Re: Treatment of ICMP for PMTU

Magnus Westerlund <magnus.westerlund@ericsson.com> Tue, 03 July 2018 09:08 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E361130FBA for <quic@ietfa.amsl.com>; Tue, 3 Jul 2018 02:08:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k3Iw0yNj71g6 for <quic@ietfa.amsl.com>; Tue, 3 Jul 2018 02:08:47 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C448C130E40 for <quic@ietf.org>; Tue, 3 Jul 2018 02:08:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1530608925; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=rtOoSkg5mpe9X/qAoU8+13F4Y8+OBvimKv3zFU+pRMI=; b=TL3OxbiEmmQjqfjnuicbMOYUBkHw+GJ7fSj4mW4wHo8nBkmXF3v4iQ3jeiNE3gqX uNV1pHNd94j55SCoYMx2VXemeAsRtZvntl2tJTr9r+L0jx8bDNqpaKg4zRzpd5UL n0sJjyir4NoBAzWZSBBmCoo/4KZORkX3N8L4Ah+mYhA=;
X-AuditID: c1b4fb2d-223ff700000055ff-8e-5b3b3d1dbb14
Received: from ESESSMB502.ericsson.se (Unknown_Domain [153.88.183.120]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id C9.A9.22015.D1D3B3B5; Tue, 3 Jul 2018 11:08:45 +0200 (CEST)
Received: from [147.214.163.236] (153.88.183.153) by ESESSMB502.ericsson.se (153.88.183.163) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Tue, 3 Jul 2018 11:08:44 +0200
Subject: Re: Treatment of ICMP for PMTU
To: "Lubashev, Igor" <ilubashe@akamai.com>, "Eggert, Lars" <lars@netapp.com>
CC: IETF QUIC WG <quic@ietf.org>, Martin Duke <martin.h.duke@gmail.com>
References: <924fbd75dbcf4d62a9062570b0d2ba5a@ustx2ex-dag1mb5.msg.corp.akamai.com> <802647B5-94B5-4C24-BEFA-4B44F5B5E832@netapp.com> <43152ecf9538418ab26c23747c4d1d74@ustx2ex-dag1mb5.msg.corp.akamai.com> <4aef7f4c-327e-9651-80f8-990cc855d627@ericsson.com> <643f80954e6a45ba881c7d4a90a066d0@ustx2ex-dag1mb5.msg.corp.akamai.com>
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
Message-ID: <3c9a5b82-4c95-10b2-1ce2-9b2a9fe72876@ericsson.com>
Date: Tue, 03 Jul 2018 11:08:44 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <643f80954e6a45ba881c7d4a90a066d0@ustx2ex-dag1mb5.msg.corp.akamai.com>
Content-Type: multipart/alternative; boundary="------------811F199CCB1F864E9211E04B"
Content-Language: en-GB
X-Originating-IP: [153.88.183.153]
X-ClientProxiedBy: ESESBMB505.ericsson.se (153.88.183.172) To ESESSMB502.ericsson.se (153.88.183.163)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprAIsWRmVeSWpSXmKPExsUyM2J7ha6srXW0wek+doumhhXMFi9e97BY TH/8gs2iZwG3A4vH5CMLmD12zrrL7rFkyU8mjxmfvrAFsERx2aSk5mSWpRbp2yVwZey7vJi1 oDe/4sRnhQbGy9FdjJwcEgImEvPbVzN2MXJxCAkcZZR4+fouG4TzgVHize8D7CBVwgLqEr8v TQCzRQR8JO49XMsCYjMLuEuc6mllhWg4xyTRN72ZESTBJmAhcfNHIxuIzStgL7Fq0UtmEJtF QEVi8ZOjYLaoQIzE6o2X2SFqBCVOznwCNpRTIFhi7+5nUAvCJNa+fMIMYYtLNH1ZyQpiCwlo SzQ0dbBCvKAkcX3edRYIO13i7pFu1gmMQrOQjJ2FZNQsJKMgbAuJmfPPM0LY8hLNW2dD1WhI tM6Zy44svoCRfRWjaHFqcXFuupGxXmpRZnJxcX6eXl5qySZGYDwd3PJbdwfj6teOhxgFOBiV eHj/2FhHC7EmlhVX5h5ilOBgVhLh3aZqFS3Em5JYWZValB9fVJqTWnyIUZqDRUmcV2/Vnigh gfTEktTs1NSC1CKYLBMHp1QDY62sxt4N+tUZTy8Uv3jql23ZL3DyIFfN0RfcEqsi05yK1xTr ze5t4lsVasR6MOm7gt/kX782VEo3lLVLvD4590WvCnf/g5L1K11a+0MZT2po/Vv5woV9WkwZ m4TkOUbPepcTlyb4ntjeWKQws77yx582BQmBlXz7lfTELpw7+OrtC9nAC4deKrEUZyQaajEX FScCAJ6PsMWjAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/Ua6LWsgMTBc8fb__WOkVt8BS_Ho>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2018 09:08:50 -0000


Den 2018-07-03 kl. 01:19, skrev Lubashev, Igor:
>
>   * Probe starting at PTB_SIZE or verify Base_MTU and then probe up.
>     From my perspective, the important is that one uses this a signal
>     for checking the PMTU.
>
> From my perspective, there are two things that are important here:
>
>  1. Use PTB signal to start probing (as you said).  This is section 3.3.
>  2. Identify cases, when you can set PMTU to PTB_SIZE immediately upon
>     receipt of PTB, while the probing is happening.
>
Yes, that should definitely be detailed. For a validated message, I 
think there are good reasons to adjust PLPMTU to PTB_SIZE when it is 
less than PLPMTU and >= BASE_MTU. As this can prevent driving at least 
one additional RTT of data likely into a MTU blackhole. However, there 
are clearly corner cases, for example with inconsistent MTUs. But the 
goal there is to find the lower of the multiple thresholds.

> Plus one more thing that is not in that draft at all – I think it is 
> prudent to respect PTB, even if that PTB is not validated (i.e. w/o 
> on-path proof, using my lingo), if PTB_SIZE is large enough (to be 
> defined how large).  It probably deserves its own thread in tsvwg.
>

Definitely a TSVWG thread I think, please start a thread. I see 
significant issue with using unvalidated PTBs. First of all one need to 
be able to be certain that it is actually related to ones flow at all. 
Secondly, if it doesn't contain any information that one can identify it 
as an actually sent packet then one are open to off-path attackers. That 
is a real issue. I think at most one can initiate a probe based on flow 
related but not fully validated PTB messages.

Cheers

Magnus Westerlund

----------------------------------------------------------------------
Network Architecture & Protocols, Ericsson Research
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Torshamnsgatan 23           | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------