ietf
[Top] [All Lists]

Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt> (Path MTU Discovery for IP version 6) to Internet Standard

2017-02-09 18:23:58
On 09/02/2017 20:39, otroan(_at_)employees(_dot_)org wrote:
"Many network security devices block all ICMP messages for perceived
security benefits, including the errors that are necessary for the proper
operation of PMTUD. This can result in connections that complete the
TCP three-way handshake correctly, but then hang when data is 
transferred.
This state is referred to as a black hole connection."

Yes. What we are asked to do for Internet Standard is show that a protocol
is widely deployed and is interoperable. That's undoubtedly true of 
RFC1981.
The fact that it also has an important failure mode should certainly be
documented, but I suspect that every Internet Standard has at least
one important failure mode.

the problem is that this particular failure mode is essentially "does
not work on the real internet."  perhaps documenting that is useful.
but i guess this is ipv6.

I fully agree that it should be documented, but the details are already
documented elsewhere. In this document it can be quite short.

i have no problem with terse :)

"Unfortunately, this protocol does not actually work on the real
internet, see \cite{elsewhere}," seems fine to me.

In the discussion with Joe, we came up with something along the lines of:

"Many network security devices block all ICMP messages for perceived
security benefits, including the errors that are necessary for the proper
operation of PMTUD. This can result in connections that complete the
TCP three-way handshake correctly, but then hang when data is transferred.
This state is referred to as a black hole connection. This is one significant
example of how PMTUD is broken on the Internet."

wfm, subject to Randy's language nit.

    Brian

<Prev in Thread] Current Thread [Next in Thread>