ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Last Call: <draft-ietf-6man-rfc1981bis-04.txt> (Path MTU Discovery for IP version 6) to Internet Standard

2017-02-07 14:15:22
from [Templin, Fred L] [Permanent Link] 
Hi Ole and Joe,

Also not to be lost in this discussion is the potential for spoofed ICMP 
messages
that would report a size that is either too large or too small.

Thanks - Fred


-----Original Message-----
From: ipv6 [mailto:ipv6-bounces(_at_)ietf(_dot_)org] On Behalf Of 
otroan(_at_)employees(_dot_)org
Sent: Tuesday, February 07, 2017 12:07 PM
To: Joe Touch <touch(_at_)isi(_dot_)edu>
Cc: 6man WG <ipv6(_at_)ietf(_dot_)org>; ietf(_at_)ietf(_dot_)org; 
draft-ietf-6man-rfc1981bis(_at_)ietf(_dot_)org; tsv-area(_at_)ietf(_dot_)org; 
Eggert, Lars
<lars(_at_)netapp(_dot_)com>; 6man-chairs(_at_)ietf(_dot_)org
Subject: Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt> (Path MTU 
Discovery for IP version 6) to Internet Standard

Joe,

[...]


If by "supports" you mean "doesn't work", then yes. That's why we now
have PLPMTUD.


PLMTUD is unfortunately not a (complete) replacement of PMTUD.


PLMTUD is a directive to protocols above the IP layer; it isn't a single 
protocol, so it wouldn't replace anything.




Looking just at our specifications, we cannot state that PLMTUD can 
replace PMTUD. Take RFC2473 (IPv6 tunnelling) for

example.



See draft-ietf-intarea-tunnels, esp. v03 Section 5.5.2

(yes, that doc has expired while we're preparing the 04 update, which
should be issued shortly)


Is this the paragraph you are referring to?

   PLPMTUD requires a separate,
   direct control channel from the egress to the ingress that provides
   positive feedback; the direct channel is not blocked by policy
   filters and the positive feedback ensures fail-safe operation if
   feedback messages are lost [RFC4821].


That is nowhere near section 5.5.2.


No, but it was unfortunately all that was written about how to use PLMTUD for 
tunnels.


5.5.2 indicates places where RFC2473 has errors, esp. in how it interprets 
the MTU of the tunnel as being defined by the MTU of the

path within the tunnel, rather than by the tunnel egress reassembly limit.



I'm very much in favour of working on better ways of doing Path MTU 
discovery.
A blanket statement of "use "PLMTUD" seems very premature though.


The point is that this document fails to indicate the current state of 
PMTUD. It correctly notes that:
   An extension to Path MTU Discovery defined in this document can be
   found in [
RFC4821
].  It defines a method for Packetization Layer Path
   MTU Discovery (PLPMTUD) designed for use over paths where delivery of
   ICMP messages to a host is not assured.



IMO, it fails to note that this case - where ICMP messages are assured 
along a path - is effectively a unicorn except within systems

maintained by a single entity.



RFC1981 has 70 citations:

http://www.arkko.com/tools/allstats/citations-rfc1981.html


Could you expand on your view of how this pertains to advancing RFC1981?


It's called last call input. My input is that this document needs to be 
more realistic in noting that, for all intents, ICMP-based MTU

discovery isn't viable and that other methods need to be *expected*, not just 
that they're available.

Right, but if you are correct that ICMP-based MTU discovery is not viable 
then this document should not be advanced.
At the same time for many protocols we have nothing else. An operator can 
break any protocol if that's their policy. And that's the
breakage we're talking about here, not any issues with the protocol 
specification.

There is a philosophical aspect of this. (Which I'm not the best person to 
represent as I skipped my University studies in philosophy
and used the student loan to buy a motorcycle... (and only read the art of 
motorcycle maintenance years later) )
This is a tussle. The IETF specifies protocols under the assumption that 
operators treat those protocols largely as specified. The 5-10%
failure of PMTUD messages may be caused by misconfiguration, misunderstanding 
or mis-intent... Many of our protocols are suffering
from the same fate. Should the IETF adjust all its protocols to be as 
middlebox friendly as possible? You can make this argument about
IPv6 fragments, any packet with IPv6 extension headers, IPv4 fragments. Or 
anything but TCP port 443/80 and UDP port 53 for that
matter. Are we as the IETF going to continue standardising protocols to work 
as best as they possible can, ignoring protocol abuse, or
are we going to bend over and do whatever it takes to make it work for those 
5-10% who've actively broken the protocol? What about
the 90-90% where the protocols work as expected?

Best regards,
Ole
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Fwd: Re: [Jmap] WG Review: JSON Mail Access Protocol (jmap) - reducing configuration complexity, Dave Crocker
Next by Date:  Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt> (Path MTU Discovery for IP version 6) to Internet Standard, Joe Touch
Previous by Thread:  Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt> (Path MTU Discovery for IP version 6) to Internet Standard, otroan
Next by Thread:  Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt> (Path MTU Discovery for IP version 6) to Internet Standard, Fernando Gont
Indexes:  [Date] [Thread] [Top] [All Lists]