Re: [Softwires] [lisp] Is it feasible to perform fragmentation on UDP encapsulated packets.

Xuxiaohu <xuxiaohu@huawei.com> Sat, 28 May 2016 01:27 UTC

Return-Path: <xuxiaohu@huawei.com>
X-Original-To: softwires@ietfa.amsl.com
Delivered-To: softwires@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DF9B12D1D0; Fri, 27 May 2016 18:27:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.647
X-Spam-Level:
X-Spam-Status: No, score=-5.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VPRgUmcVWsZO; Fri, 27 May 2016 18:27:07 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6ADB12D139; Fri, 27 May 2016 18:27:05 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml705-cah.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CPS57341; Sat, 28 May 2016 01:27:03 +0000 (GMT)
Received: from NKGEML414-HUB.china.huawei.com (10.98.56.75) by lhreml705-cah.china.huawei.com (10.201.5.168) with Microsoft SMTP Server (TLS) id 14.3.235.1; Sat, 28 May 2016 02:27:02 +0100
Received: from NKGEML515-MBS.china.huawei.com ([169.254.5.169]) by nkgeml414-hub.china.huawei.com ([10.98.56.75]) with mapi id 14.03.0235.001; Sat, 28 May 2016 09:26:55 +0800
From: Xuxiaohu <xuxiaohu@huawei.com>
To: "otroan@employees.org" <otroan@employees.org>
Thread-Topic: [lisp] [Softwires] Is it feasible to perform fragmentation on UDP encapsulated packets.
Thread-Index: AQHRt/+2WtIZvGZrakmsedKxg0Mnz5/MFO4AgAF3XFA=
Date: Sat, 28 May 2016 01:26:55 +0000
Message-ID: <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE0D559A6A@NKGEML515-MBS.china.huawei.com>
References: <E83B905A-FF6D-4996-B71A-7921DE4B133B@ericsson.com> <BFC09F5C-D6DF-4B6B-AA95-03919B9F09FB@cisco.com> <573E2A0E.1060609@isi.edu> <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE0D54EB60@NKGEML515-MBX.china.huawei.com> <573F453C.5060908@isi.edu> <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE0D554B73@NKGEML515-MBS.china.huawei.com> <5743303C.5040109@isi.edu> <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE0D55514C@NKGEML515-MBS.china.huawei.com> <5743DD16.3050506@isi.edu> <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE0D555482@NKGEML515-MBS.china.huawei.com> <57448C14.2060203@isi.edu> <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE0D5557DE@NKGEML515-MBS.china.huawei.com> <9c462520-eb8e-fcd0-0a08-228f80fbc779@isi.edu> <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE0D5596E0@NKGEML515-MBS.china.huawei.com> <8790AF6F-CCD6-43AC-A50E-957B037643F1@employees.org>
In-Reply-To: <8790AF6F-CCD6-43AC-A50E-957B037643F1@employees.org>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.111.99.55]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090204.5748F3E8.0001, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.5.169, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: fb98bbb68d3f12523251502f0378638a
Archived-At: <http://mailarchive.ietf.org/arch/msg/softwires/RILl_kdrdLYKZLtU4XRTGFW2Bno>
Cc: Softwires WG <softwires@ietf.org>, "nvo3@ietf.org" <nvo3@ietf.org>, "int-area@ietf.org" <int-area@ietf.org>, "lisp@ietf.org" <lisp@ietf.org>, "tsvwg@ietf.org" <tsvwg@ietf.org>
Subject: Re: [Softwires] [lisp] Is it feasible to perform fragmentation on UDP encapsulated packets.
X-BeenThere: softwires@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: softwires wg discussion list <softwires.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/softwires>, <mailto:softwires-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/softwires/>
List-Post: <mailto:softwires@ietf.org>
List-Help: <mailto:softwires-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/softwires>, <mailto:softwires-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 May 2016 01:27:10 -0000

