Re: [tcpm] PLPMTUD for all protocols
William Herrin <bill@herrin.us> Thu, 29 March 2018 15:03 UTC
Return-Path: <bill@herrin.us>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B7BE1270AE for <tcpm@ietfa.amsl.com>; Thu, 29 Mar 2018 08:03:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7EvDR4OGBuX1 for <tcpm@ietfa.amsl.com>; Thu, 29 Mar 2018 08:03:29 -0700 (PDT)
Received: from magic.dirtside.com (magics.dirtside.com [199.33.225.25]) by ietfa.amsl.com (Postfix) with ESMTP id 70A59120454 for <tcpm@ietf.org>; Thu, 29 Mar 2018 08:03:28 -0700 (PDT)
Received: from minoc.dirtside.com (minoc.dirtside.com [70.184.240.82]) by magic.dirtside.com (8.14.3/) with ESMTP id w2TF3HE8009381 for <tcpm@ietf.org>; Thu, 29 Mar 2018 11:03:18 -0400
X-Really-To: <tcpm@ietf.org>
Received: from mail-pf0-f177.google.com (mail-pf0-f177.google.com [209.85.192.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by minoc.dirtside.com (Postfix) with ESMTPSA id 9FE20EC857 for <tcpm@ietf.org>; Thu, 29 Mar 2018 11:03:17 -0400 (EDT)
Received: by mail-pf0-f177.google.com with SMTP id l27so3406593pfk.12 for <tcpm@ietf.org>; Thu, 29 Mar 2018 08:03:17 -0700 (PDT)
X-Gm-Message-State: AElRT7H43rDyVCnwyP1/8tdN1kiFogj+v95QIHnEp/LEdTA1yOyXglZh 0Rc+O+KgY/rBIDE5Nvd7rTqnUmdUV2+ePX7qxv8=
X-Google-Smtp-Source: AIpwx4+4K0MW29uQu/SzDw9EkmEvPIGXONFFDlfCxcBHeI5ORgcwCU17kTKxTzZh6oyYasXMUCQDQXGHnlzo5Kurr3M=
X-Received: by 2002:a17:902:8602:: with SMTP id f2-v6mr8558004plo.73.1522335795979; Thu, 29 Mar 2018 08:03:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.183.67 with HTTP; Thu, 29 Mar 2018 08:02:55 -0700 (PDT)
In-Reply-To: <B323BA47-32DF-498B-9D1F-5A378E7ABB98@strayalpha.com>
References: <alpine.DEB.2.20.1803281034310.20609@uplift.swm.pp.se> <CAP-guGVEcnk09yi8sz+fmghpeb91Y8tQb+LsEmSF+0e+f6oGhw@mail.gmail.com> <alpine.DEB.2.20.1803281747020.20609@uplift.swm.pp.se> <B323BA47-32DF-498B-9D1F-5A378E7ABB98@strayalpha.com>
From: William Herrin <bill@herrin.us>
Date: Thu, 29 Mar 2018 11:02:55 -0400
X-Gmail-Original-Message-ID: <CAP-guGXfds60dwJXgnSYdbtQ-qOCJGpiw1kcYUkJR8L3jwsFSA@mail.gmail.com>
Message-ID: <CAP-guGXfds60dwJXgnSYdbtQ-qOCJGpiw1kcYUkJR8L3jwsFSA@mail.gmail.com>
To: Joe Touch <touch@strayalpha.com>
Cc: Mikael Abrahamsson <swmike@swm.pp.se>, tcpm@ietf.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Checker: magic.dirtside.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/2hzyeQ0rlrPo6S7ym8o9uor86CM>
Subject: Re: [tcpm] PLPMTUD for all protocols
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Mar 2018 15:03:32 -0000
On Thu, Mar 29, 2018 at 9:32 AM, Joe Touch <touch@strayalpha.com> wrote: >> On Mar 28, 2018, at 8:51 AM, Mikael Abrahamsson <swmike@swm.pp.se> wrote: >> So I have no idea how to come to a best conclusion regarding the tradeoff between "doesn't work at all" and "doesn't work optimally in some cases". > > If making things more optimal in some cases causes some things to fail, you have chosen poorly. Hi Joe, Status quo is "doesn't work at all," the PMTUD black hole problem. PMTUD is arguably a design defect in IP: one of few cases in which the end to end principle is abandoned, requiring the intermediate router to communicate with an endpoint or else end to end communication fails. It's also arguable that every instance of a PMTUD black hole is a consequence of an operator configuration error. PLPMTUD is proposed as "doesn't work optimally in some cases." More to the point: suffers in common packet loss scenarios. Everybody takes a performance penalty to overcome common operator configuration errors. Alternatives to PLPMTUD include configuring the local TCP stack's MSS to the IPv6 minimum MTU (1280 bytes). This pretty much eliminates the PMTUD black hole problem by eliminating the need for detection. There's a negligible performance hit but a slightly increased consumption of bandwidth in the normal case. I've used this on my servers for years and the bottom line is that it works. It's also fair to wonder why router and firewall vendors don't offer configurations designed to mitigate the PMTUD black hole problem. Firewall vendors could warn on attempts to block ICMP or require explicit overrides to block ICMP destination unreachable messages. Router vendors could offer a configuration option to issue ICMP destination unreachables from the a configured public IP address rather than from the interface's (sometimes private) IP address. They don't do these things. In principle the IETF could even designate a standard public IP address to be used when routers that have no public IP addresses need to issue a a fragmentation needed message. After a couple equipment cycles the PMTUD black hole problem would presumably fall back to 1990s levels which weren't so bad. On Wed, Mar 28, 2018 at 11:51 AM, Mikael Abrahamsson <swmike@swm.pp.se> wrote: > 1. IPv6 doesn't have a DF bit that can be on or off, it's always implicitly > on. Thanks Mikael, I didn't realize that. > 2. Fragmentation doesn't usually happen if there is PMTUD blackhole. Do we have data on this? Is it a general case issue where routers refuse to fragment packets even if the DF bit is clear? We expect the router to forward a small enough unfragmented packet onward. I can't think of a reason that the PMTUD black holes and routers failing to fragment IPv4 packets where DF is clear would be linked issues. Regards, Bill Herrin -- William Herrin ................ herrin@dirtside.com bill@herrin.us Dirtside Systems ......... Web: <http://www.dirtside.com/>
- [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Tom Jones
- Re: [tcpm] PLPMTUD for all protocols rs.ietf
- Re: [tcpm] PLPMTUD for all protocols William Herrin
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Maxim Proshin [GMAIL]
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Joe Touch
- Re: [tcpm] PLPMTUD for all protocols William Herrin
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols William Herrin
- Re: [tcpm] PLPMTUD for all protocols Toerless Eckert
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols touch
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Joe Touch
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Gorry Fairhurst
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Gorry Fairhurst
- Re: [tcpm] PLPMTUD for all protocols William Herrin
- Re: [tcpm] PLPMTUD for all protocols Toerless Eckert
- Re: [tcpm] PLPMTUD for all protocols Toerless Eckert
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Joe Touch
- Re: [tcpm] PLPMTUD for all protocols Joe Touch
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Joe Touch
- Re: [tcpm] PLPMTUD for all protocols Toerless Eckert
- Re: [tcpm] PLPMTUD for all protocols Joe Touch
- Re: [tcpm] PLPMTUD for all protocols William Herrin
- Re: [tcpm] PLPMTUD for all protocols John Heffner