TSV-ART Telechat review of draft-ietf-6man-rfc1981bis-04

Joe Touch <touch@isi.edu> Wed, 15 February 2017 21:51 UTC

Return-Path: <touch@isi.edu>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id AF15312985A; Wed, 15 Feb 2017 13:51:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id kQXSJnvRZKd6; Wed, 15 Feb 2017 13:51:41 -0800 (PST)
Received: from boreas.isi.edu (boreas.isi.edu []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B95812948A; Wed, 15 Feb 2017 13:51:41 -0800 (PST)
Received: from [] (nib.isi.edu []) (authenticated bits=0) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id v1FLpMqP016765 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 15 Feb 2017 13:51:23 -0800 (PST)
To: "tsv-art@ietf.org" <tsv-art@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
From: Joe Touch <touch@isi.edu>
Subject: TSV-ART Telechat review of draft-ietf-6man-rfc1981bis-04
Message-ID: <48bfa3a1-e53c-6b31-69b0-2645ddd5937f@isi.edu>
Date: Wed, 15 Feb 2017 13:51:21 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------1700B2758321C6E840630A4C"
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/EEfKLU8sH9WA0gfvXbP74sMMQHc>
Cc: 6man <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Feb 2017 21:51:43 -0000

Document: draft-ietf-6man-rfc1981bis-04
Reviewer: Joe Touch
Review Date: February 15, 2017
IETF LC End Date: March 3, 2017
IESG Telechat date: February 28, 2017

Review result: significant issues

NOTE: some of this review is informed by tracking some of the issues raised by others on the IETF list, notably Gorry Fairhurst.

Major issues:

1) the current text is insufficiently realistic about the (in)ability of this mechanism to operate in current networks, regardless of the support for generating ICMPs at routers or PMTUD support at endpoints, due to ICMP filtering for security reasons. [this comment is already being addressed by consensus text]

2) the current text is insufficiently clear on on the difference between the path MTU, which determines the largest supported IPv6 fragment, vs. the effective MTU to receive (EMTU_R), which determines the largest IP packet that can transit between the source and destination. The document should be more explicit throughput about its goal being to manage or avoid IPv6 source fragmentation rather than about source to destination packet maximums, and in specific in clearly referring to maximum fragments or atomic packets rather than maximum packets.

E.g.: see the following text, which is incorrect in its current form:
   Nodes not implementing Path MTU Discovery use the IPv6 minimum link
   MTU defined in [I-D.ietf-6man-rfc2460bis
<https://tools.ietf.org/html/draft-ietf-6man-rfc1981bis-04#ref-I-D.ietf-6man-rfc2460bis>] as the maximum packet size.

The value used by either Path MTU Discovery or its default represents the path MTU, which is the largest IPv6 *fragment* (or atomic packet, see RFC6864) that can be supported on the path between the endpoints. The maximum IP packet size is limited by the effective MTU to receive (EMTU_R) [RFC1122], which is at least 1500 bytes for IPv6 and not necessarily related to the link MTUs. The text should also clearly indicate that there is no ICMP mechanism for determining larger EMTU_R support.

E.g., the following text is also incorrect in its current form:
   The value sent in the TCP MSS option is independent of the PMTU.
   This MSS option value is used by the other end of the connection,
   which may be using an unrelated PMTU value. 

The first sentence is correct because TCP MSS is related to EMTU_R (and needs to account for headers, as per RFC6691), and EMTU_R is not directly related to the PMTU (except that it would never be smaller than the PMTU). The MSS option is calculated from EMTU_R, not PMTU.

In addition, it should be noted that ICMPv6 PTB messages are NOT sent when source fragmentation is enabled.

3. need verification of current support for some features, esp. regarding TCP and NFS interactions
See Gorry's note of 2/14/17

4. the concept of a single path MTU value between two IP addresses does not account for multipath routing, e.g., ECMP (as currently deployed, noted in RFC7690, which should be cited) or BANANA (and its solutions in development) See Fred Templin's posts on this on 2/15/17

Minor issues:

- some of the updates and/or current text could be updated to reflect current terminology or practice. See Gorry Fairhursts's post of 2/14/17

- fragmentation, while considered harmful and costly, is absolutely necessary to support tunnels even in the presence of PMTUD. The text on this issue should reflect this reality.

- the requirement that transports be notified of PTB messages might usefully cite the corresponding IPv4, TCP, and UDP sections of RFC1122

- section 5.4 should cite and include context from RFC6691, especially including a discussion of the impact of variable IP EHs on the interaction between TCP MSS and ICMP PTB