Re: [L2tpext] Suresh Krishnan's Discuss on draft-ietf-l2tpext-keyed-ipv6-tunnel-07: (with DISCUSS)

Mark Townsley <mark@townsley.net> Wed, 08 February 2017 18:20 UTC

Return-Path: <mark@townsley.net>
X-Original-To: l2tpext@ietfa.amsl.com
Delivered-To: l2tpext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3F09129442 for <l2tpext@ietfa.amsl.com>; Wed, 8 Feb 2017 10:20:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=townsley-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dntQyWSD9Lnk for <l2tpext@ietfa.amsl.com>; Wed, 8 Feb 2017 10:20:15 -0800 (PST)
Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F485129D09 for <l2tpext@ietf.org>; Wed, 8 Feb 2017 10:20:09 -0800 (PST)
Received: by mail-wm0-x22d.google.com with SMTP id v77so200876552wmv.0 for <l2tpext@ietf.org>; Wed, 08 Feb 2017 10:20:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=townsley-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=TX8WpEPrTnO1WBGVklxe6Q5quwZFD3TqEQF0lqXNo7E=; b=isaO/YUFZaqAYYCStvZkQsdkEUx8Xi2htu8LnqzP1Ysy6GJ968tFNx6jvbMGY01tB7 fQE+nnGd8iEf57BXqVMFUQyUxQU97wAlkNyjZ+I5yTatPOPPHVCdfbRt1PR1oi7W1lob ++VqXxJMBtbDmFovca0PAVtIRQGn0rdDvaFcN5urPz3AJxb34sDklyu3T0dKyBVNdS5e OSrfbeZ5dnESRpS+IupVJ7DriW7r6zQc3xc2a3rFuBab4LeWRD2cGui/+iC5gUIZ22+z ZxUi5M0G8IDApOMOUN7Noc1rEI5S+8Q1wEt2IaCs12uEcIF1TMyOnZRvxAZmZw0jaLST Q8WQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=TX8WpEPrTnO1WBGVklxe6Q5quwZFD3TqEQF0lqXNo7E=; b=mEE+IMwpRNQJqHgrF6+6VWZQAkbBx7mvmPpmmqKnGkkFxvElXj25FOwj0zuriDmfKs EvMKx5ad8E5cli6zm1GLlCYBH9BE81H0zGnP2DFM74gXPSb4MJ5AnjR/VmxFxTCJdszR uVL/YsRqTlyr7sqnTytKYDd57IQ62YbFKyUwx+2qdB67JpnxI4Qfjaes56FslAh2mTOa 8VlZa6SRn74yqBeXio3uNMdeJT0YAoalk9mUn9MrfbJrH78F9WmGoxZw/HC/mxJ3T391 XFD2y76ujc8/Xw/vRznKPUiBjLrSUMkRt4r/ruy89opgweRAgehiBn3eNRd+UfCRVqNL X1tA==
X-Gm-Message-State: AIkVDXJCs9lsM2xjkCF/KQbEvkY5IBy/IwTMgUX+TqCoNtHsbYJ3UxbD2qwF7U4LDtPS5w==
X-Received: by 10.223.142.131 with SMTP id q3mr19782987wrb.195.1486578007497; Wed, 08 Feb 2017 10:20:07 -0800 (PST)
Received: from [10.165.126.251] ([37.163.9.139]) by smtp.gmail.com with ESMTPSA id q4sm14252163wrc.35.2017.02.08.10.20.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 Feb 2017 10:20:06 -0800 (PST)
Content-Type: multipart/alternative; boundary=Apple-Mail-7E4A99E1-2D93-4B1A-AA82-C810F0A1DBF3
Mime-Version: 1.0 (1.0)
From: Mark Townsley <mark@townsley.net>
X-Mailer: iPad Mail (14D27)
In-Reply-To: <D8644A5A-4E67-4120-8F37-1AC4E511461D@gmail.com>
Date: Wed, 8 Feb 2017 19:20:05 +0100
Content-Transfer-Encoding: 7bit
Message-Id: <59C7A0C1-7B53-4DD7-918D-70BD061EABA7@townsley.net>
References: <147814587027.24024.3232023685298654420.idtracker@ietfa.amsl.com> <D8644A5A-4E67-4120-8F37-1AC4E511461D@gmail.com>
To: Giles Heron <giles.heron@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/l2tpext/WMLSHiVpnf_ZDBygFgFwYyl7a0w>
Cc: cpignata@cisco.com, draft-ietf-l2tpext-keyed-ipv6-tunnel@ietf.org, l2tpext@ietf.org, Suresh Krishnan <suresh.krishnan@ericsson.com>, draft-ietf-l2tpext-keyed-ipv6-tunnel.all@ietf.org, The IESG <iesg@ietf.org>, l2tpext-chairs@ietf.org
Subject: Re: [L2tpext] Suresh Krishnan's Discuss on draft-ietf-l2tpext-keyed-ipv6-tunnel-07: (with DISCUSS)
X-BeenThere: l2tpext@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Layer Two Tunneling Protocol Extensions <l2tpext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/l2tpext/>
List-Post: <mailto:l2tpext@ietf.org>
List-Help: <mailto:l2tpext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2017 18:20:16 -0000

