IETF Logo Mail Archive

Re: [v6ops] Proxy function for PTB messages on the tunnel end

Joseph Touch <touch@strayalpha.com> Mon, 22 March 2021 21:03 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A1723A118B; Mon, 22 Mar 2021 14:03:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.972
X-Spam-Level: **
X-Spam-Status: No, score=2.972 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HAS_X_OUTGOING_SPAM_STAT=2.517, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.652, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ey0r2zgn0phY; Mon, 22 Mar 2021 14:03:50 -0700 (PDT)
Received: from server217-4.web-hosting.com (server217-4.web-hosting.com [198.54.116.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B07173A1187; Mon, 22 Mar 2021 14:03:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=7kPHxtdxIVmlbO8CgAjXSxO2eHE/lqDhQnD3yN/Ba4E=; b=uTH82bhJcnNXAJSVK7XwgvtO8 8VIXh3dVX4nwM3H5vvBRcbGykhEEwLJiaY++8j+T6BqcenzbTNakKuPWFZlaQl80Nh9f0N3gU5tCf cjkhdQuNtCMgUM5eJclZEajCI9hJBcRhA6fjpZ9xZws3VyxaOgKfljhK+9udnu46fk6sVuWU5RVPT xW/xG3gXRHt7+WBr1848YNyp9u2Hkx6bY7c5ljyGsemNqszbjpeOjDgKErnlIMOGGjMwOQtWpdU71 cIUjHk1LaFPDrZv+JI836mEl/AxEhVM1REXqKobk3ubB7HDmNMFg28H4Nkh22xZ2+bNdewysaBkpL mjHvyiWeQ==;
Received: from cpe-172-250-225-198.socal.res.rr.com ([172.250.225.198]:63420 helo=[192.168.1.14]) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94) (envelope-from <touch@strayalpha.com>) id 1lORiB-003wWm-IZ; Mon, 22 Mar 2021 17:03:48 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_CF2E1B8B-CB58-4AE5-8609-9E90AB22EF1A"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
From: Joseph Touch <touch@strayalpha.com>
In-Reply-To: <22bb7bf129694ccfbbad441d8d22e05c@huawei.com>
Date: Mon, 22 Mar 2021 14:03:42 -0700
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, int-area <int-area@ietf.org>
Message-Id: <A5F62B47-DBA3-457D-89CD-D570EA2EA886@strayalpha.com>
References: <0b61deabe8f3420eba1b5794b024e914@huawei.com> <A063E98C-0D6C-49B2-B871-E2B39A097FD5@strayalpha.com> <37059faadd6e441cb98f6ec7e01ecef9@huawei.com> <9D23C833-46C5-4B93-A204-D2D4F54689DF@strayalpha.com> <1e6ecd3b468d4255bda65d519190135d@huawei.com> <3B48413C-A47D-4F3F-B9E4-7ED4D33AA66B@strayalpha.com> <22bb7bf129694ccfbbad441d8d22e05c@huawei.com>
To: Vasilenko Eduard <vasilenko.eduard@huawei.com>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/lFRknAv88TPgqU_G4uP0INmWSr8>
Subject: Re: [v6ops] Proxy function for PTB messages on the tunnel end
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Mar 2021 21:03:55 -0000


> On Mar 22, 2021, at 1:33 PM, Vasilenko Eduard <vasilenko.eduard@huawei.com> wrote:
> 
> Hi Joseph,
> You insist that the second MTU restriction exists for all data plane implementations, just it is not visible and not discussed: neither in any RFC nor in any vendor documentation.

No; it is DEFINED in RFC1122 and noted in both RFC791 and RFC2460 (and 8200). It’s exactly the difference between what can be sent on a path and what is reassembled at an endpoint. Ingress are sources and egresses are sinks; host requirements apply to BOTH.

> But then should be the same effect: fragmentation between MTUs.

They do not.

> I am sure that it is not the case.
> PTB would decrease the only MTU that tunnel has,
> The next oversized packet would get PTB message in the direction of the host.
>  
> The buffer is not relevant for the discussion because data plane firmware just does not have a second MTU. This restriction just does not exist in the real life on the planet Earth.

PTB inside a tunnel needs to update the ingress to change fragment size, because it says “the tunnel path can’t handle the packet size being relayed”, but the path CAN handle the packet if the ingress adjusts. That’s why it is INCORRECT to relay that info to the origin source - PTB inside the tunnel does not mean the tunnel has failed, but rather that it needs to be adjusted.

When the egress cannot reassemble a packet because it is too large, it should send some sort of error back - such as EMTU_R exceeded, but *there is no such ICMP error*. However, IF THERE WERE such a message, then THAT message inside the tunnel should generate a PTB to the origin host. That’s because if you exceed EMTU_R of the tunnel egress, then the source has to send smaller packets - there’s no other way.

In a nutshell, THAT IS WHY THEY ARE DIFFERENT:
	- PTB inside the tunnel means “I’d PREFER a different size, but can still live with this size”
		it cannot be relayed to the origin because there is no meaning that indicates PREFERENCE - only strict capability
	- EMTU_R exceeded inside the tunnel means “I cannot accommodate this size at all”
		which WOULD need to be relayed to the origin source as PTB

The ultimate problem here is that:
	- there aren’t the right ICMP messages to do this correctly
	- there’s no point in creating new ICMP messages to fix the issue, given ICMPs are generally blocked

Joe

v2.23.0 | Report a Bug | By Email