Re: Non-Last Small IPv6 Fragments
Warren Kumari <warren@kumari.net> Wed, 16 January 2019 00:31 UTC
Return-Path: <warren@kumari.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AA71130F59 for <ipv6@ietfa.amsl.com>; Tue, 15 Jan 2019 16:31:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.041
X-Spam-Level:
X-Spam-Status: No, score=-2.041 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s_dYt7LIk0Gx for <ipv6@ietfa.amsl.com>; Tue, 15 Jan 2019 16:31:40 -0800 (PST)
Received: from mail-wm1-x32c.google.com (mail-wm1-x32c.google.com [IPv6:2a00:1450:4864:20::32c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D838912D4F2 for <ipv6@ietf.org>; Tue, 15 Jan 2019 16:31:39 -0800 (PST)
Received: by mail-wm1-x32c.google.com with SMTP id y8so243291wmi.4 for <ipv6@ietf.org>; Tue, 15 Jan 2019 16:31:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DOjbERV2fhqk8dofY0MimVPCbQ+kDV7gvxfft4OdVHs=; b=KRqatHm5TEhCfWQTQa7nZjWt9V9OnPI72NnOgrJAItmSy9DhfPDmaW5LIyt2N4s30c 02TStXlaOPRBB7L+ON1whzy1ndXyk7Wb6Zsz3u2/oya0udPe5jFoyA6+AibiCy/Qg7L6 objsToleNq9aWd2ELg99m2exVk+gZIWkYdxIg3iWQmyrQcubDbcfqfa/KpoPeGhQOcmg 0+yYzml1hScs+Oedu7Z4Wbp2wGb0Zx/Xjd/Z+C9VpLI3wRbzOO9eDOSNPJiDAArx08N4 dg80NpsVKjZ5YuOhQVSOy+tL3VOb/gtdx5JSZpbzHJ++fa3C++fdf7wYS8acpbtNQuuI DkGg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DOjbERV2fhqk8dofY0MimVPCbQ+kDV7gvxfft4OdVHs=; b=f831bpRDQa2ycH9SH6bafO/o2CCJXTYYNYXL3NYV5HMGD8V5kyVLMugvLC6q2hlB4q 1m4ZzxOlK+S1wq8cckleKlTsYRLcHlDe+JzRN0U3IF0KfbpilbVj7iuSqtxrt1obGLCk txTGiocBDpJ7H8794KHw+1mLsAM9BBy6Vv/+tIG6+7+1VVJOgWfc6NaPl8eIOrZ6brOw BShdeeuo+VxBwcU4n2ZVkql4/WHTRlr9BUbBfC+8D2kmhuM54/QlM1ObEX3LqNHGGkVw bR4LPc9QZg3+hGGgOKz2qT1WXjESx8xhRjrlRQQjJKfqTdTfSWym0ULMKnFVV3oRrK6F izdw==
X-Gm-Message-State: AJcUukevFv4UPPPOvfrB6NB3c8tf1fgaiU8rqZquD3M50OGijwMLb6t8 7m5PMzqbSERp5KvgqQkpqz1iCp/jMjcmSPI5xSOKyQ==
X-Google-Smtp-Source: ALg8bN6g5g28eUG0/G2rzJ6nCxcZgtRzJ04F4D9NuLW3BDYb7KHk9cWTsPelVV+T1T91qXUiYQlJwqd+uInW+3PzU0E=
X-Received: by 2002:a7b:c853:: with SMTP id c19mr4964685wml.61.1547598697825; Tue, 15 Jan 2019 16:31:37 -0800 (PST)
MIME-Version: 1.0
References: <CAOSSMjV0Vazum5OKztWhAhJrjLjXc5w5YGxdzHgbzi7YVSk7rg@mail.gmail.com> <CALx6S34AyV9OpvnjQhQc56n5vfeVgU5Zd3kheP0g+XvsMbBV9g@mail.gmail.com> <1b2e318e-1a9f-bb5d-75a5-04444c42ef20@si6networks.com> <CALx6S37TJr++fC=pVoeS=mrO1fHc4gL_Wtu-XkVTswzs2XxXCA@mail.gmail.com> <CALx6S36V7vrVyoTP0G6+S5XeFNB3KWS5UaNnVi20xogRERdCfg@mail.gmail.com> <973A1649-55F6-4D97-A97F-CEF555A4D397@employees.org> <CALx6S34YbBe8xBod3VsWVO33TpZcdxh2uV1vaO8Z_NKnVXp66g@mail.gmail.com> <A3C3F9C0-0A07-41AF-9671-B9E486CB8246@employees.org> <AEA47E27-C0CB-4ABE-8ADE-51E9D599EF8F@gmail.com> <6aae7888-46a4-342d-1d76-10f8b50cebc4@gmail.com> <EC9CC5FE-5215-4105-8A34-B3F123D574B9@employees.org> <4c56f504-7cd7-6323-b14a-d34050d13f4e@foobar.org> <9E6D4A6E-8ABA-4BAB-BEC5-969078323C96@employees.org> <CAAedzxpdF+yhBXfnwUcaQb-HkgdaqXRU3L+S7v8sS1F0OkwM9A@mail.gmail.com> <78a8a0e0-8808-364c-41f7-f81f90362432@gont.com.ar> <CAAedzxpjxhP0nOZVU0CTwA1u3fsPFthrJASjDEfnLcRNvr2gBQ@mail.gmail.com> <c9be798e-5a32-7c3e-a948-9ca2fab30411@si6networks.com>
In-Reply-To: <c9be798e-5a32-7c3e-a948-9ca2fab30411@si6networks.com>
From: Warren Kumari <warren@kumari.net>
