IETF Logo Mail Archive

RE: "Deprecate"

"C. M. Heard" <heard@pobox.com> Tue, 30 July 2013 22:40 UTC

Return-Path: <heard@pobox.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FA8421E80B4 for <ipv6@ietfa.amsl.com>; Tue, 30 Jul 2013 15:40:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cS49bPHgAIrw for <ipv6@ietfa.amsl.com>; Tue, 30 Jul 2013 15:40:19 -0700 (PDT)
Received: from shell4.bayarea.net (shell4.bayarea.net [209.128.82.1]) by ietfa.amsl.com (Postfix) with ESMTP id C348C11E80E2 for <ipv6@ietf.org>; Tue, 30 Jul 2013 15:40:18 -0700 (PDT)
Received: (qmail 29517 invoked from network); 30 Jul 2013 15:40:14 -0700
Received: from shell4.bayarea.net (209.128.82.1) by shell4.bayarea.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 30 Jul 2013 15:40:14 -0700
Date: Tue, 30 Jul 2013 15:40:14 -0700
From: "C. M. Heard" <heard@pobox.com>
X-X-Sender: heard@shell4.bayarea.net
To: IPv6 <ipv6@ietf.org>
Subject: RE: "Deprecate"
In-Reply-To: <2CF4CB03E2AA464BA0982EC92A02CE251271361B@BY2PRD0511MB428.namprd05.prod.outlook.com>
Message-ID: <Pine.LNX.4.64.1307301439030.24674@shell4.bayarea.net>
References: <8C48B86A895913448548E6D15DA7553B963A9D@xmb-rcd-x09.cisco.com> <m2fvuwspja.wl%randy@psg.com> <33F639DD-2CD8-4580-A0C8-F63068497BEA@gmail.com> <m238qwsfna.wl%randy@psg.com> <2CF4CB03E2AA464BA0982EC92A02CE2512713455@BY2PRD0511MB428.namprd05.prod.outlook.com> <8C48B86A895913448548E6D15DA7553B965346@xmb-rcd-x09.cisco.com> <2CF4CB03E2AA464BA0982EC92A02CE251271361B@BY2PRD0511MB428.namprd05.prod.outlook.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2013 22:40:28 -0000

On Tue, 30 Jul 2013, Ronald Bonica wrote:
> Thinking a little more about it, RTP and UDP aren't the real 
> culprits. The culprits are the applications that run over them. 
> So, we should limit our statement to applications, and not 
> "applications and transport layer protocols".

I don't agree, at least not if the principal reason why IP fragments 
get dropped is that they lack the L4 header (or at least that the 
non-initial fragments do) and thereby break stateless ACLs.  The 
problem is that UDP and its kin such as UDP-lite and DCCP lack 
transport-layer segmentation, such as is present in TCP, and are 
thereby force their clients to rely on IP fragmentation to provide 
this service.  So yes, these transport protocols are the culprits.

The idea that immediately comes to mind is to design _replacements_ 
transport protocols for UDP and kin that contain a transport layer 
segmentation mechanism.  These would be for use by applications that 
can't get by without such a mechanism; existing applications that 
don't need to rely on IP fragmentation can continue to use UDP and 
kin.  The replacement for UDP might have a header that looks 
something like this:

   0                            15 16                            31
  +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+
  |         Source Port           |      Destination Port         |
  +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+
  |            Length             |       Segment Offset    |Res|M|
  +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+
  |                         Identification                        |
  +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+
  |                            Checksum                           |
  +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+
  |                          data octets               ...
  +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|    ...

(Other and perhaps better possibilities exist, of course.)

Having said that, I immediately imagine screaming that such a thing 
could not possibly be deployed, because operators will filter 
anything that they don't know or have an immediate use for, and so 
it would never get any traction.

Well, maybe so, but something has to give.  The operations folks 
have complained that IP fragmentation is awful, they have to filter 
fragments because it defeats their stateless ACLs.  OK; let's agree 
that's a defect that needs to be fixed.  But if you don't want the 
fix to break other important stuff (e.g., DNSSEC, as metioned in 
Section 3.1 of draft-bonica-6man-frag-deprecate-02), you need a 
replacement for IP fragmentation (or an augmentation, such as in 
http://www.ietf.org/mail-archive/web/ipv6/current/msg18389.html by 
Mark Andrews).  Maybe I just lack imagination, but I can't see any 
fix that does not involve SOME change in operator behavior.

//cmh

v2.23.0 | Report a Bug | By Email