IETF Logo Mail Archive

RE: UDP+Fragmentation (was: "Deprecate")

Ronald Bonica <rbonica@juniper.net> Wed, 07 August 2013 01:45 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E001B21F9B6A for <ipv6@ietfa.amsl.com>; Tue, 6 Aug 2013 18:45:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.657
X-Spam-Level:
X-Spam-Status: No, score=-102.657 tagged_above=-999 required=5 tests=[AWL=0.943, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RQnF68NM386h for <ipv6@ietfa.amsl.com>; Tue, 6 Aug 2013 18:45:39 -0700 (PDT)
Received: from co1outboundpool.messaging.microsoft.com (co1ehsobe001.messaging.microsoft.com [216.32.180.184]) by ietfa.amsl.com (Postfix) with ESMTP id 8B89E21F91CE for <ipv6@ietf.org>; Tue, 6 Aug 2013 18:45:39 -0700 (PDT)
Received: from mail183-co1-R.bigfish.com (10.243.78.252) by CO1EHSOBE020.bigfish.com (10.243.66.83) with Microsoft SMTP Server id 14.1.225.22; Wed, 7 Aug 2013 01:45:36 +0000
Received: from mail183-co1 (localhost [127.0.0.1]) by mail183-co1-R.bigfish.com (Postfix) with ESMTP id D4CF178021B; Wed, 7 Aug 2013 01:45:36 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.240.101; KIP:(null); UIP:(null); IPV:NLI; H:BL2PRD0510HT002.namprd05.prod.outlook.com; RD:none; EFVD:NLI
X-SpamScore: -22
X-BigFish: PS-22(zz98dI9371I542I1432Idb82hzz1f42h208ch1ee6h1de0h1fdah2073h1202h1e76h1d1ah1d2ah1fc6hzz1de098h1033IL1de096h8275bh8275dh1de097hz2fh2a8h668h839h944hd24hf0ah1220h1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh162dh1631h1758h18e1h1946h19b5h19ceh1ad9h1b0ah1d07h1d0ch1d2eh1d3fh1de9h1dfeh1dffh1e1dh9a9j1155h)
Received-SPF: pass (mail183-co1: domain of juniper.net designates 157.56.240.101 as permitted sender) client-ip=157.56.240.101; envelope-from=rbonica@juniper.net; helo=BL2PRD0510HT002.namprd05.prod.outlook.com ; .outlook.com ;
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(13464003)(189002)(199002)(377454003)(24454002)(51704005)(53806001)(76576001)(54356001)(74876001)(76482001)(19580405001)(74502001)(19580395003)(56776001)(16406001)(31966008)(74316001)(83322001)(47736001)(33646001)(4396001)(56816003)(561944002)(19580385001)(79102001)(80022001)(66066001)(74662001)(83072001)(74366001)(65816001)(69226001)(81542001)(81342001)(51856001)(50986001)(54316002)(59766001)(80976001)(76786001)(47446002)(49866001)(77096001)(76796001)(77982001)(63696002)(46102001)(74706001)(47976001)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:BL2PR05MB243; H:BL2PR05MB243.namprd05.prod.outlook.com; CLIP:66.129.232.2; RD:InfoNoRecords; MX:1; A:1; LANG:en;
Received: from mail183-co1 (localhost.localdomain [127.0.0.1]) by mail183-co1 (MessageSwitch) id 1375839935385870_6168; Wed, 7 Aug 2013 01:45:35 +0000 (UTC)
Received: from CO1EHSMHS001.bigfish.com (unknown [10.243.78.233]) by mail183-co1.bigfish.com (Postfix) with ESMTP id 58AF558004D; Wed, 7 Aug 2013 01:45:35 +0000 (UTC)
Received: from BL2PRD0510HT002.namprd05.prod.outlook.com (157.56.240.101) by CO1EHSMHS001.bigfish.com (10.243.66.11) with Microsoft SMTP Server (TLS) id 14.16.227.3; Wed, 7 Aug 2013 01:45:34 +0000
Received: from BL2PR05MB243.namprd05.prod.outlook.com (10.242.198.148) by BL2PRD0510HT002.namprd05.prod.outlook.com (10.255.100.37) with Microsoft SMTP Server (TLS) id 14.16.341.1; Wed, 7 Aug 2013 01:45:34 +0000
Received: from BL2PR05MB243.namprd05.prod.outlook.com (10.242.198.148) by BL2PR05MB243.namprd05.prod.outlook.com (10.242.198.148) with Microsoft SMTP Server (TLS) id 15.0.731.16; Wed, 7 Aug 2013 01:45:32 +0000
Received: from BL2PR05MB243.namprd05.prod.outlook.com ([169.254.8.111]) by BL2PR05MB243.namprd05.prod.outlook.com ([169.254.8.111]) with mapi id 15.00.0731.000; Wed, 7 Aug 2013 01:45:32 +0000
From: Ronald Bonica <rbonica@juniper.net>
To: "Templin, Fred L" <Fred.L.Templin@boeing.com>, "C. M. Heard" <heard@pobox.com>, IPv6 <ipv6@ietf.org>
Subject: RE: UDP+Fragmentation (was: "Deprecate")
Thread-Topic: UDP+Fragmentation (was: "Deprecate")
Thread-Index: AQHOjsXExBsThTTW2kO9nlkD8PFVZ5mAluIAgAb8kICAAPVUoIAABuLggAAsSnCAAAXBcIAACeHggAAvSpA=
Date: Wed, 07 Aug 2013 01:45:32 +0000
Message-ID: <ce9ac441c5c949d184997bcce7d154f5@BL2PR05MB243.namprd05.prod.outlook.com>
References: <782A011A-B28F-4BD9-B3F1-C194D6244DFA@gmail.com> <Pine.LNX.4.64.1308010951100.15607@shell4.bayarea.net> <Pine.LNX.4.64.1308052027420.28100@shell4.bayarea.net> <f4cb5436e86b4ec88d34f2d21e2bbb24@BL2PR05MB243.namprd05.prod.outlook.com> <2134F8430051B64F815C691A62D983180E0A69@XCH-BLV-504.nw.nos.boeing.com> <fee4460daf2748e0bc5efda62c00b7df@BL2PR05MB243.namprd05.prod.outlook.com> <2134F8430051B64F815C691A62D983180E0D96@XCH-BLV-504.nw.nos.boeing.com> <2134F8430051B64F815C691A62D983180E0E0D@XCH-BLV-504.nw.nos.boeing.com>
In-Reply-To: <2134F8430051B64F815C691A62D983180E0E0D@XCH-BLV-504.nw.nos.boeing.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.129.232.2]
x-forefront-prvs: 0931CB1479
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2013 01:45:45 -0000