Date: Tue, 15 Jan 2019 19:31:01 -0500
Message-ID: <CAHw9_i+M2-420pykp99LcgMNSG=eeDqsZK8+hN20t_uUdANHfA@mail.gmail.com>
Subject: Re: Non-Last Small IPv6 Fragments
To: Fernando Gont <fgont@si6networks.com>
Cc: ek@loon.co, Fernando Gont <fernando@gont.com.ar>, IPv6 List <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000a3a277057f88668a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/jaoeUESFkAlCXIm3I13j2dFLyvw>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Jan 2019 00:31:43 -0000
On Mon, Jan 14, 2019 at 5:19 PM Fernando Gont <fgont@si6networks.com> wrote: > On 14/1/19 17:40, Erik Kline wrote: > > > >> If you really mean that the FH contains the L4 header, then: > >> > >> * There's the issue of EHs in the fragmentable part > > > > That would be addressed in an associated L4 doc, and it would probably > > say to ignore non-transport headers. > > In that case, we should be removing EHs in the fragmentable part (not > that it would be a a big deal.. just pointing it out). > > > > >>> This increases the overhead in a given fragment, but also helps to > >>> ensure that (eventually) intermediate systems can examine this field > and > >>> preemptively make a drop/no-drop decision. > > Agreed. > > > > >> > >> Then we're back on draft-gont-v6ops-ipv6-ehs-packet-drops > > > > Understood, but any L3 solution is going to necessitate running into > > this. UDP trailers is certainly cute (and +1 from me), but every > > transport will have to have some similar fix (or applications will > > have to consider rfc8085#section-3.2 type guidelines). If there's to > > be an L3 solution to this L3 problem it will face some deployment > > issues but if its usefulness is sufficiently attractive it could find > > reasonably wide-spread support in due time (in the absence of ipng-ng, > > IPv6 is it for the long haul). > > Certainly what you describe is better than what we have -- still, I'd > say not good enough for fragments to survive (e.g. cases where they need > to be reassembled at high speed) -- and there's still the fundamental > problem of processing EHs. > > > > > > [Silly Idea #1] > > > > (/me thinks back to spud bof) > > > > Here's another random suggestion that maybe belongs in panrg or (more > > likely) the dumpster: > > > > A new hop-by-hop header under "00 1", i.e. > > > > 00 - skip over this option and continue processing the header > > > > 1 - Option Data may change en route > > > > of the form, for example, Option Type 00 1 00001, Opt Data Len 2, > > Option Data == MTU. Here, the observation is that the main thing we > > have experience with "working" (for the most generous definition of > > "works") in this problemspace in the internet today is TCP MSS > > Clamping. So let's have an MTU (or MSS) HbH option that can be > > revised monotonically downwards but never lower than 1280. If it > > helps pad to 8 byte alignment we can have a 2nd 2-byte field that is > > untouched representing the sender's original MTU/MSS. > > > > In this way, a sender could include an HbH with either: > > > > [HbH | 0 | 0x0202 | 2 | (1500=0x5dc) | Pad1 | Pad1] > > You mean as a kind of PMTUD? > > > > > [Silly Idea #2] > > Separate, even sillier idea: everyone converges on using 16 bits of > > the flow ID to encode the lowest MTU encountered along the path. Here > > again, TCP MSS clamping style behaviour would be applied to this > > https://media.giphy.com/media/3o6ZthnDqxfAOFIhdC/giphy.gif Because there are deployed systems already, I don't think that this can be deployed **and fully relied upon**, but I do think that it might actually be really useful. If the first 2 bits of the flow label are '11' or '10' or something, then it could mean that the next N (13?) bits of the flow label contain the minimum MTU along the path. It doesn't matter that it cannot be relied upon, because it could simply be used as a hint to the path MTU discovery (I tried to figure out where in RFC8201 if could be tied). Basically, if the N bits are less than 1280, ignore them. If they are larger than the host MTU, ignore them. If they fall between 1280 and $host_mtu, guess that they might be valid and prime the path MTU discovery process with this hint. Initially devices along the path will a: not touch the flow ID or b: scribble all over it like they currently do. Over time, new devices could be updated to do this, and the signal would slowly become more useable. It *does* mean that we would be removing (by convention) some of the possible entropy in the flow ID which might make ECMP harder, and may also discourage some of the other "lets scribble marking X into this field" ideas, but that might be a feature, not a bug. I cannot tell if I've just taken a sharp turn into crazy town, or if this really is a good idea (and I haven't thought about it in depth - this is all a knee jerk reaction to something sufficiently hacky that it entertains me...) > I assume this is for PMTUD, too. This option would be way better than > the preovious one (node will just not process EHs), but...give the path > that we have followed for FL standrdization, it wouldn't be useful for > anything else other than random bits. One might hack some other fields > e.g... special value for Payload length, but.. that would certainly look > ugly. What if you view it as an (initially) noisy hint, becoming more believable over time? As far as I can tell, an on-path attacker could degrade service by artificially signalling a lower MTU than really exists, but an onpath attacker could already do this (and much worse!). W > > -- > Fernando Gont > SI6 Networks > e-mail: fgont@si6networks.com > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 > > > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
- Non-Last Small IPv6 Fragments Timothy Winters
- Re: Non-Last Small IPv6 Fragments Bob Hinden
- Re: Non-Last Small IPv6 Fragments 神明達哉
- Re: Non-Last Small IPv6 Fragments Tom Herbert
- RE: Non-Last Small IPv6 Fragments Ron Bonica
- Re: Non-Last Small IPv6 Fragments Erik Kline
- RE: Non-Last Small IPv6 Fragments Ron Bonica
- Re: Non-Last Small IPv6 Fragments Brian E Carpenter
- RE: Non-Last Small IPv6 Fragments Ron Bonica
- Re: Non-Last Small IPv6 Fragments Tom Herbert
- Re: Non-Last Small IPv6 Fragments Mark Andrews
- Re: Non-Last Small IPv6 Fragments Simon Hobson
- Re: Non-Last Small IPv6 Fragments Erik Kline
- Re: Non-Last Small IPv6 Fragments David Farmer