Hi Ole,

> -----Original Message-----
> From: lisp [mailto:lisp-bounces@ietf.org] On Behalf Of otroan@employees.org
> Sent: Friday, May 27, 2016 6:50 PM
> To: Xuxiaohu
> Cc: Softwires WG; nvo3@ietf.org; int-area@ietf.org; lisp@ietf.org;
> tsvwg@ietf.org
> Subject: Re: [lisp] [Softwires] Is it feasible to perform fragmentation on UDP
> encapsulated packets.
> 
> > <Note that I have changed the subject of the email hence it has nothing to do
> with the WG adoption call now. It's just a discussion on a particular issue which is
> related to those WGs which are working on UDP tunnels. The reason for
> containing the old email is to use it as a background which may be useful for
> better understanding of this particular issue>
> >
> > The possible side-effect of performing fragmentation on UDP encapsulated
> packets is to worsen the reassembly burden on tunnel egress since fragments of
> UDP encapsulated packets are more likely to be forwarded across different
> paths towards the tunnel egress than those of IP or GRE encapsulated packets.
> >
> > It seems that most X-over-UDP proposals choose to prohibit the tunnel ingress
> from performing fragmentation on UDP encapsulated packets. See the following
> quoted text regarding fragmentation from those X-over-UDP drafts:
> >
> > LISP:
> >
> > When an ITR receives a packet from a site-facing interface and adds H
> >   octets worth of encapsulation to yield a packet size greater than L
> >   octets, it resolves the MTU issue by first splitting the original
> >   packet into 2 equal-sized fragments.  A LISP header is then prepended
> >   to each fragment.
> >
> > VXLAN:
> >
> > VTEPs MUST NOT fragment VXLAN packets.  Intermediate routers may
> >   fragment encapsulated VXLAN packets due to the larger frame size.
> >   The destination VTEP MAY silently discard such VXLAN fragments.
> >
> > VXLAN-GPE:
> >
> > VTEPs MUST never fragment an encapsulated VXLAN GPE packet, and when
> >   the outer IP header is IPv4, VTEPs MUST set the DF bit in the outer
> >   IPv4 header.
> >
> > GEVENE:
> >
> >   To prevent fragmentation and maximize performance, the best practice
> >   when using Geneve is to ensure that the MTU of the physical network
> >   is greater than or equal to the MTU of the encapsulated network plus
> >   tunnel headers.
> >
> > GUE:
> >
> >    If a packet is fragmented before encapsulation in GUE, all the
> >    related fragments must be encapsulated using the same source port
> >    (inner flow identifier). An operator may set MTU to account for
> >    encapsulation overhead and reduce the likelihood of fragmentation.
> >
> > GRE/UDP
> >
> > Regarding packet fragmentation, an encapsulator/decapsulator SHOULD
> >   be compliant with [RFC7588] and perform fragmentation before the
> >   encapsulation.
> >
> > However, the above choice seems conflict with the requirements as described
> in https://tools.ietf.org/html/draft-ietf-intarea-tunnels-02
> >
> >
> > I wonder whether the IETF should reach a consensus on whether or not the
> fragmentation on UDP encapsulated packets should be allowed.
> 
> Having just implemented fragmentation and reassembly support in a MAP BR...
> 
> MAP does IPv4 over IPv6 tunnels with shared IPv4 address (aka routing on
> ports).
> 
> - Inner IPv4 fragmentation is relatively easy, cause you don't need to reassemble
> you can do virtual reassembly
> - Outer IPv6 reassembly is much harder, cause you have to do it on the tunnel
> egress.
> 
> It is not possible to implement reassembly complying with IETF RFCs.
> The IPv4 reassembly buffer is specified in IPv4 as 15 seconds, in IPv6 as 60
> seconds.
> My implementation does upwards of 100Mpps, you do the numbers.

Thanks a lot for sharing your implementation experience!

> If you can:
>  - Guarantee always in sequence
>  - Maximum fragment chain of 2
>  - Maximum time and packet gap between first and last fragment of
> _very_small_
> 
> Then sure it is implementable, but if not then you're just setting yourself up for a
> DOS attack.
> And if you have that much control over the environment, just increase the MTU
> in the tunnel domain.

I couldn't agree more.

> Code is here:
> https://git.fd.io/cgit/vpp/tree/vnet/vnet/map/ip6_map.c#n530
> 
> So in short, IETF can say whatever they like, that's not going to change reality.

Wouldn't it be better if the IETF guidelines on tunnel fragmentation could be more in conformity with the reality?

Best regards,
Xiaohu

> Best regards,
> Ole
> 
> 
>