IETF Logo Mail Archive

Re: [v6ops] PMTUD issue discussion

Mark Andrews <marka@isc.org> Tue, 09 September 2014 21:20 UTC

Return-Path: <marka@isc.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A87B21A8549 for <v6ops@ietfa.amsl.com>; Tue, 9 Sep 2014 14:20:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.553
X-Spam-Level:
X-Spam-Status: No, score=-8.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.652, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K_fkB37s2B7K for <v6ops@ietfa.amsl.com>; Tue, 9 Sep 2014 14:20:08 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6CEA1A0299 for <v6ops@ietf.org>; Tue, 9 Sep 2014 14:19:52 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.pao1.isc.org (Postfix) with ESMTP id 6E97C3493A2; Tue, 9 Sep 2014 21:19:50 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 8612216005D; Tue, 9 Sep 2014 21:22:35 +0000 (UTC)
Received: from rock.dv.isc.org (c211-30-183-50.carlnfd1.nsw.optusnet.com.au [211.30.183.50]) by zmx1.isc.org (Postfix) with ESMTPSA id 1FFA016005A; Tue, 9 Sep 2014 21:22:35 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 69A5B1F2609A; Wed, 10 Sep 2014 07:19:47 +1000 (EST)
To: "Templin, Fred L" <Fred.L.Templin@boeing.com>
From: Mark Andrews <marka@isc.org>
References: <0D370E74-688B-4EB3-A691-309A03AF20BA@cisco.com> <53FBA174.2040302@isi.edu> <53FBA6E1.90905@bogus.com> <CAPi140PMeM9omtm11+NHa2ywUfof_tE7HknKExtoEb32mm7L_w@mail.gmail.com> <71D0D5E8-80E9-430B-8ED4-16C1F99082CC@cisco.com> <54020ECC.4000000@globis.net> <CAEmG1=redpYUnv9R-uf+cJ4e+iPCf6zMHzVxeKNMGjcC=BjR+Q@mail.gmail.com> <5402C26A.8060304@globis.net> <540626F6.1020103@scea.com> <alpine.DEB.2.02.1409090948260.14735@uplift.swm.pp.se> <2134F8430051B64F815C691A62D9831832D12EED@XCH-BLV-504.nw.nos.boeing.com> <alpine.DEB.2.02.1409091701250.14735@uplift.swm.pp.se> <2134F8430051B64F815C691A62D9831832D13130@XCH-BLV-504.nw.nos.boeing.com>
In-reply-to: Your message of "Tue, 09 Sep 2014 15:45:55 +0000." <2134F8430051B64F815C691A62D9831832D13130@XCH-BLV-504.nw.nos.boeing.com>
Date: Wed, 10 Sep 2014 07:19:47 +1000
Message-Id: <20140909211947.69A5B1F2609A@rock.dv.isc.org>
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/9LU2PMaxAaeQQUP1saittkXQe7I
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, Tom Perrine <tperrine@scea.com>
Subject: Re: [v6ops] PMTUD issue discussion
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Sep 2014 21:20:10 -0000

In message <2134F8430051B64F815C691A62D9831832D13130@XCH-BLV-504.nw.nos.boeing.com>, "Templin, Fred L" writes:
> Hi Mikael,
> 
> > -----Original Message-----
> > From: Mikael Abrahamsson [mailto:swmike@swm.pp.se]
> > Sent: Tuesday, September 09, 2014 8:08 AM
> > To: Templin, Fred L
> > Cc: Tom Perrine; v6ops@ietf.org
> > Subject: RE: [v6ops] PMTUD issue discussion
> > 
> > On Tue, 9 Sep 2014, Templin, Fred L wrote:
> > 
> > > This could be problematic when PMTUD is not functioning correctly. As a
> > > result, IMHO any end system that wants to try for packet sizes larger
> > > than 1500 really should be using RFC4821 (maybe even MUST?).
> > 
> > Well, even that might not solve it as there might be devices along the
> > path that re-assemble the packets (if they're fragmented) and then
> > fragment them again, which will break things anyway.
> 
> I think RFC4821 only applies to whole packets with DF=1 (i.e., where
> all IPv6 packets implicitly have DF=1), but I get your point. 
> 
> > But yes, supporting 4821 or PMTUD blackhole detection should definitely be
> > a requirement.
> 
> OK.
>  
> > One problem is that a lot of people don't even know that sending a 16k UDP
> > packet fragmented into a bunch of smaller fragments, is a perfectly valid
> > use of IP. They're so used to TCP and its MSS that this is all they've
> > seen.
> 
> Yes, isolated large UDP packets with DF=0 must be dealt with.

Actually there is plenty of fragmented UDP traffic.  Pick just about
any IPv6 DNSSEC aware recursive nameserver and you will almost
certainly see fragmented IPv6 UDP responses.  This traffic is only
increasing as more zones become signed pushing response size well
over 1500.

Below is from BIND 9.10 which tracks UDP response sizes.  Find a
busy resolver and you will find a lot more.  The EDNS field shows
timeouts at various EDNS UDP buffer sizes.  A timeout at a small
size is counted against larger sizes as well as named tries to
workout the DNS/UDP mtu which can be as low as 512 as some firewalls
"know" that DNS/UDP payloads "never" exceeded 512 bytes.

This nameserver is behind a HE tunnel so it also has to deal with
authorative nameservers that block PTB to them.  Named also forces
fragmentation at 1280 on all sockets if it can.  The savings for a
nameserver in sending bigger packets just aren't there.

[edns success/4096 timeout/1432 timeout/1232 timeout/512 timeout]

[rock:~/ports] marka% grep srtt /var/named/named_dump.db | grep udpsize | grep -v "udpsize 512" | grep :
;	2001:500:31::63 [srtt 119657] [flags 00806000] [edns 2/0/0/0/0] [plain 0/0] [udpsize 965] [ttl 1230]
;	2001:500:2c::254 [srtt 214672] [flags 00806000] [edns 2/0/0/0/0] [plain 0/0] [udpsize 1676] [ttl 1222]
;	2001:13c7:7002:3000::11 [srtt 242467] [flags 00806000] [edns 2/0/0/0/0] [plain 0/0] [udpsize 513] [ttl 1229]
;	2001:500:60::30 [srtt 229183] [flags 00806000] [edns 4/0/0/0/0] [plain 0/0] [udpsize 1816] [ttl 1221]
;	2001:4f8:0:2::19 [srtt 82726] [flags 00806000] [edns 2/0/0/0/0] [plain 0/0] [udpsize 1626] [ttl 1221]
;	2001:500:13::108 [srtt 115528] [flags 00806000] [edns 2/0/0/0/0] [plain 0/0] [udpsize 1991] [ttl 1229]
[rock:~/ports] marka% 

> Thanks - Fred
> fred.l.templin@boeing.com
>  
> > --
> > Mikael Abrahamsson    email: swmike@swm.pp.se
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email