IETF Logo Mail Archive

Re: [v6ops] draft-pauly-v6ops-happy-eyeballs-update-01

Mikael Abrahamsson <swmike@swm.pp.se> Thu, 30 March 2017 06:59 UTC

Return-Path: <swmike@swm.pp.se>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E0941293E9 for <v6ops@ietfa.amsl.com>; Wed, 29 Mar 2017 23:59:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Level:
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=swm.pp.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23fDcm7-6aiG for <v6ops@ietfa.amsl.com>; Wed, 29 Mar 2017 23:59:48 -0700 (PDT)
Received: from uplift.swm.pp.se (ipv6.swm.pp.se [IPv6:2a00:801::f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B3051272E1 for <v6ops@ietf.org>; Wed, 29 Mar 2017 23:59:48 -0700 (PDT)
Received: by uplift.swm.pp.se (Postfix, from userid 501) id EB6B2A5; Thu, 30 Mar 2017 08:59:44 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=swm.pp.se; s=mail; t=1490857184; bh=cbqKbOr35K5PMnTkGhDVOgEneshuH/DAcTChI199FyE=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=qzeIM2MuE2gK/T0A1cWTccTuvTKXyAWfVDbogkasdDLUHlCHvAoyzqkx2BjjYIeDR ugYkU2wk8YOkYHkikA/TVMdI5d0ajkHlzJ7M7+vPFcwkMlX1Hd/iZR/bd5k8kc5TZU +o/xc6Qi6s9w+ZSHvRE9UFNsbNN6/saFSrHQu3wk=
Received: from localhost (localhost [127.0.0.1]) by uplift.swm.pp.se (Postfix) with ESMTP id E6A63A4; Thu, 30 Mar 2017 08:59:44 +0200 (CEST)
Date: Thu, 30 Mar 2017 08:59:44 +0200
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
cc: IPv6 Ops WG <v6ops@ietf.org>
In-Reply-To: <34A0BBC1-E9C9-4856-BBB5-F6A2B9F4C72F@consulintel.es>
Message-ID: <alpine.DEB.2.02.1703300845190.30226@uplift.swm.pp.se>
References: <CAD6AjGSxKftRXGfJ67rYN6Ccr961HMuU69Y=SSwnemvmsqddNQ@mail.gmail.com> <34A0BBC1-E9C9-4856-BBB5-F6A2B9F4C72F@consulintel.es>
User-Agent: Alpine 2.02 (DEB 1266 2009-07-14)
Organization: People's Front Against WWW
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="-137064504-1038791073-1490857184=:30226"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/bk5r9Fu9whG8eRDM7fsVVVLiPcA>
Subject: Re: [v6ops] draft-pauly-v6ops-happy-eyeballs-update-01
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2017 06:59:51 -0000

On Wed, 29 Mar 2017, JORDI PALET MARTINEZ wrote:

> May be this is related to the US ESTA payment page, as it is broken since several years ago (unless they sorted it out after I paid my renewal about 5 months ago), and nobody is paying attention or even responding to the emails to their contacts …
>
> HE doesn’t even solve their problem, as it is related to PMTUD broken, 
> so only if you know this and are an engineer know how to disable IPv6 to 
> be able to access the payment … Nice example from a government :-(

I agree with both Lorenzo and Jordi here, there are multiple problems that 
won't get fixed, having "hard" failures doesn't seem to help that much at 
this time, but with the PMTUD failure mode as well (which might not be 
discovered until TCP handshake is already done), what about adding 
additional methods to try?

"normal HE mode with IPv4/IPv6"
If these fails, let's say 500ms
"try NAT64 method" (what Lorenzo proposed)

if these succeed but I'm not getting any data (for instance my GET / seems 
to time out, no data for 5 seconds)

then I try again but with TCP MSS 1200 and PMTU 1280 (I purposely went 
below MSS 1220, perhaps there is no reason to).

In Linux one could do this with adding a host route to the specific 
destination with lower MTU and ADVMSS values (I have no idea what other 
operating systems have available). I know this requires a lot more logic 
and might be invasive all the way up to the application layer, but I think 
it's the only way to really work around the PMTUD problem. It would also 
be nice if there were some reporting mechanism (diagnostics reporting) so 
that the devices could make a list of services that it needed to fallback 
to this behaviour to, both for diagnostics reporting and potentially also 
for caching what method to try so that any subsequent attempts to the same 
DNS/IP address by default went to the MSS1200 method from the beginning?

We should probably also say that PLMTUD should be default-on (as far as I 
can tell it's supported for TCP in a lot of operating systems, but it's 
not default on?). This would also workaround the problem.

I know if we do the above there is much less reason for people to fix 
their PMTUD hindering problems... but isn't it still better to do it this 
way than to have user breakage, especially for users who are behind new 
technology and this breakage is hindering that new technology because ISPs 
are afraid to deploy it?

-- 
Mikael Abrahamsson    email: swmike@swm.pp.se

v2.23.0 | Report a Bug | By Email