IETF Logo Mail Archive

Re: [tsvwg] New Version Notification for draft-touch-tsvwg-udp-options-05.txt

"C. M. Heard" <heard@pobox.com> Tue, 28 February 2017 18:58 UTC

Return-Path: <heard@pobox.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F163A1293D6 for <tsvwg@ietfa.amsl.com>; Tue, 28 Feb 2017 10:58:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.202
X-Spam-Level:
X-Spam-Status: No, score=-2.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com; domainkeys=pass (1024-bit key) header.from=heard@pobox.com header.d=pobox.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w6Aau_am_N0s for <tsvwg@ietfa.amsl.com>; Tue, 28 Feb 2017 10:58:47 -0800 (PST)
Received: from sasl.smtp.pobox.com (pb-smtp1.pobox.com [64.147.108.70]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57B6612896F for <tsvwg@ietf.org>; Tue, 28 Feb 2017 10:58:47 -0800 (PST)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id 7EC176C602 for <tsvwg@ietf.org>; Tue, 28 Feb 2017 13:58:45 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=mime-version :from:date:message-id:subject:to:cc:content-type; s=sasl; bh=pa5 eOExKS6lKkn1cCCLyh8N/oVA=; b=RAGqlvre6W6Z+QwB6AJL/opxG54lY9PdHwk Y8L1vC/HRX3ZhTIi9MygErhV+18PBGt1tWGIQOBN+WJdEWg8xc9XbgWy7mF9giXk OMrDDdAvdVSG4gozQlY3wLTXruSZkeXs7EYVtRcHDaxoqmcEmViVyCMHEpGBTyyM Fmv/LIzQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=mime-version :from:date:message-id:subject:to:cc:content-type; q=dns; s=sasl; b= iQToYb9R4qAL6/f3/X+cmwVHlP+JrCxcwYjMoBRe2RemtfxRlSKmd4iqGf6qbx5w n8FPjHVWFP3KK/OjpwVY/MyoVvBhPU8nxc7uKfcjfDY9AbqeWDBG0G1ZdFNaMwXG ZgoLUXM1/fnWpCxrnDrih+D3XJ+wxxQukwjm+N03K70=
Received: from pb-smtp1.nyi.icgroup.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id 748C36C600 for <tsvwg@ietf.org>; Tue, 28 Feb 2017 13:58:45 -0500 (EST)
Received: from mail-qk0-f174.google.com (unknown [209.85.220.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp1.pobox.com (Postfix) with ESMTPSA id DFE386C5FE for <tsvwg@ietf.org>; Tue, 28 Feb 2017 13:58:44 -0500 (EST)
Received: by mail-qk0-f174.google.com with SMTP id u188so33325689qkc.2 for <tsvwg@ietf.org>; Tue, 28 Feb 2017 10:58:44 -0800 (PST)
X-Gm-Message-State: AMke39nI2MtVVYOObd1wR/evbh0h0XJ6OaF0B2rhsU5PQvEq+ah2+DzU3qiKIh1x8su0bm9zC/D1VVcPQyD8Aw==
X-Received: by 10.233.223.129 with SMTP id t123mr4337326qkf.191.1488308324407; Tue, 28 Feb 2017 10:58:44 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.18.106 with HTTP; Tue, 28 Feb 2017 10:58:24 -0800 (PST)
From: "C. M. Heard" <heard@pobox.com>
Date: Tue, 28 Feb 2017 10:58:24 -0800
X-Gmail-Original-Message-ID: <CACL_3VFeJs7KzG9Bchh15bfZ3CmaOPWcfisEreNoGYK5CsEJ+g@mail.gmail.com>
Message-ID: <CACL_3VFeJs7KzG9Bchh15bfZ3CmaOPWcfisEreNoGYK5CsEJ+g@mail.gmail.com>
To: Joe Touch <touch@isi.edu>
Content-Type: text/plain; charset="UTF-8"
X-Pobox-Relay-ID: EDBED668-FDE7-11E6-865B-FE3F13518317-06080547!pb-smtp1.pobox.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/y7bBGgeYDRaPnjmaiTaLAZ3vA28>
Cc: Mark Smith <markzzzsmith@gmail.com>, tsvwg <tsvwg@ietf.org>
Subject: Re: [tsvwg] New Version Notification for draft-touch-tsvwg-udp-options-05.txt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Feb 2017 18:58:49 -0000

