Re: [Int-area] Discussion about Section 6.1 in draft-ietf-intarea-frag-fragile

On Thu, Sep 5, 2019 at 3:53 PM Tom Herbert <tom@herbertland.com> wrote:
>
> On Thu, Sep 5, 2019 at 11:29 AM Bob Hinden <bob.hinden@gmail.com> wrote:
> >
> > Hi,
> >
> > Based on the discussion, I would like to propose to see if this will resolve the issues raised.   It attempts to cover the issues raised.
> >
> > The full section 6.1 is included below, but only the last sentence in the second paragraph changed.
> >
> > Please review and comment.
> >
> > Thanks,
> > Bob
> >
> >
> >
> > 6.1.  For Application and Protocol Developers
> >
> >    Developers SHOULD NOT develop new protocols or applications that rely
> >    on IP fragmentation.  When a new protocol or application is deployed
> >    in an environment that does not fully support IP fragmentation, it
> >    SHOULD operate correctly, either in its default configuration or in a
> >    specified alternative configuration.
> >
> >    While there may be controlled environments where IP fragmentation
> >    works reliably, this is a deployment issue and can not be known to
> >    someone developing a new protocol or application.  It is not
> >    recommended that new protocols or applications be developed that rely
> >    on IP fragmentation.  Protocols and applications that rely on IP
> >    fragmentation will work less reliably on the Internet unless they
> >    also include mechanisms to detect that IP fragmentation isn't working
> >    reliably.
> >
> >    Legacy protocols that depend upon IP fragmentation SHOULD be updated
> >    to break that dependency.  However, in some cases, there may be no
> >    viable alternative to IP fragmentation (e.g., IPSEC tunnel mode, IP-
> >    in-IP encapsulation).  In these cases, the protocol will continue to
> >    rely on IP fragmentation but should only be used in environments
> >    where IP fragmentation is known to be supported.
> >
> Bob,
>
> These two paragraphs seem somewhat contradicatory. For new protocols
> the recommendation is not to use fragmentation because we can't know
> whether the deployment allows that, but for legacy protocols we're
> allowed to use fragmentation if we know the deployment allows that.
>
> I think it's a lot simpler to just say that if you know fragmentation
> works in your environment or to some destination then you can use it,
> if not then you'll need to do something else.

<no hats>
Advice like this always feels like a cop-out to me[0].

Let's say that I do (somehow) know that fragmentation works in my
environment -- where is the knob that I turn in [ Linux | OS X | iOS |
Android | Windows | IOS | JunOS | <etc> ] which says "These set of
prefixes are within my environment and you can fragment when sending
to them?" And how do I also configure <insert long list of protocols>
to also know this?

It is a *very* small number of cases where my environment is
sufficiently well defined, homogeneous, and not connected to the
Internet that "environment" can be properly defined, *and* where all
nodes know that they are part of it -- off the top if my head, DTN is
the only example that comes to mind...

The "you can do xxx in your environment" usually feels like / results in:
a: "I'm tired of fighting, go do whatever you want"
b: weasel words which later get abuse to justify incorrect behavior
c: additional complexity
or d: all of the above.

What we've built is an Internet -- protocols should "just work", not
only work in specific parts of it, especially if there isn't an
obvious border (e.g: L2 domain, OSPF domain, etc)

W

[0]: An exception to this is the standard boilerplate which BMWG
attaches to its drafts, which goes along the lines of:
" Benchmarking activities as described in this memo are limited to
   technology characterization using controlled stimuli in a laboratory
   environment, with dedicated address space and the constraints
   specified in the sections above.

   The benchmarking network topology will be an independent test setup
   and MUST NOT be connected to devices that may forward the test
   traffic into a production network or misroute traffic to the test
   management network.

   Further, benchmarking is performed on a "black-box" basis, relying
   solely on measurements observable external to the DUT or System Under
   Test (SUT).  Special capabilities SHOULD NOT exist in the DUT/SUT
   specifically for benchmarking purposes.

   Any implications for network security arising from the DUT/SUT SHOULD
   be identical in the lab and in production networks."

> This applies equally to
> legacy protocols and new protocols, on the open Internet as well as
> limited domains. For that matter the rule applies pretty much to any
> protocol that might be considered "fragile" (note, this might just be
> a rewording of Joe's proposed text).
>
> Tom
>
>
>
> >    Protocols may be able to avoid IP fragmentation by using a
> >    sufficiently small MTU (e.g.  The protocol minimum link MTU),
> >    disabling IP fragmentation, and ensuring that the transport protocol
> >    in use adapts its segment size to the MTU.  Other protocols may
> >    deploy a sufficiently reliable PMTU discovery mechanism
> >    (e.g.,PLMPTUD).
> >
> >    UDP applications SHOULD abide by the recommendations stated in
> >    Section 3.2 of [RFC8085].
> >
> > _______________________________________________
> > Int-area mailing list
> > Int-area@ietf.org
> > https://www.ietf.org/mailman/listinfo/int-area
>

-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf