Re: FW: New Version Notification for draft-bonica-6man-frag-deprecate-00.txt

joel jaeggli <joelja@bogus.com> Fri, 21 June 2013 17:20 UTC

Return-Path: <joelja@bogus.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2B0021F9FCF for <ipv6@ietfa.amsl.com>; Fri, 21 Jun 2013 10:20:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vo-GwxiL085F for <ipv6@ietfa.amsl.com>; Fri, 21 Jun 2013 10:20:31 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by ietfa.amsl.com (Postfix) with ESMTP id 0D23521F9FCC for <ipv6@ietf.org>; Fri, 21 Jun 2013 10:20:31 -0700 (PDT)
Received: from joels-MacBook-Air.local (host-64-47-153-50.masergy.com [64.47.153.50]) (authenticated bits=0) by nagasaki.bogus.com (8.14.4/8.14.4) with ESMTP id r5LHK2ZQ096524 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT); Fri, 21 Jun 2013 17:20:02 GMT (envelope-from joelja@bogus.com)
Message-ID: <51C48B3C.80702@bogus.com>
Date: Fri, 21 Jun 2013 10:19:56 -0700
From: joel jaeggli <joelja@bogus.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:22.0) Gecko/20100101 Thunderbird/22.0
MIME-Version: 1.0
To: Ray Hunter <v6ops@globis.net>, Ronald Bonica <rbonica@juniper.net>
Subject: Re: FW: New Version Notification for draft-bonica-6man-frag-deprecate-00.txt
References: <2CF4CB03E2AA464BA0982EC92A02CE2509F85151@BY2PRD0512MB653.namprd05.prod.outlook.com> <51C408BC.4030909@forthnetgroup.gr> <2CF4CB03E2AA464BA0982EC92A02CE2509F85BCB@BY2PRD0512MB653.namprd05.prod.outlook.com> <51C48776.9070107@globis.net>
In-Reply-To: <51C48776.9070107@globis.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (nagasaki.bogus.com [147.28.0.81]); Fri, 21 Jun 2013 17:20:02 +0000 (UTC)
Cc: "ipv6@ietf.org 6man-wg" <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jun 2013 17:20:32 -0000

On 6/21/13 10:03 AM, Ray Hunter wrote:
> I have also read this draft.
>
> It mentions that DNSSEC will be impacted.
>
> What's the alternative if DNSSEC can't send multiple UDP fragments?
so I'm pretty sure I don't want to expose myself to really big replies 
because that pushed the opportunity to amplify considerably.

so EDNS0  limited to ~1420 or ~1280 I could probably live with.
> Isn't expecting a busy DNS server to maintain TCP session state for
> every single query going to be prohibitively expensive?
handshakes are expensive yes, and imho signficant effort should be 
engaged in to avoid that.
> Leading to even bigger DoS worries than fragmentation apparently causes?
The cost shifts. I'm not that excited about making connections over TCP 
unless I have to.
> Isn't using TCP for all DNS queries going to considerably slow down the
> name resolution process, which will impact all applications?
> (multiple RTT for the connection establishment and teardown if you clean
> up properly)
>
> Since PMTUD is also currently pretty broken in practice, also due to
> "Operator Behavior" and filtering of ICMPv6 in firewalls, doesn't this
> memo effectively state that IPv6 = 1280 octets?
So, I'm not willing to throw up my hands in despair over PMTUD yet. 
there are certianly cases where it doesn't work. they're a little less 
chronic then not being able to find the L4 header.

>
> regards,
> RayH
>
> Ronald Bonica wrote:
>> Hi Tassos,
>>
>> Thanks for reviewing the draft. Could you provide more detail on what is missing?
>>
>>                               Ron
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>