Re: [tram] A few comments on draft-ietf-tram-stun-pmtud-17.txt
Gorry Fairhurst <gorry@erg.abdn.ac.uk> Mon, 14 September 2020 17:04 UTC
Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15F1D3A0D71 for <tram@ietfa.amsl.com>; Mon, 14 Sep 2020 10:04:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4cVfGjqVytD0 for <tram@ietfa.amsl.com>; Mon, 14 Sep 2020 10:04:19 -0700 (PDT)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [IPv6:2001:630:42:150::2]) by ietfa.amsl.com (Postfix) with ESMTP id F1FF73A0D70 for <tram@ietf.org>; Mon, 14 Sep 2020 10:04:18 -0700 (PDT)
Received: from GF-MacBook-Pro.lan (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id 03CED1B001AD; Mon, 14 Sep 2020 18:04:06 +0100 (BST)
To: "Felipe Garrido (fegarrid)" <fegarrid@cisco.com>, "tram@ietf.org" <tram@ietf.org>
Cc: "gorry@abdn.ac.uk" <gorry@abdn.ac.uk>
References: <7c201e29-1a63-39ed-cdd9-3b8b9ac383e6@erg.abdn.ac.uk> <860e8240-ce51-5407-4187-92478262f87c@erg.abdn.ac.uk> <179FB260-1FAC-419B-B5F4-86F850177C97@cisco.com> <04b71d3e-1c79-cdc1-5b20-906732ffa768@erg.abdn.ac.uk> <025EEF1A-A751-4A45-A36F-70CCC043255C@cisco.com> <41CA9214-D8C3-4A40-BAB7-43BD40F40A63@cisco.com>
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Message-ID: <5c416da8-931c-cc51-8662-0841d3f87e31@erg.abdn.ac.uk>
Date: Mon, 14 Sep 2020 18:04:06 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <41CA9214-D8C3-4A40-BAB7-43BD40F40A63@cisco.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/KI4CfXJ6AglurKnzMAAY2gvrYaw>
Subject: Re: [tram] A few comments on draft-ietf-tram-stun-pmtud-17.txt
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Sep 2020 17:04:22 -0000
Thanks for this new revision! It indeed answers many of the issues that were identified. I do still see a few things left that the WG should decide upon, and hope this helps: --- The text says this:"A client MUST NOT send a probe if it does not have knowledge that the server supports this specification. This is done either by external signalling or by a mechanism specific to the UDP protocol to which PMTUD capabilities are added or by one of the mechanisms specified in Section 5." - This looks like a strong requirement without saying why this is a "MUST NOT". - I don't actually understand how this is determined in this spec and how this can be extened to other protocols. --- In section 7: This section has added a section that is a cross-reference to sections in DPLPMTUD. This does seem like a useful addition (and appropriate). Currently this doesn’t really seem to me to have enough detail to clearly see how the two sets of text relate, one might have to read both to figure out the details, and if that’s the case, maybe it could be helpful tp be explained up front in the intriduction? --- DPLPMTUD contains guidance on flow control and congestion control. This doesn’t describe the implications of probing on flow control control. I’m not sure the current text is enough: 8. Probing and flow control: This requirement is out of scope and is not discussed in this document. - Do probe packets count as credit to an upper layer protocol using this method? Here are there options: One could be to explain how this is done, the easiest mighht be to explain the usage in STUN does not require this, or the third: defer to DPLPMTUD saying this applies. --- “9. Shared PLPMTU state: This requirement is out of scope and is not discussed in this document.” - Why is 9. out of scope? ... what does the method do with the (PL)PMTU value that it discovers? How is this made available to a user of the method and is the method cached in way? - How does the method relate to the cached value of PMTUD at the sender, if that is already running on a platform, doesn't this new method mean than the PMTU cache and PTB-updates have to be over-ridden, as is the case when using DPLPMTUD with other protocol stacks? - Also is it that the discovered (PL)PMTU value can never be cached by another usage of STUN? (I