IETF Logo Mail Archive

Re: Meta-issues: On the deprecation of the fragmentation function

"C. M. Heard" <heard@pobox.com> Sun, 30 June 2013 20:42 UTC

Return-Path: <heard@pobox.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B4BB21F9C51 for <ipv6@ietfa.amsl.com>; Sun, 30 Jun 2013 13:42:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BOg5K-riZQ1k for <ipv6@ietfa.amsl.com>; Sun, 30 Jun 2013 13:42:06 -0700 (PDT)
Received: from shell4.bayarea.net (shell4.bayarea.net [209.128.82.1]) by ietfa.amsl.com (Postfix) with ESMTP id D177921F9C4F for <ipv6@ietf.org>; Sun, 30 Jun 2013 13:42:05 -0700 (PDT)
Received: (qmail 12479 invoked from network); 30 Jun 2013 13:42:02 -0700
Received: from shell4.bayarea.net (209.128.82.1) by shell4.bayarea.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 30 Jun 2013 13:42:02 -0700
Date: Sun, 30 Jun 2013 13:42:02 -0700
From: "C. M. Heard" <heard@pobox.com>
X-X-Sender: heard@shell4.bayarea.net
To: IPv6 <ipv6@ietf.org>
Subject: Re: Meta-issues: On the deprecation of the fragmentation function
In-Reply-To: <51CE05E5.4040202@si6networks.com>
Message-ID: <Pine.LNX.4.64.1306301228050.21119@shell4.bayarea.net>
References: <51CE05E5.4040202@si6networks.com> <2CF4CB03E2AA464BA0982EC92A02CE2509F85151@BY2PRD0512MB653.namprd05.prod.outlook.com> <51C56E60.5040009@fud.no> <8C48B86A895913448548E6D15DA7553B9237F3@xmb-rcd-x09.cisco.com> <CAKr6gn17O+B78HJofr-z7Nsgv-y8+w4hgKy+YPicgNS126qwXA@mail.gmail.com> <2CF4CB03E2AA464BA0982EC92A02CE2509F870FC@BY2PRD0512MB653.namprd05.prod.outlook.com> <CAKr6gn2zu2n-pJMirG-seN5WX=Evyquu9EqqLOV-zf-RKQ9eYg@mail.gmail.com> <20130625015317.6B256363BD8F@drugs.dv.isc.org> <2CF4CB03E2AA464BA0982EC92A02CE2509F878B0@BY2PRD0512MB653.namprd05.prod.outlook.com> <20130625040207.1CCA7363C42A@drugs.dv.isc.org> <CAKr6gn1cnGfktfKraQegHNP_kjHyzNKGzw3ZDe1cZ__Czsu_kw@mail.gmail.com> <51C98103.4050008@fud.no> <010f01ce71e3$7f43aea0$7dcb0be0$@tndh.net> <20130625233717.618C53642429@drugs.dv.isc.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Jun 2013 20:42:10 -0000

On Fri, 28 Jun 2013, Fernando Gont wrote:
Fernando> I wanted to comment on some met-issues regarding the deprecation of the
Fernando> IPv6 fragmentation function.
Fernando> 
Fernando> ** On the motivation of deprecating the fragmentation function **
Fernando> 
Fernando> So far (and without having read Ron's recent I-D -- shame on me), it
Fernando> looks like the main two reasons for deprecating the fragmentation
Fernando> function are:
Fernando> 
Fernando> 1) The inability of middle-boxes to parse past the first XXX bytes of a
Fernando> packet
Fernando> 
Fernando> 2) Unavailability of the connection-id (five-tuple) in the non-first
Fernando> fragments.

I disagree -- I think Mark Andrews got it (mostly) right in his message of Wed, 26 Jun 2013:

Mark> One needs to get the L4 information the firewall/loadbalancer uses in *each* fragment.

The flow label, if properly set at or near the source, could plausibly address "2)" -- see 
https://datatracker.ietf.org/doc/draft-ietf-intarea-flow-label-balancing/?include_text=1

However, it won't help middle boxes that implement stateless packet filters.  Indeed, such 
boxes have fundamental problems with non-first fragments irrespective of how many bytes of 
extension headers they can parse or whether there are sufficient length limits on the extension 
header chain that guarantee that the L4 header always appears in the first fragment.

As I see it, the biggest meta-issue in this discussionis for the IPv6 WG is to decide out whether 
middle boxes that implement stateless packet filters with a "default-deny" policy will be a 
significant part of the landscape indefinitely, regardless of what the IETF says about their 
merits or lack thereof.  If so, fragmented IP datagrams will continue be problematic in the general 
case; and since the job of this (or any other) IETF WG is to make the internet work better, it will 
be incumbent on the WG to deal with the issue.  Ron Bonica and co-authors have made one proposal to 
do just that.

Thinking aloud ...

If we decide that the only path forward is to deprecate IPv6 fragmentation and reassambly (presumably 
not IPv4, since it's at end of life), the next question I see is what can or should be done to allow 
UDP and kin to send large datagrams.  A UDP replacement with fragmentation and reassembly built in to 
the transport layer is one possibility.  The questions that come to mind are (a) is this capability 
actually needed, and if so, (b) can it be incrementally deployed, in the face of middle boxes with 
"default deny" policies causing them to discard protocols that they don't know?

//cmh

v2.23.0 | Report a Bug | By Email