RFC 4623, section 5.1 essentially says "Try not to be in a situation where you must fragment. If you must, try to use native PW fragmentation and reassembly if available. IP frag as a last resort." - which I think is the spirit of what you are trying to say here, though the all caps in #3 may be coming across as overkill to the reviewer (as if v6 host frag is somehow evil or broken - it's not, it's just hard for network gear that isn't used to this kind of thing, and we'd rather avoid it).

- Mark 


> On Feb 8, 2017, at 6:07 PM, Giles Heron <giles.heron@gmail.com> wrote:
> 
> Sorry for the delay in responding.
> 
> At any rate I don’t think this is an issue.  As far as I can tell the mention of RFC2473 in section 4.1.4 of RFC3931 pertains to an IPv6 payload, not to IPv6 transport.  Our draft doesn’t discuss payload fragmentation - as we’ve generally assumed systems are acting as LACs rather than as LNSes (i.e. just forwarding at layer 2, not routing between a L2 circuit and a “home network”), though there’s nothing to stop an implementation that routes into a keyed IPv6 tunnel from fragmenting IPv4 packets before forwarding them into the tunnel, or performing L2TPv3 fragmentation for IPv4 or IPv6 packets.
> 
> In terms of preference the draft is pretty clear that it’s:
> (1) ensure MTU is sufficient
> (2) use L2TPv3 fragmentation
> (3) NOT RECOMMENDED - use IPv6 fragmentation.
> 
> In case 3 (as in case 2) the ingress router will fragment and the egress router will reassemble.
> 
> or have I missed something?
> 
> Giles
> 
> 
>> On 3 Nov 2016, at 04:04, Suresh Krishnan <suresh.krishnan@ericsson.com> wrote:
>> 
>> Suresh Krishnan has entered the following ballot position for
>> draft-ietf-l2tpext-keyed-ipv6-tunnel-07: Discuss
>> 
>> When responding, please keep the subject line intact and reply to all
>> email addresses included in the To and CC lines. (Feel free to cut this
>> introductory paragraph, however.)
>> 
>> 
>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
>> for more information about IESG DISCUSS and COMMENT positions.
>> 
>> 
>> The document, along with other ballot positions, can be found here:
>> https://datatracker.ietf.org/doc/draft-ietf-l2tpext-keyed-ipv6-tunnel/
>> 
>> 
>> 
>> ----------------------------------------------------------------------
>> DISCUSS:
>> ----------------------------------------------------------------------
>> 
>> * Section 5
>> I am having a hard time seeing how fragmentation is expected to work 
>> 
>>   It is NOT RECOMMENDED for routers implementing this specification to
>>   enable IPv6 fragmentation (as defined in section 4.5 of RFC2460) for
>>   keyed IP tunnels.  IP fragmentation issues for L2TPv3 are discussed
>>   in section 4.1.4 of RFC3931.
>> 
>> And that specific section of RFC3931 recommends using RFC2473 to tunnel
>> the packets which again ends up using the RFC2460 fragment header that
>> this draft is trying to forbid.
>> 
>> So, can you please clarify exactly what happens when the size of the
>> packet to be tunneled exceeds the MTU?
>> 
>> 
>> 
>> 
>> _______________________________________________
>> L2tpext mailing list
>> L2tpext@ietf.org
>> https://www.ietf.org/mailman/listinfo/l2tpext
> 
> _______________________________________________
> L2tpext mailing list
> L2tpext@ietf.org
> https://www.ietf.org/mailman/listinfo/l2tpext