Re: Path MTU Hop-by-Hop Option
Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 25 October 2018 01:13 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3046130DD5 for <ipv6@ietfa.amsl.com>; Wed, 24 Oct 2018 18:13:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MS3tLeYtI-qS for <ipv6@ietfa.amsl.com>; Wed, 24 Oct 2018 18:13:52 -0700 (PDT)
Received: from mail-pf1-x42e.google.com (mail-pf1-x42e.google.com [IPv6:2607:f8b0:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6B1F130DCC for <ipv6@ietf.org>; Wed, 24 Oct 2018 18:13:52 -0700 (PDT)
Received: by mail-pf1-x42e.google.com with SMTP id 22-v6so3331368pfz.0 for <ipv6@ietf.org>; Wed, 24 Oct 2018 18:13:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=5A4F9+BG68nFacJteC7RwyAL6aMd73TV08iX/bH+hZ8=; b=nIEFr7ULV/aCdOX2bNoxA4aHsyzIz69k/KnXhLBndxPSJgTU37GYJac56dRkqW/pxe TEZhUmbwUBtqeWGF/twrMr6VbQi7FnBwdMWOmoeLloPVzojE77TDcHRJUBP+x2gEVeyR K8lnJ2MpLzr7kubN2T5LdWady1LqfDLNlSC7oVl3ZU1nyzQHAxAYrPIdda3WBDm3h0mh tHyqOxWukXqHp36D+sbFiaRjImWPe/oL8D8dePmilA5MTf/0pioOd9MRbpdT93BC2vzV OCzOkRItzNMHZkT94iPHwtgd3gHKxd2PhdeBDP6Scub34nD6AAKR7XVyUtg7bPwFh5mJ cezg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=5A4F9+BG68nFacJteC7RwyAL6aMd73TV08iX/bH+hZ8=; b=lH4FmQUQJTdSU/xXJIXJN//jOFVCrBYjrRJAsqZEXtQfyFvcXqrJCKmCS1FRyqzrb3 iJhGlC27DjbohGXHsn9vA/gsoyec0VtoI3o5eff0dOweEmzaesbuQG7EavjXUhbaWWQy vHzrjcivUgBubkOtVw0BddORXCtAaP7jMDlIG9cgnyun1pSDUXCXTrVVjShGPUSAbmLT HKy1Jd3sNQbQ6szyNQ+dsgc3bL+iNidHP8h06yaSNy2qsbbaBRSR/aAMHFTztecCWX+E 9SOr53JusNMn0vt7uNQPX7I9Z7ecg6y+KhfqO+hzIGFJDLxQP8cvDCV6Mpmh4MsbPdjc HC5A==
X-Gm-Message-State: AGRZ1gKBbYLScLBec4kVmbrBtUxEQ1YciUFbb0Db1tzBAF+NYE4yNV9W tgYh1XrsZT5Mxg6Wnx2lu2g=
X-Google-Smtp-Source: AJdET5erbYluPsWk6I+ZP8H0XwFDG/iZZL69ZH20RxihfZHiXAXoOrW/0UGXnCRQH+SvKE/lPHAOAg==
X-Received: by 2002:a63:c341:: with SMTP id e1-v6mr4667395pgd.452.1540430032252; Wed, 24 Oct 2018 18:13:52 -0700 (PDT)
Received: from [192.168.178.30] ([118.148.76.40]) by smtp.gmail.com with ESMTPSA id p124-v6sm188922pfg.100.2018.10.24.18.13.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Oct 2018 18:13:51 -0700 (PDT)
Subject: Re: Path MTU Hop-by-Hop Option
To: Tom Herbert <tom@herbertland.com>, Fernando Gont <fgont@si6networks.com>
Cc: Gorry Fairhurst <gorry@erg.abdn.ac.uk>, IPv6 List <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
References: <153972960647.9465.12295361632444928551.idtracker@ietfa.amsl.com> <E97952C5-3E3C-4EC1-B414-BDA8717FD7DF@gmail.com> <24F21185-0E76-449D-B9C7-729DD8CD30EE@tzi.org> <4a8602d4-7bbd-1ce0-7c25-5149f2f8d1ec@si6networks.com> <CALx6S37GG_UDpyJqd61OMXgLCCoEJuXsN5WvkNERdGcUQp0X4A@mail.gmail.com> <7de0cfd8-340a-7f85-f28e-9ebc054cfe4a@si6networks.com> <CALx6S36v22h+3-ee_OvnYyrQsbxPbvAanHFgbXr-BKu_AnX9og@mail.gmail.com> <94f4ccba-3bd8-9bde-150e-e18e97c07261@si6networks.com> <CALx6S34urOH7N2EJsveLLN0CRJVSQKLHiSKJhEzKTOCcb1ep=Q@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <8a7ea4dd-3ca0-fa42-c167-4aa2c0fd5670@gmail.com>
Date: Thu, 25 Oct 2018 14:13:47 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <CALx6S34urOH7N2EJsveLLN0CRJVSQKLHiSKJhEzKTOCcb1ep=Q@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/wgHQG4VXKMJuCQvjDjn7tbHMO6U>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Oct 2018 01:13:56 -0000
