IETF Logo Mail Archive

Re: Manual PMTUD [was ...rfc2460bis-08]

Michael Richardson <mcr+ietf@sandelman.ca> Sun, 19 March 2017 15:34 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A7B51294D0 for <ipv6@ietfa.amsl.com>; Sun, 19 Mar 2017 08:34:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kZ1k8hrD2zPW for <ipv6@ietfa.amsl.com>; Sun, 19 Mar 2017 08:34:30 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C52761294EC for <ipv6@ietf.org>; Sun, 19 Mar 2017 08:34:24 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 11630E1F6 for <ipv6@ietf.org>; Sun, 19 Mar 2017 11:57:44 -0400 (EDT)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id BDB0E636BB for <ipv6@ietf.org>; Sun, 19 Mar 2017 11:34:23 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: 6man WG <ipv6@ietf.org>
Subject: Re: Manual PMTUD [was ...rfc2460bis-08]
In-Reply-To: <2a808465-58c9-1d5e-700b-f04043b33c1c@gmail.com>
References: <599257D7-532D-4512-929B-D124623EAF35@ericsson.com> <37ED3E78-B23A-4D29-8597-5A63236129B1@cisco.com> <887bd0f0-32a5-56f1-9ac9-703ecb97a760@gmail.com> <80D8FFF0-2674-48A7-A935-11681F5C5A4D@jisc.ac.uk> <A67E1C07-282B-4422-A2FF-86F6CACBD775@cable.comcast.com> <ab7c95a5-9776-24b5-7c26-4c5987d4c948@isi.edu> <ed2f5144-52fb-dda5-1fb4-62be1625b341@gmail.com> <401F52B1-3D41-4174-9425-50571B2D0B9E@jisc.ac.uk> <6d51de4b-3a9d-0f34-1cd2-5bb30caed75e@gmail.com> <DE16D91D-AE7B-4D3C-B8EA-0CB644FB96BD@cable.comcast.com> <CA+b+ER=6dXLiwvLJa84uvpVeH0daGnZ-06P16JD0UutTrbUYyA@mail.gmail.com> <2a808465-58c9-1d5e-700b-f04043b33c1c@gmail.com>
X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Sun, 19 Mar 2017 11:34:23 -0400
Message-ID: <32305.1489937663@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/7Js2VirR1NZg81X7HGDAYWVeDww>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Mar 2017 15:34:32 -0000

Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
    > It is really unthinkable to me to allow header insertion on the
    > Internet until we have a working solution to PMTUD in all
    > circumstances, which we don't, due to operators misconfiguring
    > middleboxes to drop ICMPv6/PTB, and due to RFC4821 being a rarity.

In this debate we have seen essentially four arguments:

1) insertion is bad because <appeal to authority>
2) insertion is bad because PMTUD
3) insertion is bad because IPsec AH
4) insertion is bad because other ICMP issue/hard-to-diagnose weirdness

Perhaps we will agree that (1) is not an argument.
My claim is that (3) is irrelevant, IPsec AH has sadly (very very sadly from
my point of view) failed.

The PMTUD argument would be persuasive for me if PMTUD via ICMP really
worked. My experience is that there are just way many problems.  PLPMTUD
has been the only way I've gotten IPv6 over IPsec tunnels (where there is an
MTU constriction) to work consistently, and I had argued that 2460bis should
standardize this rather than PMTUD.

As for point (4), I think that we have a general problem here regardless of
insertion.  It would be nice to come up with some solutions to the problems
of insertion, noting that insertion is just something that shines light
on a fundamental problem.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email