IETF Logo Mail Archive

Re: [quicwg/base-drafts] ICMP and ICMPv6 PMTUD with asymmetric connection-ids (#1243)

Erik Nygren <notifications@github.com> Mon, 19 March 2018 22:31 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFA9D126B7E for <quic-issues@ietfa.amsl.com>; Mon, 19 Mar 2018 15:31:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.009
X-Spam-Level:
X-Spam-Status: No, score=-7.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id USO22PIOrGsl for <quic-issues@ietfa.amsl.com>; Mon, 19 Mar 2018 15:31:14 -0700 (PDT)
Received: from out-5.smtp.github.com (out-5.smtp.github.com [192.30.252.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8D15124BAC for <quic-issues@ietf.org>; Mon, 19 Mar 2018 15:31:14 -0700 (PDT)
Date: Mon, 19 Mar 2018 15:31:13 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1521498673; bh=IrB+ycEilf+zkrnTm9w1eTQv+rZ1OFUcyRWMLj/cCE8=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Z1/3Ux1Gsy5nM0ECBEWDjoWLbJoJFoOaAFsHlvqcEWEFoQR3sWgaIAmAjAdTMi7Ij V2oYe7nY+ec5wKR5IVq++nqbxgAzvNMSi7sFXPyNOcKbVEJxYO2Z+DzuBNhLjj+6mm ABBEnMW9ncX6+401M30lKF6nnPexTmkOKFz9NJbc=
From: Erik Nygren <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab57220dd58934cb818be5c16378fe67fad6b350b892cf0000000116c7fc3192a169ce124738ff@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1243/374405968@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1243@github.com>
References: <quicwg/base-drafts/issues/1243@github.com>
Subject: Re: [quicwg/base-drafts] ICMP and ICMPv6 PMTUD with asymmetric connection-ids (#1243)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5ab03a31ab9b4_16ab83febe82e6f30695e8"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: enygren
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/VFZtUx6_lV3cnPFB0xwWFbcrFbk>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2018 22:31:17 -0000

One proposal based on discussions would be to allow Long headers (with both client and server connection-ids) in certain situations following the handshake.  In particular, when performing a PMTUD probe (or otherwise sending a packet with a larger size than the current PMTU), using a Long form header would mean that a stateless load balancer would still be able to route it based on the payload of the ICMP(v6) message, plus it might make it safer and easier for the server to validate that the packet was send by a device on-path.  Both endpoints would still of course need to have reasonable lower bounds on PMTU as well.

Similarly, such a scheme could also make it more reasonable to support ICMP(v6) destination-unreachable messages in a way that wasn't vulnerable to parallel-to-path resets but could allow devices such as NATs to eventually squelch connections where state is no longer present.  For example, if the Nth and subsequent (3rd?) retransmits of the same data was sent with a full Long header (with both connection-ids) and an ICMP(v6) response is returned that contains both connection-ids (plus enough data from what was sent for validation) then this is a good sign that the node sending is both on-path and that this is a degenerate situation that should only have been reached after multiple losses and thus likely from a legitimate active middle-box.

(Note that client/server above are symmetric as both end-points have the same challenge with roles reversed.)


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1243#issuecomment-374405968

v2.23.0 | Report a Bug | By Email