IETF Logo Mail Archive

Re: [IPsec] draft-liu-ipsecme-ikev2-mtu-dect early TSVAREA review

Daniel Migault <mglt.ietf@gmail.com> Mon, 31 October 2022 16:09 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53F06C15259C for <ipsec@ietfa.amsl.com>; Mon, 31 Oct 2022 09:09:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T0lPufaQmVA3 for <ipsec@ietfa.amsl.com>; Mon, 31 Oct 2022 09:09:24 -0700 (PDT)
Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFC8DC15259B for <ipsec@ietf.org>; Mon, 31 Oct 2022 09:09:15 -0700 (PDT)
Received: by mail-io1-xd33.google.com with SMTP id p184so10096815iof.11 for <ipsec@ietf.org>; Mon, 31 Oct 2022 09:09:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ivhwTmC/DyfQ5C1S96zbqyOvt2GsJJtQUt/oin89mdU=; b=XvR5FUg6KkB4h86JXK/8oUWrC1YJDwl+Xsglq9JVolOc8cg8hplHF7qFIVbB03xayE ugMKZzoGr0u82ncPVWzS7BYdKyq5LKiIlxJB2ouzQWoRZ2JlvKh6SgBUwW4/AHLq6G+r 8IvWpAgwRquEXLKgBAdQxJq3U5jZMkyWmBh7Sk0FZ4KGO4jRdRDnMI9ACGKx4No593st UN+3GI3aReQr5Uny++UCtXNK9LuJWEtWvR16Np+wYMJC5jywi/4KrzGEYqYz3sMjHNa2 uREK8Tgp/tp6ML4TpzT+YpXcImCy1kKs6V+QWIRWa3JHuk8f0f7ecvXSx0Kv0/I3i478 wmew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ivhwTmC/DyfQ5C1S96zbqyOvt2GsJJtQUt/oin89mdU=; b=IUScFiBx81BXy4iOnmoM4H8Q1DxkqHsux3gUDX9D3j7r7QgJg5xeFF1DD0BuJ64YwN n+0AUipFl77vxhfblwhGlRcTDY591Pu28l3+k/ezb8+XqakYBJjCbSXF8mhGt2kIRswP gdk0yJb6DMaCeFFduc96N4o6C7vb7rfBUplKNelJvb6GqHciL6sidVfGWRVEgRYpGMaZ PZhKr22NyjgnnR3qhWbOsVQ9++7yP15T9BqQlnsuN6OWmRb/o6XJ3GLUvgLI787Rz9fk UxHMtcIFHOOLP/jHMt8eYNS2PFasNMYy3h6vSFDGRRCsPqvGk4MmiCf61L2YxVz7d2Ro D0oA==
X-Gm-Message-State: ACrzQf29gXJ+dVC4fupM7re+HA1/88bs4dJ2Mvhcg46QYW4Oo2QAzHyT Oeq/KFpLVQHvmHg8yAceomjuvCVEQ093rYvPJIg=
X-Google-Smtp-Source: AMsMyM4j5oUg01KBbPWLxbUzGNU9xVjJ/JN4W9u4Q56GpbzIaIoNExtcj0Oeg9c8wE2EJTo63pjUisMSQBLb9ggG744=
X-Received: by 2002:a02:bb87:0:b0:371:7997:3319 with SMTP id g7-20020a02bb87000000b0037179973319mr7789288jan.139.1667232555156; Mon, 31 Oct 2022 09:09:15 -0700 (PDT)
MIME-Version: 1.0
References: <410257.1667230617@dyas> <F52B2E58-AFDC-465E-B9FF-AF0A9C35A6AF@strayalpha.com>
In-Reply-To: <F52B2E58-AFDC-465E-B9FF-AF0A9C35A6AF@strayalpha.com>
From: Daniel Migault <mglt.ietf@gmail.com>
Date: Mon, 31 Oct 2022 12:09:04 -0400
Message-ID: <CADZyTk=SrhRARBjjyQW+MNDQPCYkznS-VMGu9bGvWqnd2ZxYEw@mail.gmail.com>
To: Joe Touch <touch@strayalpha.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, Tero Kivinen <kivinen@iki.fi>, ipsec@ietf.org
Content-Type: multipart/alternative; boundary="00000000000035482b05ec56d4f1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/UoTlHhEJkD3Frbp7Sd8RMvYTkTI>
Subject: Re: [IPsec] draft-liu-ipsecme-ikev2-mtu-dect early TSVAREA review
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2022 16:09:26 -0000

So to clarify, the draft is mostly carrying the necessary information so
the gateway can deal with fragmentation in its network using whatever means
is needed.
The use of ICMP PTB was only a suggestion, other mechanisms may be used.
The definition of such a mechanism is outside of ipsec and the draft.
Our understanding is that unless there is no such mechanism the draft has
some value.

Yours,
Daniel


On Mon, Oct 31, 2022 at 11:59 AM Joe Touch <touch@strayalpha.com> wrote:

> +1
>
> > On Oct 31, 2022, at 8:37 AM, Michael Richardson <mcr+ietf@sandelman.ca>
> wrote:
> >
> > 
> > Tero Kivinen <kivinen@iki.fi> wrote:
> >> My understanding is that this draft (which I have not yet properly
> >> read) is solving the situation where the tunnel does not get ICMP PTB
> >> messages as they are forwarding packets with DF bit set to 0, and then
> >> the receiving end will see extra fragmentation happening for the
> >> packets. Then the receiving end will simulate the ICMP PTB by sending
> >> authenticated IKEv2 notification that tells the sending end that his
> >> packets got fragmented.
> >
> > While I think that the authors think they are solving this problem, I
> think
> > that what they have created is a protocol for dealing with fragmentation
> > beyond the far gateway.
> >
> > --
> > Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
> > -= IPv6 IoT consulting =-
> >
> >
> >
> > _______________________________________________
> > IPsec mailing list
> > IPsec@ietf.org
> > https://www.ietf.org/mailman/listinfo/ipsec
>
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
>


-- 
Daniel Migault
Ericsson

v2.23.0 | Report a Bug | By Email