Re: [v4tov6transition] IPv6 VPNs configured over 1280 MTU tunnels

Washam Fan <washam.fan@gmail.com> Tue, 12 October 2010 05:47 UTC

Return-Path: <washam.fan@gmail.com>
X-Original-To: v4tov6transition@core3.amsl.com
Delivered-To: v4tov6transition@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E2C383A6899; Mon, 11 Oct 2010 22:47:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.254
X-Spam-Level:
X-Spam-Status: No, score=-2.254 tagged_above=-999 required=5 tests=[AWL=-0.255, BAYES_00=-2.599, J_CHICKENPOX_41=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ib4AhV3SxUj2; Mon, 11 Oct 2010 22:47:15 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by core3.amsl.com (Postfix) with ESMTP id AAE383A6AB9; Mon, 11 Oct 2010 22:47:14 -0700 (PDT)
Received: by wyb29 with SMTP id 29so1413425wyb.31 for <multiple recipients>; Mon, 11 Oct 2010 22:48:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=jk0e1/nIPL70EXq1+QZlcxi5x6r9b61UxMH9/vDPup8=; b=swE1j6nFxonpkk1PHip6gMvR/brdGJAVCuTLyPzx12vOa12dKY0Y1JnVW1jjRzOCdq h9Aic5mKE4zhQ2N+xYnRU0o4xY+dXoDMG2VNToqbQFnH7P+S6nBr6YqzZY85JEPGt0QS nPG+VlubbHRAJN9stsDMrzZtawodp1CnoPOOI=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=cyXgRKkpixD/b1J5NZp0QR5YnF8UA9FkPT4gr1JTZRw4J6nmRAQeVWZw5iwNai/7fp hKBaaMyhVv5wlPfiGgzIzFfP4XqJ6fprkRcXdKL/jGWNIRBzL9RSx84NBDAg7T8+vvzu 6r568IZbdY94c9SynI6Pk2XHOzXMx5Cyha+o0=
MIME-Version: 1.0
Received: by 10.227.134.69 with SMTP id i5mr6324313wbt.165.1286862507616; Mon, 11 Oct 2010 22:48:27 -0700 (PDT)
Received: by 10.216.17.206 with HTTP; Mon, 11 Oct 2010 22:48:27 -0700 (PDT)
In-Reply-To: <E1829B60731D1740BB7A0626B4FAF0A65C59B79A26@XCH-NW-01V.nw.nos.boeing.com>
References: <C8D29306.3EDBD%yiu_lee@cable.comcast.com> <279A3292-A291-4BC0-8FCF-53120066931E@free.fr> <E1829B60731D1740BB7A0626B4FAF0A65C59B7982A@XCH-NW-01V.nw.nos.boeing.com> <AANLkTimqUL4qADuguJVBCCnTCyaNxgVSbU41ZvGQPZ4d@mail.gmail.com> <E1829B60731D1740BB7A0626B4FAF0A65C59B79A26@XCH-NW-01V.nw.nos.boeing.com>
Date: Tue, 12 Oct 2010 13:48:27 +0800
Message-ID: <AANLkTimdbMHWRFAJFvahqds5MySNnQCo2MiUBwDjqDhi@mail.gmail.com>
From: Washam Fan <washam.fan@gmail.com>
To: "Templin, Fred L" <Fred.L.Templin@boeing.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: Softwires <softwires@ietf.org>, "v4tov6transition@ietf.org" <v4tov6transition@ietf.org>
Subject: Re: [v4tov6transition] IPv6 VPNs configured over 1280 MTU tunnels
X-BeenThere: v4tov6transition@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <v4tov6transition.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/v4tov6transition>, <mailto:v4tov6transition-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v4tov6transition>
List-Post: <mailto:v4tov6transition@ietf.org>
List-Help: <mailto:v4tov6transition-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v4tov6transition>, <mailto:v4tov6transition-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Oct 2010 05:47:17 -0000

Hi Fred,

I might see your points.

Let H represents Host, N represents NAT, S represents the 6a44
servers. PMTU(H,S) stands for the PMTU between H and S. HOME_MTU
represents MTU within home LAN (i.e., unmanaged network), SP_MTU
represents MTU within SP network(i.e., managed network). We assume
both SP_MTU and SP_MTU should exceed or equal to 1308.

if HOME_MTU>=SP_MTU, PMTU(H,S)=SP_MTU, the H could configure SP_MTU-28
as the IPv6 virtual interface MTU.
H->S direction: if S received or trigger any ICMPv6 PTB messages, it
can forward ICMPv6-in-UDP-in-IPv4 to H.
S->H direction: S would reject any IPv6 packets exceeding SP_MTU-28
with ICMPv6 PTB.
I don't see problems here.

