Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Aug 31, 2018, at 9:38 AM, Tom Herbert wrote: > >> On Fri, Aug 31, 2018 at 8:56 AM, Joe Touch wrote: >> >> >> On Aug 31, 2018, at 8:44 AM, Tom Herbert wrote: >> >> >> Joe, >> >> There is an alternative: don't use NAT! >> >> >> Agreed - that should also be part of the observations

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Fri, Aug 31, 2018 at 8:56 AM, Joe Touch wrote: > > > On Aug 31, 2018, at 8:44 AM, Tom Herbert wrote: > > > Joe, > > There is an alternative: don't use NAT! > > > Agreed - that should also be part of the observations of this doc. > > Yes, something needs to be done, but I argue that *until we

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

2018 8:57 AM To: Tom Herbert Cc: int-area ; Toerless Eckert ; intarea-cha...@ietf.org Subject: Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile On Aug 31, 2018, at 8:44 AM, Tom Herbert mailto:t...@herbertland.com>> wrote: Joe, There is an alternative: don't use NAT! Ag

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Aug 31, 2018, at 8:44 AM, Tom Herbert wrote: >> > Joe, > > There is an alternative: don't use NAT! Agreed - that should also be part of the observations of this doc. >> Yes, something needs to be done, but I argue that *until we have a worked >> alternative*, we need to keep restating

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Thu, Aug 30, 2018 at 5:26 PM, Joe Touch wrote: > > > On Aug 29, 2018, at 11:19 PM, Christian Huitema wrote: > > Regardless, middleboxes shouldn't be avoiding their own effort by creating > work for others. A corollary to the Postal Principle should be "you make the > mess, you clean it up". >

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On 8/30/2018 5:26 PM, Joe Touch wrote: > > >> On Aug 29, 2018, at 11:19 PM, Christian Huitema > > wrote: >> >>> Regardless, middleboxes shouldn't be avoiding their own effort by >>> creating work for others. A corollary to the Postal Principle should >>> be "you make

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Aug 29, 2018, at 11:19 PM, Christian Huitema wrote: > >> Regardless, middleboxes shouldn't be avoiding their own effort by creating >> work for others. A corollary to the Postal Principle should be "you make the >> mess, you clean it up". > > Joe's stubborn adherence to the letter of

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Aug 30, 2018, at 8:56 AM, Tom Herbert wrote: > >> On Wed, Aug 29, 2018 at 7:58 PM, Joe Touch wrote: >> >> >> >> >> On 2018-08-29 18:34, Tom Herbert wrote: >> >> >> Joe, >> >> End hosts are already quite capable of dealing with reassembly, >> >> >> Regardless, middleboxes

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Wed, Aug 29, 2018 at 7:58 PM, Joe Touch wrote: > > > > > On 2018-08-29 18:34, Tom Herbert wrote: > > > Joe, > > End hosts are already quite capable of dealing with reassembly, > > > Regardless, middleboxes shouldn't be avoiding their own effort by creating > work for others. A corollary to the

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On 8/29/2018 7:58 PM, Joe Touch wrote: > > > On 2018-08-29 18:34, Tom Herbert wrote: > >> >> Joe, >> >> End hosts are already quite capable of dealing with reassembly, >   > Regardless, middleboxes shouldn't be avoiding their own effort by > creating work for others. A corollary to the Postal

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On 2018-08-29 18:34, Tom Herbert wrote: > Joe, > > End hosts are already quite capable of dealing with reassembly, Regardless, middleboxes shouldn't be avoiding their own effort by creating work for others. A corollary to the Postal Principle should be "you make the mess, you clean it up".