On 2018-10-25 12:20, Tom Herbert wrote: > On Wed, Oct 24, 2018 at 3:00 PM, Fernando Gont <fgont@si6networks.com> wrote: >> Hello, Tom, >> >> On 10/24/18 5:45 PM, Tom Herbert wrote: >>> On Tue, Oct 23, 2018 at 8:14 PM, Fernando Gont <fgont@si6networks.com> wrote: >>>> On 10/24/18 3:57 AM, Tom Herbert wrote: >>>>> On Tue, Oct 23, 2018 at 11:03 AM, Fernando Gont <fgont@si6networks.com> wrote: >>>>>> On 10/17/18 6:49 AM, Carsten Bormann wrote: >>>>>>> On Oct 17, 2018, at 00:55, Bob Hinden <bob.hinden@gmail.com> wrote: >>>>>>>> >>>>>>>> This document specifies a new Hop-by-Hop IPv6 option that is used to >>>>>>>> record the minimum Path MTU >>>>>>> >>>>>>> A while ago I proposed something similar to collect information about adaptation layer fragmentation MTUs (information about which is truly not available in any other way): >>>>>>> >>>>>>> https://tools.ietf.org/html/draft-bormann-intarea-alfi-04 >>>>>>> >>>>>>> (I also only looked at the Internet layer here — leaving it as an exercise to put in transport/application protocol support.) >>>>>>> >>>>>>> After mulling an initial version of the proposal, there was pretty much consensus that hop-by-hop options were not really available on the Internet. So I put in an alternative way to collect the information, see above if you are interested. Then at some point SPUD came along and I was hoping that would lead to a framework within in which this information could be better handled. >>>>>>> >>>>>>> Maybe it’s time to pull the old draft out again. The hop-by-hop option problem of course hasn’t gone away. >>>>>> >>>>>> IPv6 EHs are not readily available on the public IPv6 Internet. See >>>>>> RFC7872. While not included in RFC7872, my measurements indicate that >>>>>> the same applies even to IPsec EHs. :( >>>>> >>>>> Fernando, >>>>> >>>>> If I'm reading RFC7872 correctly, it is more accurate to say that the >>>>> drop rates for EH vary between 12% and 55% depending on type and >>>>> destination. We cannot say that EH always works on the Internet, but >>>>> neither is it correct to say that EH never works on the Internet. >>>>> Success rate is somewhere in between. >>>> >>>> Can you depend on something that fails in 10% (or more) of cases? >>>> >>> Well, aren't we also trying to depend on IPv6 itself which still has a >>> pretty high failure rate on the Internet? >> >> I haven't measured IPv6 failure rate, I should say. >> >> >> >>> If we're restricted to only >>> use protocols that we can absolutely depend on to work then the only >>> choice is to use plain TCP over plain IPv4. >> >> I guess that there are things that are likely to be workable, and others >> that aren't. The structure of EHs doesn't seem to be friendly wth modern >> router architectures >> (https://iepg.org/2015-11-01-ietf94/IEPG-RouterArchitecture-jgs.pdf), so >> there's not much of an indication that things will move in a different >> direction. > > I believe the emergence of programmable devices, like those with P4, > change that. RFC8200 also allows devices to skip over HBH, this should > be trivial code in P4. Right, implementers with network processors have always liked the IPv6 header much more than people using, e.g., FPGAs. But unfortunately the less flexible devices aren't going to vanish overnight. Brian > >> >> >> >>> Also, I think "depend" is an interesting word in this context. By >>> definition the Path MTU option is an *option*, it cannot be required >>> for basic communications. No one can depend on it. >> >> Either you have a reliable PMTUD, or you prepare to send1280-byte >> packets (or smaller). So in such case the algorithm should be "the MTU >> is 1280. Upon receipt of a PTMU option, rase it to, at most, the MTU of >> your outgoing interface". Otherwise traffic can get blackholed and you >> get a DoS. >> >> >>>> >>>>> While the data in RFC7872 is objective, the conclusions being drawn >>>>> are not. I think there are two possible conclusions 1) Success rate of >>>>> EH is abysmal, EH is a failure