IETF Logo Mail Archive

Re: [IPsec] draft-liu-ipsecme-ikev2-mtu-dect early TSVAREA review

"touch@strayalpha.com" <touch@strayalpha.com> Sun, 30 October 2022 22:04 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EB0DC14CE2B for <ipsec@ietfa.amsl.com>; Sun, 30 Oct 2022 15:04:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.324
X-Spam-Level:
X-Spam-Status: No, score=-1.324 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FKptGAq2EuQl for <ipsec@ietfa.amsl.com>; Sun, 30 Oct 2022 15:04:15 -0700 (PDT)
Received: from server217-2.web-hosting.com (server217-2.web-hosting.com [198.54.115.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50EFAC14F740 for <ipsec@ietf.org>; Sun, 30 Oct 2022 15:04:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:Message-Id:Subject:Date:Mime-Version: Content-Type:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=ZfNmm/X/8yHPkc1z1BpQBlzo13brDNmMW3T69t6nEns=; b=meWYy85gxNnjS5hXxBb88be0wg auuUt2WEbLLRAimRtXDtMJ+paWDhIHK6RDdVcs4pmLLcdWGsN1ftsbQdLxI9deDCth+dQfmffX1IC FHoBN42D7GSJhsWtcDm5QDcVFD8MM+6fRwubrtdcjYjovt9J3Mftrt0FRWfotJn/ytxViFdtsH7ez 8kyYEFsIN0xr6khXnGc1XKE8LB5l1MQPV1g3dJUQzkbehNb8Y9ee9wka6yU7NZ0fJDv8RxWpGqbQF 2yY8Yx6AuLjPC0lQoQSN17wAJfg7A95mOLdacANkLm5fa6ytEKxkPBzl0tac1I5ABlBgb6MxOALmG aegklPjg==;
Received: from cpe-172-114-237-88.socal.res.rr.com ([172.114.237.88]:57829 helo=smtpclient.apple) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <touch@strayalpha.com>) id 1opGPU-003Bev-VB; Sun, 30 Oct 2022 18:04:09 -0400
From: "touch@strayalpha.com" <touch@strayalpha.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_26879C69-BE2D-4B7C-A8B9-47DC11EC66D7"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.200.110.1.12\))
Date: Sun, 30 Oct 2022 15:03:54 -0700
Message-Id: <53B61B29-20F3-4DBD-962B-6F7CFCDEDEE6@strayalpha.com>
To: ipsec@ietf.org
X-Mailer: Apple Mail (2.3731.200.110.1.12)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/FcoOkEB7nG32R2OS_I-jyRgC2gI>
Subject: Re: [IPsec] draft-liu-ipsecme-ikev2-mtu-dect early TSVAREA review
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Oct 2022 22:04:19 -0000

There are some issues with the doc:
	- abstract has a typo, doc uses ’node’ where it should use ‘router’ for on-path frag, etc
	- discussion should to be more specific with respect to RFCs 1122, 792, and 4821
	- the overall problem is assumed but never clearly defined

I agree with Michael Richardson’s post of 8-16-22 on a few points:
	1) it is premature for a TSV ART review of this document
		I’m not actually sure that TSV review is relevant, as tunneling is more an INTDIR issue (on which I do not sit),
		though I’m probably at least as appropriate a reviewer on tunnel issues
	2) this discussion is confusing as to both aspects and terminology of tunneling
		I encourage those interested review draft-intarea-tunnels - while expired 
		(I’m getting back to it), it remains definitive in the IETF AFAICT

The stated point of this work, rephrased, is to have the IPsec tunnel egress tell the IPsec tunnel ingress that the (next hop) link MTU out of the egress (i.e., after traffic exits the tunnel) is too small for the packets the egress node tries to forward.

So it tells the tunnel ingress that the egress link MTU is too small. But that MTU is of the origin packet (not the tunnel packet, which includes the source packet as a paylaad), which the tunnel ingress has no control over.

I.e., this isn’t a signal from the egress to the ingress about the tunnel (path) MTU. Even if it were, then the tunnel ingress would be sending more fragments (at the tunnel ingress by source-fragmented at the outer header); it can’t change the MTU of the origin packets it happens to receive — that happens at the packet origin, which can be upstream of the ingress, or at a minimum is outside the scope of IPsec (even if the ingress and packet origin are a the same node).

What exactly is this a solution for?

Joe
—
Dr. Joe Touch, temporal epistemologist
www.strayalpha.com

v2.23.0 | Report a Bug | By Email