Re: [tram] I-D Action: draft-ietf-tram-stun-pmtud-20.txt

Magnus Westerlund <magnus.westerlund@ericsson.com> Wed, 14 July 2021 15:08 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D1FB3A1D89; Wed, 14 Jul 2021 08:08:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.553
X-Spam-Level:
X-Spam-Status: No, score=-2.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sompk8idVm2K; Wed, 14 Jul 2021 08:08:24 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70055.outbound.protection.outlook.com [40.107.7.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B7483A12F5; Wed, 14 Jul 2021 08:08:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K/dyPxEyUw956hz8wp4QrTTsxEyrFNWRp/Ee9bBFzORUs1jxmuKjAappCoZtEi9kmyWyl4iAC+FA3PGaKb/+hGDmkHJokLbJPxdxTOAcZlbls0rPv7424iVbynB4cHCn7Dx7yublZwcnE1jHTaCQgWTHhdnjgPHBoIvB9SQBj24PmJGA7a03zV4nZ2ph8MYxuTa6MMWAxff4H1nC9+pCBrjkROpYUOFFz3vOE4otTMV/vtuUG43tgbvCEO+KZhnM2655z1wyCSR/cbQWt1/EZJuYgPxuvqUWSAwcoSjqy4YSi5vLT0s81vX/CqnPaLrhtHZvaPUBM3WopU50ddLAcw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3Q74MP17ozLzMY8BJY1iURgotrJ9We4qekC88N+tG2M=; b=JPxa5ZjBWeHGLBfq27+xMn4CJxf9s1TAUPukdPSTYqlE2IdIkRucudTi6CINLDBh74OjdcG3Bjf4PGcdxxSDdPIVRwEtxhLqtYKv7M5ihaqc90c/mnaUJL0eZfpgLD0Ub9Oiy9WHtsxTwOcf7fT+X/YZdOJPtA6V0+Sy2GBhV3KKyQwNbsX/Vbkp1gXqdDt/cC4rc7/ZPxHnBtge5lggBXhHZIsueyBeZTiEhMLDGoEgKl+YV9Qp5MOP98KdXEiRa/Dl2F3ZmR48tGLBoD0eXvwxZF5dDlcgg7crJWkTsElGSxbjkwNVT77pL9AkSn8PXi19ZgVlB1gwlJZ+wzrIbQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3Q74MP17ozLzMY8BJY1iURgotrJ9We4qekC88N+tG2M=; b=RgAGN5ZmmoLgJCtxl4GDuqoLYRCCfWljX0dyiB6fgkGHOg/HOpB8Mex9zzDxIuNR4Y4Zhl73yBwkfMetgZp2092OZsjmms7h4Mo2pYTsVkOQANnjoHmFhcVfzVNDh1nAHfxaBA9LkCk1JhLGMstFlrD2R2M0N4enA2IwU/pznuI=
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com (2603:10a6:7:8e::14) by HE1PR0701MB2890.eurprd07.prod.outlook.com (2603:10a6:3:4c::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.14; Wed, 14 Jul 2021 15:08:21 +0000
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::5c2c:3dc8:8947:e043]) by HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::5c2c:3dc8:8947:e043%3]) with mapi id 15.20.4331.021; Wed, 14 Jul 2021 15:08:21 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "tram@ietf.org" <tram@ietf.org>, "draft-ietf-tram-stun-pmtud@ietf.org" <draft-ietf-tram-stun-pmtud@ietf.org>
Thread-Topic: I-D Action: draft-ietf-tram-stun-pmtud-20.txt
Thread-Index: AQHXJCoRjWpIKLII3EKNWmg+XJPQLatDF9zg
Date: Wed, 14 Jul 2021 15:08:20 +0000
Message-ID: <HE1PR0702MB3772BED6E2CE35F50D015D4195139@HE1PR0702MB3772.eurprd07.prod.outlook.com>
References: <161697408224.3594.210086487138582847@ietfa.amsl.com>
In-Reply-To: <161697408224.3594.210086487138582847@ietfa.amsl.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d1ac400d-5a8f-4cc0-1c1d-08d946d937f7
x-ms-traffictypediagnostic: HE1PR0701MB2890:
x-microsoft-antispam-prvs: <HE1PR0701MB2890924F1E30C3E59899E82B95139@HE1PR0701MB2890.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4Xc6I/asZQ5Q3bG+W2zFNQZQazqDY5OH3crx6NSXji3GfmYF78DpmTZFOgd3NWALefm8i4Y+gUKoJHa0C9BlF/P4dMUVWljYtdk7QfcEr4L6CeJ0If9xgIquUDcua9KO5TB/3IVR891D/bFDmfVnnM2Pbcd6cE0AY6a8f7BewvAms8sDxO1Cpbe1+YvnMIfZ1agbKt/0mHkypWgEtJE7sHOdty3fxbKcgYgeQQu4qX+HdyRwITpr8YrI9Ht07J4QnCqFoEjco08s6nKAvbDMCx/dEKncpLDnqoj+TLyJbW9Oj6cteeQKPib+nurjsx5BJqNIIJhzF3ogpj5oKOqEas6/cS+YMJnktlM1Tf4HHLNrXdQEfCtaE7ZEf43CHWFRwEMm7/GxF1jkyhYfFsJ+QtwX673eibCYZ/Jm50Y/HcY+VRsiY0tnwcZ6ruk3nyUXAt6ULFR8TBffvLmDiMEjXoEloXY3ELWjn8ZjsDPg+WG9pD0kTLXSy0F1wAckjFGUVIGTVXiSms+WRo4GMoWz4KY1El2N5rwOp8JgkZqdth+TXhosNeidGGxSH+DF2ZE+l25YNHNInA8cQPdZ0WvC/gKJOeXyzHFn0lD6HzwjK8nLy88KcZWzYMK1wq0dkhmLn8r6OkdPvFoNytrMBYHnAgnN0OJrmXnrNULjl2Ys5jVipC1Tq7qV1BE6XGvjkYNEzObPY21pWusIdj7aLZL19ncv28t7EYwzypycvyKBjHxbo5qEUSQ/8asGadp6dZuJoxzINndcydogwIxtBvAorFEyV5GCaHXFhc0sF8bc+Xg=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3772.