Re: [Int-area] Discussion about Section 6.1 in draft-ietf-intarea-frag-fragile

Tom Herbert <tom@herbertland.com> Fri, 06 September 2019 00:20 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 960DC12011C for <int-area@ietfa.amsl.com>; Thu, 5 Sep 2019 17:20:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0jfLyHE8iRLn for <int-area@ietfa.amsl.com>; Thu, 5 Sep 2019 17:20:50 -0700 (PDT)
Received: from mail-ed1-f43.google.com (mail-ed1-f43.google.com [209.85.208.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9E0D1200D5 for <int-area@ietf.org>; Thu, 5 Sep 2019 17:20:49 -0700 (PDT)
Received: by mail-ed1-f43.google.com with SMTP id z9so4613589edq.8 for <int-area@ietf.org>; Thu, 05 Sep 2019 17:20:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NBeJLGzooqsiQXa3FEGPG3SvpACI4X1VvZPgo0zd5/I=; b=rxq9AvZKnk7F/rfhuNjvyg/NGMyu+XkmBhqmnsBPJAtvp3yLRrsBeGG2K0lCMg3rdW xm6CMPmZLyIHghblCTlxTkFNumj77ztpACSxYDxtgfNcA83JBdNmhM0QtetalkFMdo+3 /9Tmt0Dj9Qym1jvSxdl2OcYplyW8ISJOdZuHEG9Utbgs4tKjbW03C33MTjx/3OVbgYt/ 6ThXqKoiPZgPV0TIb7dGTXvuzYTn9uVTeb07LTHh5CL8r2GF/3NueMV2vGBtFxfPI5lF qObwq34b3zR/b8DHzNnRrFtKbcfqws/uu7uO9QT7QH6JY4lvSu1WfwlC51Rn7C5G4iQo emzw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NBeJLGzooqsiQXa3FEGPG3SvpACI4X1VvZPgo0zd5/I=; b=g+YN20SZ2azof8ZC7a+JsuzMZz6MFjJ00UAqmRuur+C7l4eNsWnsTaP6qM0atYq3p9 zkC8227XcKPQOWTFt4SP50ZhR9VnooIFR4YKR/uNT3JmLiBTL6yqa0vBEtEsUZbZoNEp plcbQftso77P1Zkh+Yd7472/M4m8/2S2OM1rt94ju4tQ4m0zBD11d1x6weXarU1r/vbm 6VYmthNdtOYJDfF2LDaDL4Z7U083em05dreMXJsBYfrtEDL7PhgYjlYPWPKvlBfZvPrD Bt0tiR6Uz8b+VmlnytZ+j4YCfp7nb4ledvP6o/2K9RcoyHjnX2ATEVvO0XlI6O083+Cf UKGw==
X-Gm-Message-State: APjAAAXNAmTbwlLu7d0y7YoYNqR6WT7TeWGsYxDTyZyWEcz8K0XhIoup gB88aGGxgU6D02LG7hnT3S2h5ux7zLIAAmpnIDl4yg==
X-Google-Smtp-Source: APXvYqxQ0GuzzdlIZqHeN8dr40aYv2nvOskolsLPEmEmJOi+YXur/wvVbNxkjABjXoIzEasjwiPSjAWqLJQuPv5uRGM=
X-Received: by 2002:a17:906:6792:: with SMTP id q18mr5188359ejp.80.1567729247989; Thu, 05 Sep 2019 17:20:47 -0700 (PDT)
MIME-Version: 1.0
References: <efabc7c9f72c4cd9a31f56de24669640@boeing.com> <2EB90A57-9BBD-417C-AEDB-AFBFBB906956@gmail.com> <CAHw9_iKozCAC+8TGS0fSxVZ_3pJW7rnhoKy=Y3AxLqWEXvemcA@mail.gmail.com> <4C8FE1C4-0054-4DA1-BC6E-EBBE78695F1B@gmail.com> <CALx6S34e1X7y5koxmJXuOJKtJmeTHq2Q9FKX-71ZN=Q5LNBcWQ@mail.gmail.com> <CAHw9_i+sMh6gg=52VGCop5z2=quMAUakadkC0ehAb5eFoNbeLg@mail.gmail.com>
In-Reply-To: <CAHw9_i+sMh6gg=52VGCop5z2=quMAUakadkC0ehAb5eFoNbeLg@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 05 Sep 2019 17:20:36 -0700
Message-ID: <CALx6S35Vh0KKHm7-+O_1p-7kA=xXCfm4CPPsdFiBAhpfF8ASNQ@mail.gmail.com>
To: Warren Kumari <warren@kumari.net>
Cc: Bob Hinden <bob.hinden@gmail.com>, "int-area@ietf.org" <int-area@ietf.org>, IESG <iesg@ietf.org>, Joel Halpern <joel.halpern@ericsson.com>, "draft-ietf-intarea-frag-fragile@ietf.org" <draft-ietf-intarea-frag-fragile@ietf.org>, Suresh Krishnan <suresh@kaloom.com>, "intarea-chairs@ietf.org" <intarea-chairs@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/ulGW60PazATt4SwHno9MAy7ki3E>
Subject: Re: [Int-area] Discussion about Section 6.1 in draft-ietf-intarea-frag-fragile
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2019 00:20:53 -0000

