IETF Logo Mail Archive

Re: [Int-area] draft-bonica-intarea-frag-fragile-01

Joe Touch <touch@strayalpha.com> Tue, 03 July 2018 14:12 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C99DD128BAC; Tue, 3 Jul 2018 07:12:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2tyz2UXAsXTf; Tue, 3 Jul 2018 07:12:13 -0700 (PDT)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF6F5130DE6; Tue, 3 Jul 2018 07:12:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=lbBbNkMy5Tii7SR+RiUzJY03KlDTdfqzv2RLGAsBiq0=; b=uKw0ufiP25oBHCa9Wlbi18Fio 9naxD6LRo5FXtXdBr047yloV2JqQXEVewB+24vPw8CWcOOQXJs8QdX2haYGsKKvtkmEHoUnEt77l5 yFzkF43eZGyshq6JZfaYvTO/Z/+UqUjcdbRg4yOqYIcs2jQLrvyahvqcZx+LDQ2uGf4mn/2eeHlub iwr5aN6MMymGXHAaMEOoW7qTQvFuJbkQaz2tt/Sb7c9Zfp/uKt10ZOtCMjUnLBwAG4YckRxQEbrOR 9drCadcHaTJdskD941ewleQBiunHqow6YxLm2rp0Wqf3fxd6fj188Sbh3vMggWXWONobcM9ra7Mpt OqxzpRefw==;
Received: from cpe-172-250-240-132.socal.res.rr.com ([172.250.240.132]:63817 helo=[192.168.1.77]) by server217.web-hosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from <touch@strayalpha.com>) id 1faM2D-0028cc-KR; Tue, 03 Jul 2018 10:12:07 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_EEA63FB2-12A8-4FD8-BA80-93024820BF0C"
Mime-Version: 1.0 (Mac OS X Mail 11.4 \(3445.8.2\))
From: Joe Touch <touch@strayalpha.com>
In-Reply-To: <SN6PR05MB424088C49C8B6CBC07622ED2AE620@SN6PR05MB4240.namprd05.prod.outlook.com>
Date: Tue, 03 Jul 2018 07:12:00 -0700
Cc: "C. M. Heard" <heard@pobox.com>, draft-intarea-frag authors <draft-bonica-intarea-frag-fragile@ietf.org>, int-area <int-area@ietf.org>
Message-Id: <4DDD3EC4-1F14-44D3-BA1D-4807F9200E28@strayalpha.com>
References: <CACL_3VE8A-fEHDR0Bz=EhG0QVfvBqwfHeFgkOXbPXTAvjn75fg@mail.gmail.com> <SN6PR05MB42403BB45F2E0E012C706D05AE630@SN6PR05MB4240.namprd05.prod.outlook.com> <CACL_3VFmfybY9Cp+i+ek76GYQDrDi5EV5j0MNSz2CO9F8CbjRQ@mail.gmail.com> <SN6PR05MB424088C49C8B6CBC07622ED2AE620@SN6PR05MB4240.namprd05.prod.outlook.com>
To: Ron Bonica <rbonica@juniper.net>
X-Mailer: Apple Mail (2.3445.8.2)
X-OutGoing-Spam-Status: No, score=-0.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/sEUiINtyFlX4NWsAtfq3A4nDcNg>
Subject: Re: [Int-area] draft-bonica-intarea-frag-fragile-01
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2018 14:12:16 -0000


