IETF Logo Mail Archive

Re: [v6ops] new draft: draft-ietf-v6ops-6204bis

james woodyatt <jhw@apple.com> Thu, 20 October 2011 18:06 UTC

Return-Path: <jhw@apple.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F266D21F85F2 for <v6ops@ietfa.amsl.com>; Thu, 20 Oct 2011 11:06:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.569
X-Spam-Level:
X-Spam-Status: No, score=-106.569 tagged_above=-999 required=5 tests=[AWL=0.030, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pCbVz0ZZvWps for <v6ops@ietfa.amsl.com>; Thu, 20 Oct 2011 11:06:17 -0700 (PDT)
Received: from mail-out.apple.com (bramley.apple.com [17.151.62.49]) by ietfa.amsl.com (Postfix) with ESMTP id 4C00021F8B94 for <v6ops@ietf.org>; Thu, 20 Oct 2011 11:06:17 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; CHARSET="US-ASCII"
Received: from relay16.apple.com ([17.128.113.55]) by mail-out.apple.com (Oracle Communications Messaging Exchange Server 7u4-20.01 64bit (built Nov 21 2010)) with ESMTP id <0LTD003BKL34LZ50@mail-out.apple.com> for v6ops@ietf.org; Thu, 20 Oct 2011 11:01:47 -0700 (PDT)
X-AuditID: 11807137-b7c56ae0000051ed-2d-4ea0620a85ec
Received: from ba0301a-dhcp89.apple.com (ba0301a-dhcp89.apple.com [17.193.14.217]) (using TLS with cipher AES128-SHA (AES128-SHA/128 bits)) (Client did not present a certificate) by relay16.apple.com (Apple SCV relay) with SMTP id 20.9F.20973.A0260AE4; Thu, 20 Oct 2011 11:01:46 -0700 (PDT)
From: james woodyatt <jhw@apple.com>
In-reply-to: <18D34AC6-ABD2-48CB-8F33-EEBEB9BF8263@puck.nether.net>
Date: Thu, 20 Oct 2011 11:01:48 -0700
Message-id: <E25DEC36-13F0-4012-A0D6-5E86F35B68FB@apple.com>
References: <4E974F1A.2030008@forthnetgroup.gr> <5B6B2B64C9FE2A489045EEEADDAFF2C3030A4156@XMB-RCD-109.cisco.com> <5B6B2B64C9FE2A489045EEEADDAFF2C303130390@XMB-RCD-109.cisco.com> <4E98CCB2.2050100@forthnetgroup.gr> <5B6B2B64C9FE2A489045EEEADDAFF2C3031303D8@XMB-RCD-109.cisco.com> <4E994515.6020204@forthnetgroup.gr> <5B6B2B64C9FE2A489045EEEADDAFF2C303130B54@XMB-RCD-109.cisco.com> <5B6B2B64C9FE2A489045EEEADDAFF2C303130C12@XMB-RCD-109.cisco.com> <4E9E8706.6050006@forthnetgroup.gr> <39D5D616-6E56-46B1-B773-437184567E60@employees.org> <CAKD1Yr3SRRjk4fjg1WkUZSQ6rRT2+dY5p-wjtEiA5SFvx4kqGA@mail.gmail.com> <0F5D8352-7A20-46BF-867B-DBBF36CF0B01@apple.com> <4EA04F5F.1010809@unfix.org> <18D34AC6-ABD2-48CB-8F33-EEBEB9BF8263@puck.nether.net>
To: Jared Mauch <jared@puck.nether.net>
X-Mailer: Apple Mail (2.1251.1)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrHLMWRmVeSWpSXmKPExsUieJDvpi5X0gI/g807bCxuXr3IYnFl0R12 i9PH9jI7MHssWfKTyaO3aRqjx5fLn9kCmKO4bFJSczLLUov07RK4Mpav3cJcsEK44sTG/8wN jB38XYycHBICJhKLpu1kg7DFJC7cWw9kc3EICaxgktj1eicrSEJYwELiwduVjCA2r4CxxJpb 71hAbGYBPYkd13+B1bAJqEh8u3yXqYuRg4NTwFli47wqkDCLgKrE9Wn9zBDl/hJXzv+CsrUl li18zQwx0kaiYfkSdoi991klWo9dBtslIqAucWRRByPEcfISLV/vsE1g5J+F5IxZSM6YhWTu AkbmVYyCRak5iZWGZnqJBQU5qXrJ+bmbGEGh2FBovoNx+1+5Q4wCHIxKPLwSnPP9hFgTy4or cw8xSnAwK4nw5scu8BPiTUmsrEotyo8vKs1JLT7EKM3BoiTOK9Qz109IID2xJDU7NbUgtQgm y8TBKdXAqP19idzGBmWGV8cvaqTPuOLA/3B5UaXW4uRQzQX1B1cIijVUd59Uuh53reo3k96h SB6pTptlUx6l7/ywa+22m2ylE+dICX46Ib1jcXHP8+cMjd8/rq6O+c42Z9rxIyFsqjITJt95 zXfKJ+b7vgPTEipLL+xWWf99ww5LuU8v5USmn7JfNCszU1qJpTgj0VCLuag4EQCbHvEVQQIA AA==
Cc: IPv6 Operations <v6ops@ietf.org>, draft-ietf-v6ops-6204bis@tools.ietf.org
Subject: Re: [v6ops] new draft: draft-ietf-v6ops-6204bis
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2011 18:06:18 -0000

