IETF Logo Mail Archive

Re: [Int-area] I-D Action: draft-ietf-intarea-frag-fragile-06.txt

"Templin (US), Fred L" <Fred.L.Templin@boeing.com> Fri, 01 February 2019 01:03 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E5A0131195 for <int-area@ietfa.amsl.com>; Thu, 31 Jan 2019 17:03:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yrrPBhsamm2i for <int-area@ietfa.amsl.com>; Thu, 31 Jan 2019 17:03:54 -0800 (PST)
Received: from clt-mbsout-02.mbs.boeing.net (clt-mbsout-02.mbs.boeing.net [130.76.144.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD1EC131198 for <int-area@ietf.org>; Thu, 31 Jan 2019 17:03:53 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by clt-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id x1113phM018224; Thu, 31 Jan 2019 20:03:51 -0500
Received: from XCH16-07-12.nos.boeing.com (xch16-07-12.nos.boeing.com [144.115.66.114]) by clt-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id x1113j2t018048 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL); Thu, 31 Jan 2019 20:03:45 -0500
Received: from XCH16-07-10.nos.boeing.com (144.115.66.112) by XCH16-07-12.nos.boeing.com (144.115.66.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1591.10; Thu, 31 Jan 2019 17:03:44 -0800
Received: from XCH16-07-10.nos.boeing.com ([fe80::e065:4e77:ac47:d9a8]) by XCH16-07-10.nos.boeing.com ([fe80::e065:4e77:ac47:d9a8%2]) with mapi id 15.01.1591.012; Thu, 31 Jan 2019 17:03:44 -0800
From: "Templin (US), Fred L" <Fred.L.Templin@boeing.com>
To: Tom Herbert <tom@herbertland.com>, Joe Touch <touch@strayalpha.com>
CC: Ron Bonica <rbonica@juniper.net>, int-area <int-area@ietf.org>
Thread-Topic: [Int-area] I-D Action: draft-ietf-intarea-frag-fragile-06.txt
Thread-Index: AQHUuca6SuivHwZx+kuGWrzT5CVq16XKIAkg
Date: Fri, 01 Feb 2019 01:03:43 +0000
Message-ID: <75e840b19c2e439ab3ff13d7c105ce8f@boeing.com>
References: <BYAPR05MB424584AA4D0D11D7D0098B81AE900@BYAPR05MB4245.namprd05.prod.outlook.com> <CALx6S35-F_8L+QCcwN6--3TrrRdE5OG3vUACTEH03AmKYerLSw@mail.gmail.com> <BYAPR05MB4245604C8E234D72F42E0D8CAE910@BYAPR05MB4245.namprd05.prod.outlook.com> <10861CAC-3650-4B69-A8B0-437C2A3494CA@strayalpha.com> <CALx6S35XMV+7uXoGatsFEg7Bh+ueuHGVDZrXa8o4cSQKdON7iA@mail.gmail.com> <eb0cd9a4bd898310122ea77e0fade3f9@strayalpha.com> <CALx6S3708uQN2cey8ZDWUKsRR0KUH_uEPk6JwUu4eY4h0Op6xA@mail.gmail.com>
In-Reply-To: <CALx6S3708uQN2cey8ZDWUKsRR0KUH_uEPk6JwUu4eY4h0Op6xA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [137.137.12.6]
x-tm-snts-smtp: 5A2017F1F06AB62197E40C990098F602C5E65AA2691EB787C75ADF81300E7C0E2000:8
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-GCONF: 00
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/zAXyk-z5756LT36oB3czif7LG4I>
Subject: Re: [Int-area] I-D Action: draft-ietf-intarea-frag-fragile-06.txt
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Feb 2019 01:03:56 -0000


> -----Original Message-----
> From: Int-area [mailto:int-area-bounces@ietf.org] On Behalf Of Tom Herbert
> Sent: Thursday, January 31, 2019 4:40 PM
> To: Joe Touch <touch@strayalpha.com>
> Cc: Ron Bonica <rbonica@juniper.net>; int-area <int-area@ietf.org>
> Subject: Re: [Int-area] I-D Action: draft-ietf-intarea-frag-fragile-06.txt
> 
> On Thu, Jan 31, 2019 at 3:10 PM Joe Touch <touch@strayalpha.com> wrote:
> >
> >
> >
> >
> >
> > On 2019-01-31 13:56, Tom Herbert wrote:
> >
> > On Thu, Jan 31, 2019 at 7:59 AM Joe Touch <touch@strayalpha.com> wrote:
> >
> >
> > The problem with dropping the entire paragraph is the section title - talking about stateless firewalls begs the question of stateful
> ones. This is reinforced later in the recommendations. The sentences you remove were the only thing that tied the two together,
> which IMO is important.
> >
> >
> > Joe,
> >
> > The term "Stateless firewalls" is unambiguous in this context. In a
> > stateless firewall, each packet is inspected and judge based solely on
> > it's content.
> >
> >
> > My statement above has no relation to any potential ambiguity in the term.
> >
> > ---
> >
> > However, the term stateless is inaccurate in a few places:
> >
> > (Sec 4.6) NAT is a stateful procedure for an otherwise stateless protocol as well. The same could be argued for load balancers that
> retain similar state through a connection for a flow (i.e., not just hashing the flow or tuple, but doing round-robin per-flow/tuple
> 'sticky' routing)
> >
> > (Sec 7.3) The problem is not just stateless middle boxes, but also certain stateful ones (e.g., NATs, some load balancers, etc.)
> >
> > ---
> >
> > Thus "stateful" actually is both ambiguous and inaccurate here.
> >
> > You appear to want to distinguish between the state needed for virtual reassembly and the state needed to maintain NAT
> translations or sticky round-robin load balancing, but there's no simple term that differentiates them. They're both content-
> dependent, context-dependent, and stateful.
> >
> >
> > Further, as you note there are no *specified* algorithms for virtual reassembly, nor are there any *specified* for NAT translation
> table maintenance or sticky load balancing. Everyone comes up with their own and the basic concept is well enough defined as to not
> need a specification.
> >
> In that case, if it's so obvious and well defined then there shouldn't
> be any issue in either providing a reference to a description or
> specifying it in the draft (if authors do choose discuss virtual
> reassembly in the draft).

I have been telling everyone about virtual fragmentation reassembly for
years. You will find it in many of my docs. Here is what cisco says about it:

https://www.cisco.com/c/en/us/td/docs/ios/sec_data_plane/configuration/guide/12_4/sec_data_plane_12_4_book/sec_virt_frag_reassm.html

Fred
> 
> Tom
> 
> > Joe
> 
> _______________________________________________
> Int-area mailing list
> Int-area@ietf.org
> https://www.ietf.org/mailman/listinfo/int-area

v2.23.0 | Report a Bug | By Email