Fwd: Re: DISCUSS's on rfc1981bis - MK Comments

[Gorry Fairhurst <gorry@erg.abdn.ac.uk>]

Thanks for the comments. I helped Bob with some of the new text and so have some comments.
See below, my comments are marked "GF". I think we can prepare a new rev. to address most of these.

Gorry

-------- Original Message --------



>  On May 9, 2017, at 12:24 PM, Gorry Fairhurst<gorry@erg.abdn.ac.uk>  wrote:
>
>  On 09/05/2017, 09:35, Bob Hinden wrote:
>>  Joe, Gorry,
>>
>>  There are some new discusses on rfc1981bis.  See:
>>
>>  https://datatracker.ietf.org/doc/draft-ietf-6man-rfc1981bis/ballot/
>>
>>  I think the one from Alvaro is resolved.
>>
>>  I would like your input on the one from Mirja.  There are also comments from ekr and Warren.
>>
>>  Thanks,
>>  Bob
>>
>>
>
>  I know this is a bis document and my discuss does not address any text that changed in the bis version but given all previous discussion, I would like to discuss the following text parts on statements regarding retransmissions which don't seem to be appropriate for this document and are partly even wrong.
>  In general it does not make a lot of sense to talk about retransmission semantics in this document because this really depends on the upper layer protocol, and I'm really not sure if any implementaiton of a reliable transport does send retransmission based on the receptions of PTB messages (if exposed) rather than only relying on it's own loss detection mechanism. This discuss concerns a few sentence all over the document and most parts of section 5.4. Details proposals below:
>
GF: We already removed most of this, and we can remove more.
>
>  I propose to either remove this sentence, or at least reword to the following (or something similar):
>  OLD:
>  "Retransmission should be done for only for those packets that are
>  known to be dropped, as indicated by a Packet Too Big message."
>  NEW:
>  "The IP layer may indicate loss to the upper layer protocol of those packets that are
>  known to be dropped, as indicated by a Packet Too Big message."
>  Or MAY or SHOULD or MUST...?
>
GF: I'd prefer to remove, rather than replace. This new text isn't helping me.
>  ----
>  Subsequently the following sentence should be removed as well:
>  "An upper layer must not retransmit data in response to an increase in
>  the PMTU estimate, since this increase never comes in response to an
>  indication of a dropped packet."
>
GF: I have no problems with this sentence being in the document, but I
do not think this is important, and deleting this is also fine with me.
>  ----
>  And here is the bigger change in section 5.4:
>  OLD
>  "When a Packet Too Big message is received, it implies that a packet
>  was dropped by the node that sent the ICMPv6 message. It is
>  sufficient to treat this in the same way as any other dropped
>  segment, and will be recovered by normal retransmission methods. If
>  the Path MTU Discovery process requires several steps to find the
>  PMTU of the full path, this could delay the connection by many round-
>  trip times.
>
>  Alternatively, the retransmission could be done in immediate response
>  to a notification that the Path MTU has changed, but only for the
>  specific connection specified by the Packet Too Big message. The
>  packet size used in the retransmission should be no larger than the
>  new PMTU."
>  NEW
>  "When a Packet Too Big message is received, it implies that a packet
>  was dropped by the node that sent the ICMPv6 message. A reliable
>  upper layer protocol will detect the loss of this segment, and recover
>  it by its normal retransmission methods. Depending on the loss
>  detection method that is used by the upper layer protocol, this
>  could delay the connection by many round-trip times.
>
>  Alternatively, the retransmission could be done in immediate response
>  to a notification that the Path MTU was decreased, but only for the
>  specific connection specified by the Packet Too Big message. The
>  packet size used in the retransmission should be no larger than the
>  new PMTU."
>
GF: I have no problem with the new text, but I regret that this does
not also include this - which I think is helpful context:
  "If
  the Path MTU Discovery process requires several steps to find the
  PMTU of the full path, this could delay the connection by many round-
  trip times."
>  ----
>  I don't understand the following paragraph. Can this be removed?
>  "Note: A packetization layer must not retransmit in response to
>  every Packet Too Big message, since a burst of several oversized
>  segments will give rise to several such messages and hence several
>  retransmissions of the same data. If the new estimated PMTU is
>  still wrong, the process repeats, and there is an exponential
>  growth in the number of superfluous segments sent."
>
GF: I think the example is important. I'm not sure why that would be removed.
>  ----
>
>  The following text is fine but probably is not needed if the whole document is reworded accordingly to ensure that retransmissions are solely the responsibility of the upper layer protocol:
>  "Retransmissions can increase network load in response to
>  congestion, worsening that congestion. Any packetization layer
>  that uses retransmission is responsible for congestion control of
>  its retransmissions. See [RFC8085] for more information."
>
GF: I'd prefer not to remove, it can't be assumed that all protocols doing PMTUD are TCP-like.
>  ---
