IETF Logo Mail Archive

Re: [v6ops] PMTUD issue discussion

joel jaeggli <joelja@bogus.com> Mon, 25 August 2014 21:13 UTC

Return-Path: <joelja@bogus.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55FC01A0351 for <v6ops@ietfa.amsl.com>; Mon, 25 Aug 2014 14:13:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level:
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.668] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SeAU3HNGLnzp for <v6ops@ietfa.amsl.com>; Mon, 25 Aug 2014 14:13:12 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1451F1A0320 for <v6ops@ietf.org>; Mon, 25 Aug 2014 14:13:12 -0700 (PDT)
Received: from mb-aye.local (c-67-188-0-113.hsd1.ca.comcast.net [67.188.0.113]) (authenticated bits=0) by nagasaki.bogus.com (8.14.7/8.14.7) with ESMTP id s7PLDAxe024265 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 25 Aug 2014 21:13:11 GMT (envelope-from joelja@bogus.com)
Message-ID: <53FBA6E1.90905@bogus.com>
Date: Mon, 25 Aug 2014 14:13:05 -0700
From: joel jaeggli <joelja@bogus.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Thunderbird/32.0
MIME-Version: 1.0
To: Joe Touch <touch@isi.edu>, IPv6 Ops WG <v6ops@ietf.org>
References: <0D370E74-688B-4EB3-A691-309A03AF20BA@cisco.com> <53FBA174.2040302@isi.edu>
In-Reply-To: <53FBA174.2040302@isi.edu>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="t86JTt1V2MNDkTQVwbF433VH2rAxdBFR4"
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (nagasaki.bogus.com [147.28.0.81]); Mon, 25 Aug 2014 21:13:11 +0000 (UTC)
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/faV0yB0imptHt6k3M61jazfaL_I
Subject: Re: [v6ops] PMTUD issue discussion
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Aug 2014 21:13:14 -0000

On 8/25/14 1:49 PM, Joe Touch wrote:
> Hi, all,
> 
> Speaking from TCPM-land, I would observe the following:
> 
> - PMTUD already has many known problems, which is why PLMTUD is
> recommended instead

I agree, operationally however I'm trying not to break existing devices
attempting to connect to me, is the motivation for the note.

> - the issue here appears to be a device that routes TCP and UDP packets
> based on a hash, but does not apply that hash to the ICMP messages
>     that's clearly an oversight of those devices.
>     ICMP feedback is a known part of the Internet architecture,
>     and any device that demultiplexes packets based on transport
>     info needs to similarly process ICMP messages

If you use source / dest / flow label or even just source / dest you
have the same issue. e.g. using the transport header for hash
computation is not required to induce this.

>     that goes for NATs, load balancers, or anything else.

This requires that I not only be transport aware but be able to parse
into the payload. As noted, the data I would need can probably be found
at a fixed offset (modula extension headers) so in fact that  is
probably feasible.

> I'm not sure what would be added other than to say "we found this
> problem here too". It's a bug that ought to be fixed, but endpoints that
> intend to be robust already know not to rely on ICMP.

I don't disagree with that sentiment.

> Joe
> 
> On 8/25/2014 10:20 AM, Fred Baker (fred) wrote:
>> http://datatracker.ietf.org/doc/draft-v6ops-pmtud-ecmp-problem
>> http://tools.ietf.org/html/draft-v6ops-pmtud-ecmp-problem
>>   "Close encounters of the ICMP type 2 kind (near misses with ICMPv6
>>   PTB)", Matt Byerly, Matt Hite, Joel Jaeggli, 2014-08-24,
>>
>> As requested at IETF 90, Joel has edited and reposted his draft. There
>> are two questions before the house:
>>   - do we want to make this a working group draft?
>>   - what do we want to do next?
>>
>> Note that, by charter, what we are not permitted to do is change
>> implementations or protocols; we are allowed to define operational
>> procedure. That said, we *can* make recommendations to other working
>> groups, asking them to change something.
>>
>> So, for example, we might ask 6man to do something specific, or we
>> might ask tcpm to do something specific. Something specific that we
>> might ask tcpm to do would be to get operational experience with RFC
>> 4821 and commit it back to open source, for example.
>>
>> _______________________________________________
>> v6ops mailing list
>> v6ops@ietf.org
>> https://www.ietf.org/mailman/listinfo/v6ops
>>
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>

v2.23.0 | Report a Bug | By Email