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Wed, Aug 29, 2018 at 5:32 PM, Joe Touch wrote: > > > > > On 2018-08-29 10:38, Tom Herbert wrote: > > > I don't think you need the part about acting as a host, that would > have other implications. > > > It does, and that's exactly why you do. In particular, this includes ICMP > processing. > >

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On 2018-08-29 10:38, Tom Herbert wrote: > I don't think you need the part about acting as a host, that would > have other implications. It does, and that's exactly why you do. In particular, this includes ICMP processing. > Also, the reassembly requirement might be > specific to NAT and not

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Wed, Aug 29, 2018 at 10:10 AM, Joe Touch wrote: > Tom, > > > > > On 2018-08-29 09:53, tom wrote: > > On Wed, Aug 29, 2018 at 8:11 AM, Joe Touch wrote: > > > > > > On 2018-08-28 17:24, Toerless Eckert wrote: > > ...Sure, i meant to imply that port-numbers are useful pragmatically, > but other

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

Tom, On 2018-08-29 09:53, tom wrote: > On Wed, Aug 29, 2018 at 8:11 AM, Joe Touch wrote: > >> On 2018-08-28 17:24, Toerless Eckert wrote: >> >> ...Sure, i meant to imply that port-numbers are useful pragmatically, >> but other context identifiers would long term be better. >>

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Wed, Aug 29, 2018 at 8:11 AM, Joe Touch wrote: > > > > > On 2018-08-28 17:24, Toerless Eckert wrote: > > ...Sure, i meant to imply that port-numbers are useful pragmatically, > but other context identifiers would long term be better. > Demux-Identifiers at the granualarity of a subscriber or >

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On 2018-08-28 17:24, Toerless Eckert wrote: > ...Sure, i meant to imply that port-numbers are useful pragmatically, > but other context identifiers would long term be better. > Demux-Identifiers at the granualarity of a subscriber or > application wold be a lot more scalable than flow

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

Hi, Toerless, Overall, I think that it's OK for the doc to remind of us of what is *already* required and best practice: - IPv4 hosts SHOULD avoid enabling in-net fragmentation (needed, in part, for IP ID compliance at high rate per RFC 6864) - IP routers MUST support forwarding of fragments

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Tue, Aug 28, 2018 at 06:02:19PM -0700, Tom Herbert wrote: > https://tools.ietf.org/html/draft-ietf-tsvwg-udp-options > https://tools.ietf.org/html/draft-ietf-intarea-gue-extensions Thanks > "NOTE: While [RFC2460] required that all nodes must examine and > process the Hop-by-Hop Options

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Tue, Aug 28, 2018 at 5:24 PM, Toerless Eckert wrote: > On Tue, Aug 28, 2018 at 03:51:58PM -0700, Tom Herbert wrote: >> I think it's the opposite-- the definition of the context should be >> protocol agnostic. We need to get middleboxes out of doing DPI and to >> stop worrying only about select

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Tue, Aug 28, 2018 at 03:51:58PM -0700, Tom Herbert wrote: > I think it's the opposite-- the definition of the context should be > protocol agnostic. We need to get middleboxes out of doing DPI and to > stop worrying only about select transport protocols. So we need a > mechanism that works

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Tue, Aug 28, 2018 at 3:09 PM, Toerless Eckert wrote: > Thanks, Joe > > This has gotten pretty long. Let me sumarize my suggestions upfront: > > For the draft itself, how about it also consideres recommendations not only > for IPv6 but IPv4. Such as simply also only do what we've accepted to be

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

Thanks, Joe This has gotten pretty long. Let me sumarize my suggestions upfront: For the draft itself, how about it also consideres recommendations not only for IPv6 but IPv4. Such as simply also only do what we've accepted to be feasible for IPv6. Like: do never rely on in-network fragmentation

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

Ole, On 2018-08-27 01:52, Ole Troan wrote: > Joe, > ... > > The principles are described and explained here: > > Touch, J: Middlebox Models Compatible with the Internet [1]. USC/ISI > (ISI-TR-711), 2016. ( > > I don't want to dismiss this completely, but it hand waves over how >

