On 28 Jul 2022, at 13:19, Joe Abley wrote:
On Jul 28, 2022, at 12:24, Andrew McConachie <and...@depht.com> wrote:
PMTUD doesn’t work through NAT
That's a very definitive statement considering that there's no useful
standard for NAT.
If there's actual research on this to demonstrate that, pragmatically
speaking, no implementations use the payload of a type 3 code 4 ICMP
message to identify a translated target for the packet I would like to
read it, because that sounds interesting.
The document makes the claim that PMTUD “remains widely undeployed due
to security issues.” My contention is that it has little to do with
security and more to do with the current structure of the Internet. We
don’t need a useful standard for NAT to recognize that most
implementations break PMTUD, and that those implementations of NAT are
deployed enough to make PMTUD significantly broken. Firewalls break
PMTUD as well, and I guess that’s a security thing, but currently the
sentence reads like operators don’t deploy PMTUD in favor of security
and I don’t think that’s true.
Currently, DNS is known to be the largest
user of IP fragmentation.
Compared to what? I would just drop this sentence because it
doesn’t add anything to the document and it’s trying to make a
point that doesn’t need to be made.
I'd also like to see a citation for this one if there has been a
study. I agree that it's probably the most familiar example of
fragmentation for an audience mainly preoccupied with the DNS, but
that's probably not a helpful observation :-)
Before I was interested in the DNS I worked for an ethernet switch
vendor for 8 years, and I often find the way MTU gets talked about in
IETF documents simply weird.
RFC 791 introduces the term "maximum transmission unit" to be the
maximum size of a datagram, not the maximum size of a frame whose
payload is a datagram.
The maximum sized datagram that can be transmitted through the
next network is called the maximum transmission unit (MTU).
MTU is a measurement of maximum frame size for a network segment
starting at Layer 2.
I have also heard MTU used in that way. I have always assumed it was
just sloppy writing.
There may be prior use of the phrase that I'm not aware of (prior to
1981) but even if that's the case I think it's reasonable to use the
IETF definition of the phrase in the IETF.
I think Ethernet was not standardised until the publication of IEEE
802.3 in 1983. I also think the original specification did not
anticipate switches but described a multi-access network with a
broader collision domain.
So perhaps it's reasonable to say that the IETF use of MTU pre-dates
Ethernet switch vendors' usage, since it pre-dates Ethernet switches,
since it pre-dates Ethernet.
Ok. But the text still isn’t clear on how many bytes are assumed to be
consumed by layer-2 protocols. We don’t need to have a super tight
definition of MTU to progress this document. Implementors just need to
know how big of packets they can transmit.
Joe
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
