[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] Tunnel fragmentation/reassembly for RRG map-and-encaps architectures

To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: Re: [RRG] Tunnel fragmentation/reassembly for RRG map-and-encaps architectures
From: Tony Li <tli@cisco.com>
Date: Fri, 21 Dec 2007 17:51:03 -0800
Cc: "Templin, Fred L" <Fred.L.Templin@boeing.com>, Routing Research Group list <rrg@psg.com>
In-reply-to: <476C5EA3.7030107@gmail.com>
References: <EAB3BF96-D438-459E-A753-F9D72B1FE5B6@muada.com> <EC1BB972-6F21-4CBC-B827-BB1840C25AE8@cisco.com> <99E69FED-D637-4F47-985E-6AB0DCB0B8E0@cisco.com> <54ADF2DD-8FFC-45BD-9C56-BD548A91528B@cisco.com> <39C363776A4E8C4A94691D2BD9D1C9A1029EDD10@XCH-NW-7V2.nw.nos.boeing.com> <F004A384-2347-4CCF-8D5E-481EDD0C62D4@muada.com> <39C363776A4E8C4A94691D2BD9D1C9A1029EDD15@XCH-NW-7V2.nw.nos.boeing.com> <39C363776A4E8C4A94691D2BD9D1C9A1029EDD1C@XCH-NW-7V2.nw.nos.boeing.com> <39C363776A4E8C4A94691D2BD9D1C9A1029EDD30@XCH-NW-7V2.nw.nos.boeing.com> <476C5EA3.7030107@gmail.com>


Hi Brian,

I'm still not sure that I get the point of any of this.



Well, let's try to fix that.

The Internet architecture says that end-systems are
responsible for e2e issues, and PMTU sure seems like
an e2e issue.

Except that it's not. For PMTUD discovery to operate, the networkMUST respond with ICMP messages and those messages MUST make itthrough to the source. Now, theoretically, the host would simplyback down its MTU if there is a packet loss, but pragmatically, notenough implementations do that correctly for this to be a trulyadequate solution. [Aside: if you feel that we should move thatdirection, we should deprecate the ICMP messages.]

Thus, it's not an e2e issue, it has the network involved in it, up tothe elbows.

It's a blot on the architecture that
IPv4 permits fragmentation en route; imagine a world
in which DF is set in every IPv4 packet - hosts would
end up discovering (or configuring) a suitable MTU.
That's also how IPv6 works.



Correction: doesn't work.

Even with correctly implemented hosts and routers, there are twomajor problems:


Problem 1) ICMP filtering

Thanks to the prevalence of DoS attacks, many end-sites filter outICMP messages. While most static filters are capable of beingconfigured to pass ICMP PTB messages, most site administrators havenot been so careful as to be that specific and instead simply dropall inbound ICMP. This effectively breaks PMTUD. Even ifadministrators did pass PTB messages, they'd simply get DoSed thatway too, or MTU'ed down to 576. [Aside: In an insecure environment,the network CANNOT effectively signal to the host. This is a majorarchitectural issue.]


Problem 2) Tunneling

If a packet is tunneled, then the source address on the tunneledpacket is that of the router that performed the encapsulation, NOTthe original source host. Thus, if there is an MTU issue in themiddle of the tunnel span, the PTB message is sent to theencapsulating router that cannot effectively do anything about theissue. This problem is aggravated because the tunnel itselfdetracts from the MTU as seen by the source.

I think it's another blot on the architecture for
a map-and-encap solution to even touch this problem -
except for a SHOULD statement about the MTU to be provided
by every tunnel, which should obviously be a bit bigger
than the required IPv6 Internet MTU.

The blot on the architecture is that PMTUD doesn't work and folksseem to continue to be in denial about it. We need to fix it,completely independently of RRG issues. Further, if we want to wantto use any kind of tunneling in our solution, we need to address thisproblem head on.


Tony

--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg

Follow-Ups:
- Re: [RRG] Tunnel fragmentation/reassembly for RRG map-and-encaps architectures
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>

References:
- [RRG] LISP-NERD reachability and MTU detection
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: [RRG] LISP-NERD reachability and MTU detection
  - From: Dino Farinacci <dino@cisco.com>
- Re: [RRG] LISP-NERD reachability and MTU detection
  - From: Tony Li <tli@cisco.com>
- Re: [RRG] LISP-NERD reachability and MTU detection
  - From: Dino Farinacci <dino@cisco.com>
- RE: [RRG] LISP-NERD reachability and MTU detection
  - From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
- MTU stuff, was Re: [RRG] LISP-NERD reachability and MTU detection
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- RE: MTU stuff, was Re: [RRG] LISP-NERD reachability and MTU detection
  - From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
- [RRG] LISP Fragmentation and Reassembly
  - From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
- [RRG] Tunnel fragmentation/reassembly for RRG map-and-encaps architectures
  - From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
- Re: [RRG] Tunnel fragmentation/reassembly for RRG map-and-encaps architectures
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>

Prev by Date: Re: [RRG] Tunnel fragmentation/reassembly for RRG map-and-encaps architectures
Next by Date: Re: [RRG] draft-farinacci-lisp-05
Previous by thread: Re: [RRG] Tunnel fragmentation/reassembly for RRG map-and-encaps architectures
Next by thread: Re: [RRG] Tunnel fragmentation/reassembly for RRG map-and-encaps architectures
Index(es):
- Date
- Thread