IETF Logo Mail Archive

Re: Eric Rescorla's No Objection on draft-ietf-6man-rfc1981bis-06: (with COMMENT)

Suresh Krishnan <suresh.krishnan@gmail.com> Tue, 09 May 2017 04:20 UTC

Return-Path: <suresh.krishnan@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0A7F126D46; Mon, 8 May 2017 21:20:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wtQvf31OpPJl; Mon, 8 May 2017 21:20:27 -0700 (PDT)
Received: from mail-qt0-x22a.google.com (mail-qt0-x22a.google.com [IPv6:2607:f8b0:400d:c0d::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AD13120227; Mon, 8 May 2017 21:20:26 -0700 (PDT)
Received: by mail-qt0-x22a.google.com with SMTP id j29so66513719qtj.1; Mon, 08 May 2017 21:20:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=fCmKcDZpuF3f2rnC9MuuGGMxUkuT+RHJ4vYbkUL3OKY=; b=bMAIkf2AiN+FMBfU8XLgGWhegEHEUQdRrFu9qBfyO+cVqd3qweHa8gBbDK1YAgzNTy NnvQikFePlgdl50/YyB3oE4fsiVddVWMoBx4qVXU1PPVLqYiFSIX6yIrPJ0dwWT89ef1 6SIb1SI5WyLFsx80YngGp2BBVhtuoaJgqKWh+0WLQyxIw12uhtDdG5toxBwClAJinrSu iIcbrMtnCUhKYNl/aXoXKdkXdZyKK+UgiSi2yRv5Wfd150FcfJ7hupSeKWxusf1lu8tD df5gLa7nGECurOg69Y224dj+XyQuctSP8GU4b9dVX59Zjvk5wyabVbT/SI3rYpBZE301 cWpw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=fCmKcDZpuF3f2rnC9MuuGGMxUkuT+RHJ4vYbkUL3OKY=; b=em6zC5WEhMk46jwIhLCYLxiDCAtx2dzXcxD5KpWMYnyrFz2Rp77QQRZzfjQzDqEkqE U2le39M/bTl4bu/ISvCjfspR1IYLsKRobsFsE9NSYg8YA+VVBhppHAdnv6hCUPdB/RxD cwC7gjCi/AszCyYDQQNq+6Ot6ndb9B0lo7qVcaUhqj4BUhRt9hF3qhMWrRqnocNi4QK+ mYPDldTfIhqZUuUdI+CsD53EatENOA1PHnM0WDb1LCD+M/W1uu52rxAaH9dpQePQGUXG /kKHMMoMrrAPvhLBjkX73EuSJizt858idVCiRMkq+OwhVw/HnUwRa5d3NlDAH/ooJfwD YOAg==
X-Gm-Message-State: AN3rC/5XpVhcvCkx2Hj1xCNYb9LZGvYaXyOvpCzK5EZcqFqZkxdtIZZS HDSNGlpeUXfRmdCma+vUpvYUqKVTwg==
X-Received: by 10.200.37.16 with SMTP id 16mr62181073qtm.293.1494303625969; Mon, 08 May 2017 21:20:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.55.81.66 with HTTP; Mon, 8 May 2017 21:20:25 -0700 (PDT)
In-Reply-To: <149424843717.31731.1944317631050418426.idtracker@ietfa.amsl.com>
References: <149424843717.31731.1944317631050418426.idtracker@ietfa.amsl.com>
From: Suresh Krishnan <suresh.krishnan@gmail.com>
Date: Tue, 09 May 2017 00:20:25 -0400
Message-ID: <CA+MHpBpb1VsnCo6Xm4ZBfhWTutEP3wGdM2Cao8nUTZfiT02Pcw@mail.gmail.com>
Subject: Re: Eric Rescorla's No Objection on draft-ietf-6man-rfc1981bis-06: (with COMMENT)
To: Eric Rescorla <ekr@rtfm.com>
Cc: The IESG <iesg@ietf.org>, Ole Trøan <otroan@employees.org>, 6man-chairs@ietf.org, IPv6 List <ipv6@ietf.org>, draft-ietf-6man-rfc1981bis@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/-4vd7ne32lkqSF3X1E8ASLMVVsY>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 May 2017 04:20:30 -0000

Hi Ekr,
  Thanks for your comments. Please find responses inline.