and should be deprecated, and the >>>>> would-be contents of EH need to be moved to other layers somehow >>>> >>>> Tags aside, the reality is that if you need the the would-be contents to >>>> be reliable, you'd put them else where. Not that I like it... but >>>> whatever my personal taste is, it doesn't solve problems by itself. >>>> >>> The problem there is that no one has yet to define the alternative >>> that would work any better. >> >> Currently (SR aside), you need EHs from fragmentation and IPsec. For >> fragmentation, it remains to be researched how things are working out >> (maybe fall back to v4 for the DNS,.. but I don't know). For IPsec... >> well, you probably avoid native IPsec traffic as you did for v4, anyway. >> >> Put another way, looks like nobody looked for an alternative because >> nobody "needed" it. > > There also been a number of proposals to get OAM data into the packet. > Suggestions have included stealing bits from flow label, diffserv > bits, or putting them in TCP. None of these have been shown to be > viable. And of course there was SPUD proposal, which in the end would > have more issues than getting EH to work. > >> >> >> >>>>> 2) EH >>>>> support is less than desirable, but this is a current condition that >>>>> may be improve over time with new deployments, protocol >>>>> clarifications, definition of some "useful" options. >>>> >>>> Yes, it could improve. One never knows. Me, my gut feeling is that's >>>> unlikely. >>>> >>>> >>>>> IMO, until EH is >>>>> officially deprecated, it is entirely appropriate to define new uses >>>>> such as the Path MTU Option here. >>>> >>>> No matter how EHs are flagged, we're doing engineering. It works, or it >>>> doesn't. (as unfortunate as that may be). >>>> >>> I disagree that it has to be a global binary choice. Happy eyeballs >>> has shown how to deal with a protocol that has greater than zero, but >>> less than 100% support. >> >> It's a different thing. Happy eyeballs essentially deal with multiple >> choices where all of them are equivalent. You just need one to work. >> Happy Eyeballs wouldn't work if you tried to use it when acecss stes >> behind a firewall that filters port 80 and 443. >> >> If, say, IPsec fails, you can't just "disable ipsec". or "well, lets try >> a TLS tunnel". >> >> >> >> >>>> To me, it all looks like they are reliable in controlled domains (within >>>> your network, where you control everything), but not elsewhere (public >>>> Internet) >>>> >>> That's not clear at all. For a small domain this might be plausible, >>> but for large sprawling domains like the big DC operators that use >>> multiple vendors it may or may not be true. Besides that, if the plan >>> is to only use features like EH in a controlled domain, then we need >>> to have an implementation at host to determine whether the destination >>> is in the controlled domain-- that is not necessarily easy to do. A >>> common solution should consider whether the feature is viable to each >>> particular destination. >> >> So, just as a sample scenario: how ould you workaround non-working IPse >> (due to filtering of IPsec EHs?) > > I'd probably tunnel it over UDP (GUE to be precise). If UDP doesn't > work because it's blocked by a firewall, then I'd tunnel over TCP (GTE > described in https://tools.ietf.org/html/draft-herbert-tsvwg-gte-00). > > Tom > >> >> >>> >>>>> Since we know up front that the >>>>> option might not always be viable on the Internet, the mechanism will >>>>> need a fallback; >>>> >>>> If the fall-back "just works" why not keep it simple? >>>> >>> Because fallback means we don't get