Re: [Int-area] Discussion about Section 6.1 in draft-ietf-intarea-frag-fragile

Ole Troan <otroan@employees.org> Fri, 06 September 2019 14:50 UTC

Return-Path: <otroan@employees.org>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A306F120BBA; Fri, 6 Sep 2019 07:50:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oZxR6m1Ngg5A; Fri, 6 Sep 2019 07:50:26 -0700 (PDT)
Received: from clarinet.employees.org (clarinet.employees.org [198.137.202.74]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45684120CD8; Fri, 6 Sep 2019 07:50:26 -0700 (PDT)
Received: from astfgl.hanazo.no (30.51-175-112.customer.lyse.net [51.175.112.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by clarinet.employees.org (Postfix) with ESMTPSA id 8D41A4E11B54; Fri, 6 Sep 2019 14:50:25 +0000 (UTC)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by astfgl.hanazo.no (Postfix) with ESMTP id B466A1BB1A59; Fri, 6 Sep 2019 16:50:21 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Ole Troan <otroan@employees.org>
In-Reply-To: <E00B6159-2771-42D8-B5E8-7750E0B828DE@strayalpha.com>
Date: Fri, 06 Sep 2019 16:50:21 +0200
Cc: Bob Hinden <bob.hinden@gmail.com>, "int-area@ietf.org" <int-area@ietf.org>, Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, IESG <iesg@ietf.org>, Joel Halpern <joel.halpern@ericsson.com>, "draft-ietf-intarea-frag-fragile@ietf.org" <draft-ietf-intarea-frag-fragile@ietf.org>, Suresh Krishnan <suresh@kaloom.com>, "intarea-chairs@ietf.org" <intarea-chairs@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <3764D860-BC6F-441A-86EF-59E1742D7654@employees.org>
References: <efabc7c9f72c4cd9a31f56de24669640@boeing.com> <2EB90A57-9BBD-417C-AEDB-AFBFBB906956@gmail.com> <CAHw9_iKozCAC+8TGS0fSxVZ_3pJW7rnhoKy=Y3AxLqWEXvemcA@mail.gmail.com> <4C8FE1C4-0054-4DA1-BC6E-EBBE78695F1B@gmail.com> <BYAPR05MB5463F112A3FFA8CE6378F3D3AEBB0@BYAPR05MB5463.namprd05.prod.outlook.com> <ab0d5600-d71c-9f0b-2955-64074e040bc6@strayalpha.com> <E770BEF0-D901-4CD0-96E6-C626B560DCD6@gmail.com> <163CD364-2975-467A-8925-F114FFD9C422@employees.org> <E00B6159-2771-42D8-B5E8-7750E0B828DE@strayalpha.com>
To: Joe Touch <touch@strayalpha.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/hpXidUrGwN-yoKOtT20zuU6RMZU>
Subject: Re: [Int-area] Discussion about Section 6.1 in draft-ietf-intarea-frag-fragile
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2019 14:50:34 -0000

Joe,

> Comments below. 
> 
>> On Sep 5, 2019, at 11:33 PM, Ole Troan <otroan@employees.org> wrote:
>> 
>> Bob, et al,
>> 
>> I have two issues with this text.
>> 
>> 1) It introduces something new and undescribed in paragraph 2.
>>  "unless they also include mechanisms to detect that IP fragmentation isn't working
>> reliably."
>>  That seems like hand-waving to me. Suggest deleting.
> 
> Fragmentation success or failure is directly testable. Any feedback mechanism will work and specific ones are mentioned elsewhere (PLPMTUD).
> 
> This differs from ICMP black-holing in path MTU detection.

Can you please point me to where in the PLPMTUD document testing for IP fragmentation is described?
I thought PLPMTUD found the largest unfragmented size of a datagram.

>> 2) Paragraph 4:
>>  "The risks of IP fragmentation can also be mitigated
>>  through the use of encapsulation, e.g., by transmitting IP fragments
>>  as payloads."
>> 
>>  This seems like proposing new unspecified solutions with it's own set
>>  of considerations.
> 
> Specific widely-deployed methods are mentioned elsewhere in the doc, including GRE and UDP.

Sorry, I couldn't find those either.
Inner fragmentation, firstly is only applicable to IPv4. And only applicable to tunnels.
And both those specs go to great length in avoiding fragmentation.

>>  IP fragmentation is a general solution to all hosts,
>>  encapsulation is certainly not in every host,
> 
> Actually, it is - unless you’re claiming hosts don’t support UDP.

Sorry, I don't understand what you mean.
Are you saying that a new UDP applications should support the following stack:

IPv6 + UDP + IPv6 + FH + UDP + Applcation data

So to be able to hide IP fragments from the network?
While still having to do the full PLPMTUD to function correctly?

>> and has different
>>  properties with regards to NAT traversal etc.
> 
> If by “different” you mean “much more likely to succeed”, agreed.

I need to see numbers of that. But regardless I don't see the relevance to this document.

>> vAlso if encapsulation
>>  was the answer, other segmentation / reassembly that were tunnel
>>  specific could be developed.
> 
> It is and is widely used - IPsec tunnels over UDP, e.g.

That's a encapsulated solution to start with.

>> Regardless this also amounts of hand-waving
>>  and doesn't seem to offer any advice that can be heeded now.
>>  And of course encapsulation can also exacerbate the problem
>>  by increasing packet size.
> 
> Yes, it makes the fragments smaller, which may be additional effort/performance impact, but it completely hides its impact on successful forwarding.

You may be making a point. I'm afraid I don't get it.

Cheers,
Ole