IETF Logo Mail Archive

Re: [v6ops] Proxy function for PTB messages on the tunnel end

Mark Smith <markzzzsmith@gmail.com> Tue, 23 March 2021 21:27 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C22C3A170E; Tue, 23 Mar 2021 14:27:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.597
X-Spam-Level:
X-Spam-Status: No, score=-0.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yi9D7i-IIk3n; Tue, 23 Mar 2021 14:27:41 -0700 (PDT)
Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84B393A170D; Tue, 23 Mar 2021 14:27:41 -0700 (PDT)
Received: by mail-pf1-x42f.google.com with SMTP id x26so15672870pfn.0; Tue, 23 Mar 2021 14:27:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MqP71Kjak1W93BwLoHRuDw9uzepbg+gn9YLqoefhJC8=; b=GZ24MCQr/0YCtYF656wAtYUmg0t5thXSJHbF2t2/ONWSpuULXpw7J/u3yYdWIvP4Km +EEKSP0GZ3roHb/EO/k3ukceX1V8Z8CCMcT9dhB+D20OPW7kKiAxLQF5kcgblvwKRzmB Lh+Oy38KNy6IDQ42oLvpm3mpB/z9S43I1KXzifjIozZQZYnKVb88uw3vDp48+wGSYCxK VvwLT7ii0ldU7YKmwpbOcHKqYCLwCNYlba5ji8W2bGszePKQfcm9ffy08Neqp1+UZ1Rr ktknq/JKd93LGOKCWynXraEPtAlQrzovCUxLgUxGQPw4g6KiSlvfmBy8tN6kH93NDc2W K89g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MqP71Kjak1W93BwLoHRuDw9uzepbg+gn9YLqoefhJC8=; b=a5cEFCFVCgxlDEUsPoUtfjW19jspbWWf+XXFLMcRhQwjLGSVnKfBKKSNnruv8nsXqa ca80BodXqC40y7Kk0hA4El3tGcFF9oCSwwZFg07kklTzcroEyult+JW+InIpB2Q8YD6V Lgqecr4szHFE/2jLJbYvybiWttCLoJB3bOvbb6L37RTDUpxozVa1gWz+lAm9KzNkW5tS XojWLBk2OLaeKiOI0HEjewlvd47NquvzSZYVc6VPpqs2+FdBLPMA7JwZd3pB2ISMgkcp qhKiWMQ0MCB91TSugzk2RD9hymb/td9JHvqwFZWrFqgDEbRMxSaw6RgjXkimVkw7yUvh qm0Q==
X-Gm-Message-State: AOAM533J4b+ri0aECZPc5oSqnIlvLWEgkFQlmpKcSX0oXOqSRBRsLgvl ybgIGo2iJ3M7nF7EJOm72YQcA6XiylX8xos+nBI=
X-Google-Smtp-Source: ABdhPJxeceFl0P91Up1YJkSJR06KqenUmj4VkiTA2TJfL9MPzE4aDdA3ILyeXHCkeD8gW8/4tOcQrmBD3YmSJDv6HPk=
X-Received: by 2002:a17:902:9b8a:b029:e6:17bb:eff0 with SMTP id y10-20020a1709029b8ab02900e617bbeff0mr374893plp.54.1616534859964; Tue, 23 Mar 2021 14:27:39 -0700 (PDT)
MIME-Version: 1.0
References: <0b61deabe8f3420eba1b5794b024e914@huawei.com> <A063E98C-0D6C-49B2-B871-E2B39A097FD5@strayalpha.com> <37059faadd6e441cb98f6ec7e01ecef9@huawei.com> <9D23C833-46C5-4B93-A204-D2D4F54689DF@strayalpha.com> <1e6ecd3b468d4255bda65d519190135d@huawei.com> <3B48413C-A47D-4F3F-B9E4-7ED4D33AA66B@strayalpha.com> <22bb7bf129694ccfbbad441d8d22e05c@huawei.com> <A5F62B47-DBA3-457D-89CD-D570EA2EA886@strayalpha.com> <eb63d427f4d34e44908ccee2c2d14073@huawei.com> <F158C443-6E73-4FC6-ADCA-6D28EE8F0A30@strayalpha.com> <d1c8a80b387847a3b00566e3dc0768ab@huawei.com> <D87C00F7-2902-48C4-9DCA-E1019EF32CAA@strayalpha.com> <46be60a38c0f4bc08f352dc8ed353c6a@huawei.com> <4E4C25CB-561C-4BF1-B99B-14E26D00009B@strayalpha.com> <4415086a1b734313b383307a27eb3fb2@huawei.com>
In-Reply-To: <4415086a1b734313b383307a27eb3fb2@huawei.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Wed, 24 Mar 2021 08:27:13 +1100
Message-ID: <CAO42Z2zbOv2Ut3otn8H-DiQSo33vujC4uCsVDNmHK_TxP4R49w@mail.gmail.com>
To: Vasilenko Eduard <vasilenko.eduard@huawei.com>
Cc: Joseph Touch <touch@strayalpha.com>, v6ops list <v6ops@ietf.org>, int-area <int-area@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001864a105be3ada1f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/zuvL0oft_2vaJlvVgt4vqypVaUY>
Subject: Re: [v6ops] Proxy function for PTB messages on the tunnel end
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Mar 2021 21:27:46 -0000