> On Jun 1, 2018, at 1:53 PM, Ron Bonica <rbonica@juniper.net> wrote:
> 
> Fair enough. You will see that text in the next version of the draft.
>  
>                                         Ron
>  
>  
> From: C. M. Heard <heard@pobox.com> 
> Sent: Friday, June 1, 2018 12:01 PM
> To: Ron Bonica <rbonica@juniper.net>
> Cc: draft-intarea-frag authors <draft-bonica-intarea-frag-fragile@ietf.org>; int-area <int-area@ietf.org>
> Subject: Re: draft-bonica-intarea-frag-fragile-01
>  
> On Thu, May 31, 2018 at 12:39 PM, Ron Bonica <rbonica@juniper.net <mailto:rbonica@juniper.net>> wrote:
> In Section 6.1, DNS, please note that draft-ietf-tsvwg-udp-options <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dietf-2Dtsvwg-2Dudp-2Doptions&d=DwMFaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=Fch9FQ82sir-BoLx84hKuKwl-AWF2EfpHcAwrDThKP8&m=J_pOJLHC_gbCzzfyeW8omX8B8j4T6I07igUCmsA7vPg&s=l9Z0Kh7PKrF4seGUMRn2kViHzJspMRaoNPTKtZ62uIs&e=> may offer an incrementally deployable solution to the problem of oversize DNS responses. As far as I know, this specific use case is not yet documented in any I-D, but the basic idea is that a client would indicate its willingness to accept a UDP-fragmented response by including in its (unfragmented) request a UDP options trailer with the FRAG option as specified on page-15 <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dietf-2Dtsvwg-2Dudp-2Doptions-2D02-23page-2D15&d=DwMFaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=Fch9FQ82sir-BoLx84hKuKwl-AWF2EfpHcAwrDThKP8&m=J_pOJLHC_gbCzzfyeW8omX8B8j4T6I07igUCmsA7vPg&s=VyqM-WCNZiwxsDRAU9buCv7rxPTo9FyDxsWRLlwh_T8&e=> of draft-ietf-tsvwg-udp-options. A server that does not implemented UDP options would ignore the options trailer and use IP-layer fragmentation for large responses; a server that implements UDP options would use UDP-layer fragmentation for large responses.
>  
> RB> While I agree, such a recommendation might be overstepping my charter. Isn’t that a decision for another WG?
>  
> Fair enough. But it might be worth noting possible solutions, Let me offer the following proposal for your consideration.
>  
> OLD:
>    DNS Servers that execute DNSSEC [RFC4035 <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc4035&d=DwMFaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=Fch9FQ82sir-BoLx84hKuKwl-AWF2EfpHcAwrDThKP8&m=3hdRdqDKogUrFAnsk2PVA1XtzMKf_uOyyPaQJlIYrm4&s=iVOGnO8g0kR-YbEW_OTY3jl0QbFKxAgT9ClrD0JOs4c&e=>] procedures are more likely
>    to generate large responses.  Therefore, when running over UDP, they
>    are more likely to cause the generation of IPv6 fragments.  DNS's
>    reliance upon IPv6 fragmentation is fundamental and cannot be broken
>    without changing the DNS specification.
>  
> NEW:
>    DNS Servers that execute DNSSEC [RFC4035 <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc4035&d=DwMFaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=Fch9FQ82sir-BoLx84hKuKwl-AWF2EfpHcAwrDThKP8&m=3hdRdqDKogUrFAnsk2PVA1XtzMKf_uOyyPaQJlIYrm4&s=iVOGnO8g0kR-YbEW_OTY3jl0QbFKxAgT9ClrD0JOs4c&e=>] procedures are more likely
>    to generate large responses.  Therefore, when running over UDP, they
>    are more likely to cause the generation of IPv6 fragments.  DNS's
>    reliance upon IPv6 fragmentation is fundamental and cannot be fully
>    eliminated without changing the DNS specification, e.g., by adding
>    UDP or application layer fragmentation, or by measures such as those
>    described in https://tools.ietf.org/html/draft-song-atr-large-resp <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dsong-2Datr-2Dlarge-2Dresp&d=DwMFaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=Fch9FQ82sir-BoLx84hKuKwl-AWF2EfpHcAwrDThKP8&m=3hdRdqDKogUrFAnsk2PVA1XtzMKf_uOyyPaQJlIYrm4&s=F3W3ZMZQZDYsg1U-raZas8QM5l0vc5udsEs0xl5KmAg&e=>.

Agreed, though it might still be useful to point over to the up-options draft to explain that UDP fragmentation is more than just purely hypothetical.

Joe

v2.23.0 | Report a Bug | By Email