the advantages of the feature. >> >> That means that the possible outcome, for the pmtu option , is that you >> end up using 1280 instead of some larger PMTU. (The pmtu option is >> subject to blackholes... hence the fall back needs to be the minimum >> IPv6 MTU, or PLPMTUD). >> >> >> >>>>> but the need for a fallback is hardly unique: IPv6 >>>>> falls back IPv4 via happy eyeballs, UDP falls back to TCP when >>>>> firewalls block UDP, etc. >>>> >>>> I'd compare such a fall-back with e.g. retrying TCP connections without >>>> the ECN bits set. When doing the fall-back, you lose the benefits of >>>> ECN. - but I would expect that in most EH cases, loosig the >>>> functionality is not a viable option. e.g., what would the fall-back be >>>> for IPsec packets that get blackholed? (I tel you *my* workaround: I >>>> tunel over TLS over a transport protocol.. don't even bother to try to >>>> do IPsec in the general case) >>>> >>> I think IPsec is an extreme. For other use cases of EH, particularly >>> DO and HBH, like Path MTU option, OAM, FAST the fallback is not to use >>> the option. Communication can proceed but advantages is lost possibly >>> resulting in a degraded mode of service relative to using the option. >> >> For some of these cases, I'd agree. But for PMTUD, it's tricky (see above). >> >> Cheers, >> -- >> Fernando Gont >> SI6 Networks >> e-mail: fgont@si6networks.com >> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 >> >> >> >> > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- >
- Path MTU Hop-by-Hop Option Bob Hinden
- Re: Path MTU Hop-by-Hop Option Tom Herbert
- Re: Path MTU Hop-by-Hop Option Fred Baker
- RE: Path MTU Hop-by-Hop Option Lubashev, Igor
- Re: Path MTU Hop-by-Hop Option Carsten Bormann
- Re: Path MTU Hop-by-Hop Option Mikael Abrahamsson
- Re: Path MTU Hop-by-Hop Option Gorry Fairhurst
- Re: Path MTU Hop-by-Hop Option Havard Eidnes
- Re: Path MTU Hop-by-Hop Option Gorry Fairhurst
- Re: Path MTU Hop-by-Hop Option Jen Linkova
- Re: Path MTU Hop-by-Hop Option Mikael Abrahamsson
- Re: Path MTU Hop-by-Hop Option Ole Troan
- Re: Path MTU Hop-by-Hop Option Jen Linkova
- Re: Path MTU Hop-by-Hop Option Nick Hilliard
- Re: Path MTU Hop-by-Hop Option Nick Hilliard
- Re: Path MTU Hop-by-Hop Option Rajiv Asati (rajiva)
- Re: Path MTU Hop-by-Hop Option Michael Richardson
- Re: Path MTU Hop-by-Hop Option Mark Andrews
- RE: Path MTU Hop-by-Hop Option Templin (US), Fred L
- Re: Path MTU Hop-by-Hop Option - Tunnels? Joel M. Halpern
- Re: Path MTU Hop-by-Hop Option - Tunnels? Gorry Fairhurst
- Re: Path MTU Hop-by-Hop Option Tom Herbert
- Re: Path MTU Hop-by-Hop Option Gorry Fairhurst
- Re: Path MTU Hop-by-Hop Option Tom Herbert
- Re: Path MTU Hop-by-Hop Option Mikael Abrahamsson
- Re: Path MTU Hop-by-Hop Option George Michaelson
- Re: Path MTU Hop-by-Hop Option Bob Hinden
- Re: Path MTU Hop-by-Hop Option Bob Hinden
- Re: Path MTU Hop-by-Hop Option Bob Hinden
- Re: Path MTU Hop-by-Hop Option Tom Herbert
- Re: Path MTU Hop-by-Hop Option Christian Huitema
- Re: Path MTU Hop-by-Hop Option Nick Hilliard
- Re: Path MTU Hop-by-Hop Option Gorry Fairhurst
- operational stoppers to > 1500 MTU deployment in … Mikael Abrahamsson
- Re: operational stoppers to > 1500 MTU deployment… George Michaelson
- Re: operational stoppers to > 1500 MTU deployment… Mikael Abrahamsson
- Re: Path MTU Hop-by-Hop Option Nick Hilliard
- Re: operational stoppers to > 1500 MTU deployment… Christopher Morrow
- Re: operational stoppers to > 1500 MTU deployment… Philip Homburg
- RE: operational stoppers to > 1500 MTU deployment… Templin (US), Fred L
