Hi Joe, > -----Original Message----- > From: Int-area [mailto:[email protected]] On Behalf Of Joe Touch > Sent: Thursday, April 09, 2015 11:28 AM > To: Ronald Bonica; [email protected] > Subject: Re: [Int-area] AD Evaluation: draft-ietf-intarea-gre-mtu > > IMO, this doc should: > > - document existing default behavior > > - if needed, recommend SHOULD-level changes to > that default behavior via currently-available > configuration or deployment changes > > I.e., describe where it can be used in a way consistent with existing > requirements, or indicate where that isn't the case and how it can be > detected and what to do when that happens. > > I had already proposed a solution to this case, e.g., if the tunnel > cannot support the required IPv6 (or IPv4, for that matter) minimums, it > should shut itself down.
There is lots of deployed kit out there that does not do this. Pretty much anything that is based on RFC4213 (and there is a lot of that) just lets it fragment. That is bad in a lot of ways (e.g., RFC4963, RFC6864, etc.) but that is what is out there. Shutting down tunnels over IPv6 makes no sense to me, because IPv6 frag/reass work (modulo paths that drop IPv6 fragments, I guess). Shutting down tunnels over IPv4 sounds tempting, but can be avoided if the ingress institutes rate limiting. But, institution of tunnel fragmentation per draft-templin-intarea-grefrag, draft-templin-aerolink and the others avoids these pitfalls and can keep the tunnel up at least long enough for operators to diagnose the cause of fragmentation if necessary. Fragmentation is there to support the robustness principle. Shutting down tunnels for fear of a little fragmentation is not robust. Thanks - Fred [email protected] > I'd like to see the updated text before jumping to conclusions, but I > don't think we need yet another new, undeployed solution. > > Joe > > On 4/9/2015 10:36 AM, Ronald Bonica wrote: > > Fred, > > > > How would you achieve backwards compatibility with legacy implementations? > > If backwards compatibility cannot be achieved, > maybe you are talking about a new protocol, that will ultimately replace GRE? > > > > Ron > > > > > >> A New Internet-Draft is available from the on-line Internet-Drafts > >> directories. > >> > >> > >> Title : GRE Tunnel Fragmentation > >> Author : Fred L. Templin > >> Filename : draft-templin-intarea-grefrag-00.txt > >> Pages : 5 > >> Date : 2015-04-09 > >> > >> Abstract: > >> GRE tunnels use IPv4 or IPv6 fragmentation of the delivery packet > >> when the delivery packet exceeds the tunnel MTU, or when otherwise > >> necessary. This can cause problems when unmitigated IPv4 > >> fragemntation ensues, or when middleboxes drop IPv6 fragments > >> unconditionally. This document proposes GRE tunnel fragmentation > >> which avoids these pitfalls.. > >> > >> > > > > _______________________________________________ > > Int-area mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/int-area > > > > _______________________________________________ > Int-area mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/int-area _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
