Re: [tsvwg] draft-ietf-tsvwg-udp-options-13: Comments concerning Fragments
"touch@strayalpha.com" <touch@strayalpha.com> Wed, 01 September 2021 17:21 UTC
Return-Path: <touch@strayalpha.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9BEB3A0EC0 for <tsvwg@ietfa.amsl.com>; Wed, 1 Sep 2021 10:21:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lWUqjK4SDd_i for <tsvwg@ietfa.amsl.com>; Wed, 1 Sep 2021 10:21:26 -0700 (PDT)
Received: from server217-5.web-hosting.com (server217-5.web-hosting.com [198.54.116.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 863A53A0EB5 for <tsvwg@ietf.org>; Wed, 1 Sep 2021 10:21:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=oWgMS/wgrWCZXNGQ8DW6T6TVKysVcTGtfa5X+smOmPo=; b=c1SI1TUaEu1mkPAOsn6CX2J87v 3EYbGLf4NjPkIUGCx+tCHblN0VA2RvMo9rcCAzzKdwjrXHtBwohqrZrGFCMA2fW/kBGk81NbSqI1f 9ayRdgcZyWSjrjAnJ8rmnZ9lGdGlvHPvoxMrQgBM5xSJ31kB75p3uzlWWJoz4Duz17b+IeybLhtr/ Om1B5jBrwFCiNXmEbSU5N4mG62S4nc4igpeBWKP80v/886wprMDHu/WRkHPneEib7zxE13VW4QMTc 0mZxxHsU7lCTdVfUJrSxgCYCm46AGpZz4EKtrwjcN+JOPGsOb2MyouJ130XaANwFaonVVFRNZCCMy ymqtv4jQ==;
Received: from cpe-172-114-237-88.socal.res.rr.com ([172.114.237.88]:50348 helo=smtpclient.apple) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <touch@strayalpha.com>) id 1mLTvM-00GaAw-FL; Wed, 01 Sep 2021 13:21:25 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_67B4834F-8049-417F-9660-C847F60E1307"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: "touch@strayalpha.com" <touch@strayalpha.com>
In-Reply-To: <0e0f708c-3498-7e1e-ae51-c720bc3b734a@erg.abdn.ac.uk>
Date: Wed, 01 Sep 2021 10:21:12 -0700
Cc: "tsvwg@ietf.org" <tsvwg@ietf.org>
Message-Id: <628901B0-53A0-4CC5-A822-494698DA9CEB@strayalpha.com>
References: <80b4ea47-ccef-5d8c-e768-3d73467ac95d@erg.abdn.ac.uk> <8E53AFEB-7869-4FD0-9945-09962D9873E3@strayalpha.com> <0e0f708c-3498-7e1e-ae51-c720bc3b734a@erg.abdn.ac.uk>
To: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/YC31Zvd8PempZqeQYY4ntXRzGkQ>
Subject: Re: [tsvwg] draft-ietf-tsvwg-udp-options-13: Comments concerning Fragments
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Sep 2021 17:21:33 -0000
Hi, Gorry - Notes below. — Joe Touch, temporal epistemologist www.strayalpha.com > On Sep 1, 2021, at 7:13 AM, Gorry Fairhurst <gorry@erg.abdn.ac.uk> wrote: > > I think I may have caused some confusion to all, so sorry. > > What I intended to suggest as a strawman described two cases: a baseline that > was expected/required and permission to do more. > > 1. The spec *recommends* or better *requires* reassembly of a much more > conservative value, receivers are only required to be able to process > packets split into 2 fragments. Such that it can be expected to work > when: *Requires* is key. What we recommend, we cannot rely on - we would need to wait for confirmation, e.g., getting MRSS back, but that burns a RTT in some places where that undermines its utility. > (a) In this baseline version a UDP datagram can only be fragmented into > two packets - the first likely being of the size of the PMTU, the second > the remaining bytes. The size is limited to 1460B of UDP payload for > IPv4 (or an equivalent size for IPv6). > - This explicitly supports paths that have a PMTU<0.5*1500B. > - This explicitly allows plenty of space to add EH for OAM; tunnel > headers; link encaps headers; etc. > - It needs the maximum packet size at the sender (PMTU)to be known/configured. > > (b) At the receiver, a valid reassembled datagram is then less than 1460B of > UDP payload for IPv4 (or an equivalent size for IPv6). > - A received fragment is one of: > - a new valid fragment > - an invalid fragment > - it completes an earlier fragment > - it causes this and earlier fragments to be dropped (buffer > exhaustion) > - This eliminates the need to support middle packets and makes the processing simple by avoiding > large searches to reassemble multiple fragments at the receiver. > - There is resaonable efficiency with fragment buffers of size RMSS, > which is the same as a "normal" packet size, if an implementation > chooses to do this e.g. to limits attacks that target small buffers or > memory management. An implementation could also decide to limit the size of > the queue of fragments. > > 2. However, I'd suggest the spec also *allows* arbitrary number of fragments. > - So a receiver MAY support 3 or more fragments; more > sophisticated buffer management; etc. > - Some receivers will decide to do this and can advertise a RMSS larger > when they do. > - Some senders