may have misunderstood) --- Section 7. Rev-18 also introduces quite a few typos - but I assume a spelling checker will find and help correct these. --- That leaves Section 5: I still don’t yet see changes in this version to section 5: “The PMTUD mechanism described in this document is intended to be used by any UDP-based protocols that do not have built-in PMTUD capabilities, irrespective of whether those UDP-based protocols are STUN-based or not. " - Please see comments made in the previous last call, about this ID not defining this for other UDP-based protocols. At the moment it still says this ID applies to other uses of UDP (which I did not see explained, nor do I think this is needed). To me, much of the spec proposed seems to me to rely upon the STUN multiplexing to sepearate the probe packets from data, to receive feedback and to introduce padding. - Please discuss the expected scope of the spec with your WG AD, and suggest how to best take section 5 forward. I'll happilly review a new revision. --- Gorry On 14/09/2020 15:27, Felipe Garrido (fegarrid) wrote: > > Hi Gorry, > > > > Have you had a chance to review the latest draft? > > > > Thanks, > > -Felipe > > > > From: "Felipe Garrido (fegarrid)" <fegarrid@cisco.com> > Date: Wednesday, August 19, 2020 at 11:24 AM > To: Gorry Fairhurst <gorry@erg.abdn.ac.uk>, "tram@ietf.org" <tram@ietf.org> > Cc: "gorry@abdn.ac.uk" <gorry@abdn.ac.uk> > Subject: Re: [tram] A few comments on draft-ietf-tram-stun-pmtud-17.txt > > > > Hi Gorry, > > > > Version 18 has been published with the changes mentioned below. To make sure readers are aware, can you add an informative reference to stun-pmtud in the tsvwg-datagram-plpmtud draft? > > > > Thanks, > > -Felipe > > > > From: Gorry Fairhurst <gorry@erg.abdn.ac.uk> > Date: Tuesday, August 4, 2020 at 5:05 AM > To: "Felipe Garrido (fegarrid)" <fegarrid@cisco.com>, "tram@ietf.org" <tram@ietf.org> > Cc: "gorry@abdn.ac.uk" <gorry@abdn.ac.uk> > Subject: Re: [tram] A few comments on draft-ietf-tram-stun-pmtud-17.txt > > > > > > On 03/08/2020 14:39, Felipe Garrido (fegarrid) wrote: > > Hi Gorry, > > > > Thank you for the comments. Responses are in-line. > > > > Thanks, > > -Felipe > > > > From: tram <tram-bounces@ietf.org> on behalf of Gorry Fairhurst <gorry@erg.abdn.ac.uk> > Date: Tuesday, July 14, 2020 at 9:24 AM > To: "tram@ietf.org" <tram@ietf.org> > Cc: "gorry@abdn.ac.uk" <gorry@abdn.ac.uk> > Subject: [tram] A few comments on draft-ietf-tram-stun-pmtud-17.txt > > > > I had a look at draft-ietf-tram-stun-pmtud-17 with respect to the last comments, and saw some changes and I have a few comments. These comments are sent to the TRAM mailing list, > > Gorry > > --- > > Section 2 does not discuss the frequency of the probe. This is a congestion control case, and the method needs to assert some guidance/requirements on the probing. Do probe packets count against cwnd when using this method? > > In section 4.1. > I think this is misleading, and not a feature of the simple method: > “ Note: Routers can be configured to clear the DF bit or ignore the DF > bit which can be difficult or impossible to detect if reassembly > occurs prior to receiving the packet, rendering PLPMTUD inaccurate. > “ > - I wouldn’t call this inaccurate? If the path contains a link-layer (or tunnel or anything) that fragments and reassembles - then the path MTU is whatever size that assembly is performed to. It has always been this way, if links fragment and reassemble, IP uses the reassembled size. > > > > -- > Updated the Note as follows. > > “ Note: Routers can be configured to clear the DF bit or ignore the DF > bit which can be difficult or impossible to detect if reassembly > occurs prior to receiving the packet.” > > > > Sure. I'd actually suggest /might be configured/ to /can be configured/... I'm not sure any RFC should do this according to the spec. > > > In section 4.2.2. Receiving an ICMP Packet > This ID currently recommends “ Validation SHOULD be performed on the ICMP > packet as specified in [RFC8085].” > - Since this is a method above UDP, I think this implicitly also checks the UDP port information, hence this recommendation actually is an unavoidable consequence when using a normal stack - if you have one that forwards ICMP to the socket. > > This becomes a requirement (or is always true) in dplpmtud: > - “Any received PTB message MUST be validated before it is used to update the PLPMTU discovery information”. > - Should this be a requirement in this spec, to avoid off-path attack? > > -- > I agree. Updating to, > > “ Validation MUST be performed on the ICMP packet as specified in [RFC8085].” > > OK, or refer to the DPLPMTUD Spec - where the details are explain? > > > > In section 4.2.5 > “It could have been possible to use the checksum generated in the UDP > checksum for this, but this value is generally not accessible to > applications. Also, sometimes the checksum is not calculated or is > off-loaded to network hardware.“ > - I do not agree this could be used (even if the checksum was returned to user space), and think it suggests something that isn’t possible. The UDP checksum includes the pseudo header information, including the ports. Wouldn’t this make the method very fragile in the face of NAPT? > > -- > Removing this paragraph in its entirety. > > Thanks > > > In section 5: > I don’t yet see changes in this version to section 5. > “The PMTUD mechanism described in this document is intended to be used > by any UDP-based protocols that do not have built-in PMTUD > capabilities, irrespective of whether those UDP-based protocols are > STUN-based or not. So the manner in which a specific protocol > discovers that it is safe to send PMTUD probes is largely dependent > on the details of that specific protocol, with the exception of the > Implicit Mechanism described below, which applies to any protocol." > > - Please see comments made in the previous last call. > > -- > Can you be more specific on what comments were not addressed? > > In section 7: > > This has added a section that is a cross-reference of which sections contain information that relates to DPLPMTUD. > > I see a mapping of requirements in section 7.1 to refer to the described method with STUN. This seems like a useful addition (and appropriate). Currently this doesn’t really have enough detail to clearly see how the two sets of text relate, one might have to read both to figure out the details, and if that’s the case, maybe it should be explained up front. That could be helpful. > > -- > agreed. Can you provide the additional text that would satisfy your comment? > > However, this does not resolve the last call questions raised about the method, and it seems to require someone to read both documents, which really isn't that easy. > > -- > The addition of Section 7 does require that both drafts be read. As such, we’re moving I-D.ietf-tsvwg-datagram-plpmtud to a normative reference. > > > > That sounds good. > > > > Section 7.1. Probe loss recovery - I think understand that the probes themselves do not need to be recovered, but the text in section 7.1 does not quite say this. > -- > Agreed. Updating to the following > Probe loss recovery: This requirement is fulfilled by requiring that the PADDING bits MUST be set to zero as discussed in Section 4.1.1 and Section 4.2.1 of this document. No retransmission is required as there is no user data being transmitted in the probe. > > > > /being/is being/ > > > Section 7.1. Section 7 doesn’t describe the implications of probing on flow control control. I’m not sure the current text is enough: > - Do probe packets count as credit to an upper layer protocol using this method? > > --- > Can you provide additional clarification on the request? > > DPLPMTUD contains guidance on flow control and congestion control (added during the WGLC),see (10) in section 3. > > > --- > > I hope this helps, > > Gorry > > On 06/07/2020 15:02, Magnus Westerlund wrote: > > Hi, > > > > Gorry did have feedback on this document, and they have done some attempt > > to define a DPLPMTUD mapping for their mechanism. I looked at it briefly and > > think it is horrible terse with just requirements to combine sections. Which > > unfortunately requires one to sit and cross reference the two documents. > > > > I would appreciate any feedback from any of you have and if there appear some > > glaring failures or problems with things they declare out of scope etc. > > Privately or publicly to the TRAM mailing list (tram@ietf.org). > > > > Cheers > > > > Magnus > > > > On Mon, 2020-07-06 at 06:04 -0700, internet-drafts@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > > directories. > > This draft is a work item of the TURN Revised and Modernized WG of the IETF. > > > > Title : Packetization Layer Path MTU Discovery (PLMTUD) For > > UDP Transports Using Session Traversal Utilities for NAT (STUN) > > Authors : Marc Petit-Huguenin > > Gonzalo Salgueiro > > Felipe Garrido > > Filename : draft-ietf-tram-stun-pmtud-17.txt > > Pages : 23 > > Date : 2020-07-06 > > > > Abstract: > > The datagram exchanged between two Internet endpoints have to go > > through a series of physical and virtual links that may have > > different limits on the upper size of the datagram they can transmit > > without fragmentation. Because fragmentation is considered harmful, > > most transports and protocols are designed with a mechanism that > > permits dynamic measurement of the maximum size of a datagram. This > > mechanism is called Packetization Layer Path MTU Discovery (PLPMTUD). > > But the UDP transport and some of the protocols that use UDP were > > designed without that feature. The Session Traversal Utilities for > > NAT (STUN) Usage described in this document permits retrofitting an > > existing UDP-based protocol with such a feature. Similarly, a new > > UDP-based protocol could simply reuse the mechanism described in this > > document. > > > > > > The IETF datatracker status page for this draft is: > > https://datatracker.ietf.org/doc/draft-ietf-tram-stun-pmtud/ > > > > There are also htmlized versions available at: > > https://tools.ietf.org/html/draft-ietf-tram-stun-pmtud-17 > > https://datatracker.ietf.org/doc/html/draft-ietf-tram-stun-pmtud-17 > > > > A diff from the previous version is available at: > > https://www.ietf.org/rfcdiff?url2=draft-ietf-tram-stun-pmtud-17 > > > > > > Please note that it may take a couple of minutes from the time of submission > > until the htmlized version and diff are available at tools.ietf.org. > > > > Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > > > > _______________________________________________ > > I-D-Announce mailing list > > I-D-Announce@ietf.org > > https://www.ietf.org/mailman/listinfo/i-d-announce > > Internet-Draft directories: http://www.ietf.org/shadow.html > > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt >
- [tram] A few comments on draft-ietf-tram-stun-pmt… Gorry Fairhurst
- Re: [tram] A few comments on draft-ietf-tram-stun… Felipe Garrido (fegarrid)
- Re: [tram] A few comments on draft-ietf-tram-stun… Gorry Fairhurst
- Re: [tram] A few comments on draft-ietf-tram-stun… Felipe Garrido (fegarrid)
- Re: [tram] A few comments on draft-ietf-tram-stun… Magnus Westerlund
- Re: [tram] A few comments on draft-ietf-tram-stun… Felipe Garrido (fegarrid)
- Re: [tram] A few comments on draft-ietf-tram-stun… Gorry Fairhurst
- Re: [tram] A few comments on draft-ietf-tram-stun… Magnus Westerlund
- Re: [tram] A few comments on draft-ietf-tram-stun… Gonzalo Camarillo
- Re: [tram] A few comments on draft-ietf-tram-stun… Felipe Garrido (fegarrid)
- Re: [tram] A few comments on draft-ietf-tram-stun… Gonzalo Camarillo
- Re: [tram] A few comments on draft-ietf-tram-stun… Gonzalo Salgueiro (gsalguei)
- Re: [tram] A few comments on draft-ietf-tram-stun… Marc Petit-Huguenin