On Mon, May 8, 2017 at 9:00 AM, Eric Rescorla <ekr@rtfm.com> wrote:
> Eric Rescorla has entered the following ballot position for
> draft-ietf-6man-rfc1981bis-06: No Objection
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-6man-rfc1981bis/
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Document: draft-ietf-6man-rfc1981bis-06.txt
>
> OVERALL
> I see in the shepherd's writeup that you have opted not to cite RFC
> 2119, but that makes the mixed case use of SHOULD/MUST even more
> confusing. I would suggest that at minimum you go through the document
> and evaluate whether each should/must should be capitalized, though I
> would prefer a cite to 2119.
>
> For instance:
>    changed.  Therefore, attempts to detect increases in a path's PMTU
>    should be done infrequently.
>
> Is this normative?
>
>
> I also share the concerns others have raised about whether, given the
> actual state of PMTU this is something we should be making IS, but
> I'm willing to bow to the majority here.

This was certainly one of the things I considered. There is not too
much measurement to back the claims that PMTUD is completely broken.
The only reasonably sized study that I know of

http://www.nlnetlabs.nl/downloads/publications/pmtu-black-holes-msc-thesis.pdf

shows about ~1% packet loss in ICMPv6 PTB messages compared to about
4-6% for ICMPv4 PTB messages.

>
>
> S 3.
>    Note that Path MTU Discovery must be performed even in cases where a
>    node "thinks" a destination is attached to the same link as itself.
>
> I think you need to qualify this must because you just said above that
> you don't need to if you use the minimum. Perhaps:
>
>    Note that even when a node "thinks" a destination is attached to
>    the same link as itself, it might have a PMTU lower than the
>    link MTU...

Sounds good.

>
>
> S 4.
>
>    Nodes SHOULD appropriately validate the payload of ICMPv6 PTB
>    messages to ensure these are received in response to transmitted
>    traffic (i.e., a reported error condition that corresponds to an
> IPv6
>    packet actually sent by the application) per [ICMPv6].
>
> This seems like it ought to be a MUST. Is there a good reason why
> it is not? Perhaps also a cite to how one validates.

This is directly derived from Section 5.2 of RFC4443.

"It is recommended that the upper layers perform some form of
validation of ICMP messages (using the information contained in the
payload of the ICMP message) before acting upon them."

This was precisely the text that made me worried that this is adding a
new requirement. As long as we stick to the requirement level of
ICMPv6, we are OK. If we want to change this to a MUST, I think we
need to demote this to Proposed Standard.

>
>
>    When a node receives a Packet Too Big message, it MUST reduce its
>
> a valid Packet Too Big message, I think because in graf 2 you say you
> should validate.
>
>
>    elicit Packet Too Big messages.  Since each of these messages (and
>    the dropped packets they respond to) consume network resources, the
>    node MUST force the Path MTU Discovery process to end.
>
> It's not clear to me what the requirement is.
>
>    Nodes using Path MTU Discovery MUST detect decreases in PMTU as fast
>    as possible.  Nodes MAY detect increases in PMTU, but because doing
>
> Same thing, what are you requiring. How could I be nonconformant to
> this?

I see this as stating that detecting PMTU increases is optional and
detecting PMTU decreases is mandatory. I agree that this text could be
clarified

>
> S 5.
>    This section discusses a number of issues related to the
>    implementation of Path MTU Discovery.  This is not a specification,
>    but rather a set of notes provided as an aid for implementers.
>
> However, this section contains a lot of normative language. Is that all
> non-normative?

Yes. That is the intention (no normative text here).

>
>
> S 5.3.
>    If the stale PMTU value is too large, this will be discovered almost
>    immediately once a large enough packet is sent on the path.  No such
>    mechanism exists for realizing that a stale PMTU value is too small,
>    so an implementation SHOULD "age" cached values.  When a PMTU value
>    has not been decreased for a while (on the order of 10 minutes), the
>    PMTU estimate should be set to the MTU of the first-hop link, and
> the
>    packetization layers should be notified of the change.  This will
>    cause the complete Path MTU Discovery process to take place again.
>
> Is this really good advice for TCP? It seems like if you have a
> situation where it required several attempts to get the true PMTU (for
> instance, if you have successively narrower tunnels), then a PMTU
> reset could have a pretty material impact on throughput.

There is some TCP related implementation advice in Section 5.4.
Basically, a TCP implementation will not send a packet larger than MSS
received from the peer even if the PMTU is larger.

>
>
> S 6.
>       dropped.  A node, however, should never raise its estimate of the
>       PMTU based on a Packet Too Big message, so should not be
>       vulnerable to this attack.
>
> I get that this is now not a normative statement but rather a claim
> about what nodes who follow the MUST NOT in S 4, but it might still
> be better to make it a MUST to avoid confusion.

How about s/should/will/? That leaves it as a statement of what the
node does and not a normative statement.

Thanks
Suresh

v2.23.0 | Report a Bug | By Email