Re: [tcpm] [Softwires] TCP MSS clamping to try to deal with MTU issues in Dual-Stack Lite

"Yiu L. Lee" <yiu_lee@cable.comcast.com> Tue, 14 April 2009 13:04 UTC

Return-Path: <yiu_lee@cable.comcast.com>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 952F73A67E6; Tue, 14 Apr 2009 06:04:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.396
X-Spam-Level:
X-Spam-Status: No, score=-6.396 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_MODEMCABLE=0.768, HOST_EQ_MODEMCABLE=1.368, RCVD_IN_DNSWL_HI=-8, RCVD_NUMERIC_HELO=2.067]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sJAVbAzWcQvV; Tue, 14 Apr 2009 06:04:49 -0700 (PDT)
Received: from pacdcimo01.cable.comcast.com (PacdcIMO01.cable.comcast.com [24.40.8.145]) by core3.amsl.com (Postfix) with ESMTP id EF14D3A6A37; Tue, 14 Apr 2009 06:04:48 -0700 (PDT)
Received: from ([10.52.116.30]) by pacdcimo01.cable.comcast.com with ESMTP id 5503620.33953122; Tue, 14 Apr 2009 09:02:28 -0400
Received: from PACDCEXCMB04.cable.comcast.com ([24.40.15.86]) by PAOAKEXCSMTP01.cable.comcast.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 14 Apr 2009 09:02:28 -0400
Received: from 198.137.252.126 ([198.137.252.126]) by PACDCEXCMB04.cable.comcast.com ([24.40.15.86]) via Exchange Front-End Server webmail.comcast.com ([198.137.252.76]) with Microsoft Exchange Server HTTP-DAV ; Tue, 14 Apr 2009 13:02:13 +0000
User-Agent: Microsoft-Entourage/12.15.0.081119
Date: Tue, 14 Apr 2009 09:02:07 -0400
From: "Yiu L. Lee" <yiu_lee@cable.comcast.com>
To: Joe Touch <touch@ISI.EDU>, Magnus Westerlund <magnus.westerlund@ericsson.com>
Message-ID: <C60A018F.83F0%yiu_lee@cable.comcast.com>
Thread-Topic: [Softwires] [tcpm] TCP MSS clamping to try to deal with MTU issues in Dual-Stack Lite
Thread-Index: Acm5iNT/rkjheLTqSaKKqnVN179ifQDeGHg8
In-Reply-To: <49DBD9AF.4040605@isi.edu>
Mime-version: 1.0
Content-type: text/plain; charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable
X-OriginalArrivalTime: 14 Apr 2009 13:02:28.0599 (UTC) FILETIME=[43BF3070:01C9BD01]
X-Mailman-Approved-At: Tue, 14 Apr 2009 08:24:13 -0700
Cc: softwires@ietf.org, tcpm@ietf.org
Subject: Re: [tcpm] [Softwires] TCP MSS clamping to try to deal with MTU issues in Dual-Stack Lite
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Apr 2009 13:04:50 -0000

HI Joe,

In RFC2385 - Section 2.0 Item 2, it says

       2. the TCP header, excluding options, and assuming a checksum of
          zero

Since TCP options are excluded, changing MSS won't affect the MD5 mechanism,
will it?

In draft-ietf-tpcm-tcp-auth-opt-04.txt - Section 5 Item 2, it says

   2. A TCP option flag. When 0, this flag allows default operation,
      i.e., TCP options are included in the MAC calculation, with TCP-
      AO's MAC field zeroed out.  When 1, all options (excluding TCP-AO)
      are excluded from all MAC calculations (skipped over, not simply
      zeroed). The option flag applies to TCP options in both directions
      (incoming and outgoing segments).

      >> The TCP option flag MUST NOT change during a TCP connection.

      The TCP option flag cannot change during a connection because TCP
      state is coordinated during connection establishment. TCP lacks a
      handshake for modifying that state after a connection has been
      established.

Changing MSS could be a problem when TCP option flag is set to 0. When the
flag is set to 1, changing MSS is fine, isn't it?

Thanks,
Yiu 

 
On 4/7/09 6:54 PM, "Joe Touch" <touch@ISI.EDU> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi, all,
> 
> The solution has a bug: if TCP traffic uses TCP MD5 or TCP-AO, then it
> needs to be handled like non-TCP traffic, since MSS revision would
> destroy the packet's integrity.
> 
> IMO, this should be handled the simple way - remove the TCP case, and
> handle all traffic the non-TCP way.
> 
> Finally, if a NAT ever refuses to reassemble anything, it MUST issue an
> ICMP too-big IMO. The whole idea of creating a problem (encapsulating,
> decreasing the effective MSS on a path) then not cleaning it up
> yourself, or deciding when to clean it up based on *current* assumptions
> of network traffic is a bad idea and shouldn't be supported.
> 
> Joe
> 
> Magnus Westerlund wrote:
>> Hi,
>> 
>> There is a proposal to use TCP MSS clamping to deal with MTU issues that
>> comes from Dual-stack lite's tunnel encapsulation.
>> 
>> I think it would be good if TCPM could provide some feedback on this
>> proposal.
>> 
>> The relevant document and section:
>> http://tools.ietf.org/html/draft-ietf-softwire-dual-stack-lite-00
>> 
>> 7.4. MTU
>> 
>> 
>>    Using an encapsulation (IP in IP or L2TP) to carry IPv4 traffic over
>>    IPv6 will reduce the effective MTU of the datagrams.  Unfortunately,
>>    path MTU discovery is not a reliable method to deal with this.  As
>>    such a combination of solutions is suggested:
>> 
>>    o  For TCP traffic, let the carrier-grade NAT rewrite the MSS in the
>>       first SYN packet to a lower value.
>> 
>>    o  For non-TCP traffic, perform fragmentation and reassembly over the
>>       tunnel between the home gateway and the carrier grade NAT.  In
>>       practice, this means put the IPv4 packet into a large IPv6 packet
>>       and fragment/reassemble the IPv6 packet at each endpoint of the
>>       tunnel.  There is a performance price to pay for this.
>>       Fragmentation is not very expensive, but reassembly can be,
>>       especially on the carrier-grade NAT that would have to keep track
>>       of a lot of flows.  However, such a carrier-grade NAT would only
>>       have to perform reassembly for large UDP packets sourced by
>>       customers, not for large UDP packets received by customers.  In
>>       other words, streaming video to a customer would not have a
>>       significant impact on the performance of the carrier-grade NAT,
>>       but will require more work on the home gateway side.
>> 
>> Cheers
>> 
>> Magnus Westerlund
>> 
>> IETF Transport Area Director & TSVWG Chair
>> ----------------------------------------------------------------------
>> Multimedia Technologies, Ericsson Research EAB/TVM
>> ----------------------------------------------------------------------
>> Ericsson AB                | Phone  +46 10 7148287
>> Färögatan 6                | Mobile +46 73 0949079
>> SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com
>> ----------------------------------------------------------------------
>> _______________________________________________
>> tcpm mailing list
>> tcpm@ietf.org
>> https://www.ietf.org/mailman/listinfo/tcpm
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iEYEARECAAYFAknb2a8ACgkQE5f5cImnZrs0ewCg7ScElkpLrz20zSpTMnXuRApa
> CPsAoIyhk9N9K2fPpEJTyShMKeZNLxD/
> =9ob2
> -----END PGP SIGNATURE-----
> _______________________________________________
> Softwires mailing list
> Softwires@ietf.org
> https://www.ietf.org/mailman/listinfo/softwires
>