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

Joe, > On 27 Aug 2018, at 10:27, Joe Touch wrote: > > > >> On Aug 26, 2018, at 11:55 PM, Ole Troan wrote: >> >> Joe, >> > On 26 Aug 2018, at 23:12, Joe Touch wrote: > > As I’ve mentioned, there are rules under which a NAT is a valid Internet > device, but it is

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Aug 26, 2018, at 11:55 PM, Ole Troan wrote: > > Joe, > >>> On 26 Aug 2018, at 23:12, Joe Touch wrote: As I’ve mentioned, there are rules under which a NAT is a valid Internet device, but it is simply not just a router. >>> >>> If there really was, can you point

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

Joe, >>> >>> On 26 Aug 2018, at 23:12, Joe Touch wrote: >>> >>> As I’ve mentioned, there are rules under which a NAT is a valid Internet >>> device, but it is simply not just a router. >> >> If there really was, can you point to where those rules are? Describing the >> behavior of the host

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Sun, Aug 26, 2018 at 08:19:41PM -0700, Tom Herbert wrote: > Toerless, > > I'm not sure what "outsourced into a common network component" means. > I've done a lot of app and OS development and have NEVER once > "outsourced" security to the network. And i worked in a company where for a good

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Sun, Aug 26, 2018 at 7:35 PM, Toerless Eckert wrote: > On Sun, Aug 26, 2018 at 05:10:00PM -0700, Joe Touch wrote: >> Agreed, but reassembly is clearly possible (hosts do it). The issue is cost. >> >> We are not in the business of defending a vendor's idea of profit margin >> WHEN it gets in

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Aug 26, 2018, at 7:35 PM, Toerless Eckert wrote: > > On Sun, Aug 26, 2018 at 05:10:00PM -0700, Joe Touch wrote: >> Agreed, but reassembly is clearly possible (hosts do it). The issue is cost. >> >> We are not in the business of defending a vendor's idea of profit margin >> WHEN it gets

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Sun, Aug 26, 2018 at 05:10:00PM -0700, Joe Touch wrote: > Agreed, but reassembly is clearly possible (hosts do it). The issue is cost. > > We are not in the business of defending a vendor's idea of profit margin > WHEN it gets in the way of a required mechanism. I've described why it's >

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On 8/26/2018 4:16 PM, Tom Herbert wrote: > On Sun, Aug 26, 2018 at 2:55 PM, Toerless Eckert wrote: >> On Sun, Aug 26, 2018 at 11:38:57AM -0700, Joe Touch wrote: >>> NATs already have what they need to do the proper job - they need to >>> reassemble and defragment using unique IDs (or cache

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On 8/26/2018 4:33 PM, Toerless Eckert wrote: > On Sun, Aug 26, 2018 at 03:50:18PM -0700, Joe Touch wrote: >>> Reassmbly/refragment and MTU discovery puts NAT out of the realm of many >>> cost effective HW acceleration methods. Simple address rewrite does not. >> And crumple zones and airbags get

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Sun, Aug 26, 2018 at 04:16:39PM -0700, Tom Herbert wrote: > When the host stack pundits are asking network device stack builders > to conform to the standard protocols then I believe that is > reasonable. If firewalls were standard and ubiquitous, and standards > were adhered to, then host

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Sun, Aug 26, 2018 at 03:50:18PM -0700, Joe Touch wrote: > > Reassmbly/refragment and MTU discovery puts NAT out of the realm of many > > cost effective HW acceleration methods. Simple address rewrite does not. > > And crumple zones and airbags get in the way of cars running fast and being >

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Sun, Aug 26, 2018 at 2:55 PM, Toerless Eckert wrote: > On Sun, Aug 26, 2018 at 11:38:57AM -0700, Joe Touch wrote: >> NATs already have what they need to do the proper job - they need to >> reassemble and defragment using unique IDs (or cache the first fragment when >> it arrives and use it

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Sun, Aug 26, 2018 at 2:12 PM, Joe Touch wrote: > > > On Aug 26, 2018, at 12:58 PM, Tom Herbert wrote: > > On Sun, Aug 26, 2018 at 11:38 AM, Joe Touch wrote: > > > > On Aug 26, 2018, at 10:31 AM, Christian Huitema wrote: > > It seems that the biggest obstacle to fragmentation are NAT and