Greetings,

I am very pleased with the latest version of this draft, and in particular
with the proposed Fragmentation option. It cleanly solves the problem of
providing an optional fragmentation capability in UDP that can be
incrementally deployed. It appears to be a viable way to solve the problem
of fragmented DNSSEC responses getting dropped because of middleboxes
filtering IPv4 or IPv6 fragments. Application layer solutions have been
proposed (see https://tools.ietf.org/html/draft-muks-dns-message-fragments),
but the current proposal has the advantage that it will work for any
UDP-based protocol. It will work especially well for request-response
protocols such as DNS where the requests typically are small (not requiring
fragmentation) but the responses may be large. To use it, the client sends
the request in an unfragmented UDP datagram but appends a Fragmentation
option with Offset and M both zero. If the server does not support UDP
options, it ignores the trailing option and behaves as it does today. If
the server does support UDP options and the response won't fit in a single
UDP datagram without causing IP layer fragmentation, it transmits the
response in several datagrams, using the UDP fragmentation options. This
will work especially well for IPv6, where the path MTU is guaranteed to be
at least 1280 bytes.

Back in 2013 several proposals for UDP layer fragmentation surfaced during
a discussion on the 6man list about whether to deprecate IPv6 fragmentation
(one was in https://www.ietf.org/mail-archive/web/ipv6/current/msg18703.html).
None of those proposals solved the problem of incremental deployability,
however, as this one does. Thanks and congratulations for coming up with
an elegant solution.

I do have some technical comments to make on the Fragmentation option.

First, I would like to suggest that the post-reassembly user data length
and optionally a post-reassembly user data checksum appear in the UDP
Fragmentation option. The reason for including a post-reassembly length is
to provide a hint to the implementation how much buffer space to reserve;
in order to be foolproof in the face of packet reordering, this needs to be
in every fragment. The optional post-reassembly checksum would need to be
in at least one Fragmentation option and (like the post-reassembly length)
would have to have be the same if it appeared more than once. Its main
value is that it provides a stronger verification that the reassembly
process was done correctly than the fragment-by-fragment checksum in
the UDP header. Finally, if used in conjunction with the Lite option, it
provides a means to overcome the following issue:

   The Fragmentation option needs to be used with extreme care because
   it will present incorrect datagram boundaries to a legacy receiver.

If the Fragmentation option includes its own post-reassembly checksum,
then a Lite option could be inserted immediately following the UDP
header in each fragment, without loss of functionality. Implementations
that do not support UDP options would see UDP fragments so constructed
as empty UDP datagrams and would discard them, removing the danger of
accidental misinterpretation.

I also have an editorial comment on this option. Figure 15 shows the option
length as 12 bytes and the Identification field length as 8 bytes, while the
text says that the Identification field is 32 bits (4 bytes). This figure
needs to be updated to match the text (whatever that turns out to be) and
it also needs a new caption.

Finally, the text is silent on how Alternate Checksum (ACS) interacts with
the Lite option and with the Fragmentation option. My assumption would be
that ACS covers the entire payload in one datagram, irrespective of the
presence or absence of Lite and Fragmentation, but it would be good to
make this explicit.

Thanks and regards,

Mike Heard

On Mon, 27 Feb 2017 15:30:59 -0800, Joe Touch wrote:
>
> Hi, all,
>
> A new version of the UDP options proposal has been posted.
>
> It adds:
>
>     - fragmentation based on IPv6's mechanism (thanks to Mark Smith)
>
>     - MSS (thanks to Mark Smith) and TS based on TCP's mechanism
>
>     - auth/encryption based on TCP-AO and its extensions
>
> It clarifies the report of a non-compliant legacy device (thanks to Mike Heard).
>
> It also adds a discussion on control block caching, ala RFC2140 for TCP.
>
> Feedback welcome.
>
> Joe
>
> -------- Forwarded Message --------
> Subject: New Version Notification for draft-touch-tsvwg-udp-options-05.txt
> Date: Mon, 27 Feb 2017 15:24:32 -0800
> From: internet-drafts at ietf.org
> To: Joseph Touch <touch at isi.edu>, Joe Touch <touch at isi.edu>
>
>
> A new version of I-D, draft-touch-tsvwg-udp-options-05.txt
> has been successfully submitted by Joe Touch and posted to the
> IETF repository.
>
> Name: draft-touch-tsvwg-udp-options
> Revision: 05
> Title: Transport Options for UDP
> Document date: 2017-02-27
> Group: Individual Submission
> Pages: 20
> URL: https://www.ietf.org/internet-drafts/draft-touch-tsvwg-udp-options-05.txt
> Status: https://datatracker.ietf.org/doc/draft-touch-tsvwg-udp-options/
> Htmlized: https://tools.ietf.org/html/draft-touch-tsvwg-udp-options-05
> Diff: https://www.ietf.org/rfcdiff?url2=draft-touch-tsvwg-udp-options-05
>
> Abstract:
>    Transport protocols are extended through the use of transport header
>    options. This document experimentally extends UDP by indicating the
>    location, syntax, and semantics for UDP transport layer options.
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat

v2.23.0 | Report a Bug | By Email