Re: [tsvwg] Status of ECN encapsulation drafts (i.e., stuck)

Bob Briscoe <> Tue, 10 March 2020 18:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 646173A0850 for <>; Tue, 10 Mar 2020 11:47:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.088
X-Spam-Status: No, score=-2.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id fSG4YV5UTMox for <>; Tue, 10 Mar 2020 11:47:23 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5D29F3A084D for <>; Tue, 10 Mar 2020 11:47:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;; s=default; h=Content-Type:In-Reply-To:MIME-Version:Date: Message-ID:From:References:To:Subject:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=AstG5qIT4Mm6CnTyG4xX7DPRAHXqIgdO9TnJp5I8Xow=; b=nm56sPRTzd4fau7Ciuaw524XR xQBW4jrxYYOlcX4DE5uSDzU+M7b4mkeN0PJl3tJSOq4uxcbUWK+8nTKTnxTjC/29yXnbgXyl6YCX1 pmLOyOQuDD/5OcJamhR2KFWwBMuPVW54e8vhVXdweBv8oXH3b6Ej1+w7l3FBOLA/WXGxPfJ6F1yxc ZuQ3LfFGLSPJeZS2f9TjWytvXGVnmnyraqB0OfOOkvU9U6/xwaqFO/wMkywvhLkmGa8wB11UBckxS BWGcr3L89t2nkKfLQxoQRq9j+/bite4EoeoeLyp6hRApTcWutxBK0owCe0coiXPbkFaW9VftOKX5s hDBSAXyFg==;
Received: from [] (port=47324 helo=[]) by with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92) (envelope-from <>) id 1jBjuQ-0005Fu-In; Tue, 10 Mar 2020 18:47:19 +0000
To: "Black, David" <>, "" <>
References: <>
From: Bob Briscoe <>
Message-ID: <>
Date: Tue, 10 Mar 2020 18:47:17 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------513020ACD4D6E631BA2ED60A"
Content-Language: en-GB
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
X-Get-Message-Sender-Via: authenticated_id:
Archived-At: <>
Subject: Re: [tsvwg] Status of ECN encapsulation drafts (i.e., stuck)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 10 Mar 2020 18:47:27 -0000


I admit to curling up into a little ball and trying to ignore this 
controversy when it arose.
Let me try to sort this out now, for both ecn-encap-guidelines and 

Back in Sep '19 (quoted at the end) you asked me not to use 
rfc64040update-shim to update RFC3168's fragmentation behaviour, even if 
it's the "right thing" to do, given I was saying that there were 
problems with the RFC3168 approach.

Background: Neither RFC3168 nor RFC6040 covered fragmentation & 
reassembly during encap and decap. So Joe Touch suggested 
rfc6040update-shim should fix that omission. Seems reasonable enough. 
However, it doesn't seem right to fix an omission by the stop-gap of:
1. requiring the approach in RFC3168 that we know is potentially 
2. then planning to correct what we write, by updating it in a later RFC.

Let's call that approach (A). I don't like that at all. What if step #2 
never happens?
Fortunately, that's not the only way out of this. I can think of three 
other ways:

    B) The compromise text I've drafted below, which states the high
    level intent of a good mechanism as a SHOULD, and gives an example
    of how to do it. Then also allows the RFC3168 mechanism as a "MAY".
    C) Say nothing about fragmentation and reassembly in
    rfc64040update-shim or ecn-encap-guidelines. Then use a later RFC to
    update them both (stds track and BCP) with a considered 'correct'
    approach. ecn-encap-guidelines would still say include what it has
    always said about re-framing (which is a similar but different subject).
    D) Convince ourselves that fragmentation and reassembly during encap
    and decap is allowed to be different from fragmentation and
    reassembly without encapsulation.

Last night, I took approach (B), but with too little time left to 
discuss it on the list. I scrubbed the offending paras from 
rfc6040update-shim and replaced them with those below (also at 

Thinking about it further since last night, I'm now inclining towards 
approach (C).

    5. ECN Propagation and Fragmentation/Reassembly

    The following requirements updateRFC6040  <>, which omitted handling of
    the ECN field during fragmentation or reassembly.  These changes
    might alter how many ECN-marked packets are propagated by a tunnel
    that fragments packets, but this would not raise any backward
    compatibility issues:

    If a tunnel ingress fragments a packet, it MUST set the outer ECN
    field of all the fragments to the same value as it would have set if
    it had not fragmented the packet.

    During reassembly of outer fragments [I-D.ietf-intarea-tunnels  <>], if
    the ECN fields of the outer headers being reassembled into a single
    packet consist of a mixture of Not-ECT and other ECN codepoints, the
    packet MUST be discarded.