On Wed, 24 Mar 2021, 07:53 Vasilenko Eduard, <vasilenko.eduard@huawei.com>
wrote:

> Hi Joseph,
>
>
>
> Currently, vendors have chosen some undisclosed big numbers for the
> reassembly buffer on the tunnel interface
>
> Or no buffer at all for tunnels that do not support reassembly.
>
> That does not create any additional restriction for MTU.
>
> Nobody did believe (IPv4 or IPv6 – does not matter) that buffer
> requirements for end nodes are applicable for transit nodes.
>

I don't think you're not fully understanding the difference between hosts
and routers. I'm guessing you're thinking and imagining them as physical
devices. The definitions are actually functional (and the dictionary
definition of the word "device" is not a physical device.)

Outer tunnel packet header DAs are obviously the tunnel end-point IP
addresses.

Which of these definitions from RFC 8200 describes what type of IPv6 node a
tunnel end point is?

" router       a node that forwards IPv6 packets not explicitly
                addressed to itself.

   host         any node that is not a router."

Tunnel packets *are* explicitly addressed to a node, so tunnel endpoints
are performing host functions on packets. If those host functions being
performed on tunnel packets at the tunnel endpoints require buffers, then
buffers need to be available.

Internally, a router as a device (your "transit node") is performing both
host and routing functions. The forwarding plane component is:

"a node that forwards IPv6 packets not explicitly addressed to itself" - a
router

The control plane, and other functions like tunnel endpoints, in a router
as a device, is:

"any node that is not a router" - a host

This is the same for IPv4:

RFC791,

"The internet protocol provides for transmitting blocks of data called
datagrams from sources to destinations, where sources and destinations are
*hosts* identified by  fixed length addresses."

(And as another example of device verses function. If you buy a router as a
device from a router vendor (rack mount, multiple interfaces, limited
LCD/LED display, console port), and then use it as a BGP Route Reflector,
such that it never forwards packets because it is never in a forwarding
path, is it still a "router"? It might look like one, but it is only
performing host packet processing of the BGP protocol.)


