Re: [tcpm] PLPMTUD for all protocols
Toerless Eckert <tte@cs.fau.de> Thu, 29 March 2018 17:49 UTC
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6842B124235 for <tcpm@ietfa.amsl.com>; Thu, 29 Mar 2018 10:49:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.96
X-Spam-Level:
X-Spam-Status: No, score=-3.96 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GGJscjY4tvGr for <tcpm@ietfa.amsl.com>; Thu, 29 Mar 2018 10:49:31 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5ECA12E044 for <tcpm@ietf.org>; Thu, 29 Mar 2018 10:49:25 -0700 (PDT)
Received: from faui40p.informatik.uni-erlangen.de (faui40p.informatik.uni-erlangen.de [131.188.34.77]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id 2FEFC58C516; Thu, 29 Mar 2018 19:49:21 +0200 (CEST)
Received: by faui40p.informatik.uni-erlangen.de (Postfix, from userid 10463) id 190E3B0DE85; Thu, 29 Mar 2018 19:49:21 +0200 (CEST)
Date: Thu, 29 Mar 2018 19:49:20 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: William Herrin <bill@herrin.us>
Cc: Mikael Abrahamsson <swmike@swm.pp.se>, tcpm@ietf.org, Joe Touch <touch@strayalpha.com>
Message-ID: <20180329174920.GV30215@faui40p.informatik.uni-erlangen.de>
References: <alpine.DEB.2.20.1803281034310.20609@uplift.swm.pp.se> <CAP-guGVEcnk09yi8sz+fmghpeb91Y8tQb+LsEmSF+0e+f6oGhw@mail.gmail.com> <alpine.DEB.2.20.1803281747020.20609@uplift.swm.pp.se> <B323BA47-32DF-498B-9D1F-5A378E7ABB98@strayalpha.com> <CAP-guGXfds60dwJXgnSYdbtQ-qOCJGpiw1kcYUkJR8L3jwsFSA@mail.gmail.com> <alpine.DEB.2.20.1803291727100.20609@uplift.swm.pp.se> <CAP-guGWhyS0UW9YwsQyA10iN_M=yc4H8NqKAgWH=zPBFhscJxQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAP-guGWhyS0UW9YwsQyA10iN_M=yc4H8NqKAgWH=zPBFhscJxQ@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/TgT741cec0Qvg9NLKndPff3tm-o>
Subject: Re: [tcpm] PLPMTUD for all protocols
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Mar 2018 17:49:34 -0000
So, whats the summary ? Write rfc4821bis with recommendations for an additional, simplified procedure dropping to 1280/576 and use most simple upspeeding option ? Because 10 years have shown full rfc4821 is not widely supported in host stack because its too complex ? Another, potentially complementary option is to do an rfc3542bis or some small "highly reliable socket" BCP recommendation for apps requring highest reliability to use 1280/576 MTU through appropriate socket API calls. Could be done n TAPS ? In any case, it would be good to document the broken cases Mikael mentions as well as the difficulties getting complex host stack workarounds implemented broadly - otherwise it will be hard to persuade the MTU/performance part of the community of any such recommendations. Cheers toerless On Thu, Mar 29, 2018 at 12:58:07PM -0400, William Herrin wrote: > On Thu, Mar 29, 2018 at 11:31 AM, Mikael Abrahamsson <swmike@swm.pp.se> wrote: > > On Thu, 29 Mar 2018, William Herrin wrote: > >> It's also fair to wonder why router and firewall vendors don't offer > >> configurations designed to mitigate the PMTUD black hole problem. Firewall > >> vendors could warn on attempts to block ICMP or require explicit overrides > >> to block ICMP destination unreachable messages. Router vendors could offer a > >> configuration option to issue ICMP destination unreachables from the a > >> configured public IP address rather than from the interface's (sometimes > >> private) IP address. They don't do these things. > > > > These are some reasons for PMTUD blackhole, but far from all. Some are > > caused by anycast configurations where the ICMP packet simply doesn't make > > it to the node that needs it. Load balancers doing the wrong thing. > > Hi Mikael, > > Load balancers doing the wrong thing seems to me like some combination > of implementation error and configuration error. > > How would PLPMTUD detect a path MTU black hole for DNS response > packets from an anycasted node? It's fire and forget; the server is > not expecting another packet from the querent. > > Where something more complicated is done with anycast such as TCP > without suitable modifications (e.g. > https://bill.herrin.us/network/anycasttcp.html) then they've already > accepted that a portion of their prospective users will be > unreachable. I have no sympathy when folks decide to intentionally > implement breakage because it will, statistically, only be broken some > of the time. > > You make an interesting point here about icmp unreachables in the TCP > anycast scenario that I haven't accounted for in that paper. I'll have > to think that through. > > > > My take on this is that operators should do the right thing (make PMTUD > > work), and protocols should handle when things go wrong. > > Operators "should" have the tools which: > > A) make it practical to make PMTUD work in all commonly deployed > architectures and > > B) do a respectable job preventing "design induced operator error" > with respect to PMTUD. > > Currently shipping routers and firewalls mostly fail both criteria. > > > > I have very little problem with TCP using an extremely stupid algorithm as > > in "I'll use PMTUD, but if it doesn't work I'm going to try 576/1280, and if > > that works I sometimes go back to PMTUD value to see if things have > > improved". This still means it'll work, somewhat. > > I have no problem with falling back after a smart enough delay/retry > cycle concludes a very high probability a PMTUD black hole. I have > little problem with those connections suffering the performance hit of > small packets for the duration. I have a bigger problem if routine > packet loss or a brief path outage gets commonly misdetected as a > PMTUD black hole. I worry most that allowing the algorithm to the hunt > for the MTU will justify allowing a higher false positive rate for > black hole detection so that everybody suffers a performance hit even > when there are no black holes. There are no obvious ways to implement > that hunt which don't harm performance. I'd rather see it fall back > and stay back with an OS tunable for how confident it has to be of a > black hole before it falls back. > > Regards, > Bill Herrin > > > > -- > William Herrin ................ herrin@dirtside.com bill@herrin.us > Dirtside Systems ......... Web: <http://www.dirtside.com/> > > _______________________________________________ > tcpm mailing list > tcpm@ietf.org > https://www.ietf.org/mailman/listinfo/tcpm -- --- tte@cs.fau.de
- [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Tom Jones
- Re: [tcpm] PLPMTUD for all protocols rs.ietf
- Re: [tcpm] PLPMTUD for all protocols William Herrin
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Maxim Proshin [GMAIL]
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Joe Touch
- Re: [tcpm] PLPMTUD for all protocols William Herrin
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols William Herrin
- Re: [tcpm] PLPMTUD for all protocols Toerless Eckert
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols touch
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Joe Touch
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Gorry Fairhurst
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Gorry Fairhurst
- Re: [tcpm] PLPMTUD for all protocols William Herrin
- Re: [tcpm] PLPMTUD for all protocols Toerless Eckert
- Re: [tcpm] PLPMTUD for all protocols Toerless Eckert
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Joe Touch
- Re: [tcpm] PLPMTUD for all protocols Joe Touch
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Joe Touch
- Re: [tcpm] PLPMTUD for all protocols Toerless Eckert
- Re: [tcpm] PLPMTUD for all protocols Joe Touch
- Re: [tcpm] PLPMTUD for all protocols William Herrin
- Re: [tcpm] PLPMTUD for all protocols John Heffner