Re: [tsvwg] Initial handshaking and PMTU in RFC9260

Claudio Porfiri <claudio.porfiri@ericsson.com> Mon, 10 April 2023 14:31 UTC

Return-Path: <claudio.porfiri@ericsson.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7600AC152A2A for <tsvwg@ietfa.amsl.com>; Mon, 10 Apr 2023 07:31:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VawSGqMpw3Xt for <tsvwg@ietfa.amsl.com>; Mon, 10 Apr 2023 07:31:40 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on060f.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0e::60f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8255C152A2C for <tsvwg@ietf.org>; Mon, 10 Apr 2023 07:31:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dLPK7hHiIO7NIyFg1RlhusEK0WuPqQEproxEUEmH7674HP59q4/gDYtRyqWcEC5FkepT0XoSQ4s8cpi/ctedp7rR4LEhXiSi4H9s8fMddUBabyg2heuLWg/zhusJ/9Vl/8oPWPDXJA82qO8Cz9R2mYQdtyOZUcnj5QXfkYhj+xJG/CdJHuEgvCuLnCrCXjOBhC2OzlKYJeCOaMJnZvzbn9nQON9kOjsjYhsARkua3gV7oekCgTwBQ+faX2i0poOoJRH4fN9LVkwEWM4WR7wZe+XMLFBke1v9GKepbTxHvBCtdBxOiKGHzJU2uWsI/TjdeoUwifwGa4GML4YHIoXmow==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/QZVkPQ5A/prZ3XlfocWfyLjHiB9RsfimO+YUF4H02Y=; b=J8k+PbGEsRxMJqqhuZg5R//xJIq5sS7ZvDr6+dV1zUa3cmRDROVhaeJUabR3vMxCo3JqVbr/8p2RhoTCnoeshvNNznUjQeOHsMVhkk5K9l29rKh2PFaRY4J4tabSv8sjbDxX7MYLffWRsP/+9IRW3zPLmX6IlTAcEo8yYd2H4lUtR7F5I47P/QeQ6JK9Sos19z9Ex8KAz4OUkI7YhBP+EfYqV1TBFcMz9u3UHtpo9IODmjgR8+YaSbiOi7DbZ8783RzIm+kHu7fRQfeswYG+CIdnXRZM20Z9Rpy78leTo6jpqVSsLRfOgsuPz8RitVe7WtAMb0CI7ALwzTVVkUW+hA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/QZVkPQ5A/prZ3XlfocWfyLjHiB9RsfimO+YUF4H02Y=; b=rauhX/Cl77K8Ww2qqEa0CzPOUsQsbgEb1Jmm0QYohJsbqb71/Enc727h5OGBiBagM5z9tfh43mDJECyPIE6wyvdSyA2pI+gZ26H98csS0UCRGjfK0EspJ5mKXZcMv15kq63kToSAszAys0z1OBPZMeNe0f4kSwvUxu1FeC5B9Yg=
Received: from PA4PR07MB7568.eurprd07.prod.outlook.com (2603:10a6:102:c7::23) by DB5PR07MB9454.eurprd07.prod.outlook.com (2603:10a6:10:48e::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6277.36; Mon, 10 Apr 2023 14:31:34 +0000
Received: from PA4PR07MB7568.eurprd07.prod.outlook.com ([fe80::d4d:a381:2309:57c8]) by PA4PR07MB7568.eurprd07.prod.outlook.com ([fe80::d4d:a381:2309:57c8%5]) with mapi id 15.20.6277.038; Mon, 10 Apr 2023 14:31:34 +0000
From: Claudio Porfiri <claudio.porfiri@ericsson.com>
To: "tuexen@fh-muenster.de" <tuexen@fh-muenster.de>, Claudio Porfiri <claudio.porfiri=40ericsson.com@dmarc.ietf.org>
CC: tsvwg IETF list <tsvwg@ietf.org>, Randall Stewart <randall@lakerest.net>
Thread-Topic: [tsvwg] Initial handshaking and PMTU in RFC9260
Thread-Index: AdlnvBHUUXe5G4WRTRyJS4SfRvZSyAA7CGOAAMQ0PzA=
Date: Mon, 10 Apr 2023 14:31:34 +0000
Message-ID: <PA4PR07MB7568A2BB9B05008D114816FA87959@PA4PR07MB7568.eurprd07.prod.outlook.com>
References: <PA4PR07MB756847E87F8526F3EEB2BBD287909@PA4PR07MB7568.eurprd07.prod.outlook.com> <B0DEC869-3D00-467B-A8B8-AEDF529DA981@fh-muenster.de>
In-Reply-To: <B0DEC869-3D00-467B-A8B8-AEDF529DA981@fh-muenster.de>
Accept-Language: en-US, sv-SE
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PA4PR07MB7568:EE_|DB5PR07MB9454:EE_
x-ms-office365-filtering-correlation-id: d5fb36c5-d0bf-4b20-4f02-08db39d048da
