On Tue, Aug 6, 2019 at 9:00 PM Fernando Gont <[email protected]> wrote: > > Tom, > > On 7/8/19 04:50, Tom Herbert wrote: > > On Tue, Aug 6, 2019 at 6:17 PM Fernando Gont <[email protected]> wrote: > >> > >> Hello, Alissa, > >> > >> Thanks for your comments! Inline... > >> > >> On 6/8/19 23:30, Alissa Cooper via Datatracker wrote: > >>> > >>> ---------------------------------------------------------------------- > >>> DISCUSS: > >>> ---------------------------------------------------------------------- > >>> > >>> Thanks for writing this document. > >>> > >>> Section 6.1 says: > >>> > >>> "Developers MAY develop new protocols or applications that rely on IP > >>> fragmentation if the protocol or application is to be run only in > >>> environments where IP fragmentation is known to be supported." > >>> > >>> I'm wondering if there should be a bit more nuance here to make the > >>> recommendation clearer. Do we think there is a case where an application > >>> protocol developed in the IETF will be known to only run in environments > >>> where > >>> fragmentation is supported? If we don't think developing such a protocol > >>> would > >>> be in scope for the IETF, then I'm wondering if that case should be > >>> called out > >>> explicitly with a stronger normative requirement. > >> > >> An application (developed in the IETF or elsewhere) might be used in > >> some controlled domain, where fragmentation may be known to be > >> supported. The message here is "unless you really know what you are > >> doing and you're in e.g. a controlled environment where fragmentation is > >> to be supported, you shouldn't rely on fragmentation". > >> > > Fernando, > > > > There were several examples given of protocols in use in controlled > > environments that use fragmentation and justify that message. In > > particular, it is used in some cases of network layer encapsulation. > > For instance, consider that a packet entering an SRV6 domain may be > > encapsulated with hundreds of bytes of overhead. > > Isn't this the same thing I noted? i.e., you might have apps using > fragmentation in controlled domains. OTOH, if you expect to use it on > the public Internet, it is not reliable.
Fernando, Neither is IPv6 reliable on the public Internet :-) The fact that a protocol isn't "reliable" isn't the same thing as it being deprecated. We know that fragmentation is difficult to use on the public Internet, and have already accounted for that in deployment. It IPv6 it's easy enough to restrict packet to packets to 1280 bytes when sending into the Interner. Controlled environments, which is the subject of Alissa's comment, is a very different story. There's a great diversity of MTUs and applications. Fragmentation has been integrated to the stack and has been the standard for years and it's in use. We don't know how much it's in use since the mechanism is transparent, probably the only time we'd hear about it is when there's a problem. So fragmentation is used, possibly even in widespread use for years, working for some subset of users, and people might not even realize they are relying on it. This isn't a bad thing, that's the protocol working as intended! To say that applications need to reevaluate that on the basis that IETF thinks is risky or some vendors don't want to support is long after the fact. In other words, if it's not broke, why fix it? In any case, my view of the draft is that it's describing the current state of affairs and in no way deprecating fragmentation. If someone is productively using fragmentation, they can continue to use it. When the draft says protocols SHOULD not be developed that rely on fragmentation is reasonable. The requirement is broad enough to allow the necessary leeway. For instance, I checked the network encapsulations in Linux, I don't believe any of them go out of their way to avoid "relying" on fragmentation. UDP encapsulations don't set DONTFRAG so if the user configures a larger MTU then the underlay MTU then fragmentation will be done (if an application or protocol is serious about avoiding fragmentation that would either set DONTFRAG or enforce packet size is less than minimum MTU in the implementation). So encapsulation protocols do rely on fragmentation in some circumstances, but usually provide guidance in the specification that it should be avoided (e.g. by manipulating MTUs). I think that is reasonable. Tom > > > -- > Fernando Gont > SI6 Networks > e-mail: [email protected] > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 > > > > _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
