IETF Logo Mail Archive

Re: [IPsec] draft-liu-ipsecme-ikev2-mtu-dect early TSVAREA review

Daniel Migault <mglt.ietf@gmail.com> Sun, 27 November 2022 01:18 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98671C14F747 for <ipsec@ietfa.amsl.com>; Sat, 26 Nov 2022 17:18:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id crj_kDXvF61I for <ipsec@ietfa.amsl.com>; Sat, 26 Nov 2022 17:18:23 -0800 (PST)
Received: from mail-oa1-x32.google.com (mail-oa1-x32.google.com [IPv6:2001:4860:4864:20::32]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E4A1C14F722 for <ipsec@ietf.org>; Sat, 26 Nov 2022 17:18:23 -0800 (PST)
Received: by mail-oa1-x32.google.com with SMTP id 586e51a60fabf-13bd2aea61bso9332196fac.0 for <ipsec@ietf.org>; Sat, 26 Nov 2022 17:18:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=gFg5wcuqMSVADFIwPmy9BnPrrCkPtcmgZBF3XQyX2L8=; b=kJ/hyYeKrJLBu4O91i7WXcoQuWcSPj/qEJ1TU11FOgK85gIIcpM6bPQjG54CpYaaL3 DMtfQhIsO31E7wi5teeeyPuSG17cT70/0KthVl13L2lJiqVz5qhjbmu6MelIn/Z9Dsar zvPg6oMGN7GQHa49B31sp90HLZGIfKtwqfXLvSAL4lYKRWZLl2u2CN0GngcLIWW1l1ht YP28nV+d/cgesV0lNPEnTZb+Pa41RpN8qTAXcbA0c3QQYGdCV1jqVQAsdFVF2f3rPETn wmlhcXQ7H5GrlzimcdUrSVOnVYQVGYdIIfT2or6QABDAMgmCTUG+ZIDGI5Uo+kjaLtA0 QqRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gFg5wcuqMSVADFIwPmy9BnPrrCkPtcmgZBF3XQyX2L8=; b=I3f5j+n7k9syYpnyPXnnZLEeQe3bljkcX2vgxv+n+9X6GwqvxSYK4AslacHMIuS4ky Lw3vkFVi8OEOR1PF5LDJt7NdM5dlawZdrotCPEkp8zaDay/rI07aTEDmr96Qi93TndKr Go68l6V6Bm9e3yhfSuOLBAm2WYXOjIIJQ8VfWVtiUnrWxC6syjucQpLz+pC9MWM1QUP0 PASWzCvr6WI9pKIf633uDNBoqD6HuFhvDmulF6aRTxTJL9U0KO8Thf2gZ6FSuuNUF3Hr cUyGUwEmnLzUOiEiyPlL622xccWcuKlrsX3UMKuwEt8pHpqlQp6+RtIzwWZ6mDccTPKn Pedw==
X-Gm-Message-State: ANoB5pn7kmGeXQYLXIgGlDOijZteiXYudE4JL+UEOetAh/0xNkKGFKM7 t/EvbP+sK7FbfG5ktn4wtV27Yxk+QeOPBX3LVEg=
X-Google-Smtp-Source: AA0mqf6fp5p0APYuHEK8y8slbYwkxy01ywO2zpAK4rWp+CoDWMvkTvsS3kCW7Ra+Si3BB4J78AtW2hO3Ze/1DSNn34o=
X-Received: by 2002:a05:6870:591:b0:13b:bbbb:1623 with SMTP id m17-20020a056870059100b0013bbbbb1623mr17575981oap.115.1669511902746; Sat, 26 Nov 2022 17:18:22 -0800 (PST)
MIME-Version: 1.0
References: <53B61B29-20F3-4DBD-962B-6F7CFCDEDEE6@strayalpha.com> <CADZyTknjaYshjZrY0-KcjMN_0bDUpx5RFvH=Hki4UpFs7jFTjQ@mail.gmail.com> <2FFA31D7-8E7D-48DB-A3BC-DDA3EB2ECCE2@strayalpha.com> <25439.44817.648153.317135@fireball.acr.fi> <BFCDB8B9-8386-47D3-B2EA-3679D63D353B@strayalpha.com> <CADZyTkkAH87urhD9E_3bE3K9=-Xcv7q0h-dC7RoDcs_fiYcACw@mail.gmail.com> <231766BD-0511-4C8E-AC75-5DBCB58105C5@strayalpha.com> <CADZyTk=qYNqX+oyUKxn5AV-0UmkwQLqtO1bWAOUiD6jDQmbS0w@mail.gmail.com> <8F02DADA-F86D-42B2-8835-9F1EAABBBAF6@strayalpha.com> <CADZyTkkFEBEdKFYKqAmTKKg68xbmAH3yNH3_JJLpUUDYuhoKDQ@mail.gmail.com>
In-Reply-To: <CADZyTkkFEBEdKFYKqAmTKKg68xbmAH3yNH3_JJLpUUDYuhoKDQ@mail.gmail.com>
From: Daniel Migault <mglt.ietf@gmail.com>
Date: Sat, 26 Nov 2022 20:18:11 -0500
Message-ID: <CADZyTk=JJ2aN__seX5atNtz=vNQqLEJewf9bZrCaYN2HABNjgw@mail.gmail.com>
To: "touch@strayalpha.com" <touch@strayalpha.com>
Cc: Tero Kivinen <kivinen@iki.fi>, ipsec@ietf.org
Content-Type: multipart/alternative; boundary="000000000000e95aaa05ee698779"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/LR9yjn9wSu25mxX_LoXXkd_XrTM>
Subject: Re: [IPsec] draft-liu-ipsecme-ikev2-mtu-dect early TSVAREA review
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Nov 2022 01:18:25 -0000