    As a tunnel egress reassembles sets of outer fragments
    [I-D.ietf-intarea-tunnels  <>] into packets, as long as no fragment
    carries the Not-ECT codepoint, it SHOULD propagate CE markings such
    that the proportion of reassembled packets output with CE markings is
    broadly the same as the proportion of fragments arriving with CE

    The above statement describes the approximate desired outcome, not
    the specific mechanism.  A simple to achieve this outcome would be to
    leave a CE-mark on a reassembled packet if the head fragment is CE-
    marked, irrespective of the markings on the other fragments.
    Nonetheless, "SHOULD" is used in the above requirement to allow
    similar perhaps more efficient approaches that result in
    approximately the same outcome.

    InRFC 3168  <>  the approach to propagating CE markings during fragment
    reassembly required that a reassembled packet has to be be CE-marked
    if any of its fragments is CE-marked.  This "logical OR" approach to
    CE marking during reassembly was intended to ensure that no
    individual CE marking is ever lost.  However, an unintended
    consequence is that the proportion of packets with CE markings
    increases.  For instance, with the logical OR approach, once a
    sequence of packets each consisting of 2 fragments, has been
    reassembled, the fraction of packets that are CE-marked roughly
    doubles (because the number of marks remains roughly the same, but
    the number of packets halves).

    This specification does not rule out the logical OR approach ofRFC  <>
    3168  <>.  So a tunnel egress MAY CE-mark a reassembled packet if any of
    the fragments are CE-marked (and none are Not-ECT).  However, this
    approach could result in reduced link utilization, or bias against
    flows that are fragmented relative to those that are not.



On 15/09/2019 22:07, Black, David wrote:
> This email concerns draft-ietf-tsvwg-ecn-encap-guidelines and 
> draft-ietf-tsvwg-rfc6040update-shim, which are being handled together 
> for WG Last Call and RFC publication, and is posted in my role as 
> shepherd and responsible WG chair for these drafts.The current 
> situation is that both drafts are stuck due to a problem with the 
> fragementation text added to the rfc6040update-shim draft.   Section 5 
> on ECN Propagation and Fragmentation/Reassembly was added to that 
> draft in response to a WGLC comment, and it appears to have gone too 
> far in the direction of trying to do the proverbial “right thing”.
> The core of the problem is in these two paragraphs in Section 5 of 
> that draft 
> (
>     As a tunnel egress reassembles sets of outer fragments
>     [I-D.ietf-intarea-tunnels] into packets, it SHOULD propagate CE
>     markings on the basis that a congestion indication on a packet
>     applies to all the octets in the packet.  On average, a tunnel egress
>     SHOULD approximately preserve the number of CE-marked and ECT(1)-
>     marked octets arriving and leaving (counting the size of inner
>     headers, but not encapsulating headers that are being stripped).
>     This process proceeds irrespective of the addresses on the inner
>     headers.
>     Even if only enough incoming CE-marked octets have arrived for part
>     of the departing packet, the next departing packet SHOULD be
>     immediately CE-marked.  This ensures that CE-markings are propagated
>     immediately, rather than held back waiting for more incoming CE-
>     marked octets.  Once there are no outstanding CE-marked octets, if
>     only enough incoming ECT(1)-marked octets have arrived for part of
>     the departing packet, the next departing packet SHOULD be immediately
>     marked ECT(1).
> Much as that may be the proverbial “right thing” to do, particularly 
> with the benefit of 20/20 hindsight, that text is inconsistent with 
> the following text from Section 5.3 of RFC 3168 
> (, as Markku Kojo has 
> pointed out:
>     ECN-capable packets MAY have the DF (Don't Fragment) bit set.
>     Reassembly of a fragmented packet MUST NOT lose indications of
>     congestion.  In other words, if any fragment of an IP packet to be
>     reassembled has the CE codepoint set, then one of two actions MUST be
>     taken:
>        * Set the CE codepoint on the reassembled packet.  However, this
>          MUST NOT occur if any of the other fragments contributing to
>          this reassembly carries the Not-ECT codepoint.
>        * The packet is dropped, instead of being reassembled, for any
>          other reason.
>     If both actions are applicable, either MAY be chosen.  Reassembly of
>     a fragmented packet MUST NOT change the ECN codepoint when all of the
>     fragments carry the same codepoint.
> The 6040update-shim draft is intended to update RFC 6040, and a number 
> of the tunnel protocol drafts, but it is not intended to update RFC 
> 3168, and hence the above new text (albeit well-intentioned) is a 
> showstopper. Changing ECN fragmentation behavior should be done in a 
> separate draft.
> Bob (as draft editor) – do you want to propose some new text to the 
> list, possibly after private email discussion with Marco and me to 
> figure out what it needs to say?
> Thanks, --David
> ----------------------------------------------------------------
> David L. Black, Senior Distinguished Engineer
> Dell EMC, 176 South St., Hopkinton, MA 01748
> +1 (774) 350-9323 *New *   Mobile: +1 (978) 394-7754
> <>
> ----------------------------------------------------------------

Bob Briscoe