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Aug 26, 2018, at 3:03 PM, Toerless Eckert wrote: > > On Sun, Aug 26, 2018 at 11:26:47PM +0200, Ole Troan wrote: >> >> >>> On 26 Aug 2018, at 23:12, Joe Touch wrote: >>> >>> As I???ve mentioned, there are rules under which a NAT is a valid Internet >>> device, but it is simply not

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Aug 26, 2018, at 2:55 PM, Toerless Eckert wrote: > > On Sun, Aug 26, 2018 at 11:38:57AM -0700, Joe Touch wrote: >> NATs already have what they need to do the proper job - they need to >> reassemble and defragment using unique IDs (or cache the first fragment when >> it arrives and use

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Aug 26, 2018, at 2:31 PM, Toerless Eckert wrote: > > On Sun, Aug 26, 2018 at 09:09:54AM -0700, Joe Touch wrote: >> >> >>> On Aug 24, 2018, at 8:24 PM, Toerless Eckert wrote: >>> >>> Of course. Will take a decade to get ubiquitously deployed, but >>> neither IPv4 nor IPv6 will go away,

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Aug 26, 2018, at 2:27 PM, Toerless Eckert wrote: > > Took us decades to figure out that in-network > fragmentation (as mandaory in IPv4) is not a good thing, and > we eliminated it for IPv6. Why do we hang on to fragmentation > from the host when tranport layers would be better doing it

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Aug 26, 2018, at 2:26 PM, Ole Troan wrote: > > > >> On 26 Aug 2018, at 23:12, Joe Touch wrote: >> >> As I’ve mentioned, there are rules under which a NAT is a valid Internet >> device, but it is simply not just a router. > > If there really was, can you point to where those rules

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Sun, Aug 26, 2018 at 11:26:47PM +0200, Ole Troan wrote: > > > > On 26 Aug 2018, at 23:12, Joe Touch wrote: > > > > As I???ve mentioned, there are rules under which a NAT is a valid Internet > > device, but it is simply not just a router. > > If there really was, can you point to where

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Sun, Aug 26, 2018 at 11:38:57AM -0700, Joe Touch wrote: > NATs already have what they need to do the proper job - they need to > reassemble and defragment using unique IDs (or cache the first fragment when > it arrives and use it as context for later - or earlier cached - fragments). >

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Sun, Aug 26, 2018 at 09:09:54AM -0700, Joe Touch wrote: > > > > On Aug 24, 2018, at 8:24 PM, Toerless Eckert wrote: > > > > Of course. Will take a decade to get ubiquitously deployed, but > > neither IPv4 nor IPv6 will go away, only the problems with fragmentation > > will become worse and

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Sat, Aug 25, 2018 at 01:46:47PM -0700, Joel Jaeggli wrote: > It's actually not that useful if it's an icmp message. because it's > going to fail in many cases where it has to be hashed to a destination. > just  like non-initial fragements do... > > 4821 gets you there with tcp. Its meant to

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Sat, Aug 25, 2018 at 08:32:41AM +0200, Mikael Abrahamsson wrote: > > IMHO, we (network layer) should accept defeat on network layer > > fragmentation and agree that we should make it easier for the > > transport layer to resolve the problem. > > I want to keep the fragmentation requirement for

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On 26 Aug 2018, at 23:12, Joe Touch wrote: > > As I’ve mentioned, there are rules under which a NAT is a valid Internet > device, but it is simply not just a router. If there really was, can you point to where those rules are? Describing the behavior of the host stack and applications?

