RE: Last Call: <draft-ietf-6man-rfc1981bis-04.txt> (Path MTU Discovery for IP version 6) to Internet Standard

"Templin, Fred L" <Fred.L.Templin@boeing.com> Fri, 03 February 2017 23:59 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF0CD129421 for <ipv6@ietfa.amsl.com>; Fri, 3 Feb 2017 15:59:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ONMge-l98ZPF for <ipv6@ietfa.amsl.com>; Fri, 3 Feb 2017 15:59:33 -0800 (PST)
Received: from phx-mbsout-01.mbs.boeing.net (phx-mbsout-01.mbs.boeing.net [130.76.184.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93E911293F2 for <ipv6@ietf.org>; Fri, 3 Feb 2017 15:59:33 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by phx-mbsout-01.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id v13NxX3R024480; Fri, 3 Feb 2017 16:59:33 -0700
Received: from XCH15-06-11.nw.nos.boeing.com (xch15-06-11.nw.nos.boeing.com [137.136.239.220]) by phx-mbsout-01.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id v13NxSDB024449 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=OK); Fri, 3 Feb 2017 16:59:28 -0700
Received: from XCH15-06-08.nw.nos.boeing.com (2002:8988:eede::8988:eede) by XCH15-06-11.nw.nos.boeing.com (2002:8988:efdc::8988:efdc) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Fri, 3 Feb 2017 15:59:27 -0800
Received: from XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) by XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) with mapi id 15.00.1178.000; Fri, 3 Feb 2017 15:59:27 -0800
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Fred Baker <fredbaker.ietf@gmail.com>
Subject: RE: Last Call: <draft-ietf-6man-rfc1981bis-04.txt> (Path MTU Discovery for IP version 6) to Internet Standard
Thread-Topic: Last Call: <draft-ietf-6man-rfc1981bis-04.txt> (Path MTU Discovery for IP version 6) to Internet Standard
Thread-Index: AQHSflRhxQkjQeSUSUmMdeSSGas9vKFXtCkQgACV44D//6dxoA==
Date: Fri, 3 Feb 2017 23:59:27 +0000
Message-ID: <0bdb457b42834220a9ffade5e21db6a0@XCH15-06-08.nw.nos.boeing.com>
References: <148599312602.18643.4886733052828400859.idtracker@ietfa.amsl.com> <1859B1D9-9E42-4D65-98A8-7A326EDDE560@netapp.com> <014D8A7C-449E-4849-9F49-990FF8B39DEF@employees.org> <88A7C2AD-8D33-4AFF-8AF4-A1B8718C47BD@netapp.com> <B6DD0238-3D98-400E-865D-EC32FD6F22EA@employees.org> <678442be-60cc-6b6e-ebee-932cb0badb26@gmail.com> <d88138da05e44b48bbffd18cb68c0b87@XCH15-06-08.nw.nos.boeing.com> <5F994FD8-14A9-4792-9F14-F39B2B24EF4D@gmail.com>
In-Reply-To: <5F994FD8-14A9-4792-9F14-F39B2B24EF4D@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [137.136.248.6]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/CiTJThN1iOq75eH5FZKiaRWzEgM>
Cc: "ipv6@ietf.org" <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Feb 2017 23:59:35 -0000

Hi Fred,

In Section 10.3 of RFC4821, it says: 

   "However, other more serious failure modes do exist, such as might be
   caused by middle boxes or upper-layer routers that choose different
   paths for different protocol types or sessions.  In such
   environments, adjunct protocols may legitimately experience a
   different Path MTU than the primary protocol.  If the adjunct
   protocol finds a larger MTU than the primary protocol, PLPMTUD may
   select an MTU that is not usable by the primary protocol.  Although
   this is a potentially serious problem, this sort of situation is
   likely to be viewed as incorrect by a large number of observers, and
   thus there will be strong motivation to correct it."

This passage is in regards to "Probing Method for IP Fragmentation", but
the same considerations apply to tunnel endpoints that would employ an
adjunct protocol to probe the path MTU.

Where RFC4821 says:

    "Although this is a potentially serious problem, this sort of situation is
      likely to be viewed as incorrect by a large number of observers, and
      thus there will be strong motivation to correct it."

I agree that this is a potentially serious problem, but the situation could
not be viewed as incorrect if a legitimate service such as Equal Cost
Multipath (ECMP) is employed somewhere along the path and the
adjunct probes take a path with a larger MTU while the primary protocol
takes a path with a smaller MTU.

An erratum could change this sentence to something like:

   "This is a potentially serious problem that could be due to either a
     misconfiguration or a legitimate service such as Equal Cost Multipath
     (ECMP) that allows the adjunct probes to take a different path than
     the primary protocol."

Thanks - Fred
fred.l.templin@boeing.com


> -----Original Message-----
> From: Fred Baker [mailto:fredbaker.ietf@gmail.com]
> Sent: Friday, February 03, 2017 12:59 PM
> To: Templin, Fred L <Fred.L.Templin@boeing.com>
> Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>om>; ipv6@ietf.org
> Subject: Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt> (Path MTU Discovery for IP version 6) to Internet Standard
> 
> 
> On Feb 3, 2017, at 12:11 PM, Templin, Fred L <Fred.L.Templin@boeing.com> wrote:
> > A note about RFC4821. We think it will work for end-to-end MTU determination and
> > black hole avoidance, but from discussions on intarea we now no longer think it will be
> > applicable to tunnel endpoints. That is because the tunnel ingress is not the source
> > of the original packets - it is only the source of the tunneled packets and the RFC4821
> > probes. And, if the original packets (once admitted into the tunnel) travel a different
> > path than the probes the system could black hole.
> >
> > Is this worth an errata to RFC4821?
> 
> I guess my question is "what in 4821 would you like to see changed". 4821 says, in effect, "try a number of different trial PMTU values
> in a rational sequence, and use the largest that seems to work". As you say, the tunnel endpoint doesn't implement the TCP, and
> therefore doesn't implement 4821 directly, at least for that purpose. However, if the system sending it packets does, the existence of
> the tunnel merely forces the 4821 algorithm to choose a smaller number. 4821 in the endpoint that *does* implement TCP should
> have the right result.
> 
> So, with the possible exception of adding one or more appendices saying "X in the network can cause the algorithm to choose a
> smaller number", I don't see what in a potential 4821-bis would be different. In such a case, I don't see the case for an erratum; an
> erratum is a request for a change.
> 
> 
> A change I might suggest, which is not an error but an optimization, would suggest trying the first few values (IP message size 9000,
> 1500, 1400, and 1280?) in the same RTT, and deducing from the first Ack received which one got through first (in that sequence, the
> host might not try 9000 because it is configured for something shorter, try 1500 and have it not go through a tunnel, but have 1400 and
> 1280 work. It would get an Ack saying that it expected the next octet to be N+1400, or possibly an Ack pointing to N+1280 and another
> pointing to N+1400). Rather than waiting for retransmission timeouts, make it all happen in the first RTT.