will be setup to benefit from this. The issue is that the sender can’t use this unless it knows the receiver supports it. If it’s required, it would be known. If not, we would need to add another message to find out (MRF - max receiver frags?) and incur a round trip before using it. Again, that may undermine its utility. > Is that description any clearer or helpful to comment upon? It is… but I’m still left with the observation that IPv6 has no frag count limit (AFAICT, except that each frag must be at least 8 bytes), so why should we (except in the same way - 8 byte min?). Joe > > Gorry (as an individual member of tsvwg!) > > On 31/08/2021 20:51, Joe Touch wrote: >> Two would be closer to 2500. >> >>> On Aug 31, 2021, at 12:29 PM, Gorry Fairhurst <gorry@erg.abdn.ac.uk> <mailto:gorry@erg.abdn.ac.uk> wrote: >>> >>> >>> On 31/08/2021 18:59, touch@strayalpha.com <mailto:touch@strayalpha.com> wrote: >>>> More responses… >>>> >>>> — >>>> Joe Touch, temporal epistemologist >>>> www.strayalpha.com <http://www.strayalpha.com/> >>>> >>>>> On Aug 31, 2021, at 3:17 AM, Gorry Fairhurst <gorry@erg.abdn.ac.uk <mailto:gorry@erg.abdn.ac.uk>> wrote: >>>>> >>>>> I have the following questions relating to the text about Fragments. >>>>> >>>>> Best wishes, >>>>> >>>>> Gorry >>>>> >>>>> (as an individual) >>>>> >>>>> === >>>>> In section 5.3: Frag: >>>>> >>>>> “ Legacy receivers interpret FRAG messages as zero-length payload >>>>> packets (i.e., UDP Length field is 8, the length of just the UDP >>>>> header), which would not affect the receiver unless the presence of >>>>> the packet itself were a signal.” >>>>> - can you supply a reference here? (If no other then sect 5 of RFC8085). >>>> >>>> Thanks - I didn’t know that existed. Will do. >>>> >>>>> === >>>>> >>>>> Concerning Frag: >>>>> >>>>> “ This allows either pre-reassembly or post-reassembly >>>>> UDP option effects.” >>>>> - I think I understand a use case and it would be nice to have an example of using both per-fragment and per-datagram options: could this be used with fragments req/res options to determine a suitable PMTU, and the time options used per reassembled datagram (since in many case this needs to measure the time across the reassembled end-to-end datagram path). >>>> >>>> OK. >>>> >>>>> === >>>>> >>>>> Concerning Frag: >>>>> >>>>> >> UDP reassembly space limits SHOULD NOT be implemented as an >>>>> aggregate, to avoid cross-socketpair DOS attacks. >>>>> - Please explain “aggregate” (is this across multiple socket-pairs?) >>>> >>>> Yes; will do. >>>> >>>>> === >>>>> >>>>> Concerning Frag: >>>>> >>>>> Any additional UDP options, if used, follow the FRAG option in the >>>>> final fragment and would be included in the reassembled packet. >>>>> - I don’t like the word “additional” here, can you find a better word (per-datagram?) >>>> >>>> Yes. >>>> >>>>> === >>>>> In 5.7: Maximum Reassembled Segment Size (MRSS) >>>>> - I’m going to make a suggestion here, that was earlier brought up by Tom Jones: Why don’t we fix the DEFAULT MRSS to 2 packets when MRSS is supported. Larger values might be supported, which would be fine, but the case of 2 might have some immediate benefit: >>>>> - A receiver can then fragment a UDP packet to tunnel of include UDP options, likely in many current cases a second fragment will be enough. >>>>> - A receiver can greatly simplify its processing if it tries to reassemble whenever it receives a second fragment of the same datagram. The simplification here mitigates some worry about attacks that target reassembly buffers or processing costs. He previously had not implemented fragment support because it was cumbersome to include in the OS he worked with. >>>>> - Thoughts? >>>> >>>> IPv6 requires reassembly to 1500B but has no frag count limit (i.e., MRSS is a size, not a number). I favor the same approach here, especially because it can be argued to serve the same purpose with the same impact and vulnerability. >>>> >>> If I am not mistaken, that's two full-sized IPv6 packets. I'd be OK with this. >>> >>> I can see merits in allowing 1500B plus options plus tunnel headers, which might sometimes be nice - which would of course be a little larger. >>> >>> Gorry >>> >>> >>> >
- [tsvwg] draft-ietf-tsvwg-udp-options-13: Comments… Gorry Fairhurst
- Re: [tsvwg] draft-ietf-tsvwg-udp-options-13: Comm… touch@strayalpha.com
- Re: [tsvwg] draft-ietf-tsvwg-udp-options-13: Comm… Gorry Fairhurst
- Re: [tsvwg] draft-ietf-tsvwg-udp-options-13: Comm… touch@strayalpha.com