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Aug 26, 2018, at 12:58 PM, Tom Herbert wrote: > > On Sun, Aug 26, 2018 at 11:38 AM, Joe Touch wrote: >> >> >>> On Aug 26, 2018, at 10:31 AM, Christian Huitema wrote: >>> >>> It seems that the biggest obstacle to fragmentation are NAT and Firewall. >>> They need the port numbers in

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Sun, Aug 26, 2018 at 11:38 AM, Joe Touch wrote: > > >> On Aug 26, 2018, at 10:31 AM, Christian Huitema wrote: >> >> It seems that the biggest obstacle to fragmentation are NAT and Firewall. >> They need the port numbers in order to find and enforce context. NAT might >> be going away with

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Aug 26, 2018, at 10:31 AM, Christian Huitema wrote: > > It seems that the biggest obstacle to fragmentation are NAT and Firewall. > They need the port numbers in order to find and enforce context. NAT might be > going away with IPv6, maybe, but firewalls are not. > > Have considered

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Sun, Aug 26, 2018 at 10:31 AM, Christian Huitema wrote: > It seems that the biggest obstacle to fragmentation are NAT and Firewall. > They need the port numbers in order to find and enforce context. NAT might be > going away with IPv6, maybe, but firewalls are not. > > Have considered

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

It seems that the biggest obstacle to fragmentation are NAT and Firewall. They need the port numbers in order to find and enforce context. NAT might be going away with IPv6, maybe, but firewalls are not. Have considered strategies that move the port number inside the IP header? For example,

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Fri, Aug 24, 2018 at 8:24 PM, Toerless Eckert wrote: > On Fri, Aug 03, 2018 at 09:48:25AM +0200, Mikael Abrahamsson wrote: >> I've kept saying "Networks must support ip fragmentation properly. > > Why ? Wheren't you also saying that you've got (like probably many > else on this thread) all the

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Aug 24, 2018, at 8:24 PM, Toerless Eckert wrote: > > Of course. Will take a decade to get ubiquitously deployed, but > neither IPv4 nor IPv6 will go away, only the problems with fragmentation > will become worse and work if we do not have an exit strategy like this. > > If we don't try

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On 8/24/18 8:24 PM, Toerless Eckert wrote: > On Fri, Aug 03, 2018 at 09:48:25AM +0200, Mikael Abrahamsson wrote: >> I've kept saying "Networks must support ip fragmentation properly. > Why ? Wheren't you also saying that you've got (like probably many > else on this thread) all the experience

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Sat, 25 Aug 2018, Toerless Eckert wrote: On Fri, Aug 03, 2018 at 09:48:25AM +0200, Mikael Abrahamsson wrote: I've kept saying "Networks must support ip fragmentation properly. Why ? Wheren't you also saying that you've got (like probably many else on this thread) all the experience that

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Fri, Aug 03, 2018 at 09:48:25AM +0200, Mikael Abrahamsson wrote: > I've kept saying "Networks must support ip fragmentation properly. Why ? Wheren't you also saying that you've got (like probably many else on this thread) all the experience that only TCP MSS gets you working connectivity in

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

Hi, The WG adoption call ended last Friday. From the discussion on the ML, we see support for adopting draft-bonica-intarea-frag-fragile-03 as a working group document. Authors, please (re)-submit the draft as a WG document. Thanks, Juan & Wassim > On Jul 24, 2018, at 12:42, Wassim Haddad

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Fri, 3 Aug 2018, Tom Herbert wrote: You could say the same the thing about extension headers, SCTP and DCCP, and even IPv6 itself since it still doesn't work everywhere. The only protocols an application can _rely_ on working is TCP over plain IPv4. That is current LCD. If the advice is

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Aug 3, 2018, at 10:21 AM, Ole Troan wrote: > > I don’t think that the runout of IPv4 addresses should come as a surprise to > any one… It isn’t. > nor that it has implications on the architecture of the Internet. It does already have implications on the implementation and deployment

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Fri, Aug 3, 2018 at 12:48 AM, Mikael Abrahamsson wrote: > On Thu, 2 Aug 2018, Tom Herbert wrote: > >> This leads to driving everything down to only support the least common >> denominator. Problem is that we can never move things forward if everyone is >> bound to LCD. > > > I don't understand

