Re: [Softwires] [Int-area] Errata on RFC 6333, "Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion"
Joseph Touch <touch@strayalpha.com> Mon, 10 May 2021 16:27 UTC
Return-Path: <touch@strayalpha.com>
X-Original-To: softwires@ietfa.amsl.com
Delivered-To: softwires@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05A203A228D; Mon, 10 May 2021 09:27:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oofs1LFCizSH; Mon, 10 May 2021 09:27:47 -0700 (PDT)
Received: from server217-5.web-hosting.com (server217-5.web-hosting.com [198.54.116.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 170983A2289; Mon, 10 May 2021 09:27:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=sNEdU5ykdm+sDperJp2J+5eiPvtQsw2dOH2Z8L5L6TE=; b=Gb6AkWHTMgHD1/Jd21BkIr9yvo 1xELxt4tSYUJ8UparkFkA1lExI9PLjGLbym9k6nJE5nWQBBA62ToVwEWEt4KkvsayZsYcmyZfuooe 1bpXbAOUi8+LokYL34z9gIv/IJA41QcWbg7txFe7nk+DcQrKcoQV7j8/Dx//XDNAeof2ih+t7abhZ mZRKQ34rqAjYhJt+i9tqoxiBU0Lw+GC83UBkfNgIn9R1iRocEac6tZgyRoVYh/tBDPEwa5GYhqpot lgEQ198M6VSycb+V+Z57z8+XehUs6ZLRDFJSRTQ0piNgnfOTPRUFFSTA7LMdaVsVXVbpbFIRRAq33 JW6JrWvQ==;
Received: from cpe-172-250-225-198.socal.res.rr.com ([172.250.225.198]:62733 helo=[192.168.1.14]) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <touch@strayalpha.com>) id 1lg8kt-001AWn-WF; Mon, 10 May 2021 12:27:46 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_CF41C3A8-43CE-4BBB-993E-1B163841EE84"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
From: Joseph Touch <touch@strayalpha.com>
In-Reply-To: <B2A844E5-40B4-44D3-9B2A-D188695C450B@gmx.com>
Date: Mon, 10 May 2021 09:27:38 -0700
Cc: "Eric Vyncke (evyncke)" <evyncke=40cisco.com@dmarc.ietf.org>, "softwires@ietf.org" <softwires@ietf.org>, "int-area@ietf.org" <int-area@ietf.org>
Message-Id: <3C577467-23E5-4B07-A2E1-768CA614E9AF@strayalpha.com>
References: <15FCA524-D984-4A0C-9D17-8599515F0C21@cisco.com> <B2A844E5-40B4-44D3-9B2A-D188695C450B@gmx.com>
To: ianfarrer@gmx.com
X-Mailer: Apple Mail (2.3654.60.0.2.21)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/softwires/9SIh11aQSN42ilDFlC6Jv9WldOw>
Subject: Re: [Softwires] [Int-area] Errata on RFC 6333, "Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion"
X-BeenThere: softwires@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: softwires wg discussion list <softwires.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/softwires>, <mailto:softwires-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/softwires/>
List-Post: <mailto:softwires@ietf.org>
List-Help: <mailto:softwires-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/softwires>, <mailto:softwires-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 May 2021 16:27:53 -0000
Hi, all,
Draft-ietf-intarea-tunnels describes the flaws in RFC 2473:
o IPv6 tunnels [RFC2473 <https://datatracker.ietf.org/doc/html/rfc2473>] -- IPv6 or IPv4 in IPv6
* o Treats tunnel MTU as tunnel path MTU, not tunnel egress MTU
o Decrements transiting packet hopcount (by 1)
o Copies traffic class from tunnel link to tunnel transit header
o Ignores IPv4 DF=0 and fragments at that layer upon arrival
o Fails to retain soft ingress state based on inner ICMP messages
affecting tunnel MTU
* o Tunnel ingress issues ICMPs
o Fragments IPv4 over IPv6 fragments only if IPv4 DF=0
(misinterpreting the "can fragment the IPv4 packet" as
permission to fragment at the IPv6 link header)
I’ve starred (*) the points relevant to the discussion below here.
A tunnel is a link, not unlike any other link. It has an MTU - the size of the largest packet that can traverse the tunnel. NOT the largest packet that can traverse the tunnel without fragmentation (or refragmentation, in the case of IPv4 with DF=0). If that were the case, ATM links would have MTUs of 48 bytes, not 9K.
Tunnel ingresses have no business issuing ICMPs. That’s the job of the router or host to which a tunnel is attached. If a packet arrives at a router/host for an interface (tunnel) that is too small, it is the router/host that issues the ICMP before the tunnel should ever see it.
If tunnel specs would “stay in their lane” and stop trying to describe how the router where they attach works, this would all be a LOT simpler.
Joe
> On May 10, 2021, at 7:40 AM, ianfarrer@gmx.com wrote:
>
> Hi Éric,
>
> My reading of the current RFC6333 text is that it is trying to highlight the importance of not fragmenting the IPv4 packet before encapsulation as this will break things. This, combined with ‘… after the encapsulation of the IPv6 packet.’ which should certainly be ‘… of the IPv4 packet.’ Is where the confusion is from.
>
> So, as a minimum, the errata is correct regarding the encapsulated IP version.
>
> Beyond that, I don’t find the remaining text to conflict with RFC2743 section 7.2. The text is only covering how to deal with packets that you will encapsulate and forward (DF=0) - case (b) in the RFC2473 text. Case (a) - DF=1 for received packet, so drop and send ICMP error isn’t discussed as these packets will not be encapsulated and need to be fragmented.
