IETF Logo Mail Archive

Re: [Int-area] draft-bonica-intarea-frag-fragile-01

Ron Bonica <rbonica@juniper.net> Thu, 31 May 2018 19:39 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 610141273E2; Thu, 31 May 2018 12:39:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wX12fqCOaGV3; Thu, 31 May 2018 12:39:13 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CA6C1315F7; Thu, 31 May 2018 12:39:13 -0700 (PDT)
Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w4VJcwNn025099; Thu, 31 May 2018 12:39:12 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=RegQX/E4h7IOfdMcimkhulHqg71ZFflK2xg7acTWFg8=; b=egCyOzM+eYXE8kxfYCau+Z0kcCPF0oeeDbltl9nQF+XyumUGipuesGnI3aBpI9+7T0oR g+rmAIUK60LwVA7THCaL253xKiNyJdkNkX3sKJ7S5T/TuFb+bbg5yfixVFKIju6bg5u1 /UX33BKUlEPZEkqeKo4GY62x/s/HcSS7uH8e7B6rB67rqUglBTQtD4iND/vzQq7v4lvo B4VoIGeTFAlWKpXOwQYGd7jsfFnMkicRgE0+N8Piv4kQrbIhMQD57TFgPyIerd98GQzw ghjPOdGjzmIIq5QKGYn0LlRif1/czQzgBCTwvZVnoeIOnbddrgD0XjGzTTWcO0KVOxP8 Pg==
Received: from nam02-cy1-obe.outbound.protection.outlook.com (mail-cys01nam02lp0048.outbound.protection.outlook.com [207.46.163.48]) by mx0b-00273201.pphosted.com with ESMTP id 2jaq6q80uf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 31 May 2018 12:39:11 -0700
Received: from SN6PR05MB4240.namprd05.prod.outlook.com (52.135.67.146) by SN6PR05MB4862.namprd05.prod.outlook.com (52.135.117.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.797.11; Thu, 31 May 2018 19:39:09 +0000
Received: from SN6PR05MB4240.namprd05.prod.outlook.com ([fe80::4dcd:96fe:df81:33e5]) by SN6PR05MB4240.namprd05.prod.outlook.com ([fe80::4dcd:96fe:df81:33e5%2]) with mapi id 15.20.0820.010; Thu, 31 May 2018 19:39:09 +0000
From: Ron Bonica <rbonica@juniper.net>
To: "C. M. Heard" <heard@pobox.com>, draft-intarea-frag authors <draft-bonica-intarea-frag-fragile@ietf.org>
CC: int-area <int-area@ietf.org>
Thread-Topic: draft-bonica-intarea-frag-fragile-01
Thread-Index: AQHTvjib9RB6P+wOAEa7VQAOIv65KqRKsJGA
Date: Thu, 31 May 2018 19:39:09 +0000
Message-ID: <SN6PR05MB42403BB45F2E0E012C706D05AE630@SN6PR05MB4240.namprd05.prod.outlook.com>
References: <CACL_3VE8A-fEHDR0Bz=EhG0QVfvBqwfHeFgkOXbPXTAvjn75fg@mail.gmail.com>
In-Reply-To: <CACL_3VE8A-fEHDR0Bz=EhG0QVfvBqwfHeFgkOXbPXTAvjn75fg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.0.300.84
dlp-reaction: no-action
x-mcafeedlp-tagged: True
x-originating-ip: [66.129.241.11]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN6PR05MB4862; 7:/qw0jfu7XXnaYXjn3cclp0bQ11QbrlkU6fLaFOA2VOb11tyvUZeCGZxYMOJejhc0HfyD+XxssXb0nsbwc3geNp51hDRdS/1RfpAoEvE+rujx8FuBUt+hGMYZA1nLFFdj2qla6hXjbxAsBacHN04Q8BEyp/KPeGrCfnI02v8PyKbBTi7WNfd74mYkIsDWWT+E9octtIedLqoGGMzbf10F5c8Cv5a/CRvmCncDAxkf0bSGbN5KoUy715/tPSgUBlwo
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:SN6PR05MB4862;
x-ms-traffictypediagnostic: SN6PR05MB4862:
x-microsoft-antispam-prvs: <SN6PR05MB48621063E60B0B77817887DBAE630@SN6PR05MB4862.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(10436049006162)(192374486261705)(100324003535756)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231254)(944501410)(52105095)(3002001)(10201501046)(93006095)(93001095)(6055026)(149027)(150027)(6041310)(20161123564045)(20161123560045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(6072148)(201708071742011)(7699016); SRVR:SN6PR05MB4862; BCL:0; PCL:0; RULEID:; SRVR:SN6PR05MB4862;
x-forefront-prvs: 06891E23FB
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(346002)(39860400002)(366004)(39380400002)(396003)(199004)(189003)(51444003)(476003)(446003)(11346002)(53546011)(110136005)(478600001)(6506007)(26005)(53936002)(102836004)(486006)(229853002)(236005)(76176011)(7696005)(66066001)(9686003)(59450400001)(54896002)(6246003)(9326002)(106356001)(99286004)(2906002)(105586002)(6306002)(3280700002)(5660300001)(74316002)(8936002)(6436002)(606006)(81156014)(8676002)(81166006)(97736004)(19609705001)(68736007)(5250100002)(55016002)(86362001)(25786009)(14454004)(33656002)(186003)(316002)(4326008)(2900100001)(3660700001)(790700001)(8656006)(7736002)(6116002)(3846002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR05MB4862; H:SN6PR05MB4240.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: lXo1dAAAZV0a7nELUNtIIA9TxQF54mq5HfFS4RYzjsG5TxFycN4x/bDEzyS6e0jKAoATBEr5co/BHJVyS7XgkXXErBsN++v4yNsUZwhxyZ/dRbV7Ouu7dc8PtD0vuA24vaMMp7TQSZFjKPb8i1EFyrJh0eRJBrPGcwbfngtxBNqUJ71uA7U4GCisrpNRf4jA
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_SN6PR05MB42403BB45F2E0E012C706D05AE630SN6PR05MB4240namp_"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 703c00a9-4901-4c5d-38bc-08d5c72e2e10
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 703c00a9-4901-4c5d-38bc-08d5c72e2e10
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 May 2018 19:39:09.6810 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR05MB4862
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-05-31_11:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1805220000 definitions=main-1805310218
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/fvjTG98aiJhav5JgrcPIzcl-UYc>
Subject: Re: [Int-area] draft-bonica-intarea-frag-fragile-01
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 May 2018 19:39:17 -0000

