IETF Logo Mail Archive

Re: End-to-end (was Re: Non-Last Small IPv6 Fragments)

Tom Herbert <tom@herbertland.com> Tue, 15 January 2019 22:42 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B7D7128BCC for <ipv6@ietfa.amsl.com>; Tue, 15 Jan 2019 14:42:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.042
X-Spam-Level:
X-Spam-Status: No, score=-2.042 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dqMvNE2xMVUa for <ipv6@ietfa.amsl.com>; Tue, 15 Jan 2019 14:42:18 -0800 (PST)
Received: from mail-qk1-x732.google.com (mail-qk1-x732.google.com [IPv6:2607:f8b0:4864:20::732]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2806127598 for <ipv6@ietf.org>; Tue, 15 Jan 2019 14:42:17 -0800 (PST)
Received: by mail-qk1-x732.google.com with SMTP id a1so2612721qkc.5 for <ipv6@ietf.org>; Tue, 15 Jan 2019 14:42:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=5n8oqm2K31Gcg/VGyfqy21wgp/nC2vnj5Z7NHSbELzs=; b=QEw/XTzZx0VmDwyEMbojYoXR39gmv/qzwwOSC2+oUiBxCvepsnNPtjPjBbX3nACYU3 7geh0y5jlkf3AyeFBcPCqmGQb035WHX0Ru57USkrFl5/nyE7Wc7nYDhlEIptsI498Dao AKaRVIjTk5qgtTQVSOOmpog5d0277QL6UlG7R9bVPjascXnlmgUU6gLV7uRD19vQElaT zy1b+4Sa+qfplhVQh56JlWcikugqzAacZOCPOJegXEtgcIctIxqOHLYCvfT39GZGPc8k X7SzQ07jYIn4fjXW0jzOyah/GG37bXG2rpB7uCc59KYsdVHtHF0K41nVX8hkz2GViFJS /Pzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=5n8oqm2K31Gcg/VGyfqy21wgp/nC2vnj5Z7NHSbELzs=; b=Z73YD8ATMv18yJ1MMK9emCIAGHu293PlUBozSjxNhS3+5Wks9DlAe3bilMttFnQvAO NTopCQm8swLFtba1EPg3QO+YKv7251dF4RnVtMZDF+dJepWzOoEjGyiYxXOJ0+XlaLiL LpdLSFubeCTKaojUmnaGGT2GCtLIxAplkjvSX6P9OpgP9MObXtlPSOiH3TOTFwwb0n7k ckNUqdAJnylZDUn17XKIfeG9h2d9Oge8GlklofpUvxVXJEMee8E7lqhtekVVclsvvRGG HB0WeBN3VTbyhGucNN4c/7PA7TlswNH+6PBSAqGSP9UtGVZF5iDnZ52RyfH04a8nxn+s wAFA==
X-Gm-Message-State: AJcUukfATW5HZVmzQHAQHAt1wloWevt21dn50IXFDb9U/yOLM2jVwMHb kHho1enqc355dnTCVHyYePPZYGMM3zaatkh/cHG8TybE2oY=
X-Google-Smtp-Source: ALg8bN7e914gxdLdLshmyc0TaRpybvgxopuoTNvx2HLyg84sVM2wJSgkJuJWtrlhaSupgh+wGJUIe2+2e9ObJr6dz4U=
X-Received: by 2002:a37:d4d9:: with SMTP id s86mr4543222qks.190.1547592136933; Tue, 15 Jan 2019 14:42:16 -0800 (PST)
MIME-Version: 1.0
References: <CAOSSMjV0Vazum5OKztWhAhJrjLjXc5w5YGxdzHgbzi7YVSk7rg@mail.gmail.com> <A3C3F9C0-0A07-41AF-9671-B9E486CB8246@employees.org> <AEA47E27-C0CB-4ABE-8ADE-51E9D599EF8F@gmail.com> <6aae7888-46a4-342d-1d76-10f8b50cebc4@gmail.com> <EC9CC5FE-5215-4105-8A34-B3F123D574B9@employees.org> <4c56f504-7cd7-6323-b14a-d34050d13f4e@foobar.org> <9E6D4A6E-8ABA-4BAB-BEC5-969078323C96@employees.org> <CAAedzxpdF+yhBXfnwUcaQb-HkgdaqXRU3L+S7v8sS1F0OkwM9A@mail.gmail.com> <78a8a0e0-8808-364c-41f7-f81f90362432@gont.com.ar> <CALx6S37YnSbOUgVoWEA46aN88a3CfERWemhQKi_GOrP_g+=rFQ@mail.gmail.com> <308d9dff-87c4-cc63-6792-fcbfce722d1e@gont.com.ar> <CALx6S34kseXuKrrbB44=wz7OQBysUmbJh++N79Da9Kx1rseAUw@mail.gmail.com> <3f87c4ec-636a-790e-0a6a-0a6b4c2f3a35@foobar.org> <046F449C-E19E-4891-968E-975A03162364@lists.zabbadoz.net> <e7a1d5d2-7d7d-00fd-a178-fc2c7f25a167@foobar.org> <251b73fd-d08b-018c-4a24-c524dafbe25b@gmail.com> <e8786213-b1ac-0a8d-093d-579ce84dc126@foobar.org> <9b0c0ead-752f-fa8a-56b5-1a400ba16d22@huitema.net>
In-Reply-To: <9b0c0ead-752f-fa8a-56b5-1a400ba16d22@huitema.net>
From: Tom Herbert <tom@herbertland.com>
Date: Tue, 15 Jan 2019 14:42:06 -0800
Message-ID: <CALx6S35H0QYo6cs+7c0gFoysxhL7fmQSNW=BOrya_A4AY6H3JA@mail.gmail.com>
Subject: Re: End-to-end (was Re: Non-Last Small IPv6 Fragments)
To: Christian Huitema <huitema@huitema.net>
Cc: Nick Hilliard <nick@foobar.org>, Brian E Carpenter <brian.e.carpenter@gmail.com>, "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, IPv6 List <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/HYFXHMFBYcWcf7B8lI8W8OURinI>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jan 2019 22:42:21 -0000