Fred,

We should probably be clear about which problem we are trying to solve. The following are possibilities:

a) Remove network administrators' motivation for blocking IPv6 fragments. To this end, we assume that the network administrators' primary motivation is the tiny fragment problem. So, we solve the tiny fragment problem by changing the way that IPv6 fragmentation works. In the new fragmentation scheme, each fragment contains parsable information regarding the payload protocol and port.

b) Make UDP-based applications work in a world where network administrators block IPv6 fragments. We do this by either modifying UDP so that it supports fragmentation and reassembly of long payloads or creating a new UDP-like protocol that supports the fragmentation and reassembly of long payloads.

Draft-andrews-6man-fragopt solves the problem posed in draft-bonica-6man-frag-deprecate by solving problem a). Mike's proposal solves the problem posed in draft-bonica-6man-frag-deprecate by solving problem a).

IMHO, both proposals address the problem. We are currently trying to figure out which will work best.

                                                      Ron


> -----Original Message-----
> From: Templin, Fred L [mailto:Fred.L.Templin@boeing.com]
> Sent: Tuesday, August 06, 2013 6:36 PM
> To: Ronald Bonica; C. M. Heard; IPv6
> Subject: RE: UDP+Fragmentation (was: "Deprecate")
> 
> Ron,
> 
> One other thing for now is that Mike's proposal doesn't even address
> the attack vector that 'draft-bonica-6man-frag-deprecate'
> is concerned about. To address the tiny fragment concern, the protocol
> must ensure that tiny fragments cannot ever be created.
> 
> Thanks - Fred
> fred.l.templin@boeing.com
> 
> > -----Original Message-----
> > From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On Behalf
> > Of Templin, Fred L
> > Sent: Tuesday, August 06, 2013 3:07 PM
> > To: Ronald Bonica; C. M. Heard; IPv6
> > Subject: RE: UDP+Fragmentation (was: "Deprecate")
> >
> > Hi Ron,
> >
> > > -----Original Message-----
> > > From: Ronald Bonica [mailto:rbonica@juniper.net]
> > > Sent: Tuesday, August 06, 2013 2:54 PM
> > > To: Templin, Fred L; C. M. Heard; IPv6
> > > Subject: RE: UDP+Fragmentation (was: "Deprecate")
> > >
> > > Fred,
> > >
> > > If that's the case, we have a good argument for changing Mike's
> > > proposal ever so slightly, so that it uses a new protocol ID. But
> > > still, Mike's proposal is elegant because:
> > >
> > > a) It solves the problem at the right layer
> > > b) It reuses UDP transport machinery. (The only exception is the in
> > > LENGTH field)
> > > c) It reuses IP fragmentation machinery (moving it to the transport
> > > layer)
> > > d) Aside from b) and c), it introduces no new protocol machinery.
> > > So, it can be described in a few short pages. This is in stark
> > > contrast
> > to
> > > SEAL (draft-templin-intarea-seal-61) whose protocol machinery
> > requires
> > > 41 pages to describe
> >
> > There is a lot of boiler plate in the draft that is not required to
> > describe the protocol machinery. Plus, there are many things that
> need
> > to be described in a functional specification beyond just posting a
> > concept in an e-mail thread.
> >
> > > which required 61 draft versions to get right.
> >
> > The best things in life are worth investing the time and energy to
> get
> > right. Plus, SEAL is a universal format that handles both
> > tunnel- and transport-mode requirements for all manners of existing
> > protocols.
> >
> > If we are going to define a new protocol type, let's define one that
> > addresses everything we are currently struggling with and has the
> > extensibility to address additional requirements moving forward into
> > the future.
> >
> > Thanks - Fred
> > fred.l.templin@boeing.com
> >
> > >                                                  Ron
> > >
> > >
> > > > -----Original Message-----
> > > > From: Templin, Fred L [mailto:Fred.L.Templin@boeing.com]
> > > > Sent: Tuesday, August 06, 2013 2:58 PM
> > > > To: Ronald Bonica; C. M. Heard; IPv6
> > > > Subject: RE: UDP+Fragmentation (was: "Deprecate")
> > > >
> > > > With a protocol as ossified as UDP, I have a hard time imagining
> > all
> > > > middleboxes passing the packets with what they would see as a