Your liberty to apply the requirements and terminology of one to the other
> is not a good idea.
>
> draft-ietf-intarea-tunnels propose to decrease reassembly buffer to “typical
> host EMTU_R (1500B) minus tunnel outer headers overhead” that would cause
> additional fragmentation.
>
>
>
> As the compromise:
>
> Could you change the default for “draft-ietf-intarea-tunnels Tunnel MTU”
> (reassembly buffer) to 9k? (to reflect reality)
>
> I would still be not happy in the mail to any alias about calling
> parameters of transit node buffer by the terminology of end node buffer.
>
> But if you would not create additional fragmentation – I would not have
> any complains in my draft in regards to draft-ietf-intarea-tunnels.
>
> It could be the resolution.
>
>
>
> Well, probably it is not a good compromise, because you have the logic
> through all your document. 9k (reality) would protrude out of your logic.
>
> The logic itself is good. It is broken because the most basic assumption
> is wrong (before you did apply any logic).
>
>
>
> *The Data Plane on transit nodes should not behave*
>
> *as the Control Plane on transit nodes or Transport Layer on end nodes!*
>
> It was the wrong assumption initially. Buffers should be different. Names
> should be different. Unification here is not possible.
>
> It would be rejected by vendors anyway because reassembly is expensive,
> the one who would increase it – would get a competitive disadvantage.
>
> It is easy to translate additional reassembly to $$ losses.
>
>
>
> Eduard
>
> *From:* Joseph Touch [mailto:touch@strayalpha.com]
> *Sent:* Tuesday, March 23, 2021 10:44 PM
> *To:* Vasilenko Eduard <vasilenko.eduard@huawei.com>
> *Cc:* v6ops@ietf.org; int-area <int-area@ietf.org>
> *Subject:* Re: Proxy function for PTB messages on the tunnel end
>
>
>
>
>
>
>
> On Mar 23, 2021, at 12:10 PM, Vasilenko Eduard <
> vasilenko.eduard@huawei.com> wrote:
>
>
>
> Hi Joseph,
>
> I am not much interested to discuss IPv4 now. (despite that 2 MTUs for one
> interface is absent there too)
>
> Let’s look at your reference to RFC 8200.
>
> Section 4.5: unlike IPv4, fragmentation in IPv6 is performed only by source nodes, not by routers along a packet's delivery path
>
> It means that all these discussions about fragmentation and reassembly are
> not related to transit nodes. It is for the “source and destination nodes”.
>
>
>
> Agreed.
>
>
> The better terminology is “transit node”, “destination node” – like it is
> in RFC 8200, not “host” or “router”.
>
>
>
> Please see section 2 of RFC8200 (color added by me):
>
>
> 2 <https://tools.ietf.org/html/rfc8200#section-2>.  Terminology
>
>
>
>
>
>    node         a device that implements IPv6.
>
>
>
>    *router*       a node that forwards IPv6 packets not explicitly
>
>                 addressed to itself.  (See Note below.)
>
>
>
>    *host*         any node that is not a router.  (See Note below.)
>
>
>
> The term “transit node” does no appear in RFC8200.
>
>
>
> The terms “source node” and “destination node” are used in RFC8200 but not
> defined in Sec 2. They are clearly hosts that originate IPv6 packets and
> hosts that consume IPv6 packets, respectively.
>
>
>
> In an IPv6 tunnel, the tunnel ingress emits new packets with IP headers it
> adds using its IP address. That makes it a source node. Same for how the
> egress consumes those packets.
>
>
>
> From the perspective of the tunnel path, the ingress and egress are hosts
> and intermediate hop relays are routers.
>
>
>
> From the perspective of the overall path, the tunnel is a link, either
> host/host, host/router, router/host, or router/router. A tunnel is not
> itself a router, however.
>
>
>
>
>
> You see – nobody is asking vendors to be compliant with any reassembly
> buffers in transit. Because it was assumed that would be not reassembly at
> transit.
>
>
>
> Reassembly happens at tunnel egresses whether you want it to or not.
>
>
>
> Hence, vendors had the freedom to choose a much bigger number than 1500
> when reassembly did happen in reality (despite IPv6 architecture decisions).
>
>
>
> 1500 is the IPv5 minimum EMTU_R; vendors can always implement larger
> reassembly when they choose to.
>
>
>
> Please, show any evidence (or just claim if you could not disclose) that
> any vendor has 1500B (or less) for reassembly in the data plane (on transit
> node).
>
>
>
> Here’s how to do it:
>
>             - set interfaces to use 1280B packets
>
>             - setup an IPv6 tunnel
>
>             - send a 1280B packet through that tunnel
>
>
>
> If you don’t implement reassembly, it won’t work. But it does. Everywhere.
>
>
>
> I neither know nor care. That’s a compliance issue, not a standards issue.
>
> It is not a compliance issue, because there is no regulation/standard to
> comply with. Vendors had the freedom and solved the problem easily.
>
>
>
> RFC8200 is the standard. Tunnel ingresses and egresses create and consume
> packets, so they act as hosts. I don’t care if they’re implemented on
> routers; routers implement lots of things as hosts (see e.g., RFC4201, Sec
> 3.1:
>
>
>
>    ...A compliant host
>
>    implementation MUST support (a) and (c) and a compliant security
>
>    gateway must support all three of these forms of connectivity, since
>
>    under certain circumstances a security gateway *acts as a host*
>
>
>
> This is described in detail in:
>
>             RFC1858
>
>             RFC4459
>
>             RFC4944
>
>             RFC6946
>
>             RFC6980
>
>             RFC7588
>
>             RFC8021
>
>             RFC8900
>
> I did not ask for a general discussion. Of course, fragmentation is a big
> topic with many publications.
>
>
>
> You asked for *specific examples* of what vendors do. Those RFCs provide
> them.
>
>
>
> I did ask for any evidence that there is 2 MTU per 1 virtual interface and
> fragmentation problem as the result of this (when packet would come in
> between of these MTUs).
>
>
>
> I don’t see why you’re stuck on this issue.
>
> Because you are trying to introduce additional fragmentation to the area
> where it was absent before. The root cause is the introduction of the
> second MTU per interface (that is in the reality the buffer size).
>
>
>
> I have not introduced anything; I am describing an existing requirement of
> any device that consumes IP packets (i.e., acts as an IP destination). When
> it does so, it is a host. Tunnel egresses do that.
>
>
>
> 2 MTUs for one interface is the innovation. It does not exist in any
> standard or any real implementation. It is invented only in
> draft-ietf-intarea-tunnels.
>
> It is not just new names and new classification. It new things that does
> not exist in the real world. Harmful, because of additional fragmentation
> introduced..
>
>
>
> Draft-tunnels has been discussed and reviewed by int-area for over a
> decade. Nobody else has agreed with your assertions.
>
>
>
> Joe
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>

v2.23.0 | Report a Bug | By Email