>
> I do agree that this is open to misreading. How about the following wording to preserve (what I think is) the authors intention:
>
>> However, as not all service providers will be able to increase their
>> link MTU, the B4 element MUST perform fragmentation and reassembly if
>> the outgoing link MTU cannot accommodate the extra IPv6 header. The
>> original IPv4 packet is not oversized. The packet is oversized after
>> the IPv6 encapsulation. The inner IPv4 packet MUST NOT be
>> fragmented. For packets forwarded by the B4 element, fragmentation
> MUST happen after the encapsulation of the IPv4 packet. Reassembly
> MUST happen before the decapsulation of the IPv4 packet. A detailed
> procedure has been specified in [RFC2473]
>>
>> Section 7.2.
>
>
>
> From Mikael’s comment:
> "RFC2473 7.2 says to use the DF bit and decide whether to inner fragment or drop+send ICMP error."
>
> I can’t find anything in the Section 7.2 text that would result in inner fragmentation.
>
> Thanks,
> Ian
>
>
>> On 10. May 2021, at 15:36, Eric Vyncke (evyncke) <evyncke=40cisco.com@dmarc.ietf.org <mailto:evyncke=40cisco.com@dmarc.ietf.org>> wrote:
>>
>> Dear ex-softwires WG, dear int-area WG,
>>
>> Mikael Abrahamsson filed an erratum https://www.rfc-editor.org/errata/eid5847 <https://www.rfc-editor.org/errata/eid5847> in August 2019 (after the softwires WG closure) and, as the past responsible AD for softwires, I would like to fix this erratum but as Mikael I have no idea about the correction.
>>
>> My own take is that the normative text in RFC 6333 indeed violates RFC 2473 for when the IPv4 DF is set... RFC 2473 appears to me as sensible and I would prefer to keep this behavior, i.e., see my suggestion below.
>>
>> Than you in advance for your comments and suggestions,
>>
>> Regards
>>
>> -éric
>>
>>
>> -- Existing text in RFC 6333 –
>> Section 5.3 says:
>>
>> However, as not all service providers will be able to increase their
>> link MTU, the B4 element MUST perform fragmentation and reassembly if
>> the outgoing link MTU cannot accommodate the extra IPv6 header. The
>> original IPv4 packet is not oversized. The packet is oversized after
>> the IPv6 encapsulation. The inner IPv4 packet MUST NOT be
>> fragmented. Fragmentation MUST happen after the encapsulation of the
>> IPv6 packet. Reassembly MUST happen before the decapsulation of the
>> IPv4 packet. A detailed procedure has been specified in [RFC2473]
>> Section 7.2.
>>
>>
>> -- Comment by erratum submitter –
>> I do not have a corrected text. The above text doesn't say what RFC2473 section 7.2 says, so... what should it be? RFC2473 7.2 says to use the DF bit and decide whether to inner fragment or drop+send ICMP error. The above text seems to make normative statements that counter at least the DF=1 case in RFC2473 7.2. Also the text above says "Fragmentation MUST happen after the encapsulation of the IPv6 packet.". The IPv6 packet isn't encapsulated, so that sentence should be changed?
>>
>> -- Section 7.2 of RFC 2473 ---
>> When an IPv4 original packet enters a tunnel, if the original packet
>> size exceeds the tunnel MTU (i.e., the Path MTU between the tunnel
>> entry-point and the tunnel exit-point, minus the size of the tunnel
>> header(s)), it is handled as follows:
>>
>> (a) if in the original IPv4 packet header the Don't Fragment -
>> DF - bit flag is SET, the entry-point node discards the
>> packet and returns an ICMP message. The ICMP message has
>> the type = "unreachable", the code = "packet too big", and
>> the recommended MTU size field set to the size of the
>> tunnel MTU - see sections 6.7 <https://datatracker.ietf.org/doc/html/rfc2473#section-6.7> and 8.3 <https://datatracker.ietf.org/doc/html/rfc2473#section-8.3>.
>>
>> (b) if in the original packet header the Don't Fragment - DF -
>> bit flag is CLEAR, the tunnel entry-point node encapsulates
>> the original packet, and subsequently fragments the
>> resulting IPv6 tunnel packet into IPv6 fragments that do
>> not exceed the Path MTU to the tunnel exit-point.
>>
>>
>> -- Suggested new text by Éric Vyncke –
>> However, as not all service providers will be able to increase their
>> link MTU, the B4 element MUST perform fragmentation and reassembly if
>> the outgoing link MTU cannot accommodate the extra IPv6 header. The
>> original IPv4 packet is not oversized. The packet is oversized after
>> the IPv6 encapsulation. The detailed procedure specified in [RFC2473]
>> Section 7.2 MUST be executed by the B4 element.
>>
>> _______________________________________________
>> Softwires mailing list
>> Softwires@ietf.org <mailto:Softwires@ietf.org>
>> https://www.ietf.org/mailman/listinfo/softwires <https://www.ietf.org/mailman/listinfo/softwires>
> _______________________________________________
> Int-area mailing list
> Int-area@ietf.org
> https://www.ietf.org/mailman/listinfo/int-area
- [Softwires] Errata on RFC 6333, "Dual-Stack Lite … Eric Vyncke (evyncke)
- Re: [Softwires] Errata on RFC 6333, "Dual-Stack L… ianfarrer
- Re: [Softwires] [Int-area] Errata on RFC 6333, "D… Joseph Touch
- Re: [Softwires] [Int-area] Errata on RFC 6333, "D… mohamed.boucadair
- Re: [Softwires] [Int-area] Errata on RFC 6333, "D… Eric Vyncke (evyncke)