RE: Last Call: <draft-ietf-6man-rfc1981bis-04.txt> (Path MTU Discovery for IP version 6) to Internet Standard

["Templin, Fred L" <Fred.L.Templin@boeing.com>]

Hi Ole and Joe,

Also not to be lost in this discussion is the potential for spoofed ICMP messages
that would report a size that is either too large or too small.

Thanks - Fred

> -----Original Message-----
> From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of otroan@employees.org
> Sent: Tuesday, February 07, 2017 12:07 PM
> To: Joe Touch <touch@isi.edu>
> Cc: 6man WG <ipv6@ietf.org>; ietf@ietf.org; draft-ietf-6man-rfc1981bis@ietf.org; tsv-area@ietf.org; Eggert, Lars
> <lars@netapp.com>; 6man-chairs@ietf.org
> Subject: Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt> (Path MTU Discovery for IP version 6) to Internet Standard
> 
> Joe,
> 
> [...]
> 
> >>> If by "supports" you mean "doesn't work", then yes. That's why we now
> >>> have PLPMTUD.
> >>>
> >> PLMTUD is unfortunately not a (complete) replacement of PMTUD.
> >
> > PLMTUD is a directive to protocols above the IP layer; it isn't a single protocol, so it wouldn't replace anything.
> >
> >>
> >>>> Looking just at our specifications, we cannot state that PLMTUD can replace PMTUD. Take RFC2473 (IPv6 tunnelling) for
> example.
> >>>>
> >>> See draft-ietf-intarea-tunnels, esp. v03 Section 5.5.2
> >>>
> >>> (yes, that doc has expired while we're preparing the 04 update, which
> >>> should be issued shortly)
> >>>
> >> Is this the paragraph you are referring to?
> >>
> >>    PLPMTUD requires a separate,
> >>    direct control channel from the egress to the ingress that provides
> >>    positive feedback; the direct channel is not blocked by policy
> >>    filters and the positive feedback ensures fail-safe operation if
> >>    feedback messages are lost [RFC4821].
> >>
> > That is nowhere near section 5.5.2.
> 
> No, but it was unfortunately all that was written about how to use PLMTUD for tunnels.
> 
> > 5.5.2 indicates places where RFC2473 has errors, esp. in how it interprets the MTU of the tunnel as being defined by the MTU of the
> path within the tunnel, rather than by the tunnel egress reassembly limit.
> >
> >> I'm very much in favour of working on better ways of doing Path MTU discovery.
> >> A blanket statement of "use "PLMTUD" seems very premature though.
> >>
> > The point is that this document fails to indicate the current state of PMTUD. It correctly notes that:
> >    An extension to Path MTU Discovery defined in this document can be
> >    found in [
> > RFC4821
> > ].  It defines a method for Packetization Layer Path
> >    MTU Discovery (PLPMTUD) designed for use over paths where delivery of
> >    ICMP messages to a host is not assured.
> >
> >
> >
> > IMO, it fails to note that this case - where ICMP messages are assured along a path - is effectively a unicorn except within systems
> maintained by a single entity.
> >
> >> RFC1981 has 70 citations:
> >>
> >> http://www.arkko.com/tools/allstats/citations-rfc1981.html
> >>
> >>
> >> Could you expand on your view of how this pertains to advancing RFC1981?
> >>
> > It's called last call input. My input is that this document needs to be more realistic in noting that, for all intents, ICMP-based MTU
> discovery isn't viable and that other methods need to be *expected*, not just that they're available.
> 
> Right, but if you are correct that ICMP-based MTU discovery is not viable then this document should not be advanced.
> At the same time for many protocols we have nothing else. An operator can break any protocol if that's their policy. And that's the
> breakage we're talking about here, not any issues with the protocol specification.
> 
> There is a philosophical aspect of this. (Which I'm not the best person to represent as I skipped my University studies in philosophy
> and used the student loan to buy a motorcycle... (and only read the art of motorcycle maintenance years later) )
> This is a tussle. The IETF specifies protocols under the assumption that operators treat those protocols largely as specified. The 5-10%
> failure of PMTUD messages may be caused by misconfiguration, misunderstanding or mis-intent... Many of our protocols are suffering
> from the same fate. Should the IETF adjust all its protocols to be as middlebox friendly as possible? You can make this argument about
> IPv6 fragments, any packet with IPv6 extension headers, IPv4 fragments. Or anything but TCP port 443/80 and UDP port 53 for that
> matter. Are we as the IETF going to continue standardising protocols to work as best as they possible can, ignoring protocol abuse, or
> are we going to bend over and do whatever it takes to make it work for those 5-10% who've actively broken the protocol? What about
> the 90-90% where the protocols work as expected?
> 
> Best regards,
> Ole
>