IETF Logo Mail Archive

Re: [Int-area] WGLC on draft-ietf-intarea-frag-fragile-05

Tom Herbert <tom@herbertland.com> Thu, 17 January 2019 14:55 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 382EA1294FA for <int-area@ietfa.amsl.com>; Thu, 17 Jan 2019 06:55:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.042
X-Spam-Level:
X-Spam-Status: No, score=-2.042 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GEAJQ8RrrUpA for <int-area@ietfa.amsl.com>; Thu, 17 Jan 2019 06:55:26 -0800 (PST)
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6194C12894E for <int-area@ietf.org>; Thu, 17 Jan 2019 06:55:26 -0800 (PST)
Received: by mail-qt1-x82c.google.com with SMTP id n32so11529384qte.11 for <int-area@ietf.org>; Thu, 17 Jan 2019 06:55:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=DuaysOeHdTnuUuG8Sv/EjpY/oWk9+4ag5L0bQQzGviY=; b=gvcR3CG2xjL+0f+Atr4H7YmwKIqG0HYZh72WYzVb8TVGsNXKuS4vgSUYXtddRcyKOt 3MiJXNkg7BMx2h9MAPeATHIGalx43sYAgx3sVaryvULzj49FDQO/NyxcaBsU3OIrxM1s GxCeqw+Px1i12HpJzJ0SDsBJlF7Giq+Eoy+sbse6ZSzeIPECbooY5Xp1jiDdrrMl1CYt sXzyHs0WEQfBuhGec+mXL+kBwEzItWBWGa1YiM2lof34DjCZg4fY0j5UMalbWXggmqt+ jpQ0qV6uLRObKOG5NQ9f9wU+cDwgK5sEYcbvKw+BppegROHXjF3rE+6MRkbuIjpznxH7 Z2xQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=DuaysOeHdTnuUuG8Sv/EjpY/oWk9+4ag5L0bQQzGviY=; b=UsgGY7eUnTdaih5eKuAvZo14w7Vwazt8DfuYGsxGpX86tZda1snbvZ8dlNQdOjmS49 XN3g35Y4XnPIEvhtcKIKRj4SVePacf0FuuFkD5yGZkPDz9z1dv49d2eRRULXpxhujH6l 0CKcqZuruOQfPWDYI5V1nEGoeoWwN+1Y/vBSNs8C6293eUe9H/dM24yI8BC6s1OLVLZC igB2Pn7NoElsT/UyePEPssNybGBKkvWmCmE6VSI8UYgBT01YmyIVykao2MQWjCqhqLkg jbV4t7eqnZd32LQzQsm41TDMw85RNs5mR6v6ZGV7cDgaLVZlocXMySBMRy4IXUZFZebu VpYQ==
X-Gm-Message-State: AJcUukdtfyQFm+lr5Pl07YYlG6SYXWqICln8yjdg2TayomQB8yOtW/OA s8NS1qR8osIX06DnARnoQQ5Ohrc2VaH1PBGHIk2RyA==
X-Google-Smtp-Source: ALg8bN69DxE8T9EG6JWZbEXRGN7kyytXGkDjljjeVFTSMR4idivnlPkuWNdBYjFjsW+4ehgKM1T9E0y94TsnbgdzAEo=
X-Received: by 2002:ac8:274a:: with SMTP id h10mr11621606qth.189.1547736925218; Thu, 17 Jan 2019 06:55:25 -0800 (PST)
MIME-Version: 1.0
References: <D060DC26-15C7-4D3F-A3C5-641072C75CC5@ericsson.com> <4a283194-98f5-8f38-211a-29cfbc4c9c3e@joelhalpern.com> <CALx6S36btHxs0UTjahSMXEmOgfnQMAD+xYVFam=vKvQQfvOVdQ@mail.gmail.com> <984bfc0f-8e48-ca87-8f5c-064ae290bb0e@strayalpha.com>
In-Reply-To: <984bfc0f-8e48-ca87-8f5c-064ae290bb0e@strayalpha.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 17 Jan 2019 06:55:14 -0800
Message-ID: <CALx6S36bvohww=X8T_Yc7MmVWnD04hFmgvfW2VEEa-F-kTPERQ@mail.gmail.com>
To: Joe Touch <touch@strayalpha.com>
Cc: "Joel M. Halpern" <jmh@joelhalpern.com>, "internet-area@ietf.org" <int-area@ietf.org>, "intarea-chairs@ietf.org" <intarea-chairs@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/tTuZ5JgA5-QRZZASfIXVPUf1glo>
Subject: Re: [Int-area] WGLC on draft-ietf-intarea-frag-fragile-05
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jan 2019 14:55:30 -0000