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(136003)(376002)(346002)(39860400002)(396003)(8936002)(66574015)(478600001)(66556008)(66616009)(83380400001)(316002)(7696005)(99936003)(9686003)(66946007)(6506007)(76116006)(186003)(122000001)(86362001)(110136005)(26005)(8676002)(66476007)(55016002)(2906002)(38100700002)(66446008)(33656002)(52536014)(71200400001)(450100002)(64756008)(44832011)(5660300002)(38070700004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?X9DeSLHfB5e53H7XgYr61fBQovR/Ks4+ZNpv5C3kL5TswaMDYfHP3gCpeb?= =?iso-8859-1?Q?O2uHwDFrTAgU3IkwsuNfn0vEb190+nCZdcFyDMv2KfW4LwIuelrRcGyKYo?= =?iso-8859-1?Q?Kg1LBAz409MoluhFuAjNravHQn8OHSkgi1cvePqsidyRVBjG3iH2llPy/Y?= =?iso-8859-1?Q?iuBB132FgMZpZ2wia2u2/0zCoIqK3cErhZyYWCYBWefrB0q2rfdW4N38I0?= =?iso-8859-1?Q?vPJAR51d3opf09sIswyPUxWo8lFk/bdZBiwIlWND/RR3toY709y6JBLKaL?= =?iso-8859-1?Q?Guj+tasyp40FWWIXIzz1YuGrGZ2FhnxpiFzi3ERPmcsjRd18soVFKA0Z3n?= =?iso-8859-1?Q?kwJ4d34FVO7TMfwQqwRolhOsHPsCG0wSfEHYDb3m/841mSQOAvhcYlDjnP?= =?iso-8859-1?Q?8ba30qwV++VxzqzLdEXf3B7FmUsgxrqHfkYqZmqr9nIxMCbsddEsFVpUPv?= =?iso-8859-1?Q?a/RzAybWpwd9My/RfjU7/j3or60JP/IxnExaEkMJUafpQ1395ezh/i9HxQ?= =?iso-8859-1?Q?azS/se+jixSUUGrucqx/9ZBo5tiJy1OSYCqUx+MqRF47I+53KXyOM912Bb?= =?iso-8859-1?Q?/Dk4+dgxlm0Hlq6FvdaY1sLevLh56/ad7IlhmVCgiIzxppk5gg+GtQAF75?= =?iso-8859-1?Q?zozvipQY/vXvtd7vqIpaAWfPKwUkUM+xQSWOPArnqzN4N12FERkCABti5y?= =?iso-8859-1?Q?EdsXPjkpzQRnd7B5nirZD2kO5NJY0pKhNuV2NOWCLG8lfk6oVdlTPjG4p6?= =?iso-8859-1?Q?yOM2knTgJyo40dzFKVbhbkz+lj8nqt0qd0uRW8bJrXtz7d/vigzCFJr54j?= =?iso-8859-1?Q?UkBBXa2ulwSkIQcAne7jfgEydakA8KdY2qp8/2x94hsN0yrIbftVS9cZRi?= =?iso-8859-1?Q?vwxnQOTtMfnpFM8iduDGJYXPSWdEhKIoIK7WDAWTOLlEQ5Pm3dF5aEO7hy?= =?iso-8859-1?Q?51qc143Sf6AprS1ee3TYedJxKrjHbLBUJt2eaXShHankyvXUskQeFUSIy1?= =?iso-8859-1?Q?MlfhfIwPGiPLqyCu9tQiZ5nT4vJNnd3eMAp0Xi/UB8vVmmvpeavKwqAs9f?= =?iso-8859-1?Q?P8BEoYxDFY9vMdd6JTtyJHPIDrEUrzxQ+lOHVzjaFivs9I1g8h/lpaO8AM?= =?iso-8859-1?Q?LLThUMCfUTpogHRbx38iPRQL+us+PLtTwDAKnKk5c1dCCq3E9NVoXJ4ZQ/?= =?iso-8859-1?Q?Tjl6XZ+Ua8UO9Difzl76BrcdfFxZsGQWQTnkRQjWpZ7YRGOluY7f6lxb/8?= =?iso-8859-1?Q?ZPijr/pvHMQLg44hcaeRzUlMrcreuitK0SIrhpWxLuHBenhMlXjGctE81t?= =?iso-8859-1?Q?9Lr7i+tqXAI2O0rXDyDd6rpVkEcqZrPWkU9RJrnPbfPeBI5LJCEG8iSTgW?= =?iso-8859-1?Q?BFXS3tAg+B?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_00AF_01D778D2.D83B7700"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0702MB3772.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d1ac400d-5a8f-4cc0-1c1d-08d946d937f7
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jul 2021 15:08:20.9175 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 7do+raHKwxngmMs12tnPYCCG6VN6w2g4agKjjI5j24iwtU9kJRaQhVV4NdPcP60/5n5UJmrRAwsoNtUeStMs6ojdRpkU16zS7yvgPCxdAiA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2890
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/MPjx5_7eVXvgKNoezKRyUgA4FJ4>
Subject: Re: [tram] I-D Action: draft-ietf-tram-stun-pmtud-20.txt
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jul 2021 15:08:30 -0000

