IETF Logo Mail Archive

Re: [Int-area] WGLC on draft-ietf-intarea-frag-fragile-05

Joe Touch <touch@strayalpha.com> Thu, 17 January 2019 16:24 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B401130E90; Thu, 17 Jan 2019 08:24:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.22
X-Spam-Level:
X-Spam-Status: No, score=-1.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id az-QjFQw7O1b; Thu, 17 Jan 2019 08:24:50 -0800 (PST)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9406712426E; Thu, 17 Jan 2019 08:24:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=Message-ID:References:In-Reply-To:Subject:Cc: To:From:Date:Content-Type:MIME-Version:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=N0LUhc0F9afA7oP9+0m9uuFkbHhwGidc7f393Rb/Qf4=; b=YZj7YRMNBmkRvUQQH2PH06nV/ z5o6hzGuuhVOndgBGgJ/FvPjeXjxug0Rifo9b/oUTMtnzmw666tDe+2Sf/VOsW8RrGsgyh/Yk0Vgg STsljbBmoTcQC/AQPtBIX6bnOn+qr+LZwrsJ29/hO/u1RH9ISpv+wueO96nsPd0vVE7O8bpE8AmbN ukCnBvgVMDwj0XFUMdfslbVDImYfUdk/dJLE27J9Zc0jpYz9Ka5aK/JXdi5RYXxF/Zdepiy47AUHR zoRRvxL9lul9/VzTA4jejJ3hiQVmVDVfPqCmPn+YAc2J3BN/84S8mRdcH1EP5+TE47897OLhmJ75M TD14aVrUg==;
Received: from [::1] (port=52026 helo=server217.web-hosting.com) by server217.web-hosting.com with esmtpa (Exim 4.91) (envelope-from <touch@strayalpha.com>) id 1gkATI-003xj8-VI; Thu, 17 Jan 2019 11:24:49 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_2021736491f4d3bb4f2b78382bd3daa9"
Date: Thu, 17 Jan 2019 08:24:48 -0800
From: Joe Touch <touch@strayalpha.com>
To: Tom Herbert <tom@herbertland.com>
Cc: "Joel M. Halpern" <jmh@joelhalpern.com>, "internet-area@ietf.org" <int-area@ietf.org>, intarea-chairs@ietf.org
In-Reply-To: <CALx6S35jigE3YapYN8uPg7bP_FPfA71iyDApF8D_AJZK_jAu_w@mail.gmail.com>
References: <D060DC26-15C7-4D3F-A3C5-641072C75CC5@ericsson.com> <4a283194-98f5-8f38-211a-29cfbc4c9c3e@joelhalpern.com> <CALx6S36btHxs0UTjahSMXEmOgfnQMAD+xYVFam=vKvQQfvOVdQ@mail.gmail.com> <984bfc0f-8e48-ca87-8f5c-064ae290bb0e@strayalpha.com> <CALx6S36bvohww=X8T_Yc7MmVWnD04hFmgvfW2VEEa-F-kTPERQ@mail.gmail.com> <31109D45-3F4A-45A5-99B9-386B045CF81B@strayalpha.com> <CALx6S35jigE3YapYN8uPg7bP_FPfA71iyDApF8D_AJZK_jAu_w@mail.gmail.com>
Message-ID: <90788fb5f4ab20c1c262a40baf1db11d@strayalpha.com>
X-Sender: touch@strayalpha.com
User-Agent: Roundcube Webmail/1.3.3
X-OutGoing-Spam-Status: No, score=-0.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/wkBInKr4buK7fWfZEX8-TgLAoqs>
Subject: Re: [Int-area] WGLC on draft-ietf-intarea-frag-fragile-05
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jan 2019 16:24:53 -0000

Hi, Tom, 

On 2019-01-17 07:27, Tom Herbert wrote:

> On Thu, Jan 17, 2019 at 7:06 AM Joe Touch <touch@strayalpha.com> wrote: 
> Hi Tom,
> 
> On Jan 17, 2019, at 6:55 AM, Tom Herbert <tom@herbertland.com> wrote:
> ...
> 
> As I mentioned, in-network reassembly has not been specified, only
> reassembly at end destinations has been. 
> Hint - if a packet arrives on your interface with your IP address, you ARE a host.
 Joe,

Conversley, if a packet arrives on your interface that isn't destined
to your IP address, you ARE NOT a host. 

Correct. Note that the association of host with traffic counts for both
transmission and reception, though. 

> I suspects that
> implementations of in-network reassembly commonly make two incorrect
> assumptions: 
> The first one is above... 
> 1) All fragments of a packet traverse the network device performing reassembly
> 2) The first fragment is always received first
> 
> Neither of these assumptions are valid for IP. 
> Agreed, but again, there are three incorrect assumptions. The first is that a NAT isn't a host, and too often that's the one that causes the above two to actually cause pain.
 If NAT is a host, then it is only a host in the return path. Packets
sent from the client behind a NAT have destinations addresses that are
not those of the the NAT device. If a device is performing host
procedures on such packets, like reassembly, then it is being done
outside the auspices of the standard. 

Not quite. The return path is certainly easier to see, but the forward
path doesn't *relay* the incoming packets; it consumes them. Which is
what a host does. 

The outgoing packets are emitted with the source IP of the NAT. So in
the forward direction, strictly, only the *content* is relayed. 

If that content is modified (i.e., address/port rewriting) or inspected,
then that device is acting as a host. 
If the outgoing HOST packets depend on something of the incoming ones,
then that device is also acting as a host. 

> In any case, this isn't a NAT specific issue. Stateful firewalls
> regularly process packets for which they aren't the destination.

And they are similarly bound by the rules of being a host *when they
do*. 

The Internet requirements work just fine; its the devices that aren't
following them. 

Joe

v2.23.0 | Report a Bug | By Email