> > > corrupted
> > > > length field.
> > > >
> > > > Thanks - Fred
> > > > fred.l.templin@boeing.com
> > > >
> > > > > -----Original Message-----
> > > > > From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On
> > > Behalf
> > > > > Of Ronald Bonica
> > > > > Sent: Tuesday, August 06, 2013 11:49 AM
> > > > > To: C. M. Heard; IPv6
> > > > > Subject: RE: UDP+Fragmentation (was: "Deprecate")
> > > > >
> > > > > Mike,
> > > > >
> > > > > The proposal sounds elegant. I will try to paraphrase it to
> make
> > > sure
> > > > > that I understand.
> > > > >
> > > > > When originating a UDP datagram, the host always queries it
> > > > underlying
> > > > > IP stack to determine the PMTU for the destination. If the PMTU
> > > > > greater than or equal to the size of the payload plus the UDP
> > > header
> > > > > plus the IP header, plus all IP extension headers, the
> > originating
> > > > > host emits a conventional UDP packet which is characterized as
> > > > follows:
> > > > >
> > > > > - Protocol = 17
> > > > > - Length <= L4 length from IP
> > > > >
> > > > > If the PMTU less than the size of the payload plus the UDP
> > > > > header
> > > > plus
> > > > > the IP header, plus all IP extension headers, the originating
> > host
> > > > > emits an unconventional UDP packet which is characterized as
> > > follows:
> > > > >
> > > > > - Protocol = 17
> > > > > - Length > L4 length from IP
> > > > > - Segment Offset, M-bit and Identification fields added to UDP
> > > header
> > > > > before the payload
> > > > >
> > > > > If an unconventional UDP packet arrives a destination that
> > supports
> > > > > unconventional packets, it is reassembled at the transport
> layer.
> > > If
> > > > > an unconventional UDP packet arrives a destination that does
> not
> > > > > support unconventional packets, it is  discarded.
> > > > >
> > > > > Do I have this much right?
> > > > >
> > > > >                           Ron
> > > > >
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On
> > > > Behalf
> > > > > Of
> > > > > > C. M. Heard
> > > > > > Sent: Monday, August 05, 2013 11:53 PM
> > > > > > To: IPv6
> > > > > > Subject: Re: UDP+Fragmentation (was: "Deprecate")
> > > > > >
> > > > > > On Thu, 1 Aug 2013, C. M. Heard wrote:
> > > > > > > On Thu, 1 Aug 2013, RJ Atkinson wrote:
> > > > > > > > I agree that C.M. Heard's ideas should be explored in
> more
> > > > > > > > detail
> > > > > > by
> > > > > > > > the IETF.
> > > > > >
> > > > > > The idea was essentially UDP with segmentation fields, which
> > > would
> > > > > > require a new protocol number.
> > > > > >
> > > > > > In an offline discussion with Mark Smith and I kicked around
> > > > > > an
> > > > idea
> > > > > > for an alternate version not requiring a new protocol number,
> > but
> > > > > > relying instead on the redundancy of the UDP Length field.
> > > > > > The
> > > UDP
> > > > > > Length field is not actually needed; TCP does not have one
> but
> > > > > > rather relies on the length reported by the IP layer.  Under
> > > > current
> > > > > > standards, the UDP Length field must be at least 8 and cannot
> > > > exceed
> > > > > > the IP payload length minus the combined length of any
> > extension
> > > > > > headers -- let's call this the L4 length from IP.  Existing
> > > > > > implementations are supposed to drop UDP datagrams that fail
> > this
> > > > > > check, and all the ones I know of do so.
> > > > > >
> > > > > > The question then arises whether it might reasonably be
> > possible
> > > to
> > > > > re-
> > > > > > purpose the case UDP Length > L4 length from IP to mean a
> > > segmented
> > > > > UDP
> > > > > > datagram.
> > > > > >
> > > > > > In that case 8 <= UDP Length <= L4 length from IP would be
> > > > > > intepreted as a standard unsegmented UDP datagram, as is it
> > now.
> > > > > > That's the case pictured below.  Note that if the L4 length
> > > > > > indicated by the IP layer exceeds the UDP Length, then the
> > extra
> > > > > > octets would
> > > > > be
> > > > > > discarded and are not delivered to the application; that is
> > > > > > the behavior of the implementations I know of.
> > > > > >
> > > > > >      0                            15 16
> > > > 31