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: tva4n6uujhvW74X6KXPpk4vtc7hSCFZuuPy+uG0f9OlowxC6o7pek38K9/aeWrOfyyxdEYNuujypl8sV6CT7wxeac2MIVAUjN7UBTyK75E+gaCq1T/SwvUPqCzy7yW6MnGD0/p5twa83c0939JGX1DjHaGfsSYeB7Q2ZC+g685lTm71fqLPlyVbhYZibYeUHi8onPYkYwk7RGhSBUYinNpHmukvKr3EhwWcLxW1zXOyinulN/yTLMTkORtn33EZZPidm9RERKJ1jZ05KxWx4p92ZmeOvdTskRvRg7H8v4eRYkwBUEqV60kC8oN7d4J5kiBgZqLiAV3kBEbItVkxer6HpeDYhv91zrszCTzLRMUMHDjMTxfAnzgdQboWkznCbBGEm/nMHbZVYresDH1ShsSO3prikbGyPIEdNqtQJxl+eBxUTjGTHunDdEdYMNTYxYte2u4AJ00/iQKPA1tIzAEeAjOQXmRL9tPRJ0eFFAIX5zZSAX4G30hCF+QfduBf4Q0TykHKTssXNnxLP24JIXuEyX9zNYXM/zHRqnxwqqiZQSLInCw49z5E7MBMHeG5AFn74AP7w5vDUdo8um8KuhdgMS10RNMCyg06M/tAnOJ3gR6VFOhB620aswiPeLV2aJPe0HDsuDDUrFavNghGc0BcFxidnnW42TOQrFPYMMWo=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PA4PR07MB7568.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(396003)(136003)(376002)(366004)(39860400002)(346002)(451199021)(71200400001)(7696005)(478600001)(86362001)(55016003)(33656002)(83380400001)(38070700005)(38100700002)(99936003)(82960400001)(122000001)(44832011)(2906002)(54906003)(110136005)(316002)(6506007)(186003)(53546011)(26005)(9686003)(64756008)(66446008)(8936002)(4326008)(5660300002)(52536014)(8676002)(41300700001)(66476007)(66556008)(76116006)(66946007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ZMyfbHksomlZWt++jZxiaTDuoKeysWi0v59O6lLRa3eR4nUk5ITodoGAd7mziMOBne6mQO5YigaGRg1yQt2xJGF+QgFCWy9roOzd0YMhjyun8NPPDY+L+6V4FUASCm6gIW3zvgE/m111Y0T/QUG+muanGvt954MZ+Kbf5KYBnzAzOBBZp3m7qnkQpTrw/4/PIe0XGn/3Ff7bBq+o8+2AemvRjh5GKKkk6cxhbNZNOylOXL9ircuCvR/KzBXPgP+rnFcPYiLEUN2MSJgIA9WmesmV5SSxxeB57QWdDwPIj2znvO8WFz2/pMfqAYNMHv+LyMHTrdpJp008pGBFxjMHNPY4v3GvOG/QLO+cQlnvPG72bQqV05lJhVRlAW4M02g4w/LIrNNEZfJFCaIbeQowMC08KdtZ0UdEcv42PLsIAl0BZTjdeQUfP8QdCvx8bg+YFSoVvVzCo5FDhhSJ5SML3ZXP0vPj3Csvhr0D12wxwT3HkYGwASyRUnRmg2fXMQLwqpZdgHgdQwvSNFy/PVTJkU0n/4VqMhhdQRMnCGJARLVGhNrZjYfO0DrrEUjylNRgOE8Gav12VVmUptEUCjMoqnhl/3H0abA1Nhpoe8sxekHJ2guidP8a/3eITyMirIJaHJ83K8y06bm+aOmTRApjXUNeLwP3DDK/SxMesjz6ImKuqMtLLJOdmDQB6CmTFF9DZQE11z55vRolYXydW0DG9QYPB9BEKAnXyh5LQGa6O+t+k2E7oUePcjG2gYmCIggrf+s4vAuXJZJke13lbXn5plfa8Rhe+pjCkmVzEGartxyBOenMDWhzoDm4p7m/+4Deb4YpfVPgFDioLB6gYbf4EDbu/mtM3rJAilRigvMriPtsP+gj44cwUP2tQIpq8x9va9Rgg0iktwIxOtBZqqtZW8xWy5GAfFlmosHPel7ItgBPAAGJY3919yzGEMaQd289aYFBv22uj87N3FQ0K276UA1uRC3+lQppv/1Fbl05nQX6o4d3X3SdciAUVjs2Of0scLTabwcVOVWi9Iy1Ehs3JJK/8N+POO6tvz/gU7pdSrZ57mkFQQchDqoA3TznokC4iROAKIYp1xUhsFNg/ToBOO+yxTqwmHWJMyh4BvcDDX+KHij1z3x8l3M+DbHu2MlMi1somQyDF8vgj2mOZxLgusC6BBR9TR700a7nY4i0VYTdTUwleeu8Sd/+7A9H4kFTYUn9hgu02C9ku8/Qw6bKD2eIB/QGER9tjR56D1uPsKYPAa9iAw9hjcOoCBAlFMDLVSMpsocHagB5FlE+TvuAtU8+mFcbl8QZTf+mG8CnCucy1HE7Q9BzdYUUK4P6NK7TiB5mErSN+FIdhfYMTqRSilLGLyMdCI3TzXoyFK4t1OMmYgbIax8BoAOrYqxjLWwkzMrZuDkUfNw3LCfW8Jc3jRWs/AuZAnikcfnlBSw1l9zkxx20T5TKvtgNYfe03j8pFtj797xoHB6TKW64mBJ02F0wVtKGRorgmFkEm/3CB4eIrYcNPHL1YuCX9tzkftR3lnP8ogp94YLQV+iyqfppvIzHKv0Qf1jlHBStRQ6Q/Ik9FvfN/nMm2dYW5N8e3U8gqC3yx1duN3XwL47cAIz2BQ==
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_0021_01D96BC9.EA339D70"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PA4PR07MB7568.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d5fb36c5-d0bf-4b20-4f02-08db39d048da
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Apr 2023 14:31:34.0864 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Zpt0ocyHXUViG5MkZrwF9TvywIOnEVYjdnBqrvIJbaOKm7ZlmDJ3ZQgT3I5Xov0duLV5wrLvKsM3ddl5AtHL3SlT/itcE3WiSGwWx9mScIE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR07MB9454
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/t0sdadg2MkD4FOwzyR63I9MfEuI>
Subject: Re: [tsvwg] Initial handshaking and PMTU in RFC9260
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Apr 2023 14:31:44 -0000

