IETF Logo Mail Archive

Re: [tcpm] PLPMTUD for all protocols

Toerless Eckert <tte@cs.fau.de> Thu, 29 March 2018 17:49 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6842B124235 for <tcpm@ietfa.amsl.com>; Thu, 29 Mar 2018 10:49:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.96
X-Spam-Level:
X-Spam-Status: No, score=-3.96 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GGJscjY4tvGr for <tcpm@ietfa.amsl.com>; Thu, 29 Mar 2018 10:49:31 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5ECA12E044 for <tcpm@ietf.org>; Thu, 29 Mar 2018 10:49:25 -0700 (PDT)
Received: from faui40p.informatik.uni-erlangen.de (faui40p.informatik.uni-erlangen.de [131.188.34.77]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id 2FEFC58C516; Thu, 29 Mar 2018 19:49:21 +0200 (CEST)
Received: by faui40p.informatik.uni-erlangen.de (Postfix, from userid 10463) id 190E3B0DE85; Thu, 29 Mar 2018 19:49:21 +0200 (CEST)
Date: Thu, 29 Mar 2018 19:49:20 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: William Herrin <bill@herrin.us>
Cc: Mikael Abrahamsson <swmike@swm.pp.se>, tcpm@ietf.org, Joe Touch <touch@strayalpha.com>
Message-ID: <20180329174920.GV30215@faui40p.informatik.uni-erlangen.de>
References: <alpine.DEB.2.20.1803281034310.20609@uplift.swm.pp.se> <CAP-guGVEcnk09yi8sz+fmghpeb91Y8tQb+LsEmSF+0e+f6oGhw@mail.gmail.com> <alpine.DEB.2.20.1803281747020.20609@uplift.swm.pp.se> <B323BA47-32DF-498B-9D1F-5A378E7ABB98@strayalpha.com> <CAP-guGXfds60dwJXgnSYdbtQ-qOCJGpiw1kcYUkJR8L3jwsFSA@mail.gmail.com> <alpine.DEB.2.20.1803291727100.20609@uplift.swm.pp.se> <CAP-guGWhyS0UW9YwsQyA10iN_M=yc4H8NqKAgWH=zPBFhscJxQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAP-guGWhyS0UW9YwsQyA10iN_M=yc4H8NqKAgWH=zPBFhscJxQ@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/TgT741cec0Qvg9NLKndPff3tm-o>
Subject: Re: [tcpm] PLPMTUD for all protocols
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Mar 2018 17:49:34 -0000

So, whats the summary ?

Write rfc4821bis with recommendations for an additional,
simplified procedure dropping to 1280/576 and use most simple upspeeding 
option ? Because 10 years have shown full rfc4821 is not widely supported
in host stack because its too complex ?

Another, potentially complementary option is to do an rfc3542bis
or some small "highly reliable socket" BCP recommendation for
apps requring highest reliability to use 1280/576 MTU through appropriate
socket API calls. Could be done n TAPS ?

In any case, it would be good to document the broken cases Mikael
mentions as well as the difficulties getting complex host stack
workarounds implemented broadly - otherwise it will be hard to persuade
the MTU/performance part of the community of any such recommendations.

Cheers
    toerless

On Thu, Mar 29, 2018 at 12:58:07PM -0400, William Herrin wrote:
> On Thu, Mar 29, 2018 at 11:31 AM, Mikael Abrahamsson <swmike@swm.pp.se> wrote:
> > On Thu, 29 Mar 2018, William Herrin wrote:
> >> It's also fair to wonder why router and firewall vendors don't offer
> >> configurations designed to mitigate the PMTUD black hole problem. Firewall
> >> vendors could warn on attempts to block ICMP or require explicit overrides
> >> to block ICMP destination unreachable messages. Router vendors could offer a
> >> configuration option to issue ICMP destination unreachables from the a
> >> configured public IP address rather than from the interface's (sometimes
> >> private) IP address. They don't do these things.
> >
> > These are some reasons for PMTUD blackhole, but far from all. Some are
> > caused by anycast configurations where the ICMP packet simply doesn't make
> > it to the node that needs it. Load balancers doing the wrong thing.
> 
> Hi Mikael,
> 
> Load balancers doing the wrong thing seems to me like some combination
> of implementation error and configuration error.
> 
> How would PLPMTUD detect a path MTU black hole for DNS response
> packets from an anycasted node? It's fire and forget; the server is
> not expecting another packet from the querent.
> 
> Where something more complicated is done with anycast such as TCP
> without suitable modifications (e.g.
> https://bill.herrin.us/network/anycasttcp.html) then they've already
> accepted that a portion of their prospective users will be
> unreachable. I have no sympathy when folks decide to intentionally
> implement breakage because it will, statistically, only be broken some
> of the time.
> 
> You make an interesting point here about icmp unreachables in the TCP
> anycast scenario that I haven't accounted for in that paper. I'll have
> to think that through.
> 
> 
> > My take on this is that operators should do the right thing (make PMTUD
> > work), and protocols should handle when things go wrong.
> 
> Operators "should" have the tools which:
> 
> A) make it practical to make PMTUD work in all commonly deployed
> architectures and
> 
> B) do a respectable job preventing "design induced operator error"
> with respect to PMTUD.
> 
> Currently shipping routers and firewalls mostly fail both criteria.
> 
> 
> > I have very little problem with TCP using an extremely stupid algorithm as
> > in "I'll use PMTUD, but if it doesn't work I'm going to try 576/1280, and if
> > that works I sometimes go back to PMTUD value to see if things have
> > improved". This still means it'll work, somewhat.
> 
> I have no problem with falling back after a smart enough delay/retry
> cycle concludes a very high probability a PMTUD black hole. I have
> little problem with those connections suffering the performance hit of
> small packets for the duration. I have a bigger problem if routine
> packet loss or a brief path outage gets commonly misdetected as a
> PMTUD black hole. I worry most that allowing the algorithm to the hunt
> for the MTU will justify allowing a higher false positive rate for
> black hole detection so that everybody suffers a performance hit even
> when there are no black holes. There are no obvious ways to implement
> that hunt which don't harm performance. I'd rather see it fall back
> and stay back with an OS tunable for how confident it has to be of a
> black hole before it falls back.
> 
> Regards,
> Bill Herrin
> 
> 
> 
> -- 
> William Herrin ................ herrin@dirtside.com  bill@herrin.us
> Dirtside Systems ......... Web: <http://www.dirtside.com/>
> 
> _______________________________________________
> tcpm mailing list
> tcpm@ietf.org
> https://www.ietf.org/mailman/listinfo/tcpm

-- 
---
tte@cs.fau.de

v2.23.0 | Report a Bug | By Email