a manner that is not compliant
> with RFC 791 or RFC 8200, or even discard IP fragments completely. Providers
> of such middle boxes MUST document product's their behavior.
> 
> This is too permissive for middle boxes to implement whatever ad hoc
> behavior they want. I would say it like:
> 
> "Price and performance considerations frequently motivate network
> operators to deploy stateless middle boxes.  Some deployed stateless middle
> boxes process IP fragments in a manner that is not compliant with RFC 791 or
> RFC 8200, or even discard IP fragments completely.
> Such behaviors are NOT RECOMMENDED. If a middleboxes implements non-
> standard behavior with respect to IP fragmentation, then that behavior MUST
> be clearly documented."
> 
> >
> > The behaviors exhibited by the above-mentioned devices are not desirable.
> However, one behavior may be acceptable to one network operator while
> another behavior is acceptable to another network operator. Middle box
> vendors MUST provide network operators with all of the information required
> to  make intelligent middle box deployment decisions.
> 
> I don't think this paragraph is needed with the suggested text above.
> 
> Tom
> 
> >
> > > -----Original Message-----
> > > From: Brian E Carpenter <brian.e.carpenter@gmail.com>
> > > Sent: Thursday, November 15, 2018 10:44 PM
> > > To: Ron Bonica <rbonica@juniper.net>; Tom Herbert
> > > <tom@herbertland.com>; Joe Touch <touch@strayalpha.com>
> > > Cc: int-area <int-area@ietf.org>
> > > Subject: Re: [Int-area] Stateless devices and IP fragmentation
> > >
> > > >  These stateless middle boxes may perform sub-optimally or process
> > > > IP fragments in a manner that is not compliant with RFC 791 or RFC
> 8200.
> > >
> > > That seems to skirt round the real concern. Middleboxes don't exist
> > > in the world assumed by RFC 791 or 8200, so those RFCs don't place
> > > any compliance requirements on middleboxes. It's simply implicit
> > > that datagrams get delivered whether fragmented or not. RFC 1812
> > > doesn't seem to mention that routers MUST forward fragments,
> > > presumably because it's blindingly obvious. Same for draft-ietf-6man-
> rfc6434-bis and draft-v6ops-ipv6rtr-reqs.
> > >
> > > So at least can we say:
> > >
> > > These stateless middle boxes may perform sub-optimally, process IP
> > > fragments in a manner that is not compliant with RFC 791 or RFC
> > > 8200, or even discard IP fragments completely.
> > >
> > > Regards
> > >    Brian
> > >
> > > On 2018-11-16 10:35, Ron Bonica wrote:
> > > > Tom, Joe, Brian,
> > > >
> > > > I haven't seen a response to this message. Can I assume that you
> > > > are OK with
> > > this text?
> > > >
> > > >                                      Ron
> > > >
> > > >
> > > >> -----Original Message-----
> > > >> From: Ron Bonica
> > > >> Sent: Wednesday, November 14, 2018 4:35 PM
> > > >> To: Tom Herbert <tom@herbertland.com>
> > > >> Cc: int-area <int-area@ietf.org>; Joe Touch
> > > >> <touch@strayalpha.com>
> > > >> Subject: RE: [Int-area] Stateless devices and IP fragmentation
> > > >>
> > > >> Folks,
> > > >>
> > > >> We thrashing over the example. Can everybody agree to the
> > > >> following
> > > text?
> > > >>
> > > >>                                                Ron
> > > >>
> > > >> 7.3.  For Middle Box Developers
> > > >>
> > > >> Middle boxes SHOULD process IP fragments in a manner that is
> > > >> compliant with RFC 791 and RFC 8200. In many cases, middle boxes
> > > >> must maintain state in order to achieve this goal.
> > > >>
> > > >> Price and performance considerations frequently motivate network
> > > >> operators to deploy stateless middle boxes. These stateless
> > > >> middle boxes may perform sub-optimally or process IP fragments in
> > > >> a manner that is not compliant with RFC 791 or RFC 8200.
> > > >> Providers of such middle boxes MUST document product's their
> behavior.
> > > >>
> > > >> The behaviors exhibited by the above-mentioned devices are not
> desirable.
> > > >> However, one behavior may be acceptable to one network operator
> > > >> while another behavior is acceptable to another network operator.
> > > >> Middle box vendors MUST provide network operators with all of the
> > > >> information required to  make intelligent middle box deployment
> decisions.

v2.23.0 | Report a Bug | By Email