Re: [tram] A few comments on draft-ietf-tram-stun-pmtud-17.txt

Marc Petit-Huguenin <marc@petit-huguenin.org> Sun, 28 March 2021 23:29 UTC

Return-Path: <marc@petit-huguenin.org>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5ACB63A299F for <tram@ietfa.amsl.com>; Sun, 28 Mar 2021 16:29:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GSayuaPNkR_8 for <tram@ietfa.amsl.com>; Sun, 28 Mar 2021 16:29:45 -0700 (PDT)
Received: from implementers.org (implementers.org [IPv6:2001:4b98:dc0:45:216:3eff:fe7f:7abd]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E57783A29A1 for <tram@ietf.org>; Sun, 28 Mar 2021 16:29:44 -0700 (PDT)
Received: from [IPv6:2601:648:8400:8e7d:d250:99ff:fedf:93cd] (unknown [IPv6:2601:648:8400:8e7d:d250:99ff:fedf:93cd]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) client-signature RSA-PSS (2048 bits)) (Client CN "Marc Petit-Huguenin", Issuer "implementers.org" (verified OK)) by implementers.org (Postfix) with ESMTPS id 99230AE21E; Mon, 29 Mar 2021 01:29:41 +0200 (CEST)
From: Marc Petit-Huguenin <marc@petit-huguenin.org>
To: Magnus Westerlund <magnus.westerlund=40ericsson.com@dmarc.ietf.org>, "gorry@erg.abdn.ac.uk" <gorry@erg.abdn.ac.uk>, "tram@ietf.org" <tram@ietf.org>
Cc: Gonzalo Salgueiro <gsalguei@cisco.com>
References: <7c201e29-1a63-39ed-cdd9-3b8b9ac383e6@erg.abdn.ac.uk> <860e8240-ce51-5407-4187-92478262f87c@erg.abdn.ac.uk> <179FB260-1FAC-419B-B5F4-86F850177C97@cisco.com> <04b71d3e-1c79-cdc1-5b20-906732ffa768@erg.abdn.ac.uk> <025EEF1A-A751-4A45-A36F-70CCC043255C@cisco.com> <41CA9214-D8C3-4A40-BAB7-43BD40F40A63@cisco.com> <5c416da8-931c-cc51-8662-0841d3f87e31@erg.abdn.ac.uk> <e2c76060e674a703611358b2d626526146191b58.camel@ericsson.com>
Message-ID: <07c26052-b65b-adfd-887d-5d7d1c53b28d@petit-huguenin.org>
Date: Sun, 28 Mar 2021 16:29:40 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.9.0
MIME-Version: 1.0
In-Reply-To: <e2c76060e674a703611358b2d626526146191b58.camel@ericsson.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/hCpVuzfAPO194L3Bx2Za--oGJKw>
Subject: Re: [tram] A few comments on draft-ietf-tram-stun-pmtud-17.txt
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Mar 2021 23:29:49 -0000

Hi,

I took over the primary co-editor role on that draft, so updates and discussions should be more timely from now on.

This email responds to both Gorry and Magnus comments, and the response mirrors the modifications made in draft-ietf-tram-stun-pmtud-20, published just before this email.

Let me know if you have any more comments, and how we can make progress on this draft.

Thanks.

On 9/22/20 4:41 AM, Magnus Westerlund wrote:
> Hi,
> 
> 
> Great to see progress on this. I think this is clearly a step in the right
> direction. However, I think there are a couple of integration points that needs
> a bit more clarification.
> 
> On Mon, 2020-09-14 at 18:04 +0100, Gorry Fairhurst wrote:
>> Thanks for this new revision! It indeed answers many of the issues that
>> were identified.
>>
>> I do still see a few things left that the WG should decide upon, and
>> hope this helps:
>> ---
>> The text says this:"A client MUST NOT send a probe if it does not have
>> knowledge that the server supports this specification.  This is done
>> either by external signalling or by a mechanism specific to the UDP
>> protocol to which PMTUD capabilities are added or by one of the
>> mechanisms specified in Section 5."
>> - This looks like a strong requirement without saying why this is a
>> "MUST NOT".
>> - I don't actually understand how this is determined in this spec and
>> how this can be extened to other protocols.
> 
> Isn't this as case of SHOULD NOT send, and the probing will fail if there are no
> responses per the RFC 8899 process? Likely this can quite simply be connected so
> that there are handling when the signalling has failed to correctly handle this.

My concern with SHOULD NOT is that implementers understand it as MAY, and  so there will be no longer any difference between "that server does not support that protocol" and "that server supports that protocol but the STUN packets are somehow blocked".  Worse case the client can be blocklisted for being a bad netizen.

I changed the text to:

"To be able to determine the reason STUN messages may be blocked, a
   client MUST NOT send a probe if it does not have knowledge that the
   server supports this specification."

> 
>> ---
>> In section 7:
>> This section has added a section that is a cross-reference to sections
>> in DPLPMTUD. This does seem like a useful addition (and appropriate).
>> Currently this doesn’t really seem to me to have enough detail 
to
>> clearly see how the two sets of text relate, one might have to read both
>> to figure out the details, and if that’s the case, maybe it could be
>> helpful tp be explained up front in the intriduction?