- Re: Non-Last Small IPv6 Fragments Mark Andrews
- Re: Non-Last Small IPv6 Fragments Tom Herbert
- Re: Non-Last Small IPv6 Fragments Erik Kline
- Re: Non-Last Small IPv6 Fragments Carsten Bormann
- Re: Non-Last Small IPv6 Fragments 神明達哉
- Re: Non-Last Small IPv6 Fragments Brian E Carpenter
- Re: Non-Last Small IPv6 Fragments Brian E Carpenter
- Re: Non-Last Small IPv6 Fragments Fernando Gont
- Re: Non-Last Small IPv6 Fragments Fernando Gont
- Re: Non-Last Small IPv6 Fragments Fernando Gont
- Re: Non-Last Small IPv6 Fragments Mikael Abrahamsson
- Re: Non-Last Small IPv6 Fragments Mark Andrews
- Re: Non-Last Small IPv6 Fragments Bjoern A. Zeeb
- Re: Non-Last Small IPv6 Fragments Bjoern A. Zeeb
- Re: Non-Last Small IPv6 Fragments Timothy Winters
- Re: Non-Last Small IPv6 Fragments Fernando Gont
- Re: Non-Last Small IPv6 Fragments Fernando Gont
- Re: Non-Last Small IPv6 Fragments Ole Troan
- Re: Non-Last Small IPv6 Fragments Timothy Winters
- Re: Non-Last Small IPv6 Fragments Tom Herbert
- Re: Non-Last Small IPv6 Fragments Simon Hobson
- Re: Non-Last Small IPv6 Fragments Fernando Gont
- Re: Non-Last Small IPv6 Fragments Fernando Gont
- Re: Non-Last Small IPv6 Fragments David Farmer
- Re: Non-Last Small IPv6 Fragments Tom Herbert
- RE: Non-Last Small IPv6 Fragments Ron Bonica
- Re: Non-Last Small IPv6 Fragments David Farmer
- Re: Non-Last Small IPv6 Fragments Tom Herbert
- Re: Non-Last Small IPv6 Fragments Bob Hinden
- Re: Non-Last Small IPv6 Fragments David Farmer
- Re: Non-Last Small IPv6 Fragments Tom Herbert
- Re: Non-Last Small IPv6 Fragments Erik Kline
- Re: Non-Last Small IPv6 Fragments Fernando Gont
- Re: Non-Last Small IPv6 Fragments Fernando Gont
- Re: Non-Last Small IPv6 Fragments Tom Herbert
- Re: Non-Last Small IPv6 Fragments Fernando Gont
- Re: Non-Last Small IPv6 Fragments Christian Huitema
- Re: Non-Last Small IPv6 Fragments Ole Troan
- RE: Non-Last Small IPv6 Fragments Lubashev, Igor
- Re: Non-Last Small IPv6 Fragments Tom Herbert
- Re: Non-Last Small IPv6 Fragments Tom Herbert
- Re: Non-Last Small IPv6 Fragments Ole Troan
- Re: Non-Last Small IPv6 Fragments Tom Herbert
- Re: Non-Last Small IPv6 Fragments Ole Troan
- Re: Non-Last Small IPv6 Fragments Nick Hilliard
- Re: Non-Last Small IPv6 Fragments Bob Hinden
- Re: Non-Last Small IPv6 Fragments Brian E Carpenter
- Re: Non-Last Small IPv6 Fragments Tom Herbert
- Re: Non-Last Small IPv6 Fragments Ole Troan
- Re: Non-Last Small IPv6 Fragments Nick Hilliard
- Re: Non-Last Small IPv6 Fragments Ole Troan
- Re: Non-Last Small IPv6 Fragments Tom Herbert
- Re: Non-Last Small IPv6 Fragments Nick Hilliard
- Re: Non-Last Small IPv6 Fragments Tom Herbert
- Re: Non-Last Small IPv6 Fragments Brian E Carpenter
- RE: Non-Last Small IPv6 Fragments Manfredi (US), Albert E
- Re: Non-Last Small IPv6 Fragments Bjoern A. Zeeb
- Re: Non-Last Small IPv6 Fragments Fernando Gont
- Re: Non-Last Small IPv6 Fragments Fernando Gont
- Re: Non-Last Small IPv6 Fragments Fernando Gont
- Re: Non-Last Small IPv6 Fragments Brian E Carpenter
- Re: Non-Last Small IPv6 Fragments Erik Kline
- Re: Non-Last Small IPv6 Fragments Mark Smith
- Re: Non-Last Small IPv6 Fragments Fernando Gont
- Re: Non-Last Small IPv6 Fragments Tom Herbert
