Re: [Softwires] MAP draft 11 question on fragment ID space reduction
Ole Troan <otroan@employees.org> Wed, 15 October 2014 13:27 UTC
Return-Path: <otroan@employees.org>
X-Original-To: softwires@ietfa.amsl.com
Delivered-To: softwires@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF3A01A1B70 for <softwires@ietfa.amsl.com>; Wed, 15 Oct 2014 06:27:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.235
X-Spam-Level:
X-Spam-Status: No, score=-6.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_SOFTFAIL=0.665] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MQFUohhQtuw2 for <softwires@ietfa.amsl.com>; Wed, 15 Oct 2014 06:27:51 -0700 (PDT)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88C461A1B16 for <softwires@ietf.org>; Wed, 15 Oct 2014 06:27:50 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AqYEANN0PlStJssW/2dsb2JhbABbg2FYzAOHTQKBKAF9hAIBAQEDATo/BQsLGC5XBhMbiBsIDcg8AQEBAQEBAQEBAQEBAQEBAQEBAQEBF5AbMweDLYEeAQSWQ4h9lC6DeTsvAQGCSAEBAQ
X-IronPort-AV: E=Sophos;i="5.04,724,1406592000"; d="scan'208";a="211656535"
Received: from aer-iport-nat.cisco.com (HELO aer-core-1.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP; 15 Oct 2014 13:27:48 +0000
Received: from dhcp-10-61-100-153.cisco.com (dhcp-10-61-100-153.cisco.com [10.61.100.153]) by aer-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id s9FDRlch019281 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 15 Oct 2014 13:27:48 GMT
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1990.1\))
From: Ole Troan <otroan@employees.org>
In-Reply-To: <365F683D-89D6-4A42-B9F1-780453D9C1A5@nominum.com>
Date: Wed, 15 Oct 2014 15:27:47 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <D14390B1-8628-4372-B664-A5EA82BE0327@employees.org>
References: <CAPi140MdbJQBLSRS+g4Jx0G1zm1dx6PLBBQ7oPeALU2z-Vp81g@mail.gmail.com> <A9F4CC49-3409-482E-8DD1-D60770719370@employees.org> <365F683D-89D6-4A42-B9F1-780453D9C1A5@nominum.com>
To: Ted Lemon <Ted.Lemon@nominum.com>
X-Mailer: Apple Mail (2.1990.1)
Archived-At: http://mailarchive.ietf.org/arch/msg/softwires/nAKYcQvehdvpehoHxQj_eabY49k
Cc: Softwires WG <softwires@ietf.org>
Subject: Re: [Softwires] MAP draft 11 question on fragment ID space reduction
X-BeenThere: softwires@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: softwires wg discussion list <softwires.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/softwires>, <mailto:softwires-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/softwires/>
List-Post: <mailto:softwires@ietf.org>
List-Help: <mailto:softwires-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/softwires>, <mailto:softwires-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Oct 2014 13:27:53 -0000
Ted, et al,
there are good arguments going both ways, so apologies for my changing opinion here. ;-)
we could go with the hand-wavy, there is a problem here, we don't have a good solution:
<t>If two IPv4 host behind two different MAP CE's with the
same IPv4 address sends fragments to an IPv4 destination host
outside the domain, those hosts may use the same IPv4
fragmentation identifier, resulting in incorrect reassembly of
the fragments at the destination host. Given that the IPv4
fragmentation identifier is a 16 bit field, it could be used
similarly to port ranges. A MAP CE could rewrite the IPv4
fragmentation identifier to be within its allocated port-set,
if the resulting fragment identifier space was large enough
related to the rate fragments was sent. However, splitting the
identifier space in this fashion would increase the
probability of reassembly collision for all connections
through the CPE. See also <xref target="RFC6864"/></t>
the alternatives are that we could say, since the problem of multiple CPEs with same IP address sending fragments to same destination required coordination that if the fragment id space was say 10 bits, then rewrite. or we could go even further and say that the CPE would have to throttle traffic to ensure that the id space didn't cycle within the reassembly timeout.
or we could drop the text altogether.
my preference would be the above proposed text. it has the problem description but it doesn't prescribe a solution.
any other opinion?
ps: whatever solution we have here should probably also apply to the other mechanisms. e.g. https://tools.ietf.org/html/draft-ietf-softwire-4rd-09#section-4.6.3
cheers,
Ole
> On 14 Oct 2014, at 15:32 , Ted Lemon <Ted.Lemon@nominum.com> wrote:
>
> On Oct 14, 2014, at 5:01 AM, Ole Troan <otroan@employees.org> wrote:
>> splitting the fragment id space so that there is only a single bit per CPE sounds like a corner case that should be disallowed. I don't know if we have the knowledge to be able to specify exactly how much of the fragment id space is safe to split up though.is it 4, 6, or 8 bits?
>
> There's a lot to think about here. The fragment ID translation algorithm probably needs to maintain a cache so that it doesn't accidentally overload fragment IDs. The set of all outstanding fragments has the potential to be larger than the set of all ports in use, so there is definitely reason to be concerned about shrinking the fragment ID space. However, shrinking the fragment ID space _does_ serve the useful purpose of isolating fragment ID collisions to the nodes that are supposed to be receiving the fragments.
>
> It may be that the right thing to do is to note that this is a problem, make a recommendation, but essentially leave it as future research, since we really haven't analyzed the problem in enough depth to make an informed recommendation.
>
>> if changing back to SHOULD from the MUST would lead people to accept that we leave the exact recommendations for further study I would be happy to do that.
>
> So yes, this might be a good way to go.
- [Softwires] MAP draft 11 question on fragment ID … Andrew 👽 Yourtchenko
- Re: [Softwires] MAP draft 11 question on fragment… Ole Troan
- Re: [Softwires] MAP draft 11 question on fragment… Ted Lemon
- Re: [Softwires] MAP draft 11 question on fragment… Rajiv Asati (rajiva)
- Re: [Softwires] MAP draft 11 question on fragment… Ted Lemon
- Re: [Softwires] MAP draft 11 question on fragment… Joe Touch
- Re: [Softwires] MAP draft 11 question on fragment… Ole Troan
- Re: [Softwires] MAP draft 11 question on fragment… Rémi Després
- Re: [Softwires] MAP draft 11 question on fragment… Andrew 👽 Yourtchenko
- Re: [Softwires] MAP draft 11 question on fragment… Ted Lemon