IETF Logo Mail Archive

Re: FW: New Version Notification for draft-bonica-6man-frag-deprecate-00.txt

Ray Hunter <v6ops@globis.net> Fri, 21 June 2013 19:44 UTC

Return-Path: <v6ops@globis.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BC3321F9FBA for <ipv6@ietfa.amsl.com>; Fri, 21 Jun 2013 12:44:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.54
X-Spam-Level:
X-Spam-Status: No, score=-2.54 tagged_above=-999 required=5 tests=[AWL=0.059, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Huh8m6NpilG for <ipv6@ietfa.amsl.com>; Fri, 21 Jun 2013 12:44:25 -0700 (PDT)
Received: from globis01.globis.net (RayH-1-pt.tunnel.tserv11.ams1.ipv6.he.net [IPv6:2001:470:1f14:62e::2]) by ietfa.amsl.com (Postfix) with ESMTP id 989D721F9F3D for <ipv6@ietf.org>; Fri, 21 Jun 2013 12:44:25 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by globis01.globis.net (Postfix) with ESMTP id CADC8870070; Fri, 21 Jun 2013 21:44:09 +0200 (CEST)
Received: from globis01.globis.net ([127.0.0.1]) by localhost (mail.globis.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HD-YZ8fyHa-1; Fri, 21 Jun 2013 21:44:09 +0200 (CEST)
Received: from Rays-iMac-2.local (unknown [192.168.0.3]) (Authenticated sender: Ray.Hunter@globis.net) by globis01.globis.net (Postfix) with ESMTPA id 9F9BE87005B; Fri, 21 Jun 2013 21:44:09 +0200 (CEST)
Message-ID: <51C4AD03.2050303@globis.net>
Date: Fri, 21 Jun 2013 21:44:03 +0200
From: Ray Hunter <v6ops@globis.net>
User-Agent: Postbox 3.0.8 (Macintosh/20130427)
MIME-Version: 1.0
To: Ronald Bonica <rbonica@juniper.net>
Subject: Re: FW: New Version Notification for draft-bonica-6man-frag-deprecate-00.txt
References: <2CF4CB03E2AA464BA0982EC92A02CE2509F85151@BY2PRD0512MB653.namprd05.prod.outlook.com> <51C408BC.4030909@forthnetgroup.gr> <2CF4CB03E2AA464BA0982EC92A02CE2509F85BCB@BY2PRD0512MB653.namprd05.prod.outlook.com> <51C48776.9070107@globis.net> <2CF4CB03E2AA464BA0982EC92A02CE2509F85FBA@BY2PRD0512MB653.namprd05.prod.outlook.com>
In-Reply-To: <2CF4CB03E2AA464BA0982EC92A02CE2509F85FBA@BY2PRD0512MB653.namprd05.prod.outlook.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "ipv6@ietf.org 6man-wg" <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jun 2013 19:44:26 -0000

> Ronald Bonica <mailto:rbonica@juniper.net>
> 21 June 2013 21:12
> Ray,
>
> Joel has already responded regarding DNSSEC. However, I would like to
> add a word regarding PMTUD brokenness.
>
> If the bad operator behavior to which you refer is the filtering of
> ICMP PTB messages, that bad behavior will break IPv6 fragmentation to
> the same degree that it breaks PMTUD. So, keeping IPv6 fragmentation
> around won't help very much.
>
> Ron
>
I don't 100% agree. In the case that PMTUD is broken, there'd be nothing
to stop a current DNSSEC implementation from always assuming a default
path MTU of 1280, without awaiting confirmation from PMTUD, and
fragmenting the UDP packet pre-emptively [assuming fragmentation was not
equally broken along the path as ICMP PTB was].

Looking at the opposite case [PMTUD OK, fragmentation deprecated] if
there's no fragmentation header available, what's the point of a stack
implementing PMTUD at the network layer (for UDP), when the only action
it could then take AFAICS is to punt to the application anyway?

BTW I'm not per se anti your draft. It's radical, but I'd like to
explore the pros and cons further before taking a position.

regards,
RayH
>
>
>
>
> Ray Hunter <mailto:v6ops@globis.net>
> 21 June 2013 19:03
> I have also read this draft.
>
> It mentions that DNSSEC will be impacted.
>
> What's the alternative if DNSSEC can't send multiple UDP fragments?
>
> Isn't expecting a busy DNS server to maintain TCP session state for
> every single query going to be prohibitively expensive?
> Leading to even bigger DoS worries than fragmentation apparently causes?
>
> Isn't using TCP for all DNS queries going to considerably slow down the
> name resolution process, which will impact all applications?
> (multiple RTT for the connection establishment and teardown if you clean
> up properly)
>
> Since PMTUD is also currently pretty broken in practice, also due to
> "Operator Behavior" and filtering of ICMPv6 in firewalls, doesn't this
> memo effectively state that IPv6 = 1280 octets?
>
> regards,
> RayH
> ------------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email