Added this at the end of the paragraph:

"                        [...] The text in this section must
   be compared side-by-side with [RFC8899] to understand the
   relationship between the two."


>> ---
>> DPLPMTUD contains guidance on flow control and congestion control. This
>> doesn’t describe the implications of probing on flow control control.
>> I’m not sure the current text is enough: 8. Probing and flow control:
>> This requirement is out of scope and is not discussed in this document.
>> - Do probe packets count as credit to an upper layer protocol using this
>> method?  Here are there options: One could be to explain how this is
>> done, the easiest mighht be to explain the usage in STUN does not
>> require this, or the third: defer to DPLPMTUD saying this applies.
> 
> So to my understanding the STUN probing traffic will be rate controlled.
> However, to what rate is not that clear. I don't know if the interaction between
> the RFC 8899 state machine and process and this mechanism to judge how that
> bounds the prob transmission. My impression would be that for simple probing
> mechanism RFC 8899 search will trigger the transmission of partiular probe size,
> and retry it Rc times if response is not arriving timely. These retransmission
> would be controlled by the RTO in STUN. While probing for an additional 
size
> would be governed by RFC 8899 search requesting probing of a new size. Which I
> don't find any given limit to. But, it will not result in more than one 
packet
> per RTT unless actual path RTT > RTO (500 ms).

I think that is up to each implementation of this draft to decide what kind of rate control they want to impose, much like ICE did when reusing the STUN Binding usage.  I added this as a new paragraph at the end of Section 4.1:

"The Simple Probing Mechanism uses only STUN Requests/Responses, which
   are subject to the congestion control mechanism in [RFC8489] section
   6.2.1.  The default Rc and Rm values may be defined differently for a
   combination of the Simple Probing Mechanism and the protocol running
   on the same port."

and this at the end of section 4.2:

"The Simple Probing Mechanism uses STUN indications, which are not
   subject to the congestion control mechanism in [RFC8489] section
   6.2.1.  As it will have to be intricately related to the protocol
   that runs on the same port, each implementation of the Complete
   Probing Mechanism in association MUST define the congestion control
   that will be applied to the STUN Indications.  The default Rc and Rm
   values for the STUN Requests/Responses may be defined differently for
   a combination of the Simple Probing Mechanism and the protocol
   running on the same port."

> 
> 
> 
>> ---
>> “9.  Shared PLPMTU state: This requirement is out of scope and 
is not
>> discussed in this document.”
>> - Why is 9. out of scope? ... what does the method do with the (PL)PMTU
>> value that it discovers? How is this made available to a user of the
>> method and is the method cached in way?
>>
>> - How does the method relate to the cached value of PMTUD at the sender,
>> if that is already running on a platform, doesn't this new method mean
>> than the PMTU cache and PTB-updates have to be over-ridden, as is the
>> case when using DPLPMTUD with other protocol stacks?
>>
>> - Also is it that the discovered (PL)PMTU value can never be cached by
>> another usage of STUN? (I may have misunderstood)

This bullet text replaced with:

"9.  Shared PLPMTU state: An implementation follows the same
       guidelines to share state than in [RFC8899]."

>>
>> ---
>> Section 7.  Rev-18 also introduces quite a few typos - but I assume a
>> spelling checker will find and help correct these.
>> ---

Done.

>>
>> That leaves Section 5:
>>
>> I still don’t yet see changes in this version to section 5:
>>
>>    
“The PMTUD mechanism described in this document is 
intended to be used
>>      by any UDP-based protocols that do not have built-in PMTUD
>>      capabilities, irrespective of whether those UDP-based protocols are
>>      STUN-based or not. "
>> - Please see comments made in the previous last call, about this ID not
>> defining this for other UDP-based protocols. At the moment it still says
>> this ID applies to other uses of UDP (which I did not see explained, nor
>> do I think this is needed). To me, much of the spec proposed seems to me
>> to rely upon the STUN multiplexing to sepearate the probe packets from
>> data, to receive feedback and to introduce padding.
>> - Please discuss the expected scope of the spec with your WG AD, and
>> suggest how to best take section 5 forward.
>>
> 
> On this issues, my view is that this document tries to oversell its capability.
> The probe method can be combined with UDP based protocols that can be
> multiplexed with STUN on the same port. The considerations that went into RFC
> 7983 does need to be considered here in relation to if one can deploy this type
> of probing messages. So I think you need to make this applicability clearer.
> 

STUN was designed to be multiplexed with other protocols on the same port.  Section 7 of RFC 8489 introduces the FINGERPRINT attribute, which is
to be used when the probability of misidentifying a packet is not low enough.  So, for all intents and purpose, the mechanisms described in our draft should work with any UDP protocol -- after all this is the exact reason why we chose STUN for this work.

The issues with RFC 7983 applies only if the FINGERPRINT attribute is not
used (which, when RFC 7983 is used with ICE, is present, see RFC 8445 section 7.2.4).

So I added this paragraph at the end of section 4:

"The FINGERPRINT mechanism described in section 7 of [RFC8489] MUST be
   used for both probing mechanisms."

-- 
Marc Petit-Huguenin
Email: marc@petit-huguenin.org
Blog: https://marc.petit-huguenin.org
Profile: https://www.linkedin.com/in/petithug