> > > > > >     +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|-+-+-+-
> +-
> > +-
> > > +-
> > > > +-+
> > > > > >     |         Source Port           |      Destination Port
> > > > |
> > > > > >     +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|-+-+-+-
> +-
> > +-
> > > +-
> > > > +-+
> > > > > >     |   Length <= L4 length from IP |            Checksum
> > > > |
> > > > > >     +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-
> +-
> > +-
> > > +-
> > > > +-+
> > > > > >     |                          data octets               ...
> > > > > >     +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|    ...
> > > > > >
> > > > > > Now suppose that we have a long UDP datagram that we want to
> > send
> > > > in
> > > > > > segments.  We set the Length and Checksum fields as usual,
> and
> > > then
> > > > > cut
> > > > > > the datagram into segments, each of which looks like this:
> > > > > >
> > > > > >      0                            15 16
> > > > 31
> > > > > >     +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|-+-+-+-
> +-
> > +-
> > > +-
> > > > +-+
> > > > > >     |         Source Port           |      Destination Port
> > > > |
> > > > > >     +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|-+-+-+-
> +-
> > +-
> > > +-
> > > > +-+
> > > > > >     |  Length > L4 length from IP   |            Checksum
> > > > |
> > > > > >     +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-
> +-
> > +-
> > > +-
> > > > +-+
> > > > > >     |        (reserved = 0)         |       Segment Offset
> > > > |Res|M|
> > > > > >     +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-
> +-
> > +-
> > > +-
> > > > +-+
> > > > > >     |                         Identification
> > > > |
> > > > > >     +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-
> +-
> > +-
> > > +-
> > > > +-+
> > > > > >     |                          data octets               ...
> > > > > >     +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|    ...
> > > > > >
> > > > > > We put the same UDP header in each segment, so (if we take
> > > > > > some
> > > > care
> > > > > in
> > > > > > how we choose the length of the segments) each one will have
> a
> > > UDP
> > > > > > Length field that is greater than the IP payload length minus
> > the
> > > > > > combined length of any extension headers.  Implementations
> > > > > > that
> > > > > conform
> > > > > > to the current specifications should discard these segments,
> > and
> > > so
> > > > > > should not mistakenly consider the segmentation fields as
> part
> > of
> > > > > > the application data.  That should make it possible for
> > segmented
> > > > > > UDP datagrams to safely coexist with conventional unsegmented
> > > one,
> > > > > without
> > > > > > getting a new protocol number.
> > > > > >
> > > > > > Possible downsides: some middleboxes may filter such
> > "erroneous"
> > > > > > datagrams, and some existing erroneous implementations may
> > > > > > fail
> > > to
> > > > > > do the checks they should and might mistake these segments
> for
> > > > > > ordinary UDP datagrams.
> > > > > >
> > > > > > Note that this idea does not work with UDP-lite, which
> > > > > > replaces
> > > the
> > > > > > Length field with a Checksum Coverage field.  That could
> > > > > > easily
> > > be
> > > > > too
> > > > > > short to exceed the L4 length from IP.
> > > > > >
> > > > > > Mike Heard
> > > > > > -------------------------------------------------------------
> -
> > > > > > -
> > --
> > > --
> > > > -
> > > > > > IETF IPv6 working group mailing list ipv6@ietf.org
> > Administrative
> > > > > > Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > > > > > -------------------------------------------------------------
> -
> > > > > > -
> > --
> > > --
> > > > -
> > > > > >
> > > > >
> > > > >
> > > > > ---------------------------------------------------------------
> -
> > > > > -
> > --
> > > -
> > > > > IETF IPv6 working group mailing list ipv6@ietf.org
> > > > > Administrative Requests:
> > https://www.ietf.org/mailman/listinfo/ipv6
> > > > > ---------------------------------------------------------------
> -
> > > > > -
> > --
> > > -
> > > >
> > >
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email