Re: [tcpm] PLPMTUD for all protocols
Toerless Eckert <tte@cs.fau.de> Fri, 30 March 2018 14:05 UTC
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27016127058 for <tcpm@ietfa.amsl.com>; Fri, 30 Mar 2018 07:05:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.961
X-Spam-Level:
X-Spam-Status: No, score=-3.961 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bu7TO6P5b_OP for <tcpm@ietfa.amsl.com>; Fri, 30 Mar 2018 07:05:01 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B47D0126DCA for <tcpm@ietf.org>; Fri, 30 Mar 2018 07:05:01 -0700 (PDT)
Received: from faui40p.informatik.uni-erlangen.de (faui40p.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:77]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id 458F658C4C8; Fri, 30 Mar 2018 16:04:57 +0200 (CEST)
Received: by faui40p.informatik.uni-erlangen.de (Postfix, from userid 10463) id 2DD62B0DE9A; Fri, 30 Mar 2018 16:04:57 +0200 (CEST)
Date: Fri, 30 Mar 2018 16:04:57 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: William Herrin <bill@herrin.us>
Cc: Joe Touch <touch@strayalpha.com>, tcpm@ietf.org
Message-ID: <20180330140456.GH3590@faui40p.informatik.uni-erlangen.de>
References: <alpine.DEB.2.20.1803281034310.20609@uplift.swm.pp.se> <CAP-guGVEcnk09yi8sz+fmghpeb91Y8tQb+LsEmSF+0e+f6oGhw@mail.gmail.com> <alpine.DEB.2.20.1803281747020.20609@uplift.swm.pp.se> <B323BA47-32DF-498B-9D1F-5A378E7ABB98@strayalpha.com> <CAP-guGXfds60dwJXgnSYdbtQ-qOCJGpiw1kcYUkJR8L3jwsFSA@mail.gmail.com> <alpine.DEB.2.20.1803291727100.20609@uplift.swm.pp.se> <CAP-guGWhyS0UW9YwsQyA10iN_M=yc4H8NqKAgWH=zPBFhscJxQ@mail.gmail.com> <20180329174920.GV30215@faui40p.informatik.uni-erlangen.de> <CAP-guGVGp8k37b__hb6ve5V9h3QyYAivpA+X8iqJB_vskBnc=g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAP-guGVGp8k37b__hb6ve5V9h3QyYAivpA+X8iqJB_vskBnc=g@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/to9lMbyh-hU9UtvTlqNQbYr12f0>
Subject: Re: [tcpm] PLPMTUD for all protocols
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Mar 2018 14:05:04 -0000
William, Thanks for making suggestions how the network can behave better, no idea why i am starting to give up on that idea *sigh* This part of the discussion would probably be better on v6ops@ietf.org more inline. On Fri, Mar 30, 2018 at 08:44:46AM -0400, William Herrin wrote: > My thoughts run this direction: > > 1. Recommend that router implementations "SHOULD" provide the option > to generate ICMPv4 type 3 code 4 (fragmentation needed) messages and > ICMPv6 type 2 (packet too big) messages from an address different than > the source interface address. They Dan't today, creating lots of cases > where the operator has to sacrifice PMTUD. rfc1918/ULA on interfaces plus RPF later on ? SP edge filtering of IF-address ranges ? Any other known systematic reasons ? Would be good to document systematic reasons to make sure suggested workarounds can fix them. The main problem iwth such a command is to make operators not forget applying it. Or even having an address that would allow for the packet to be passed back. > 2. Recommend that firewall implementations "SHOULD NOT" filter ICMPv4 > type 3 code 4 (fragmentation needed) messages or ICMPv6 type 2 (packet > too big) messages unless explicitly configured to do so. In other > words, the instruction to filter all ICMP will not result in dropping > fragmentation needed messages but the explicit instruction to drop > fragmentation needed messages specifically will. Today's firewall > tools make it too easy to accidentally kill PMTUD. I am a lot more pessimistic of any form of IETF recommendation to impact firewalls positively. At its core, most IETF design does not even acknowledge the need for firewalls and has not designed network services for their presence. I would also bet there are possible attack vectors with ICMP fragmentation needed messages. And what else does a fireall operator need to break something... We can try of course. I think these days the way how you would be achieve something like that is to define some YANG model that contains the equivalent of such commands - You can make such a YANG model standards track. CLI recommendations at best are BCP. > Let's maximize the chance of PMTUD working as designed and then build > something optimized for the residual cases where it still doesn't. > > > Write rfc4821bis with recommendations for an additional, > > simplified procedure dropping to 1280/576 and use most simple upspeeding > > option ? > > That is #3. And I'd like to be smart about fallback at the expense of > efficiency in the black hole case. Send the 1280 packet. If it works, > send another full size packet to confirm it still fails before > accepting 1280 as the path mtu. If the 1280 and 576 packets don't work > either, don't try the fallback again: it's not path mtu. Maybe the RFC > is already smart about this; I didn't read closely enough. > > 4. Go back to the ground truths and reconsider whether we have > satisfactory information at layer 3 to make reliable decisions about > path mtu. Because of the fate sharing issue, I think PMTUD wants to be > a layer 4 problem implemented independently in each layer 4 protocol > with layer 3 offering hints from ICMP when available. Maybe this is > something that should be kicked over to the IRTF for investigation. Sure, you can bring the problem to PANRG. The main issue is that cool new solutions will not fix broken old equipment, so most efforts we seem to spend in IETF are about workarounds for that broken old equipment (points 1..3). And every time you try to do something new & better, you get hammered down by IETF with "oh, this will take a decade to see any adoption, go away". > Regards, > Bill Herrin > > > -- > William Herrin ................ herrin@dirtside.com bill@herrin.us > Dirtside Systems ......... Web: <http://www.dirtside.com/> > > _______________________________________________ > tcpm mailing list > tcpm@ietf.org > https://www.ietf.org/mailman/listinfo/tcpm -- --- tte@cs.fau.de
- [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Tom Jones
- Re: [tcpm] PLPMTUD for all protocols rs.ietf
- Re: [tcpm] PLPMTUD for all protocols William Herrin
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Maxim Proshin [GMAIL]
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Joe Touch
- Re: [tcpm] PLPMTUD for all protocols William Herrin
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols William Herrin
- Re: [tcpm] PLPMTUD for all protocols Toerless Eckert
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols touch
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Joe Touch
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Gorry Fairhurst
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Gorry Fairhurst
- Re: [tcpm] PLPMTUD for all protocols William Herrin
- Re: [tcpm] PLPMTUD for all protocols Toerless Eckert
- Re: [tcpm] PLPMTUD for all protocols Toerless Eckert
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Joe Touch
- Re: [tcpm] PLPMTUD for all protocols Joe Touch
- Re: [tcpm] PLPMTUD for all protocols Mikael Abrahamsson
- Re: [tcpm] PLPMTUD for all protocols Joe Touch
- Re: [tcpm] PLPMTUD for all protocols Toerless Eckert
- Re: [tcpm] PLPMTUD for all protocols Joe Touch
- Re: [tcpm] PLPMTUD for all protocols William Herrin
- Re: [tcpm] PLPMTUD for all protocols John Heffner