Re: Use cases for PMTUD and PLPMTUD (was: RE: 6MAN: Adoption call on draft-hinden-6man-rfc1981bis-01)
Mark Andrews <marka@isc.org> Mon, 08 February 2016 23:33 UTC
Return-Path: <marka@isc.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83B781B3D5A for <ipv6@ietfa.amsl.com>; Mon, 8 Feb 2016 15:33:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.398
X-Spam-Level:
X-Spam-Status: No, score=0.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MANGLED_HERE=2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oLC497GtfiRJ for <ipv6@ietfa.amsl.com>; Mon, 8 Feb 2016 15:33:15 -0800 (PST)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03FA01B2CFC for <ipv6@ietf.org>; Mon, 8 Feb 2016 15:33:15 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.ams1.isc.org (Postfix) with ESMTPS id B21A91FCAE1; Mon, 8 Feb 2016 23:33:11 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 9B157160041; Mon, 8 Feb 2016 23:33:10 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 887C21600A2; Mon, 8 Feb 2016 23:33:10 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Nbp7kwgMr1Hq; Mon, 8 Feb 2016 23:33:10 +0000 (UTC)
Received: from rock.dv.isc.org (c110-21-49-25.carlnfd1.nsw.optusnet.com.au [110.21.49.25]) by zmx1.isc.org (Postfix) with ESMTPSA id 1AF34160041; Mon, 8 Feb 2016 23:33:10 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id D0EF941B734E; Tue, 9 Feb 2016 10:33:07 +1100 (EST)
To: Michael Richardson <mcr+ietf@sandelman.ca>
From: Mark Andrews <marka@isc.org>
References: <2134F8430051B64F815C691A62D983183395EFC6@XCH-BLV-105.nw.nos.boeing.com> <56B4E91C.6090905@si6networks.com> <2134F8430051B64F815C691A62D983183395F14A@XCH-BLV-105.nw.nos.boeing.com> <56B502FB.4050302@si6networks.com> <20160205230616.CA7A1419BA10@rock.dv.isc.org> <15275.1454861964@obiwan.sandelman.ca> <20160208004818.A351E41AF670@rock.dv.isc.org> <32587.1454955668@obiwan.sandelman.ca>
Subject: Re: Use cases for PMTUD and PLPMTUD (was: RE: 6MAN: Adoption call on draft-hinden-6man-rfc1981bis-01)
In-reply-to: Your message of "Mon, 08 Feb 2016 13:21:08 -0500." <32587.1454955668@obiwan.sandelman.ca>
Date: Tue, 09 Feb 2016 10:33:07 +1100
Message-Id: <20160208233307.D0EF941B734E@rock.dv.isc.org>
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/wq13-szoRHiC4NSNbHh4ITwxwZw>
Cc: Fernando Gont <fgont@si6networks.com>, 6man WG <ipv6@ietf.org>, "Fred Baker (fred)" <fred@cisco.com>, Bob Hinden <bob.hinden@gmail.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Feb 2016 23:33:16 -0000
In message <32587.1454955668@obiwan.sandelman.ca>, Michael Richardson writes: > --=-=-= > Content-Type: text/plain > > > Mark Andrews <marka@isc.org> wrote: > >> I didn't think PLPMTUD worked any better in this situation, or are I > >> wrong he re? > > > Conceptually you do PLPMTUD by adjusting the EDNS UDP size advertised > > in the query until you get a response. This isn't strict PMTUD as it > > also accounts for firewalls that are blocking fragments, firewalls that > > still think DNS is limited to 512 byte UDP payloads. Unfortunately you > > only have about 3 seconds to do this all in as well as talking to other > > servers. The DNS doesn't have a way of signaling "fragment at this > > size". > > I'd forgotten about doing it this way. > I now recall you explaining it many times before :-) > > It would seem that ICMP based PMTUD is useless for DNS too, and that we > should do away with 1981? There is a difference between trying to avoid something and doing away with something. Named turns off PMTUD for the sockets it opens because even with TCP there isn't the recovery time available to deal with lost PTBs. That said RFC 1981 works well when the PTB get through for TCP and if most of the DNS/UDP traffic was fragmented it would work reasonable well there too however DNS/UDP packets are variable sizes and you have 1 in N packets being fragmented and the MTU knowledge times out. N is dropping and more sites sign their zones. Firewall developers really don't know how to handle DNS. They do lots of really stupid things like dropping EDNS != 0 packets for no sane