- RE: operational stoppers to > 1500 MTU deployment… Templin (US), Fred L
- Re: operational stoppers to > 1500 MTU deployment… Nick Hilliard
- Re: operational stoppers to > 1500 MTU deployment… Ole Troan
- RE: operational stoppers to > 1500 MTU deployment… Templin (US), Fred L
- RE: operational stoppers to > 1500 MTU deployment… Mikael Abrahamsson
- Re: operational stoppers to > 1500 MTU deployment… Mikael Abrahamsson
- RE: operational stoppers to > 1500 MTU deployment… Templin (US), Fred L
- Re: operational stoppers to > 1500 MTU deployment… Tom Herbert
- Re: operational stoppers to > 1500 MTU deployment… Ole Troan
- RE: operational stoppers to > 1500 MTU deployment… Templin (US), Fred L
- RE: operational stoppers to > 1500 MTU deployment… Mikael Abrahamsson
- RE: operational stoppers to > 1500 MTU deployment… Templin (US), Fred L
- RE: operational stoppers to > 1500 MTU deployment… Templin (US), Fred L
- RE: operational stoppers to > 1500 MTU deployment… Mikael Abrahamsson
- Re: operational stoppers to > 1500 MTU deployment… Ole Troan
- Re: operational stoppers to > 1500 MTU deployment… 神明達哉
- Re: operational stoppers to > 1500 MTU deployment… Mikael Abrahamsson
- Re: operational stoppers to > 1500 MTU deployment… Ole Troan
- Re: operational stoppers to > 1500 MTU deployment… Tom Herbert
- RE: operational stoppers to > 1500 MTU deployment… Templin (US), Fred L
- Re: operational stoppers to > 1500 MTU deployment… Dale W. Carder
- RE: operational stoppers to > 1500 MTU deployment… Templin (US), Fred L
- QUIC and DF [Re: Path MTU Hop-by-Hop Option] Brian E Carpenter
- Re: operational stoppers to > 1500 MTU deployment… Ole Troan
- Re: QUIC and DF [Re: Path MTU Hop-by-Hop Option] Ole Troan
- RE: operational stoppers to > 1500 MTU deployment… Templin (US), Fred L
- Re: operational stoppers to > 1500 MTU deployment… Ole Troan
- RE: operational stoppers to > 1500 MTU deployment… Templin (US), Fred L
- RE: operational stoppers to > 1500 MTU deployment… Templin (US), Fred L
- Re: operational stoppers to > 1500 MTU deployment… Ole Troan
- Re: Path MTU Hop-by-Hop Option Bob Hinden
- RE: operational stoppers to > 1500 MTU deployment… Templin (US), Fred L
- Re: operational stoppers to > 1500 MTU deployment… Ole Troan
- RE: operational stoppers to > 1500 MTU deployment… Templin (US), Fred L
- Re: QUIC and DF [Re: Path MTU Hop-by-Hop Option] Brian E Carpenter
- RE: operational stoppers to > 1500 MTU deployment… Mikael Abrahamsson
- Re: operational stoppers to > 1500 MTU deployment… Ole Troan
- Re: operational stoppers to > 1500 MTU deployment… Carsten Bormann
- Re: QUIC and DF [Re: Path MTU Hop-by-Hop Option] Christian Huitema
- Re: QUIC and DF [Re: Path MTU Hop-by-Hop Option] Christian Huitema
- Re: operational stoppers to > 1500 MTU deployment… Ole Troan
- Re: operational stoppers to > 1500 MTU deployment… Carsten Bormann
- Re: operational stoppers to > 1500 MTU deployment… Nick Hilliard
- Re: QUIC and DF [Re: Path MTU Hop-by-Hop Option] Nick Hilliard
- Re: operational stoppers to > 1500 MTU deployment… Tim Chown
- Re: Path MTU Hop-by-Hop Option Fernando Gont
- Re: Path MTU Hop-by-Hop Option G Fairhurst
- Re: Path MTU Hop-by-Hop Option Fernando Gont
- Re: Path MTU Hop-by-Hop Option Fernando Gont
- Re: Path MTU Hop-by-Hop Option Fernando Gont
- Re: Path MTU Hop-by-Hop Option Fernando Gont
- Re: Path MTU Hop-by-Hop Option Tom Herbert
- Re: Path MTU Hop-by-Hop Option Fernando Gont
- Re: Path MTU Hop-by-Hop Option Havard Eidnes
- Re: Path MTU Hop-by-Hop Option Tom Herbert
- Re: Path MTU Hop-by-Hop Option Fernando Gont
- Re: Path MTU Hop-by-Hop Option Tom Herbert
- Re: Path MTU Hop-by-Hop Option Brian E Carpenter