- Re: Non-Last Small IPv6 Fragments Simon Hobson
- Re: Non-Last Small IPv6 Fragments Nick Hilliard
- Re: Non-Last Small IPv6 Fragments Fernando Gont
- Re: Non-Last Small IPv6 Fragments Tom Herbert
- Re: Non-Last Small IPv6 Fragments Nick Hilliard
- Re: Non-Last Small IPv6 Fragments Bjoern A. Zeeb
- Re: Non-Last Small IPv6 Fragments Simon Hobson
- Re: Non-Last Small IPv6 Fragments Nick Hilliard
- Re: Non-Last Small IPv6 Fragments Tom Herbert
- Re: Non-Last Small IPv6 Fragments Tom Herbert
- Re: Non-Last Small IPv6 Fragments Brian E Carpenter
- Re: Non-Last Small IPv6 Fragments Mark Andrews
- Re: Non-Last Small IPv6 Fragments Erik Kline
- Re: Non-Last Small IPv6 Fragments Nick Hilliard
- Re: Non-Last Small IPv6 Fragments Ole Troan
- Re: Non-Last Small IPv6 Fragments Erik Kline
- Re: Non-Last Small IPv6 Fragments Fernando Gont
- Re: Non-Last Small IPv6 Fragments Tom Herbert
- End-to-end (was Re: Non-Last Small IPv6 Fragments) Christian Huitema
- Re: End-to-end (was Re: Non-Last Small IPv6 Fragm… Tom Herbert
- Re: End-to-end (was Re: Non-Last Small IPv6 Fragm… Nick Hilliard
- Re: Non-Last Small IPv6 Fragments Warren Kumari
- Re: Non-Last Small IPv6 Fragments Brian E Carpenter
- Re: Non-Last Small IPv6 Fragments Fernando Gont
- Re: Non-Last Small IPv6 Fragments Fernando Gont
- Re: End-to-end (was Re: Non-Last Small IPv6 Fragm… Fernando Gont
- Re: Non-Last Small IPv6 Fragments Mikael Abrahamsson
- Re: Non-Last Small IPv6 Fragments Tim Chown
- Re: Non-Last Small IPv6 Fragments Fernando Gont
- Re: Non-Last Small IPv6 Fragments Warren Kumari
- Re: End-to-end (was Re: Non-Last Small IPv6 Fragm… Tom Herbert
- Re: Non-Last Small IPv6 Fragments Ole Troan
- Re: End-to-end (was Re: Non-Last Small IPv6 Fragm… Fernando Gont
- Re: Non-Last Small IPv6 Fragments Fernando Gont
- Re: Non-Last Small IPv6 Fragments Fred Baker
- Re: Non-Last Small IPv6 Fragments Tim Chown
- Re: End-to-end (was Re: Non-Last Small IPv6 Fragm… Tom Herbert
- Re: End-to-end (was Re: Non-Last Small IPv6 Fragm… Brian E Carpenter
- Re: Non-Last Small IPv6 Fragments Brian E Carpenter
- Re: Non-Last Small IPv6 Fragments Michael Richardson
- Never fragment: getting PMTU info transmitted rel… Michael Richardson
- Re: Never fragment: getting PMTU info transmitted… Joel M. Halpern
- Re: Never fragment: getting PMTU info transmitted… Brian E Carpenter
- Re: Never fragment: getting PMTU info transmitted… Tom Herbert
- Re: Never fragment: getting PMTU info transmitted… Michael Richardson
- Re: Never fragment: getting PMTU info transmitted… Brian E Carpenter
- Re: Never fragment: getting PMTU info transmitted… Mark Smith
- Re: Never fragment: getting PMTU info transmitted… Erik Kline
- Re: Never fragment: getting PMTU info transmitted… Mark Smith
- Re: Never fragment: getting PMTU info transmitted… Tom Herbert
- Re: Never fragment: getting PMTU info transmitted… Brian E Carpenter
- RE: Never fragment: getting PMTU info transmitted… Lubashev, Igor
- Re: Never fragment: getting PMTU info transmitted… Tom Herbert
- RE: Never fragment: getting PMTU info transmitted… Lubashev, Igor
- Re: Never fragment: getting PMTU info transmitted… C. M. Heard
- Re: Never fragment: getting PMTU info transmitted… Christian Huitema