Re: FWD:: Re: [e2e] Re: Question on "identification" field of IP

Mark Allman <mallman@grc.nasa.gov> Thu, 19 December 2002 04:33 UTC

Message-Id: <200212190433.gBJ4XoJg040392@thoth.ir.bbn.com>
To: tcp-impl@grc.nasa.gov
From: Mark Allman <mallman@grc.nasa.gov>
Reply-To: tcp-impl@grc.nasa.gov
Subject: Re: FWD:: Re: [e2e] Re: Question on "identification" field of IP
Organization: BBN Technologies/NASA GRC
Song-of-the-Day: Not Fade Away
Date: Wed, 18 Dec 2002 23:33:50 -0500
Sender: owner-tcp-impl@grc.nasa.gov
Precedence: bulk
Status: RO
Content-Length: 2238
Lines: 56

 

------- Forwarded Message

From: Richard Wendland <richard@starburst.demon.co.uk>
Subject: Re: FWD:: Re: [e2e] Re: Question on "identification" field of IP
To: touch@ISI.EDU (Joe Touch)
Date: Thu, 19 Dec 2002 01:22:44 +0000 (GMT)
Cc: mallman@grc.nasa.gov, tcp-impl@grc.nasa.gov

> > I'd be very careful fixing the IP ID - I have been told by one major
> > "interconnect" vendor that some of their products have ways to allow
> > the customer (at customers persistent request) to cause the devices to
> > ignore and clear the DF bit...
> 
> That would be a violation of the STDs (1812, 791), which could cause 
> problems that would be very difficult to debug (e.g., path MTU, etc.)
> 
> I.e., you're worried about changing the IP ID field because vendors who 
> violate standards will break? Go right ahead, IMO.
> 
> Laws for the lawless are a waste of effort (shades of NAT).

An admirable attitude, but even Linux backtracked on this IP ID issue
when faced with practical connectivity problems.  Linux for a time used
to set IP ID zero if DF was set, but went back to setting changing IP
IDs for TCP with DF.

I'm not a Linux kernel developer, but I think that change back is related
to the comment in the kernel include/net/ip.h:

	/* This is only to work around buggy Windows95/2000
	 * VJ compression implementations.  If the ID field
	 * does not change, they drop every other packet in
	 * a TCP stream using header compression.
	 */

I believe that comment and associated code setting IP ID was added in
Linux 2.4.4.

I also think I have observed a middlebox clearing DF; circumstantial
evidence not proof though.  It appeared to me, from remote observation,
that a HTTP load balancing device was clearing DF on TCP segments
en-route from HTTP servers to clients.  I presume this is because the load
balancer's developers could not be bothered to "route" ICMP fragmentation
needed back to the appropriate HTTP server.  If this is correct, and the
load balancer isn't cleverly changing the IP ID, there could be problems
if TCP stacks don't set a real IP ID.

It's horrid, and wrong.  But it is a problem for practical connectivity.

	Richard
- -- 
Richard Wendland				richard@codeburst.co.uk

------- End of Forwarded Message