Hi Michael,
Thank you, the way FreeBSD's approaches the problem is reasonable and I agree that it's a pure implementation issue.

Best regards,
Claudio

-----Original Message-----
From: tsvwg <tsvwg-bounces@ietf.org> On Behalf Of tuexen@fh-muenster.de
Sent: Thursday, 6 April 2023 18:53
To: Claudio Porfiri <claudio.porfiri=40ericsson.com@dmarc.ietf.org>
Cc: tsvwg IETF list <tsvwg@ietf.org>; Randall Stewart <randall@lakerest.net>
Subject: Re: [tsvwg] Initial handshaking and PMTU in RFC9260

> On 5. Apr 2023, at 15:03, Claudio Porfiri <claudio.porfiri=40ericsson.com@dmarc.ietf.org> wrote:
> 
> The SCTP protocol specifies that INIT ACK contains the State Cookie and that such State Cookie shall be kept as small as possible but it can be up to 2^16 bit.
Hi Claudio,

the INIT ACK chunk can be up to 2^16 byte and contains the state cookie as a mandatory parameter. So
the state cookie can't be 2^16 bytes, since it needs to fit into the INIT ACK chunk. But in general:
yes, this can be large and in the order of 64KB.
Although I haven't see in practice (!= testing) such large state cookies or INIT ACK chunks.
> The COOKIE ECHO shall also contain the State Cookie received in INIT ACK.
Correct.
> An Implementation Note in Section 3.3.3 also specifies that
> An implementation MUST be prepared to receive an INIT ACK chunk that is quite large (more than 1500 bytes) due to the variable size of the State Cookie and the variable address list. For example, if a responder to the INIT chunk has 1000 IPv4 addresses it wishes to send, it would need at least 8,000 bytes to encode this in the INIT ACK chunk.
That is correct.
>  A large State Cookie may lead to an SCTP Packet larger than the PMTU and the recommendation doesn’t provide a description of SCTP packets containing Control Chunks for being split.
RFC 9260 describes how to fragment a user message into multiple DATA chunks and also how to do the reassembly.
However, you can't fragment control chunks. Partial chunks are explicitly not allowed. Therefore, if an SCTP
implementation needs to send a control chunk which exceeds the PMTU, this must be done by using IP level
fragmentation.
> May be beneficial if the Implementation Note in Section 3.3.3 also recommends to set the IP “Don’t Fragment” BIT to FALSE during initial handshake?
This is left implementation dependent. For example, the sender of the packet containing an INIT chunk (which can also
be large), might set the DF flag on the transmission, but not on retransmissions. This would allow to learn the
PMTU if a PTB message is sent back (and the reflected packet contains the initiate tag) and would survive the handshake
on the first retransmission. If you prefer to finish the association setup fast and will don't want to learn about
PMTU limits, you might send also the initial transmission with the DF bit cleared. The same applies to the COOKIE ECHO.
Things are different for the INIT ACK, since you don't have an TCB. So you might send that with the DF bit cleared.
A COOKIE ACK is small... However, all this is IPv4 specific.

Right now, FreeBSD sends the INIT and INIT ACK, and the COOKIE ECHO with the DF bit cleared. But that is an implementation
choice and one might do it differently for the INIT and COOKIE ECHO.

Best regards
Michael
>  Thanks,
> Claudio Porfiri