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Aug 3, 2018, at 2:54 AM, Ole Troan wrote: > > Joe, > It also looks like (at first glance at least) these devices work only when there isn't multipath between the back and front side. >>> >>> The A+P routers are stateless and do support multipath. Including traffic >>> does

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

Joe, >>> It also looks like (at first glance at least) these devices work only when >>> there isn't multipath between the back and front side. >> >> The A+P routers are stateless and do support multipath. Including traffic >> does not need to be symmetric. >> That’s the main selling point for

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Thu, 2 Aug 2018, Tom Herbert wrote: This leads to driving everything down to only support the least common denominator. Problem is that we can never move things forward if everyone is bound to LCD. I don't understand why people think this is what I am saying. Car engines have "limp mode"

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Aug 2, 2018, at 1:06 PM, Ole Troan wrote: > > Joe, > > >> I am not ignoring them; I'm claiming that they all have the same >> inherent deployment and implementation limitations. >> >> Just because operators/vendors "want" to do otherwise does not make it >>

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

Joe, > I am not ignoring them; I'm claiming that they all have the same inherent > deployment and implementation limitations. > > Just because operators/vendors "want" to do otherwise does not make it > possible. There was IETF consensus behind those documents

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On 2018-08-02 12:33, Ole Troan wrote: > Joe, > > I am not ignoring them; I'm claiming that they all have the same inherent > deployment and implementation limitations. > > Just because operators/vendors "want" to do otherwise does not make it > possible. > There was IETF consensus behind

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

Joe, >>> I am not ignoring them; I'm claiming that they all have the same inherent >>> deployment and implementation limitations. >>> >>> Just because operators/vendors "want" to do otherwise does not make it >>> possible. >> >> There was IETF consensus behind those documents (A+P). > >

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On 2018-08-02 08:38, Ole Troan wrote: > Joe, > >> I am not ignoring them; I'm claiming that they all have the same inherent >> deployment and implementation limitations. >> >> Just because operators/vendors "want" to do otherwise does not make it >> possible. > > There was IETF consensus

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Aug 2, 2018, at 10:07 AM, Tom Herbert wrote: >> Applications need to work when faced with adverse conditions. They can work >> less well, that's fine, but they still need to work. >> > This leads to driving everything down to only support the least common > denominator. Problem is that we

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Thu, Aug 2, 2018 at 8:50 AM, Mikael Abrahamsson wrote: > On Thu, 2 Aug 2018, Joe Touch wrote: > >> So you want us to redesign the Internet to run over port 443. > > > Nope. > >> The again, IP has fragmentation. That too is reality, even if we don’t >> like it. > > > IP have lots of things.

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Thu, 2 Aug 2018, Joe Touch wrote: So you want us to redesign the Internet to run over port 443. Nope. The again, IP has fragmentation. That too is reality, even if we don’t like it. IP have lots of things. Hop-by-hop-headers for instance. Really bad idea. Again, something broken needs

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

Joe, > I am not ignoring them; I’m claiming that they all have the same inherent > deployment and implementation limitations. > > Just because operators/vendors “want” to do otherwise does not make it > possible. There was IETF consensus behind those documents (A+P). In the _new_ IPv4

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Aug 2, 2018, at 8:02 AM, Mikael Abrahamsson wrote: > >> On Thu, 2 Aug 2018, Joe Touch wrote: >> >> Just because operators/vendors “want” to do otherwise does not make it >> possible. > > I've been on hotel wifis that are behind 3 layers of NAT, PMTUD non-working, > PMTU is like 1450,

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Thu, 2 Aug 2018, Joe Touch wrote: Just because operators/vendors “want” to do otherwise does not make it possible. I've been on hotel wifis that are behind 3 layers of NAT, PMTUD non-working, PMTU is like 1450, and the only thing saving the day is TCP MSS adjust, so the only thing that

