IETF Logo Mail Archive

Re: [tcpm] PLPMTUD for all protocols

Mikael Abrahamsson <swmike@swm.pp.se> Thu, 29 March 2018 15:31 UTC

Return-Path: <swmike@swm.pp.se>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E67912D957 for <tcpm@ietfa.amsl.com>; Thu, 29 Mar 2018 08:31:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Level:
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=swm.pp.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6rHoRF2UUKz3 for <tcpm@ietfa.amsl.com>; Thu, 29 Mar 2018 08:31:32 -0700 (PDT)
Received: from uplift.swm.pp.se (ipv6.swm.pp.se [IPv6:2a00:801::f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24CC0127201 for <tcpm@ietf.org>; Thu, 29 Mar 2018 08:31:32 -0700 (PDT)
Received: by uplift.swm.pp.se (Postfix, from userid 501) id 0E8DDAF; Thu, 29 Mar 2018 17:31:30 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=swm.pp.se; s=mail; t=1522337490; bh=FiGgzbZ37ZzWq/26VX9O6G79Uq20l3jWVWcUqoK9h9o=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=3YYmw9wqd98kgdFRx8wgGUjxCRY3FnD7UeiP9En37HknXsUApxdG0nYb6MjGjpcbS F5V2KbBKDGf6EaUzWLRsZV0ujWitmSa/FRzOblgMdTPT+36jdYyggcBLuoMp/sJ3ig S4MlU6ILzWpfpTDRTKEYmZ9Z86Zs8m9jgFHW+qWI=
Received: from localhost (localhost [127.0.0.1]) by uplift.swm.pp.se (Postfix) with ESMTP id 0C7B69F; Thu, 29 Mar 2018 17:31:30 +0200 (CEST)
Date: Thu, 29 Mar 2018 17:31:30 +0200
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: William Herrin <bill@herrin.us>
cc: Joe Touch <touch@strayalpha.com>, tcpm@ietf.org
In-Reply-To: <CAP-guGXfds60dwJXgnSYdbtQ-qOCJGpiw1kcYUkJR8L3jwsFSA@mail.gmail.com>
Message-ID: <alpine.DEB.2.20.1803291727100.20609@uplift.swm.pp.se>
References: <alpine.DEB.2.20.1803281034310.20609@uplift.swm.pp.se> <CAP-guGVEcnk09yi8sz+fmghpeb91Y8tQb+LsEmSF+0e+f6oGhw@mail.gmail.com> <alpine.DEB.2.20.1803281747020.20609@uplift.swm.pp.se> <B323BA47-32DF-498B-9D1F-5A378E7ABB98@strayalpha.com> <CAP-guGXfds60dwJXgnSYdbtQ-qOCJGpiw1kcYUkJR8L3jwsFSA@mail.gmail.com>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
Organization: People's Front Against WWW
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/MzNI9MojBjb0_1tWZeqnMwRuaGo>
Subject: Re: [tcpm] PLPMTUD for all protocols
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Mar 2018 15:31:35 -0000

On Thu, 29 Mar 2018, William Herrin wrote:

> fails. It's also arguable that every instance of a PMTUD black hole is
> a consequence of an operator configuration error.

Some are, some are not.

> It's also fair to wonder why router and firewall vendors don't offer 
> configurations designed to mitigate the PMTUD black hole problem. 
> Firewall vendors could warn on attempts to block ICMP or require 
> explicit overrides to block ICMP destination unreachable messages. 
> Router vendors could offer a configuration option to issue ICMP 
> destination unreachables from the a configured public IP address rather 
> than from the interface's (sometimes private) IP address. They don't do 
> these things.

These are some reasons for PMTUD blackhole, but far from all. Some are 
caused by anycast configurations where the ICMP packet simply doesn't make 
it to the node that needs it. Load balancers doing the wrong thing.

> In principle the IETF could even designate a standard public IP address 
> to be used when routers that have no public IP addresses need to issue a 
> a fragmentation needed message. After a couple equipment cycles the 
> PMTUD black hole problem would presumably fall back to 1990s levels 
> which weren't so bad.

My take on this is that operators should do the right thing (make PMTUD 
work), and protocols should handle when things go wrong.

I have very little problem with TCP using an extremely stupid algorithm as 
in "I'll use PMTUD, but if it doesn't work I'm going to try 576/1280, and 
if that works I sometimes go back to PMTUD value to see if things have 
improved". This still means it'll work, somewhat.

-- 
Mikael Abrahamsson    email: swmike@swm.pp.se

v2.23.0 | Report a Bug | By Email