If HOME_MTU<SP_MTU,PMTU(H,S)=HOME_MTU, the H could configure
HOME_MTU-28 as IPv6 virtual interface MTU.
H->S direction: if S received or trigger any ICMPv6 PTB messages, it
can forward ICMPv6-in-UDP-in-IPv4 to H. I don't expect the size of the
encapsulated packet is too much.
S->H direction: if S forward some IPv6 packets whose size is between
HOME_MTU-28 and SP_MTU-28, N might trigger a ICMPv4 PTB or filtering
them. For the former, S might don't have enough info to infer which
IPv6 original packet it is related, for the latter, black hole might
occur. I see problems here.

Thanks,
washam

2010/10/12 Templin, Fred L <Fred.L.Templin@boeing.com>om>:
> Hi Washam,
>
>> -----Original Message-----
>> From: Washam Fan [mailto:washam.fan@gmail.com]
>> Sent: Monday, October 11, 2010 7:38 PM
>> To: Templin, Fred L
>> Cc: Rémi Després; Softwires; v4tov6transition@ietf.org
>> Subject: Re: [v4tov6transition] IPv6 VPNs configured over
>> 1280 MTU tunnels
>>
>> Hi,
>>
>> If 6a44 deployed in a managed ISP network, the 6a44 client could be
>> configured with IPv4_MTU-28 for its IPv6 MTU.
>
> My understanding is that the 6a44 server is in the managed
> ISP network, and the 6a44 client is in the UNmanaged end
> user network.
>
>> For inbound direction,
>> 6a44 server would reject any IPv6 packets whose size exceeds
>> IPv4_MTU-28 with a ICMPv6 PTB message, so no ICMPv6-ICMPv4 translation
>> needed.
>
> Huh? How does the server have any idea what MTU the client
> set on its tunnel interface? The client is behind a NAT in
> an unmanaged end user network. Are you expecting the server
> to probe the path MTU to the client and maintain state? (An
> IRON server might be in position to do something like that,
> but I was assuming the 6a44 server would be stateless, right?)
>
>> For outbound direction, 6a44 server would encapsulate any
>> ICMPv6 PTB messages it received in UDP in IPv4, and then forward to
>> the 6a44 client, so no NAT filtering worried.
>
> Correct, but no one has suggested an MTU problem for what
> happens to IPv6 packets *beyond* the tunnel; we are only
> discussing the case of MTU issues *within* the tunnel.
>
> Fred
> fred.l.templin@boeing.com
>
>> Thanks,
>> washam
>>
>> 2010/10/12 Templin, Fred L <Fred.L.Templin@boeing.com>om>:
>> > Remi,
>> >
>> >> -----Original Message-----
>> >> From: Rémi Després [mailto:remi.despres@free.fr]
>> >> Sent: Monday, October 11, 2010 10:05 AM
>> >> To: Templin, Fred L
>> >> Cc: Washam Fan; Softwires; v4tov6transition@ietf.org
>> >> Subject: Re: [v4tov6transition] IPv6 VPNs configured over
>> >> 1280 MTU tunnels
>> >>
>> >>
>> >> Le 11 oct. 2010 à 18:42, Templin, Fred L a écrit :
>> >>
>> >> >> ...
>> >> >> Actually, the 6a44 specification should, instead of 1280,
>> >> >> require IPv4 MTU - 28 octets, both for hairpinning and
>> >> >> traversal cases.
>> >> >
>> >> > How can you be sure that IPv4 PMTUD will work in
>> >> > the traversal case?
>> >>
>> >> In the to-host direction, because the ISP network is all what
>> >> is left to traverse before reaching the CPE.
>> >
>> > In what you call the to-host direction, any ICMPv4
>> > returned from the ISP network might not have enough
>> > information for stateless translation to ICMPv6.
>> >
>> >> In the from host direction, one can't be sure, but doesnt' need to.
>> >> If a smaller PMTU is encountered further downstream, a PTB
>> >> ICMPv6 error message will be returned from there.
>> >
>> > In the from-host direction, any ICMPv4 returned from
>> > the ISP network might not be delivered to the tunnel
>> > endpoint due to NAT filtering, and might not have
>> > enough information for stateless translation to ICMPv6.
>> >
>> > Fred
>> > fred.l.templin@boeing.com
>> >
>> >> RD
>> >
>>