IETF Logo Mail Archive

Re: [IPsec] draft-liu-ipsecme-ikev2-mtu-dect early TSVAREA review

"touch@strayalpha.com" <touch@strayalpha.com> Mon, 31 October 2022 21:33 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BC75C14CF02 for <ipsec@ietfa.amsl.com>; Mon, 31 Oct 2022 14:33:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.326
X-Spam-Level:
X-Spam-Status: No, score=-1.326 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lhhq3OrBzYpf for <ipsec@ietfa.amsl.com>; Mon, 31 Oct 2022 14:33:54 -0700 (PDT)
Received: from server217-2.web-hosting.com (server217-2.web-hosting.com [198.54.115.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D870C1526EB for <ipsec@ietf.org>; Mon, 31 Oct 2022 14:32:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=d69UaeItqtAhADEPgtpZU8Gtt6g6w2MMwWyLGJtnmEg=; b=j9yNgB+DJ2kDccJDSYjyb7iASd naADJm7LrPHJzAco5w0UCbSs4qh0Jk0DFDED0jufmKWpCxwfds4d9xjswLKPYc94K7eTmBxw108qd jj3CWCyVsveblPyP5otYaPdHnJU1rYtF5zfZ+gtuS3UhPYjd/3GrbhR/mYkwpOd6+Sek0oqa/nLPF ehs1X0QTKBQVflNpOCjlHWLwScWQRo88G0RIjmt31v0tY78fyflql3+uQ8T0dZ3R3kXozfAqkJHP/ s7sO8jg+KLesc/P9YtClvPHp3Jkt+3QgvqJ/yuOjOsk/PixpH1H/AUVIGiAzhWLRWZgrwmsv5DH1t Es0ijw2Q==;
Received: from cpe-172-114-237-88.socal.res.rr.com ([172.114.237.88]:61344 helo=smtpclient.apple) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <touch@strayalpha.com>) id 1opcOk-00D2F5-Rv; Mon, 31 Oct 2022 17:32:51 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_D1C9CE73-9FB0-4447-9AB8-3FE393A25C8E"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.200.110.1.12\))
From: "touch@strayalpha.com" <touch@strayalpha.com>
In-Reply-To: <CADZyTk=qYNqX+oyUKxn5AV-0UmkwQLqtO1bWAOUiD6jDQmbS0w@mail.gmail.com>
Date: Mon, 31 Oct 2022 14:32:36 -0700
Cc: Tero Kivinen <kivinen@iki.fi>, ipsec@ietf.org
Message-Id: <8F02DADA-F86D-42B2-8835-9F1EAABBBAF6@strayalpha.com>
References: <53B61B29-20F3-4DBD-962B-6F7CFCDEDEE6@strayalpha.com> <CADZyTknjaYshjZrY0-KcjMN_0bDUpx5RFvH=Hki4UpFs7jFTjQ@mail.gmail.com> <2FFA31D7-8E7D-48DB-A3BC-DDA3EB2ECCE2@strayalpha.com> <25439.44817.648153.317135@fireball.acr.fi> <BFCDB8B9-8386-47D3-B2EA-3679D63D353B@strayalpha.com> <CADZyTkkAH87urhD9E_3bE3K9=-Xcv7q0h-dC7RoDcs_fiYcACw@mail.gmail.com> <231766BD-0511-4C8E-AC75-5DBCB58105C5@strayalpha.com> <CADZyTk=qYNqX+oyUKxn5AV-0UmkwQLqtO1bWAOUiD6jDQmbS0w@mail.gmail.com>
To: Daniel Migault <mglt.ietf@gmail.com>
X-Mailer: Apple Mail (2.3731.200.110.1.12)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/bSiJC3diH9T1QIdybsVKCG3rNiw>
Subject: Re: [IPsec] draft-liu-ipsecme-ikev2-mtu-dect early TSVAREA review
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2022 21:33:59 -0000

On Oct 31, 2022, at 11:07 AM, Daniel Migault <mglt.ietf@gmail.com> wrote:
> 
>> 	- the tunnel has two DIFFERENT relevant MTUs
>> 		the egress reassembly MTU (EMTU_R), which is the only thing that should drive the “tunnel MTU”
>> 
>> 		the tunnel MTU, which the ingress needs to know for source fragmentation, but is NOT relevant to the
>> 		origin MTU upstream of the ingress
>> 
> Will read the draft - but we believe that is better to generate one IPsec packet for every inner IP packet as opposed to two. This is why we are proposing to adjust the MTU so the outer packet matches the limit of the EMTU_R - and fragmentation be avoided.

That doc explains why this is effort isn’t useful. As I noted to Tero, there’s no ICMP message that says “bigger than I’d like”. PTB means “packets larger than this will be dropped”. That’s not what’s going on here, so it’s the wrong message to support.

There is no message that supports what you’re trying to do - perhaps because there can’t and shouldn’t be.

Joe

v2.23.0 | Report a Bug | By Email