Re: [Int-area] Discussion about Section 6.1 in draft-ietf-intarea-frag-fragile

Fernando Gont <fgont@si6networks.com> Mon, 09 September 2019 23:52 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7879112087C; Mon, 9 Sep 2019 16:52:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.307
X-Spam-Level:
X-Spam-Status: No, score=-0.307 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_03_06=1.592, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Qlea1ZSU2k5; Mon, 9 Sep 2019 16:52:07 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7142A12082B; Mon, 9 Sep 2019 16:52:07 -0700 (PDT)
Received: from [192.168.0.107] (unknown [62.74.25.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id A09ED86494; Tue, 10 Sep 2019 01:52:01 +0200 (CEST)
To: Joe Touch <touch@strayalpha.com>, Bob Hinden <bob.hinden@gmail.com>
Cc: =?UTF-8?Q?Ole_Tr=c3=b8an?= <otroan@employees.org>, "int-area@ietf.org" <int-area@ietf.org>, IESG <iesg@ietf.org>, "draft-ietf-intarea-frag-fragile@ietf.org" <draft-ietf-intarea-frag-fragile@ietf.org>, Suresh Krishnan <suresh@kaloom.com>
References: <efabc7c9f72c4cd9a31f56de24669640@boeing.com> <2EB90A57-9BBD-417C-AEDB-AFBFBB906956@gmail.com> <CAHw9_iKozCAC+8TGS0fSxVZ_3pJW7rnhoKy=Y3AxLqWEXvemcA@mail.gmail.com> <4C8FE1C4-0054-4DA1-BC6E-EBBE78695F1B@gmail.com> <BYAPR05MB5463F112A3FFA8CE6378F3D3AEBB0@BYAPR05MB5463.namprd05.prod.outlook.com> <ab0d5600-d71c-9f0b-2955-64074e040bc6@strayalpha.com> <E770BEF0-D901-4CD0-96E6-C626B560DCD6@gmail.com> <163CD364-2975-467A-8925-F114FFD9C422@employees.org> <E00B6159-2771-42D8-B5E8-7750E0B828DE@strayalpha.com> <3764D860-BC6F-441A-86EF-59E1742D7654@employees.org> <939AFA6F-4C75-4532-82DE-77D14ABC41ED@strayalpha.com> <5C51DCDC-4031-47D9-A28E-812D0E66EE35@employees.org> <5DAA16CC-791E-4042-95F6-65DA58D23EB8@gmail.com> <EA3B45A1-FFD2-49A5-B577-602065632F41@strayalpha.com>
From: Fernando Gont <fgont@si6networks.com>
Openpgp: preference=signencrypt
Message-ID: <5d22dd34-3972-060e-ddc1-b7f27a110a69@si6networks.com>
Date: Mon, 9 Sep 2019 23:46:30 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <EA3B45A1-FFD2-49A5-B577-602065632F41@strayalpha.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/jmqtR1uHTh-XHJE92EljU67xAHU>
Subject: Re: [Int-area] Discussion about Section 6.1 in draft-ietf-intarea-frag-fragile
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2019 23:52:12 -0000

Hi, Joe,

Just one nit:

On 7/9/19 20:35, Joe Touch wrote:
> FWIW, in general:
> 
> With all the concern not detecting when frag fails, I’d like to point out that it’s equally impossible to detect when it works, e.g., when it happens on tunnels that start more than one hop away or more than one layer of intermediate headers.
> 
> E.g, PLPMTUD turns of frag *on the connected interface*. There’s no way to disable source fragmentation that happens later in the network (as it would at tunnel ingresses) or deeper in the stack (when what you think is your interface is locally tunneled over a layer you don’t even know about).
> 
> So *all* systems that try to backoff and use smaller MTUs are actually *already* testing whether fragmentation already works in those cases. Even if your app sends a 1-byte packet you have no idea that some set of layers inflates the headers (e.g., with signatures or key exchanges) beyond the MTU somewhere.

This would seem to be incorrect. IP has a minimum MTU of 68 bytes, and
IPv6 has a minimum MTU of 1280. Hence if you send packets smaller than
or equal to the minimum MTU, the packets should go through.

-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492