reason, dropping EDNS requests with a EDNS option or EDNS flag set. EDNS specified safe default behaviours for all these event but firewall developers seem to think they know better. Ahhhh this EDNS flag bit is set, the world may end, lets drop the packet and break the protocol instead of reading the protocol spec and seeing that the default is for the server to ignore the bit. Similarly dropping ICMP PTB and fragments. The world will not end if you let through a "bad" ICMP PTB or a IP fragment. Mark > > Named tracks successful answers/timeouts with different EDNS udp sizes > > as well as the actual response sizes that have got through. > > > ; [edns success/4096 timeout/1432 timeout/1232 timeout/512 timeout] > > > Too many timeouts with a particlar size and we stop offering a EDNS UDP > > buffer of that size and fallback to the next break point. These values > > are set for 4in6/6in4 + a UDP header. timeouts with a smaller EDNS > > buffer size also count against larger sizes. > > >> i.e: both are broken for UDP, and in the DNS/UDP case, the server > >> never retransmits either... so absent using TCP, it will always just > >> fail. > > > But the client re-queries leading to a re-transmission. > > >> -- > >> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works > >> -= IPv6 IoT consulting =- > >> > >> > >> > >> > >> --=-=-= Content-Type: application/pgp-signature; name="signature.asc" > >> > >> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) > >> > >> iQEVAwUBVrduiYCLcPvd0N1lAQJ7RQf/bInuCsHmVH6AONDSavt/Ut1/xo0NdnRp > >> 1vtfg2LwHG5cUJGNpHOdnlg0OdhIJS9KVYN6xP0FQqbfTq4E6zRpoBkw4kMFQFWK > >> cYOe8MaXx4FJFWF6MWcugglhWRkFQeSaQyYcn0Odhmeoc7w2/ehlsTfuFNGCnpH9 > >> 2bJS2Og80JWMDy7Q95IL6JrsKE1/VDDLpJJkQTfqPboZ1BG5Vn6IlDUT+lEMsZly > >> By2CSNBglAqVtU5fUPYCa6yCx92I2g8MYePqkjclN1dAlELhlOUllsrJ8F3kCuFs > >> 4eT9yAOtU4W7tP/Ka3bBdJTRYnS31NXozgdIlPsnhZ7mXdrks1tQcg== =kitT > >> -----END PGP SIGNATURE----- --=-=-=-- > > -- > > Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia > > PHONE: +61 2 9871 4742 INTERNET: marka@isc.org > > -- > Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works > -= IPv6 IoT consulting =- > > > > > --=-=-= > Content-Type: application/pgp-signature; name="signature.asc" > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > > iQEVAwUBVrjckYCLcPvd0N1lAQI/1wf/f42aJtsGxKjkEwNFSedh2jJCEs7H9hhW > onkwzKj+d+D9zhWwJyiqrZ2C/jLaxz+N6KowvCO8/+xNrbo0yDca5RLfcqWyEMkz > hb3zwQiDoBdoTFiZ/R+leTWclTx2h9lMzqyCB4cL69PNgmQBFy5NxwSdGE79AUiP > uQJhbfxxjkKXNkddgAj3z6q8UFuikZQSeYfrAUyoqF+6L/ZlqDIvHLZnw8w1YA5p > 2krSML8S5XdA0YBcOuH3CAXvLG9tYQiLkRso3UG4OPqD9JgydSUJM/4ef+7cIOOq > LSl9YKXN2r2E9rcCCye0RL5LPyYo+deL1ZieYOAqaUuKgxW9e7Ozaw== > =Nax3 > -----END PGP SIGNATURE----- > --=-=-=-- -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- Re: Use cases for PMTUD and PLPMTUD (was: RE: 6MA… Mark Andrews
- Re: Use cases for PMTUD and PLPMTUD (was: RE: 6MA… Michael Richardson
- Re: Use cases for PMTUD and PLPMTUD (was: RE: 6MA… Michael Richardson
- Re: Use cases for PMTUD and PLPMTUD (was: RE: 6MA… Fred Baker (fred)
- Re: Use cases for PMTUD and PLPMTUD (was: RE: 6MA… Fernando Gont
- Re: Use cases for PMTUD and PLPMTUD (was: RE: 6MA… Fernando Gont
- Re: Use cases for PMTUD and PLPMTUD (was: RE: 6MA… Mark Smith
- Re: Use cases for PMTUD and PLPMTUD (was: RE: 6MA… Mark Andrews
- Re: Use cases for PMTUD and PLPMTUD (was: RE: 6MA… Brian E Carpenter
- Use cases for PMTUD and PLPMTUD (was: RE: 6MAN: A… Templin, Fred L
- Re: Use cases for PMTUD and PLPMTUD (was: RE: 6MA… Fernando Gont
- RE: Use cases for PMTUD and PLPMTUD (was: RE: 6MA… Templin, Fred L
- Re: Use cases for PMTUD and PLPMTUD (was: RE: 6MA… Bob Hinden
- Re: Use cases for PMTUD and PLPMTUD (was: RE: 6MA… Michael Richardson
- RE: Use cases for PMTUD and PLPMTUD (was: RE: 6MA… Templin, Fred L
- RE: Use cases for PMTUD and PLPMTUD (was: RE: 6MA… Templin, Fred L
- Re: Use cases for PMTUD and PLPMTUD (was: RE: 6MA… Michael Richardson
- Re: Use cases for PMTUD and PLPMTUD (was: RE: 6MA… Mark Andrews
- Re: Use cases for PMTUD and PLPMTUD (was: RE: 6MA… Fernando Gont