IETF Logo Mail Archive

Re: [Int-area] Proxy function for PTB messages on the tunnel end

Joseph Touch <touch@strayalpha.com> Wed, 24 March 2021 19:01 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEF943A3378; Wed, 24 Mar 2021 12:01:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.199
X-Spam-Level: *
X-Spam-Status: No, score=1.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HAS_X_OUTGOING_SPAM_STAT=2.517, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n-sALc5zdFXN; Wed, 24 Mar 2021 12:01:22 -0700 (PDT)
Received: from server217-4.web-hosting.com (server217-4.web-hosting.com [198.54.116.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0648A3A34E1; Wed, 24 Mar 2021 12:00:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=VnmF7zbZ519mK2d/nM2cpvDD5oMuV/FEfnN2vcmfhow=; b=jb57djdTA8n5le2I+DOzKd1I3 HuiB2O7nN3KfTpZJh5bjA1zSGnXfxAeHHYiVU3xnxFd0+svycY50qkzGeoffP4f27+YLkCzS8in/A I4iIkr5bsPi1VTdxYn4jgPh0TSbkxVuQyU4mfxQ3myW+x4pl6coRjZDkuSWgsPiWJQNCLonobSN/3 cRsRHNHQI/s6UqwUTjNHJZFg8m6uYJ5LRSe0UnvUTvfgrmJE74Qi/X3i+Hxrdx6mB2abHuHvvpZyB W41WTZwjM95oPsr2lcyjt28yxzKRfCtkan90bTMKvnaqtl2XFVHgIP6jMmaNRs8xoFMo2E/iQCj4C PXHuhitSQ==;
Received: from cpe-172-250-225-198.socal.res.rr.com ([172.250.225.198]:54586 helo=[192.168.1.14]) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94) (envelope-from <touch@strayalpha.com>) id 1lP8kG-002s8O-Ky; Wed, 24 Mar 2021 15:00:49 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_CF22466B-C2B8-4F24-A430-4670730460B0"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
From: Joseph Touch <touch@strayalpha.com>
In-Reply-To: <c3ac993dc35340648988c688f1b86bbc@huawei.com>
Date: Wed, 24 Mar 2021 12:00:43 -0700
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, int-area <int-area@ietf.org>
Message-Id: <61E1D204-B806-4D11-86D1-F175ED38A96C@strayalpha.com>
References: <0b61deabe8f3420eba1b5794b024e914@huawei.com> <A063E98C-0D6C-49B2-B871-E2B39A097FD5@strayalpha.com> <37059faadd6e441cb98f6ec7e01ecef9@huawei.com> <9D23C833-46C5-4B93-A204-D2D4F54689DF@strayalpha.com> <1e6ecd3b468d4255bda65d519190135d@huawei.com> <3B48413C-A47D-4F3F-B9E4-7ED4D33AA66B@strayalpha.com> <22bb7bf129694ccfbbad441d8d22e05c@huawei.com> <A5F62B47-DBA3-457D-89CD-D570EA2EA886@strayalpha.com> <eb63d427f4d34e44908ccee2c2d14073@huawei.com> <F158C443-6E73-4FC6-ADCA-6D28EE8F0A30@strayalpha.com> <d1c8a80b387847a3b00566e3dc0768ab@huawei.com> <D87C00F7-2902-48C4-9DCA-E1019EF32CAA@strayalpha.com> <46be60a38c0f4bc08f352dc8ed353c6a@huawei.com> <4E4C25CB-561C-4BF1-B99B-14E26D00009B@strayalpha.com> <4415086a1b734313b383307a27eb3fb2@huawei.com> <1A41F380-5176-4856-B0FE-BCA065FEAB15@strayalpha.com> <d2dffa85fdbc476f95c008a41e65e696@huawei.com> <8CB230FB-D5D9-4EE2-BA61-7FBC786D09CA@strayalpha.com> <c3ac993dc35340648988c688f1b86bbc@huawei.com>
To: Vasilenko Eduard <vasilenko.eduard@huawei.com>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/l45b-Qt4kDU2EZGh5G3p85l1NTc>
Subject: Re: [Int-area] Proxy function for PTB messages on the tunnel end
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Mar 2021 19:01:32 -0000

Two points:

> On Mar 24, 2021, at 7:59 AM, Vasilenko Eduard <vasilenko.eduard@huawei.com> wrote:
> 
> It would invalidate all tunneling implementations. It is not compatible with any one of them. PMTUD is killed. Revolution.

PMTUD is effectively dead, so if you’re worried about it, you’re 20+ years too late - as per the RFCs I’ve already cited.

> All complaints against RFC 2473 are minor (if right),
> Except this one that is definitely wrong:
>        o Tunnel ingress issues ICMPs
> This is a violation of RFC792 and 8200; the ICMPs issued are that of routers, not links. If the ingress is at the source host, these ICMPs would come from a device that is not a router.
> ICMP PTB is very important to deliver to the traffic source.

I’m saying something very specific:
	- tunnels are links
	- links NEVER *genenerate* ICMPs
	- routers and hosts *generate* ICMPs
		based on what happens inside them, e.g,, to their processes and links

So the question is “under what conditions does a link cause a router/host to generate an ICMP?”

There should be no unsolicited ICMPs, i.e., routers/hosts NEVER generate ICMPs unless in reaction to a packet being sent or received.

PTB means “I cannot send the packet over this link”. Not path - link. There is no PTB for a path; the assumption is that one link of a path that fails will send the ICMPs back to the source.

For a tunnel, when can it NOT send a packet?
	- only when that packet is larger than the tunnel EMTU_R (i.e., egress received max, reassembled if reassembly is supported)

A packet that can be fragmented and traverse a tunnel is not too big. It’s “bigger than you might like” or “bigger than desired”, but there is no ICMP to indicate that sort of ‘soft’ (non failure) error.

So what should happen:
	- tunnels ingress should know and update (if changing) the tunnel EMTU_R value
	- routers/hosts should use EMTU_R as the tunnel MTU
		again, because the tunnel path MTU is a preference; the tunnel EMTU_R is the actual strict limit
	- routers/hosts sending packets over a tunnel generate ICMP PTBs as needed
		again, the router/host generates the message, not the tunnel ingress
		this happens when the router/host tries to send a packet over out that tunnel interface that is larger than the tunnel MTU

So this all works, as long as ICMPs are relayed.

Draft-tunnels does not deprecate this behavior. It describes it and explains why this is the correct behavior.

Tunnel ingresses that relay PTBs inside are broken; they fail in ways they do not need to. That is the true error.

Joe

v2.23.0 | Report a Bug | By Email