On Thu, Sep 5, 2019 at 9:05 PM Bob Hinden <[email protected]> wrote: > > Hi, > > Joe and I talked off list. The result is below. Changes were to add a > sentence in the forth and fifth paragraphs. > > Please review. > > Bob > > ---------- > > 6.1. For Application and Protocol Developers > > Developers SHOULD NOT develop new protocols or applications that rely > on IP fragmentation. When a new protocol or application is deployed > in an environment that does not fully support IP fragmentation, it > SHOULD operate correctly, either in its default configuration or in a > specified alternative configuration. > > While there may be controlled environments where IP fragmentation > works reliably, this is a deployment issue and can not be known to > someone developing a new protocol or application. It is not > recommended that new protocols or applications be developed that rely > on IP fragmentation. Protocols and applications that rely on IP > fragmentation will work less reliably on the Internet unless they > also include mechanisms to detect that IP fragmentation isn't working > reliably. > Bob,
Per the statement "It is not recommended that new protocols or applications be developed that rely on IP fragmentation." I believe this advice will have little if any impact on applications developers. Consider that thousands of UDP applications are developed each year. The vast majority of these are not presented in IETF, and conversely most application developers don't participate in IETF and many probably have never even read an RFC. Not everyone is going to get the memo. Another problem is that this is a layering violation. A fundamental design point of fragmentation is that it's a networking layer function that is supposed to be transparent to the application. The application is not required to care rather it's packets are fragmented. I expect that the vast of UDP applications written don't pay any heed whatsoever to fragmentation, as long as their application is working to their satisfaction they don't care rather their packets are being fragmented (i.e. they wrote the application for their own purposes in their specific environment). That is protocols and implementation working by design. Conceivably, the host stack itself could modified to advise applications that their packets are being fragmented and they might want to reconsider. While host stacks already take several actions to mitigate known problems related fragmentation (like transmitting first fragment first and otherwise in order, ensuring flow label is consistent set for both fragments and non-fragments, various security and DOS mitigations), I don't believe it is reasonable to ask the host stack to do anything to enforce the recommendation that new applications don't rely on fragmentation-- fundamentally, fragmentation being fragile is a problem in network devices, it's not the obligation of host stack to "fix" their problems. If a packet is sent and it's length exceeds MTU, or path MTU, and DONT_FRAGMENT is not set, then the packet _will_ be fragmented. That's the way it works today, and the way it will continue to work. So regardless of what this draft says, there will be new applications that rely on fragmentation for the foreseeable future (this is why the previous text was appropriate). Grant it, the recommendation is not normative, so I suppose that's already a statement on its expected relevance. My real concern with this recommendation is that middlebox developers, who do participate in IETF and do read RFCs, might interpret this to mean that new applications won't be relying on fragmentation and therefore they assume they don't need to fix bugs or continue support, thereby making support for fragmentation even worse than it currently is. Tom > Legacy protocols that depend upon IP fragmentation SHOULD be updated > to break that dependency. However, in some cases, there may be no > viable alternative to IP fragmentation (e.g., IPSEC tunnel mode, IP- > in-IP encapsulation). Applications and protocols cannot necessarily > know or control whether they use lower layers or network paths that > rely on such fragmentation. In these cases, the protocol will > continue to rely on IP fragmentation but should only be used in > environments where IP fragmentation is known to be supported. > > Protocols may be able to avoid IP fragmentation by using a > sufficiently small MTU (e.g. The protocol minimum link MTU), > disabling IP fragmentation, and ensuring that the transport protocol > in use adapts its segment size to the MTU. Other protocols may > deploy a sufficiently reliable PMTU discovery mechanism > (e.g.,PLMPTUD). The risks of IP fragmentation can also be mitigated > through the use of encapsulation, e.g., by transmitting IP fragments > as payloads. > > UDP applications SHOULD abide by the recommendations stated in > Section 3.2 of [RFC8085]. > > ————— > > > > > On Sep 5, 2019, at 6:18 PM, Joe Touch <[email protected]> wrote: > > > > Although this is close, it misses the mark a little on the issue that > > the app may not actually have any control here - or know how or when to > > reduce its MTU. That might be a minor point to add, but is worth adding. > > This isn't just an app layer issue. > > > > Joe > > > > On 9/5/2019 4:45 PM, Ron Bonica wrote: > >> Bob, > >> > >> I think that this is a close to consensus as we are going to get. > >> > >> Ron > >> > >> > >> Juniper Business Use Only > >> > >> -----Original Message----- > >> From: Bob Hinden <[email protected]> > >> Sent: Thursday, September 5, 2019 2:29 PM > >> To: [email protected] > >> Cc: Bob Hinden <[email protected]>; Alissa Cooper <[email protected]>; > >> IESG <[email protected]>; Joel Halpern <[email protected]>; > >> [email protected]; [email protected]; Suresh > >> Krishnan <[email protected]> > >> Subject: Discussion about Section 6.1 in draft-ietf-intarea-frag-fragile > >> > >> Hi, > >> > >> Based on the discussion, I would like to propose to see if this will > >> resolve the issues raised. It attempts to cover the issues raised. > >> > >> The full section 6.1 is included below, but only the last sentence in the > >> second paragraph changed. > >> > >> Please review and comment. > >> > >> Thanks, > >> Bob > >> > >> > >> > >> 6.1. For Application and Protocol Developers > >> > >> Developers SHOULD NOT develop new protocols or applications that rely > >> on IP fragmentation. When a new protocol or application is deployed > >> in an environment that does not fully support IP fragmentation, it > >> SHOULD operate correctly, either in its default configuration or in a > >> specified alternative configuration. > >> > >> While there may be controlled environments where IP fragmentation > >> works reliably, this is a deployment issue and can not be known to > >> someone developing a new protocol or application. It is not > >> recommended that new protocols or applications be developed that rely > >> on IP fragmentation. Protocols and applications that rely on IP > >> fragmentation will work less reliably on the Internet unless they > >> also include mechanisms to detect that IP fragmentation isn't working > >> reliably. > >> > >> Legacy protocols that depend upon IP fragmentation SHOULD be updated > >> to break that dependency. However, in some cases, there may be no > >> viable alternative to IP fragmentation (e.g., IPSEC tunnel mode, IP- > >> in-IP encapsulation). In these cases, the protocol will continue to > >> rely on IP fragmentation but should only be used in environments > >> where IP fragmentation is known to be supported. > >> > >> Protocols may be able to avoid IP fragmentation by using a > >> sufficiently small MTU (e.g. The protocol minimum link MTU), > >> disabling IP fragmentation, and ensuring that the transport protocol > >> in use adapts its segment size to the MTU. Other protocols may > >> deploy a sufficiently reliable PMTU discovery mechanism > >> (e.g.,PLMPTUD). > >> > >> UDP applications SHOULD abide by the recommendations stated in > >> Section 3.2 of [RFC8085]. > >> > >> _______________________________________________ > >> Int-area mailing list > >> [email protected] > >> https://www.ietf.org/mailman/listinfo/int-area > > _______________________________________________ > Int-area mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/int-area _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