On Tue, Jan 15, 2019 at 1:15 PM Christian Huitema <huitema@huitema.net> wrote:
>
> On 1/14/2019 11:20 AM, Nick Hilliard wrote:
>
> Brian E Carpenter wrote on 14/01/2019 19:47:
>
> On 2019-01-15 07:47, Nick Hilliard wrote:
>
> End-to-end died the day the IETF published rfc1631.
>
>
> The IETF didn't publish RFC1631. The RFC Editor published it. Although
> the Independent Submissions stream hadn't been formally named at that
> time, that's what this was.
>
>
> several people commented on this privately. The point I was trying to make to Bjoern was that the end-to-end principal ended a long time ago - certainly more than the 25 years ago that this rfc was published.  The large address space of IPv6 will not make it return.
>
> Actually, the pendulum went from "everything end-to-end" to "lots of processing in the middle", and it is now swinging back. Developers have realized that if they want to keep a particular function "end-to-end", they should use encryption. For example, using HTTPS instead of HTTP prevents intermediaries from messing with the content of the pages. Using QUIC instead of TCP prevents intermediaries from messing with the transport headers.
>
> Of course, the IP header itself is not encrypted, so encryption does not prevent NAT. That's why encrypted transports run over UDP. A side-effect of that is that UDP does expose the L4 ports, which sort of meets the requirement of intermediaries that run packet classifiers.
>
> PMTU discovery finds itself at the border between the clear text IPv6 header and the encrypted transports. It is sort of solved by declining to use fragmentation, and sending end-to-end encrypted probes to reliably discover the current PMTU. If an encrypted message of length end arrives to the other end and is acknowledged, the peers know that the PMTU is at least L.
>
> End to end PMTU probing is not perfect. It requires sacrificial probes, which has some overhead. It also requires guesswork to discover when a PMTU decreases. This is an area that would benefit from some innovation. For example, instead of requiring fragmentation support, it might be tempting to use truncation, so the truncated packet arrives to the other end. Of course, supporting truncation would require changes in routers and changes in the way transports deploy encryption. But that's probably the best long term way to solve the issues with fragmentation and reassembly.
>
Christian,

The only thing worse than intermediate nodes inspecting packets in
non-standard ways is when they modify packets in non-standard ways. A
better approach might be draft-hinden-6man-mtu-option where the
application can probe the path with small packets before sending big
packets. This uses a modifiable HBH options and is completely
idependent of the transport layer.

Tom

> -- Christian Huitema
>
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email