On Thu, Sep 5, 2019 at 3:52 PM Warren Kumari <warren@kumari.net> wrote:
>
> On Thu, Sep 5, 2019 at 3:53 PM Tom Herbert <tom@herbertland.com> wrote:
> >
> > On Thu, Sep 5, 2019 at 11:29 AM Bob Hinden <bob.hinden@gmail.com> wrote:
> > >
> > > Hi,
> > >
> > > Based on the discussion, I would like to propose to see if this will resolve the issues raised.   It attempts to cover the issues raised.
> > >
> > > The full section 6.1 is included below, but only the last sentence in the second paragraph changed.
> > >
> > > Please review and comment.
> > >
> > > Thanks,
> > > Bob
> > >
> > >
> > >
> > > 6.1.  For Application and Protocol Developers
> > >
> > >    Developers SHOULD NOT develop new protocols or applications that rely
> > >    on IP fragmentation.  When a new protocol or application is deployed
> > >    in an environment that does not fully support IP fragmentation, it
> > >    SHOULD operate correctly, either in its default configuration or in a
> > >    specified alternative configuration.
> > >
> > >    While there may be controlled environments where IP fragmentation
> > >    works reliably, this is a deployment issue and can not be known to
> > >    someone developing a new protocol or application.  It is not
> > >    recommended that new protocols or applications be developed that rely
> > >    on IP fragmentation.  Protocols and applications that rely on IP
> > >    fragmentation will work less reliably on the Internet unless they
> > >    also include mechanisms to detect that IP fragmentation isn't working
> > >    reliably.
> > >
> > >    Legacy protocols that depend upon IP fragmentation SHOULD be updated
> > >    to break that dependency.  However, in some cases, there may be no
> > >    viable alternative to IP fragmentation (e.g., IPSEC tunnel mode, IP-
> > >    in-IP encapsulation).  In these cases, the protocol will continue to
> > >    rely on IP fragmentation but should only be used in environments
> > >    where IP fragmentation is known to be supported.
> > >
> > Bob,
> >
> > These two paragraphs seem somewhat contradicatory. For new protocols
> > the recommendation is not to use fragmentation because we can't know
> > whether the deployment allows that, but for legacy protocols we're
> > allowed to use fragmentation if we know the deployment allows that.
> >
> > I think it's a lot simpler to just say that if you know fragmentation
> > works in your environment or to some destination then you can use it,
> > if not then you'll need to do something else.
>
> <no hats>
> Advice like this always feels like a cop-out to me[0].
>
> Let's say that I do (somehow) know that fragmentation works in my
> environment -- where is the knob that I turn in [ Linux | OS X | iOS |
> Android | Windows | IOS | JunOS | <etc> ] which says "These set of
> prefixes are within my environment and you can fragment when sending
> to them?" And how do I also configure <insert long list of protocols>
> to also know this?
>
> It is a *very* small number of cases where my environment is
> sufficiently well defined, homogeneous, and not connected to the
> Internet that "environment" can be properly defined, *and* where all
> nodes know that they are part of it -- off the top if my head, DTN is
> the only example that comes to mind...

That's exactly how fragmentation is productively used today,
particularly in those use cases of IPIP tunneling where fragmentation.
There was a lot of discussion about this on the list. Telling someone
who has been happily using fragmentation for years that they shouldn't
use in their new applications they want to deploy seems trite to me.

>
> The "you can do xxx in your environment" usually feels like / results in:
> a: "I'm tired of fighting, go do whatever you want"
> b: weasel words which later get abuse to justify incorrect behavior
> c: additional complexity
> or d: all of the above.
>
> What we've built is an Internet -- protocols should "just work", not
> only work in specific parts of it, especially if there isn't an
> obvious border (e.g: L2 domain, OSPF domain, etc)

Yes, protocols should "just work". Fragmentation which has been
defined for more than thirty years is supposed to work reliably, but
it doesn't. Not because the protocol is broken, but because of some
non-conformant middlebox implementations. IMO, the recommendation of
this draft to avoid fragmentation is tantamount to a pragmatic
workaround for a bug and doesn't actually fix anything. As I've
already stated, I believe this draft should have been more direct in
requesting that buggy implementations are fixed.

Tom

>
> W
>
> [0]: An exception to this is the standard boilerplate which BMWG
> attaches to its drafts, which goes along the lines of:
> " Benchmarking activities as described in this memo are limited to
>    technology characterization using controlled stimuli in a laboratory
>    environment, with dedicated address space and the constraints
>    specified in the sections above.
>
>    The benchmarking network topology will be an independent test setup
>    and MUST NOT be connected to devices that may forward the test
>    traffic into a production network or misroute traffic to the test
>    management network.
>
>    Further, benchmarking is performed on a "black-box" basis, relying
>    solely on measurements observable external to the DUT or System Under
>    Test (SUT).  Special capabilities SHOULD NOT exist in the DUT/SUT
>    specifically for benchmarking purposes.
>
>    Any implications for network security arising from the DUT/SUT SHOULD
>    be identical in the lab and in production networks."
>
>
>
> > This applies equally to
> > legacy protocols and new protocols, on the open Internet as well as
> > limited domains. For that matter the rule applies pretty much to any
> > protocol that might be considered "fragile" (note, this might just be
> > a rewording of Joe's proposed text).
> >
> > Tom
> >
> >
> >
> > >    Protocols may be able to avoid IP fragmentation by using a
> > >    sufficiently small MTU (e.g.  The protocol minimum link MTU),
> > >    disabling IP fragmentation, and ensuring that the transport protocol
> > >    in use adapts its segment size to the MTU.  Other protocols may
> > >    deploy a sufficiently reliable PMTU discovery mechanism
> > >    (e.g.,PLMPTUD).
> > >
> > >    UDP applications SHOULD abide by the recommendations stated in
> > >    Section 3.2 of [RFC8085].
> > >
> > > _______________________________________________
> > > Int-area mailing list
> > > Int-area@ietf.org
> > > https://www.ietf.org/mailman/listinfo/int-area
> >
>
>
> --
> I don't think the execution is relevant when it was obviously a bad
> idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair
> of pants.
>    ---maf