Hi Mike,

Thanks for your review. Responses inline…..

                           Ron

From: C. M. Heard <heard@pobox.com>
Sent: Saturday, March 17, 2018 5:40 PM
To: draft-intarea-frag authors <draft-bonica-intarea-frag-fragile@ietf.org>
Cc: int-area <int-area@ietf.org>
Subject: draft-bonica-intarea-frag-fragile-01

Draft authors,

Thanks for putting this draft together.

Major comments:

In Section 5.1, Transport Layer Solutions, please note that there is work in progress on fragmentation at the UDP layer and cite draft-ietf-tsvwg-udp-options<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dietf-2Dtsvwg-2Dudp-2Doptions&d=DwMFaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=Fch9FQ82sir-BoLx84hKuKwl-AWF2EfpHcAwrDThKP8&m=J_pOJLHC_gbCzzfyeW8omX8B8j4T6I07igUCmsA7vPg&s=l9Z0Kh7PKrF4seGUMRn2kViHzJspMRaoNPTKtZ62uIs&e=>.

RB> Agree. Added in next revision.

In Section 6.1, DNS, please note that draft-ietf-tsvwg-udp-options<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dietf-2Dtsvwg-2Dudp-2Doptions&d=DwMFaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=Fch9FQ82sir-BoLx84hKuKwl-AWF2EfpHcAwrDThKP8&m=J_pOJLHC_gbCzzfyeW8omX8B8j4T6I07igUCmsA7vPg&s=l9Z0Kh7PKrF4seGUMRn2kViHzJspMRaoNPTKtZ62uIs&e=> may offer an incrementally deployable solution to the problem of oversize DNS responses. As far as I know, this specific use case is not yet documented in any I-D, but the basic idea is that a client would indicate its willingness to accept a UDP-fragmented response by including in its (unfragmented) request a UDP options trailer with the FRAG option as specified on page-15<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dietf-2Dtsvwg-2Dudp-2Doptions-2D02-23page-2D15&d=DwMFaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=Fch9FQ82sir-BoLx84hKuKwl-AWF2EfpHcAwrDThKP8&m=J_pOJLHC_gbCzzfyeW8omX8B8j4T6I07igUCmsA7vPg&s=VyqM-WCNZiwxsDRAU9buCv7rxPTo9FyDxsWRLlwh_T8&e=> of draft-ietf-tsvwg-udp-options. A server that does not implemented UDP options would ignore the options trailer and use IP-layer fragmentation for large responses; a server that implements UDP options would use UDP-layer fragmentation for large responses.

RB> While I agree, such a recommendation might be overstepping my charter. Isn’t that a decision for another WG?


Minor Comments:

Section 2.2, Upper-layer Protocols, says:


   Upper-layer protocols can operate in the following modes:



   o  Do not rely on IP fragmentation.



   o  Rely on IP source fragmentation only (i.e., fragmentation at the

      source node).



   o  Rely on IP source fragmentation and downstream fragmentation

      (i.e., fragmentation at any node along the path).



   Upper-layer protocols running over IPv4 can operate in the first and

   third modes (above).  Upper-layer protocols running over IPv6 can

   operate in the first and second modes (above).

The first sentence of the last paragraph above is incorrect. In fact upper layer protocols running over IPv4 can operate in the second mode by instructing the IP layer to do source fragmentation and set the DF bit on outgoing packets. I won't argue if you point out that most APIs don't support this mode, but the fact is that the protocol allows for it.

RB> Agree. Fixed in next version.

Section 4.4, Security Vulnerabilities: please cite RFC 3828 in addition to RFC 1858 in both places where the latter is cited.

RB> Are you sure that you want me to reference 3828 (UDP lite)? I don’t see the connection.

                                          Ron


I have (belatedly) read the comments on the int-area list and I think that both Joe Touch and Mikael Abrahamsson make some very good points.

Again, thanks for putting the draft together.

Mike Heard

v2.23.0 | Report a Bug | By Email