On Wed, Jan 16, 2019 at 10:20 PM Joe Touch <touch@strayalpha.com> wrote:
>
> Tom,
>
> On 1/14/2019 2:04 PM, Tom Herbert wrote:
>
> Hello. I have a couple of comments:
>
> >From the draft:
> "Middle boxes SHOULD process IP fragments in a manner that is
> compliant with RFC 791 and RFC 8200.  In many cases, middle boxes must
> maintain state in order to achieve this goal."
>
> This requirement is confusing to me on several accounts. First of all,
> there are a lot of requirements about fragmentation in both RFC791 and
> RFC8200, including some MUSTs. This requirement seems to be updating
> and possibly relaxing some of those requirements, but is not specific.
>
> I disagree; being compliant with existing RFCs neither updates nor relaxes those RFCs.
>
> This seems ambiguous as a normative requirement.
>
> Perhaps vague, agreed.
>
> Secondly, the only specified interaction between fragmentation and
> intermediate nodes is that routers can fragment packets in IPv4.
>
> Agreed. However, nodes that *create* packets with their own IP addresses act as hosts; in that regard, middleboxes act both as intermediate (from the private side to public) and hosts (from the public side). As hosts, packets entering them, destined to *their* IP addresses, need to be reassembled, just as with any other host.
>
> This is addressed in detail here:
>
> Touch, J,. "Middlebox Models Compatible with the Internet," Technical Report, USC/ISI (ISI-TR-711), 2016.
>
> https://www.strayalpha.com/pubs/isi-tr-711.pdf
>
> Other
> than that, a middlebox that complies with RFC791 and RFC8200 does not
> process or consider fragmentation of packets. Given that, it's unclear
> to me why middle boxes would need to maintain state to be protocol
> compliant.
>
> If they process only IP headers, they don't. If they further consume the packet's contents - as would a *host*, they need to reassemble that content (even if virtually) to be able to interpret it. That includes associating transport headers with all the content as well as inspecting that content.
>
Joe,

As I mentioned, in-network reassembly has not been specified, only
reassembly at end destinations has been. I suspects that
implementations of in-network reassembly commonly make two incorrect
assumptions:

1) All fragments of a packet traverse the network device performing reassembly
2) The first fragment is always received first

Neither of these assumptions are valid for IP.

> It's possible that the implicit exception of the
> requirement is that middleboxes might perform "in-network reassembly"
> or "virtual reassemlby" which would require state. If that is indeed
> the case then the requirements for the mechanisms should be spelled
> out.
>
> As with Ron, I agree that seems out of scope for this doc.
>
> For stateless load balancing (described in section 4.4), the IPv6 flow
> label obviates the need for DPI.
>
> Only for flow-based routing; not for DPI processing involving content beyond the transport header, e.g., content-based routing. I.e., it depends on how far into the packet the DPI is going...
>
TLS and payload encryption have largely eliminated the ability for
intermediate devices to perform DPI into content. Transport layer
header encryption, like done in QUIC, will further reduce the value of
doing DPI.

Tom

> It is sufficient to hash over the
> three tuple <saddr, daddr, flow label> to get good load balancing. All
> major OSes have been updated to set flow labels, and there are devices
> that already support this. IMO, the draft should make using flow label
> for stateless load balancing a SHOULD.
>
> Tom
>
> On Mon, Jan 14, 2019 at 11:55 AM Joel M. Halpern <jmh@joelhalpern.com> wrote:
>
> I have re-read this document.  I think it is a useful document that
> captures that state of a complex tradeoff and makes effective
> recommendations. I support publishing it as a BCP.
>
> If the authors make further additions, adding a mention of ECMP as a
> particular case of stateless load balancers might further improve the
> document.
>
> Yours,
> Joel
>
> On 1/14/19 1:13 PM, Wassim Haddad wrote:
>
> Dear all,
>
> This email starts an Int-Area WG Last Call on the latest version of "IP Fragmentation Considered Fragile” draft:
>
> https://tools.ietf.org/html/draft-ietf-intarea-frag-fragile-05
>
> Please respond to this email to support the document and/or send comments by 2019-01-28.
>
> Please indicate if you are personally aware of any IPR that applies to draft-ietf-intarea-frag-fragile-xx?
> If so, has this IPR been disclosed in compliance with IETF IPR rules?
>
>
> Regards,
>
> Juan & Wassim
> _______________________________________________
> Int-area mailing list
> Int-area@ietf.org
> https://www.ietf.org/mailman/listinfo/int-area
>
> _______________________________________________
> Int-area mailing list
> Int-area@ietf.org
> https://www.ietf.org/mailman/listinfo/int-area
>
> _______________________________________________
> Int-area mailing list
> Int-area@ietf.org
> https://www.ietf.org/mailman/listinfo/int-area

v2.23.0 | Report a Bug | By Email