On Oct 20, 2011, at 9:50 AM, Jared Mauch wrote:
> 
> This is a long war against the firewall culture that we are unlikely to win. 

Section 4.3.1 of RFC 4890 clearly describes Packet Too Big (Type 2) messages as Traffic That Must Not Be Dropped.  For good reason too.  Section 5.6.1 of I-D.ietf-6man-node-req-bis quotes RFC 2460 as follows: 

      It is strongly recommended that IPv6 nodes implement Path MTU
      Discovery [RFC1981], in order to discover and take advantage of
      path MTUs greater than 1280 octets.  However, a minimal IPv6
      implementation (e.g., in a boot ROM) may simply restrict itself to
      sending packets no larger than 1280 octets, and omit
      implementation of Path MTU Discovery.

RFC 4294 goes on to set this requirement:

   The rules in [RFC2460] and [RFC5722] MUST be followed for packet
   fragmentation and reassembly.

And I-D.ietf-6man-node-req-bis currently adds this pedagogical language:

   One operational issue with Path MTU discovery occurs when firewalls
   block ICMP Packet Too Big messages.  Path MTU discovery relies on
   such messages to determine what size messages can be successfully
   sent. [...]

Where RFC 2460 says this about Packet Too Big messages:

   If, after processing a Routing header of a received packet, an
   intermediate node determines that the packet is to be forwarded onto
   a link whose link MTU is less than the size of the packet, the node
   must discard the packet and send an ICMP Packet Too Big message to
   the packet's Source Address.

Note that RFC 2460 doesn't use the normative keyword style, so that "must" above is to be read as a "MUST" if you're looking for the cues that RFC 2119 keywords typically provide.

So, nodes are REQUIRED either to implement Path MTU discovery or constrain their MTU to 1280.  IPv6 forwarding planes are REQUIRED to send ICMP Packet Too Big messages when a packet cannot be forwarded with fragmentation.  Firewall implementations are given clear guidance that Packet Too Big messages are Traffic That MUST NOT Be Dropped.

If this is a conflict with "firewall culture" that IETF cannot reasonably be expected to win, then I have a hard time imagining why IETF should even bother meeting at all.  We should just let "firewall culture" write all the standards.


--
james woodyatt <jhw@apple.com>
member of technical staff, core os networking

v2.23.0 | Report a Bug | By Email