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

But only if you continue to ignore that there are other IPv4 sharing mechanisms than NAT. Ole > On 1 Aug 2018, at 16:11, Joe Touch wrote: > > We all understand that many current NAT devices and their deployments are not > compatible with IP fragmentation (v4 or v6). > > That leaves us with

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

We all understand that many current NAT devices and their deployments are not compatible with IP fragmentation (v4 or v6). That leaves us with two options: 1. change IP, but that leaves us with problems for which we have no solution (encrypted payloads, other DPI devices that look

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On 01/08/2018 11:29, Tom Herbert wrote: > On Tue, Jul 31, 2018 at 2:21 PM, Ole Troan wrote: >> Tom, >> >>> How is this story going to be different for IPv6? How do we ensure that >>> non-conformant implementation for IPv4 isn't just carried over so that >>> fragmentation, alternative protocols,

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Tue, Jul 31, 2018 at 2:21 PM, Ole Troan wrote: > Tom, > >> How is this story going to be different for IPv6? How do we ensure that >> non-conformant implementation for IPv4 isn't just carried over so that >> fragmentation, alternative protocols, and extension headers are viable on >> the

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

Tom, > How is this story going to be different for IPv6? How do we ensure that > non-conformant implementation for IPv4 isn't just carried over so that > fragmentation, alternative protocols, and extension headers are viable on the > IPv6 Internet? I don’t think the IPv4 implementations are

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Tue, Jul 31, 2018, 5:28 AM Ole Troan wrote: > Joe, > > >> The need for fragmentation cannot be completely > >> eliminated and we do need it to work. Devices that do things to > >> prevent correct operation still need to be fixed, and it would be > >> productive for the draft to include

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

Joe, >> The need for fragmentation cannot be completely >> eliminated and we do need it to work. Devices that do things to >> prevent correct operation still need to be fixed, and it would be >> productive for the draft to include statements on how some of the >> sub-problems problems can be

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Jul 30, 2018, at 12:13 PM, Tom Herbert wrote: > > On Mon, Jul 30, 2018 at 11:50 AM, Joe Touch > wrote: >> >> >> >> >> On 2018-07-30 11:16, Tom Herbert wrote: >> >> On Mon, Jul 30, 2018 at 10:34 AM, Joe Touch wrote: >> >> >> >> >> >> On 2018-07-30

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Mon, Jul 30, 2018 at 11:50 AM, Joe Touch wrote: > > > > > On 2018-07-30 11:16, Tom Herbert wrote: > > On Mon, Jul 30, 2018 at 10:34 AM, Joe Touch wrote: > > > > > > On 2018-07-30 08:11, Tom Herbert wrote: > > On Sun, Jul 29, 2018 at 9:22 AM, Joe Touch wrote: > > > > On Jul 29, 2018, at 9:11

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On 2018-07-30 11:16, Tom Herbert wrote: > On Mon, Jul 30, 2018 at 10:34 AM, Joe Touch wrote: > >> On 2018-07-30 08:11, Tom Herbert wrote: >> >> On Sun, Jul 29, 2018 at 9:22 AM, Joe Touch wrote: >> >> On Jul 29, 2018, at 9:11 AM, Tom Herbert wrote: >> >> ... >> >> That said, there's no

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Mon, Jul 30, 2018 at 10:34 AM, Joe Touch wrote: > > > > > On 2018-07-30 08:11, Tom Herbert wrote: > > On Sun, Jul 29, 2018 at 9:22 AM, Joe Touch wrote: > > > > On Jul 29, 2018, at 9:11 AM, Tom Herbert wrote: > > ... > > That said, there's no real problem with a NAT *IF* it acts as a host on

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On 2018-07-30 08:11, Tom Herbert wrote: > On Sun, Jul 29, 2018 at 9:22 AM, Joe Touch wrote: > >> On Jul 29, 2018, at 9:11 AM, Tom Herbert wrote: >> >> ... >> >> That said, there's no real problem with a NAT *IF* it acts as a host on the >> Internet >> (see ouch, J: Middlebox Models

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Sun, Jul 29, 2018 at 9:22 AM, Joe Touch wrote: > > > On Jul 29, 2018, at 9:11 AM, Tom Herbert wrote: > > ... > > That said, there’s no real problem with a NAT *IF* it acts as a host on the > Internet > (see ouch, J: Middlebox Models Compatible with the Internet. USC/ISI > (ISI-TR-711), 2016.)