Hi all,

We proposed Joe to become a co-author, he refused as he said the review was
done in his capacity of TSV area review and asked us to post this on the
mailing list.

Yours,
Daniel

On Sat, Nov 26, 2022 at 9:25 AM Daniel Migault <mglt.ietf@gmail.com> wrote:

> Hi Joe,
>
> So  we just published an update of our draft. We try to catch up the
> complete idea in the introduction - to avoid reading the complete draft. I
> think we partly aligned with the tunnel document. The current version only
> describe the security gateway as a node and does not split it between a
> outer and an interface. I think for the remaining of the document we are
> taking the exact terminology from the tunnel draft.
>
> We believe that IKEv2 and the tunnel document have different visions and
> tried to highlight this also.
>
> One big clarification in my point of view is that the previous version
> confused MTU with MAP.
>
> We are happy to get your feedback.
>
> Yours,
> Daniel
>
> On Mon, Oct 31, 2022 at 5:32 PM touch@strayalpha.com <touch@strayalpha.com>
> wrote:
>
>> On Oct 31, 2022, at 11:07 AM, Daniel Migault <mglt.ietf@gmail.com> wrote:
>>
>>
>> - the tunnel has two DIFFERENT relevant MTUs
>>> the egress reassembly MTU (EMTU_R), which is the only thing that should
>>> drive the “tunnel MTU”
>>>
>>> the tunnel MTU, which the ingress needs to know for source
>>> fragmentation, but is NOT relevant to the
>>> origin MTU upstream of the ingress
>>>
>>> Will read the draft - but we believe that is better to generate one
>> IPsec packet for every inner IP packet as opposed to two. This is why we
>> are proposing to adjust the MTU so the outer packet matches the limit of
>> the EMTU_R - and fragmentation be avoided.
>>
>>
>> That doc explains why this is effort isn’t useful. As I noted to Tero,
>> there’s no ICMP message that says “bigger than I’d like”. PTB means
>> “packets larger than this will be dropped”. That’s not what’s going on
>> here, so it’s the wrong message to support.
>>
>> There is no message that supports what you’re trying to do - perhaps
>> because there can’t and shouldn’t be.
>>
>> Joe
>>
>
>
> --
> Daniel Migault
> Ericsson
>


-- 
Daniel Migault
Ericsson

v2.23.0 | Report a Bug | By Email