On Wed, Mar 6, 2019 at 10:59 AM Joe Touch <[email protected]> wrote:
>
>
>
>
>
> On 2019-03-06 09:12, Tom Herbert wrote:
>
> On Wed, Mar 6, 2019 at 9:03 AM Joe Touch <[email protected]> wrote:
>
> ...
>
> And yes, we can build an Internet on the Internet - again, as I've noted
> repeatedly throughout the IETF. Or we can use UDP fragmentation - which
> ought to solve all these issues in one shot.
>
> So what's the gain here?
>
>
> Joe,
>
> Please view the proposal in its entirety.
>
>
> Here are the problems, which I already stated, but seem to need restating in 
> the exact context of the proposal:
>
> - IP options already cause routers to drop traffic
>   this is true for both IPv4 and IPv6; making those options look like IPv6 
> just gives routers a different WAY to drop them
>
Some routers drop extension headers, but not all of them. If all of
them drop extension headers, then a whole bunch of effort in 6man is
pointless.

> - DPI looks for transport port numbers that are expected, either for service 
> gating or even deeper DPI
>   and GUE isn't one of them
>
There's no requirement to support DPI into the transport layer. In
fact, encryption of the transport layer, like in QUIC, effectively
renders DPI into the transport layer useless. That's a good thing! We
know encryption is one of the best tools in the battle against
protocol ossification. Encryption of the transport header does leave a
void in host signaling to the network, but that can be filled with
proper use of extension headers.

> - pushing the actual UDP port numbers used inside a GUE header creates an 
> "internet in an internet"
>   as noted above, that's a losing battle we've repeatedly tried

I'm not sure what you mean by "actual UDP port numbers". A GUE packet
encapsulates using actual  UDP  port numbers. GUE even allows
connection oriented semantics to get through stateful devices. GUE can
carry any IP protocol which may or may not even have port numbers. And
even if it carries something like TCP with port numbers, we're under
no obligation to not encrypt the packet just because some random node
in the path might want to parse it.

>
> Yes, this may be *intended* for uses other than fragmentation, but will any 
> of them succeed? Will even the fragmentation one succeed?
>
> That's the point I was trying to make. I hope it's clear enough now.
>
> Joe
>

_______________________________________________
Int-area mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/int-area

Reply via email to