Re: [IPsec] I-D Action: draft-ietf-ipsecme-iptfs-12.txt
Christian Hopps <chopps@chopps.org> Tue, 09 November 2021 11:59 UTC
Return-Path: <chopps@chopps.org>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E9003A0F9D for <ipsec@ietfa.amsl.com>; Tue, 9 Nov 2021 03:59:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cCTZ9GymEoC6 for <ipsec@ietfa.amsl.com>; Tue, 9 Nov 2021 03:59:28 -0800 (PST)
Received: from smtp.chopps.org (smtp.chopps.org [54.88.81.56]) by ietfa.amsl.com (Postfix) with ESMTP id 285F03A0F5E for <ipsec@ietf.org>; Tue, 9 Nov 2021 03:59:28 -0800 (PST)
Received: from ja.int.chopps.org.chopps.org (047-026-251-217.res.spectrum.com [47.26.251.217]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by smtp.chopps.org (Postfix) with ESMTPSA id 7AAE48456F; Tue, 9 Nov 2021 11:59:27 +0000 (UTC)
References: <163637838640.2334.12779298707748449055@ietfa.amsl.com> <24970.18764.155041.264504@fireball.acr.fi>
User-agent: mu4e 1.6.6; emacs 27.2
From: Christian Hopps <chopps@chopps.org>
To: Tero Kivinen <kivinen@iki.fi>
Cc: ipsec@ietf.org
Date: Tue, 09 Nov 2021 06:49:55 -0500
In-reply-to: <24970.18764.155041.264504@fireball.acr.fi>
Message-ID: <m2lf1xpmjl.fsf@ja.int.chopps.org>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/2KlP4TZXgIgIGFn6d4skzLT1pRg>
Subject: Re: [IPsec] I-D Action: draft-ietf-ipsecme-iptfs-12.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2021 11:59:32 -0000
I believe this is a good time to apply KISS method. We have a lost packet timer and additionally this is the "in order delivery" mode. Let's not make this more complex to try and eek out every ounce of potential, especially given we are already documenting 2 possible receiver behaviors (instead of 1 recommended one) specifically b/c we need to gain more experience for what affects they have on the inner traffic and various applications. Please also consider this from the perspective of congestion control. When a packet is considered lost it will trigger various actions in the congestion control algorithms. Let's just keep lost packets lost for now. Thanks, Chris. Tero Kivinen <kivinen@iki.fi> writes: > internet-drafts@ietf.org writes: >> Title : IP-TFS: Aggregation and Fragmentation Mode for ESP and its Use for IP Traffic Flow Security >> Filename : draft-ietf-ipsecme-iptfs-12.txt > > I checked the diffs, and I think this text is mostly ok. > > I think there is still bit of tweaking that can be done, mostly as > what happens if using the 2nd option and the frame appears after the > lost timer, but inside the reorder window. > > My understanding is that it would still be good idea to process that > frame, but there is text which says "Using this method will make sure > the packets are sent in-order, i.e., there is no reordering possible, > ...", and that would indicate that we must drop that frame that comes > after the lost timer expire, but inside the reorder window, as if we > process it after the lost timer has expired this may cause inner > packets sent out of order. > > The question really is do we want really make sure there can not be > reorderings on the 2nd option, i.e., we will drop all frames that > would send reordered inner frames? > > In that case the reorder window size does not have any meaning if we > have loss timer defined. > > On the other hand having small lost timer, but bigger reorder window > would allow fixing localized reorderings (i.e., like getting two outer > frames almost back to back, but in wrong order), but still not throw > away frames that come in too late. > > To allow that we could simply change text to "Using this method will > make sure the packets are sent in-order as much is possible, ...". > > Ps. Other option is to allow that kind of localized reorderings is to > add that option to 1st option, i.e., add sentence to the end of 1st > paragraph saying "The receiver MAY also have reordering timer, so that > when out of order outer packet comes in, the receiver waits for this > reordering timer to see if new packets comes during that time, and if > so it can reorder the frames before processing them.", but on the > other hand I do not think anything in the 1st option forbids doing > that anyways, so I do not think we need such text.
- [IPsec] I-D Action: draft-ietf-ipsecme-iptfs-12.t… internet-drafts
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-iptfs-… Paul Wouters
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-iptfs-… Michael Richardson
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-iptfs-… Christian Hopps
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-iptfs-… Christian Hopps
- [IPsec] I-D Action: draft-ietf-ipsecme-iptfs-12.t… Tero Kivinen
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-iptfs-… Lou Berger
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-iptfs-… Benjamin Kaduk
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-iptfs-… Tero Kivinen