Hi,

I have reviewed -20 and have the following feedback. 

Some of the issues have been resolved. However, my individual conclusion is
that this document would be shorter, have fewer issues if only the simple
probing was retained and defined as a RFC 8899 PL solution for UDP based
application protocols that wants DPLPMTUD and not use protocol internal
methods. This could shorten section 4 significantly. I think the alternative
is to simply declare the document dead. 

However, I would take a look at the examples of RFC 8899 PL definitions that
exists in RFC 8899, RFC9000 (QUIC) and for UDP Options
(https://datatracker.ietf.org/doc/draft-fairhurst-tsvwg-udp-options-dplpmtud
/) and rewrite Section 4 based on that and only keep the simple method. Then
rewrite intro to adjust it as RFC 8899 based, and also clarify the STUN
server on the port for the whole session aspect and the demultiplexing need.
Then section 7 also can be deleted. It would be good to have a clearer rate
limiting specification for the probe packets in section 4, as the STUN
retransmission timer gives exponential back-off, and the ICE is not really
applicable here. The probe sending implementation will have a RTT estimate
when some response has been received. Based on that one can limit the probes
to be sent only every n*RTT, possible with a MAX(n*RTT, Minimal_Interval). 

The main reason I write this is that I think RFC 8899 have resolved some
corner cases that could cause issues in a naïve implementation that think
that just getting the probe through means that one should immediately update
the MTU. And as RFC 8899 is improved this usage could also get that
improvement without a need for update. 

In addition as can be seen there are some unclarities that I think makes
implementation challenging from the current spec. 


Section 1:

   The Packetization Layer Path MTU Discovery (PMTUD) specification
   [RFC4821] describes a method to discover the Path MTU, but does not
   describe a practical protocol to do so with UDP.  Many application
   layer protocols based on the transport layer protocol UDP do not
   implement the Path MTU discovery mechanism described in [RFC4821].

Wouldn't it be better do rewrite this in relation to RFC 8899? Which doesn't
have a PL definition for UDP, and the only "competing" proposal is based on
UDP Options which have no real deployment yet and requires OS level changes.


Section 1:

   These application layer protocols can make use of the probing
   mechanisms described in this document instead of designing their own
   adhoc extension.  These probing mechanisms are implemented with
   Session Traversal Utilities for NAT (STUN), but their usage is not
   limited to STUN-based protocols.

