IETF Logo Mail Archive

Re: [v6ops] Operational Consensus on deployment

Tore Anderson <tore@fud.no> Thu, 07 August 2014 18:12 UTC

Return-Path: <tore@fud.no>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFB571A0368 for <v6ops@ietfa.amsl.com>; Thu, 7 Aug 2014 11:12:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mtgGYta2vMUp for <v6ops@ietfa.amsl.com>; Thu, 7 Aug 2014 11:12:49 -0700 (PDT)
Received: from greed.fud.no (greed.fud.no [IPv6:2a02:c0:1001:100::145]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10D871A032A for <v6ops@ietf.org>; Thu, 7 Aug 2014 11:12:49 -0700 (PDT)
Received: from [2a02:fe0:c411:a000::1] (port=37274 helo=envy.fud.no) by greed.fud.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <tore@fud.no>) id 1XFSB4-0001XU-8B; Thu, 07 Aug 2014 20:12:38 +0200
Message-ID: <53E3C195.9070205@fud.no>
Date: Thu, 07 Aug 2014 20:12:37 +0200
From: Tore Anderson <tore@fud.no>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.7.0
MIME-Version: 1.0
To: Philip Homburg <pch-v6ops-3@u-1.phicoh.com>, Lee Howard <Lee@asgard.org>
References: <DE860EBC-171E-46E7-A3B6-5E8B79A453CC@cisco.com> <53DFEC6C.3010707@gmail.com> <CAD6AjGRUWxT5XiNxMi_S5VgYtGMLb_FVHXN-ZfGpcY=geix15g@mail.gmail.com> <53E06AC9.9010908@fud.no> <4F7D76F6-BD81-453B-94DC-A3C3DFF68505@delong.com> <8600C096-37D0-4651-92C1-BCFDBA674433@nominum.com> <CAD6AjGTBfyT-zNDJtBKCNtRxd=Hi07678Sr_-HgSGYbjAiF3Tg@mail.gmail.com> <C5281716-DC04-42E6-AC82-0D53E5DA0284@nominum.com> <53E1236A.605@fud.no> <m1XEkJJ-0000BuC@stereo.hq.phicoh.net> <20140805195402.GO51793@Space.Net> <m1XElwg-0000BbC@stereo.hq.phicoh.net> <D00834AF.68B6C%Lee@asgard.org> <m1XFNF3-0000BjC@stereo.hq.phicoh.net>
In-Reply-To: <m1XFNF3-0000BjC@stereo.hq.phicoh.net>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/OoaMaYO5HTMM6vJpOUrD5OMaaGY
Cc: IPv6 Ops WG <v6ops@ietf.org>
Subject: Re: [v6ops] Operational Consensus on deployment
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Aug 2014 18:12:51 -0000

* Philip Homburg

> One of my replies to Tore already contains an example. Middle box
> implements MSS clamping wrong. This breaks IPv4 for any service that
> has a path MTU of less then the PPPoE MTU.

You're quite right that the header size difference between IPv4 and IPv6
is something one would need to consider. This consideration is similar
to that to other tunneling or translation mechanisms like GRE, DS-Lite,
MAP, 6RD, PPPoE and so forth. There are some differences though:

- It is only really a concern for packets flowing in the client->server
direction (IPv4->IPv6), as a 1500 byte large packet originated by the
IPv6 server would be translated into a 1480 byte large IPv4 packet,
which isn't problematic. (For content providers, most large packets go
in the unproblematic server->client direction.)

- All potential issues can be mitigated by raising the MTU by 20 bytes
(to 1520) in the IPv6 domain (to 1520). While this is of course true for
all the other mechanisms I mentioned too, actually doing it is likely to
be easier to do in a data centre environment than e.g. in an ISP's
access network.

- There is no need for TCP MSS clamping, as the IPv6 servers will
advertise an appropriate TCP MSS to the clients (1440). This causes the
IPv4 clients to limit their packet size to 1480, which translates into
1500 byte large IPv6 packets.

- Finally, for protocols other than TCP (and other protocols that have a
mechanism similar to TCP's MSS), there are two things that can happen
for IPv4 packets larger than 1480 bytes destined for an IPv6 server
(assuming the IPv6 domain's MTU is 1500):
  - If the DF flag is set, it's PMTUD time, as the SIIT gateway will
    emit an ICMPv4 Fragmentation Needed packet. This is likely
    unreliable.
  - If the DF flag isn't set, it results in a fragmented IPv6
    packet. This can be reliable, as the fragmented packets do not
    propagate out of the data centre, and as such the operator can
    ensure that they work.

In any case, the draft already discusses this:

http://htmlpreview.github.io/?https://github.com/toreanderson/ietf/blob/master/siit-dc.html#rfc.section.3.8

Please let me know if you find any of the text there is incorrect,
confusing, incomplete, or if you have other suggestions on how to
improve it.

Tore

v2.23.0 | Report a Bug | By Email