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

Joe, > My model describes the rules under which translation devices can operate > correctly and predictably in the Internet model. > > There are only a few alternatives for devices not explained by either model: > 1- the Internet and my model are incomplete > in that case,

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Jul 30, 2018, at 12:33 AM, Ole Troan wrote: > > Joe, > >>> However much money you throw at it, you can't reassemble fragments >>> travelling on different paths, nor can you trivially make network layer >>> reassembly not be an attack vector on those boxes. >> >> Agreed, but here’s the

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Jul 29, 2018, at 10:29 PM, Mikael Abrahamsson wrote: > > On Sun, 29 Jul 2018, Joe Touch wrote: > >> You’re engaging in a game of escalation - whatever layer you add >> fragmentation will end up being a layer that a vendor puts a device that >> does DPI that fails. > > Yes, but I can

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

Joe, >> However much money you throw at it, you can't reassemble fragments >> travelling on different paths, nor can you trivially make network layer >> reassembly not be an attack vector on those boxes. > > Agreed, but here’s the other point: > > Any device that inspects L4 content can

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Sun, 29 Jul 2018, Joe Touch wrote: You’re engaging in a game of escalation - whatever layer you add fragmentation will end up being a layer that a vendor puts a device that does DPI that fails. Yes, but I can filter those UDP packets by looking in the UDP header, that's all the DPI I

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Sun, Jul 29, 2018 at 9:22 AM, Joe Touch wrote: > > > On Jul 29, 2018, at 9:11 AM, Tom Herbert wrote: > > ... > > That said, there’s no real problem with a NAT *IF* it acts as a host on the > Internet > (see ouch, J: Middlebox Models Compatible with the Internet. USC/ISI > (ISI-TR-711), 2016.)

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Jul 29, 2018, at 9:11 AM, Tom Herbert wrote: > >> ... >> >> That said, there’s no real problem with a NAT *IF* it acts as a host on the >> Internet >> (see ouch, J: Middlebox Models Compatible with the Internet. USC/ISI >> (ISI-TR-711), 2016.) > > Joe, > > It's still a problem though.

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Sun, Jul 29, 2018 at 8:38 AM, Joe Touch wrote: > > > On Jul 28, 2018, at 11:24 AM, Ole Troan wrote: > > Here’s the thing about fragmentation: > > 1. all links have a maximum packet size > 2. all tunneling/encapsulation/layering increases payload size > > 1+2 implies there is always the need

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Jul 28, 2018, at 11:24 AM, Ole Troan wrote: > >> Here’s the thing about fragmentation: >> >> 1. all links have a maximum packet size >> 2. all tunneling/encapsulation/layering increases payload size >> >> 1+2 implies there is always the need for fragmentation at some layer: >

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

> On Jul 28, 2018, at 11:24 PM, Mikael Abrahamsson wrote: > > On Sat, 28 Jul 2018, Joe Touch wrote: > >> because DPI and NAT devices don’t reassemble. And they don’t because it’s >> cheaper to sell devices that say they run at 1 Gbps (e.g.) that don’t bother >> to reassemble. > > Keeping

Re: [Int-area] WG Adoption Call: IP Fragmentation Considered Fragile

On Sat, 28 Jul 2018, Joe Touch wrote: because DPI and NAT devices don’t reassemble. And they don’t because it’s cheaper to sell devices that say they run at 1 Gbps (e.g.) that don’t bother to reassemble. Keeping lots of state is always more expensive than not keeping state, and customers

  1   2   >