Yes, UDP based protocols that previously haven't been using STUN can use
this mechanism, but they need to be compatible and accept the multiplexing
solution that is implied. I think that could be clarified. They also needs
the STUN Server to be deployed in the peer endpoint which could be made
clearer. It is a given for any ICE supporting application, but I find no
reference to this. I would also note that ICE (RFC 8445) once it conclude
allows the peers to stop responding to STUN request, thus this method needs
to be clear that the STUN Server needs to maintained during the whole
session lifetime to enable DPLPMTUD. 


Section 1:

   Complementary techniques can be used to discover additional network
   characteristics, such as the network path (using the STUN Traceroute
   mechanism described in [I-D.martinsen-tram-stuntrace]) and bandwidth
   availability (using the mechanism described in
   [I-D.martinsen-tram-turnbandwidthprobe]).

Is this text really relevant as written. Neither of these individual
proposal have been updated since 2015. 


Section 2:

When a
   probe succeeds with a larger size than the current PMTU, the PMTU is
   increased.

There is a point to verification. If one looks at the search algorithm
behavior it updates its probe sizes, but it doesn't conclude it searching
nor update the upper layer's MTU until the search has concluded. There are
good reasons for doing it this way and thus I would suggest reformulation. 

Section 4.1:

  The Simple Probing Mechanism uses only STUN Requests/Responses, which
   are subject to the congestion control mechanism in [RFC8489] section	
   6.2.1.  The default Rc and Rm values may be defined differently for a

   combination of the Simple Probing Mechanism and the protocol running	
   on the same port.

I would not call it a congestion control mechanism, rather a retransmission
timer mechanism. Thus a rate limiting mechanism makes more sense. 


Section 4.1.1:

   The client adds a PADDING attribute with a length that, when added to
   the IP and UDP headers and the other STUN components, is equal to the
   Selected Probe Size, as defined in [RFC4821] Section 7.3.

Why referencing RFC 4821, when RFC 8899 has simpler and clearer interface
suitable for Datagram and where the simple probe is an excellent match to
just define as PL for probing. 


Section 4.1.3:

   A client receiving a Probe Response MUST process it as specified in
   section 6.3.3 of [RFC8489] and MUST ignore the PADDING attribute.  If
   a response is received this is interpreted as a Probe Success, as
   defined in [RFC4821] Section 7.6.1.

More reliance on RFC 4821 rather than RFC 8899. 

RFC 8899 is not perfect but it handles a number of corner cases that can
occur and should produce more stable, and fewer updates to the MTU than what
RFC 4821 does. 

Section 4.2:

	   The Simple Probing Mechanism uses STUN indications, which are not

 	   subject to the congestion control mechanism in [RFC8489] section

 	   6.2.1.  As it will have to be intricately related to the protocol

 	   that runs on the same port, each implementation of the Complete

	   Probing Mechanism in association MUST define the congestion
control	
 	   that will be applied to the STUN Indications.  The default Rc and
Rm	
 	   values for the STUN Requests/Responses may be defined differently
for	
 	   a combination of the Simple Probing Mechanism and the protocol

 	   running on the same port.

Once more a full blown congestion control is not really needed here. The
point is that the PMTUD probe traffic will be a small fraction of the
application traffic, alternatively such a low rate application that it is
extremely unlikely that the probe will overload any network. I would note
that RFC 8899 do specify some normative statement about this in Section 3,
Bullet 7. 

In addition this does not really give an implementor a clear answer to what
they should implement. Some basic rate limiting would be more simple to
implement. 

My high level comment is that I don't see what the benefits of the complete
method compared to running simple probes as the PL probes in the algorithm
of RFC 8899. The only potentially benefit is that one sometime will get an
indication of a burst loss across a probe when a prior or following
application protocol packet as well as the probe is lost, indicating
potentially having loss for other reasons. I think RFC 4899 probing a
multiple times gives significant high probability that congestion or random
loss of probes will rarely affect the DPLPMTUD results. 

Section 4.2.3:

   The server creates a Report Response and adds an IDENTIFIERS
   attribute that contains the chronologically ordered list of all
   identifiers received so far.  The server MUST add the FINGERPRINT
   attribute.  The server then sends the response to the client.

This doesn't discuss what a server should do if the IDENTIFIERS attribute
does not fit in the packet. 


Section 5.1:

Based on that the peer need to keep a STUN server following this spec
running on the ports being used. Isn't the need for explicit signaling more
clear. Or is the inclusion of any STUN PMTUD attribute a sufficient
indication that the peer will not remove its STUN Server when ICE concludes?


Cheers

Magnus Westerlund