>  This can also be removed, because a reliable protocol that detected loss and decided to send a retransmission, should and will do the same processing as for all other retransmissions, e.g. reset the retransmission time in TCP. Mentioning this separately is rather confusing.
>  "This means that the TCP layer must be able to recognize when a
>  Packet Too Big notification actually decreases the PMTU that it
>  has already used to send a packet on the given connection, and
>  should ignore any other notifications."
>
GF: Removing that would be fine with me (I think it's assumed, and so we do not need to say).
>  ----
>  And this is even incorrect. Slow start means that you will increase the connection window exponentially. Only sending one segment means setting the congestion/sending window to one. I propose the following change:
>  OLD
>  "Many TCP implementations incorporate "congestion avoidance" and
>  "slow-start" algorithms to improve performance [CONG]. Unlike a
>  retransmission caused by a TCP retransmission timeout, a
>  retransmission caused by a Packet Too Big message should not change
>  the congestion window. It should, however, trigger the slow-start
>  mechanism (i.e., only one segment should be retransmitted until
>  acknowledgements begin to arrive again)."
>  NEW
>  "A loss caused by a PMTU probe indicated by the reception of a Packet Too Big message MUST NOT be considered as a congestion notification and hence the congestion window may not change."
>
GF: That would prune the text further, I'd be really happy with this replacement.
>  ---
>
>  And I also don't understand this sentence:
>  "TCP performance can be reduced if the sender's maximum window size is
>  not an exact multiple of the segment size in use (this is not the
>  congestion window size)."
>
GF: I think this should be removed, the sentence is implementation-specific and not important here.
>
>  ---
>
>  Comment (2017-05-08)
>  1) I agree with Ekr on this sentence:
>  "Nodes SHOULD appropriately validate the payload of ICMPv6 PTB
>  messages to ensure these are received in response to transmitted
>  traffic (i.e., a reported error condition that corresponds to an IPv6
>  packet actually sent by the application) per [ICMPv6]."
>  This sounds like it should be a MUST but I guess it depends on the upper layer protocol if such a validation is possible or not, e.g. if information are available that can be used for validation. Maybe you can be more explicit here and even say something like pmtu discovery should/must only be used if the upper layer protocol provides means for validation of the icmp payload (like a sequence number in TCP)…?
>
GF: I think this cannot be a MUST - because there are many cases in which full validation is not possible.
Mirja's comment assumes that the packet header is visible in the ICMPv6 payload
and the endpoint can find this and verify it. if necessary, this needs to explain corner
cases where this is not possible. Placing a MUST requirement is a significnat change.
Requiring a reliable transport is also a large change - it may be that the risk of
bogus PTB messages can be mitigated in some other way.
I prefer the current text - but willing to look at more text instead. See comment by Suresh.
>
>  ---
>  Further also note that if the upper layer does the validation while the IP layer maintains EMTU_S, there must be an interface from the upper layer to the IP layer to tell if a packet is valid or not before the IP layer updates the MTU estimate. This seems actually more complicated than this one sentences indicates.
>
GF: The need for an "interface" is implementation dependent, I'd prefer to avoid discussing how/where this is implemented.
>
>  ---
>
>  2) Also as Ekr says, I also have problems to fully understand this normative text in section 4:
>  "After receiving a Packet Too Big message, a node MUST attempt to
>  avoid eliciting more such messages in the near future. The node MUST
>  reduce the size of the packets it is sending along the path. Using a
>  PMTU estimate larger than the IPv6 minimum link MTU may continue to
>  elicit Packet Too Big messages. Since each of these messages (and
>  the dropped packets they respond to) consume network resources, the
>  node MUST force the Path MTU Discovery process to end.
>
>  Nodes using Path MTU Discovery MUST detect decreases in PMTU as fast
>  as possible."
>  I especially don't understand the first part, given that a PTB message may still indicate a MTU that is larger than the minimum link MTU which then may cause another PTB message later on the path. This text reads like if you receive one PTB message you should better end discovery and fall back to the minimum link MTU to avoid any further PTB message and not waist any resources. I don't think that's the intention and as such I don't understand when it is recommended to end discovery here...?
>
GF: The text seems good to me. I don't understand the comment from Mirja.
  I wonder if this is in the eyes of the reader, and some rewording would help?
  (I suggest the last two sentences could be combined:
  "Since each of these messages (and
  the dropped packets they respond to) consume network resources,
  Nodes using Path MTU Discovery MUST detect decreases in PMTU as fast
  as possible.""
>
>  ---
>  3) Section 5.2 seems to be written with only single homed hosts in mind. It might be good to advise that the pmtu information should always be stored on a per interface basis...?
>

GF: Agree: Path MTU information should be maintained for each Ipv6 interface. This should be clear.
>
>  ---
>  4) Also section 5.2:
>  You only advise to store information per flow ID, however, if the flow label is not used, wouldn't it make really sense to just use the 5-tuple instead? Also note that EMCP is often done based on the 5-tuple or even 6-tuple (with the ToS field).
>
GF: The TOS field doesn't exist for IPv6 (nor for IPv4 any more).
I really don't think we should be considering DSCP as an index for path information.

GF: I thought the text reads about "path", it's intentionally not precise.
>
>  ---
>  5) And more in section 5.2:
>  "When a Packet Too Big message is received, the node determines which
>  path the message applies to based on the contents of the Packet Too
>  Big message. "
>  MAYBE:
>  "When a valid Packet Too Big message is received, the node determines which
>  path the message applies to based on the contents of the Packet Too
>  Big message."
>
GF: That would be OK, but I guess, the way it knows it is valid is because it finds
a valid path - so not sure the change makes this clearer.
>
>  ---
>
>  And further on:
>  "If the tentative PMTU is less than the existing PMTU estimate, the
>  tentative PMTU replaces the existing PMTU as the PMTU value for the
>  path."
>  This doesn't cover the case where a pmtu probe with a larger size was send and the PTB message returns a larger value then stored. Maybe state this explicitly.
>
GF: This is wrong. We could explicitly say this is **NOT** allowed.
>
>  ----
>  This applies similar to this sentence in section 6:
>  OLD
>  "A node, however, should never raise its estimate of the
>  PMTU based on a Packet Too Big message, so should not be
>  vulnerable to this attack.“
>  NEW
>  "A node, however, MUST NOT raise its estimate of the
>  PMTU based on a Packet Too Big message that is not a (validated) response to a PMTU probe that was previously send by this node, so should not be
>  vulnerable to this attack."
>
GF: This is wrong. The proposed new text is incorrect.
The old text was correct in sentimemt, but could be stronger:
  "A node, however, must not raise its estimate of the
   PMTU based on a received Packet Too Big message, so it is not be
  vulnerable to this attack.“
>  ----
>  6) Further section 5.2:
>  Should this statement be maybe upper case MUST:
>  "The packetization layers must be notified about decreases in the PMTU."
>
GF: If upper case makes a difference, this is true.
>
>  ---
>  7) Technical comment on section 5.3 in general:
>  There is a difference between aging if a flow is active or not. While I maybe don't want to probe again for this connection because my application already decided to use a mode where it can live with the current pmtu and it's too much effect to switch, I really want to probe at the beginning of the next connection again to check if I can use a different mode now. While the IP layer does not have a notion of connection it can observe if packets are frequently send with the same 5-tuple and reset the cached pmtu after a certain idle time.
>
GF: There are many ways to do this, agreed. Is extra text really needed?
>
>  ---
>  8) Section 5.4: should this maybe be normative, at least the last MUST NOT (be fragmented):
>  "A packetization layer (e.g., TCP) must track the PMTU for the path(s)
>  in use by a connection; it should not send segments that would result
>  in packets larger than the PMTU, except to probe during PMTU
>  discovery (this probe packet must not be fragmented to the PMTU). "
>
GF: If upper case makes a difference, this is true - and probably worth highlighting.
>
>  ----
>
>  Nit:
>  The abbreviation PTB is only used once in section 4 (and never expanded).
>
GF: Should be fixed.
>