I haven't followed this discussion in detail, but it looks like there's some confusion about the basic "units" of transmission. As far as I can tell, we have four different layers:
- a syslog message (SYSLOG-FRAME in ABNF) - a DTLS record - a UDP datagram - an IP packet As noted in Section 5.4, "It is possible that multiple syslog messages be contained in one DTLS record, or that a syslog message be transferred in multiple DTLS records." The maximum size of a single DTLS record is 2^14 bytes (this limit comes from TLS). One DTLS record must fit in one UDP datagram, but one UDP datagram can contain more than one DTLS record. The maximum size of UDP datagram is 64K (this limit comes from UDP), but it can be fragmented to multiple IP packets as needed. There's one additional restriction that I'm not sure is really mentioned anywhere: A single syslog message has to fit in a single UDP datagram. So while it can be split to multiple DTLS records, all those records have to be in a single UDP datagram (so the syslog layer does not reassemble syslog message pieces from multiple UDP datagrams -- SYSLOG-FRAME does not have sufficient information to do this anyway). In addition to the "hard" size limits (coming from DTLS and UDP), we probably need a recommendation saying that it's better if you can avoid IP fragmentation -- but this is precisely the same as normal syslog-over-UDP (minus the small overhead from DTLS). Best regards, Pasi ________________________________________ From: [email protected] [[email protected]] On Behalf Of ext Sean Turner [[email protected]] Sent: Saturday, May 22, 2010 6:16 PM To: t.petch Cc: syslog Subject: Re: [Syslog] AD review discuss/comments for draft-ietf-syslog-dtls t.petch wrote: > I see that this I-D had entered 'Revised I-D needed' which I would like to > progress. > > I see several comments about maximum record size, including a suggestion that > we > should make the 'SHOULD NOT' a 'MUST NOT' exceed 2**14. > > I am dead set against this change. We had a clear requirment, early on, to > allow 65k messages, and I think it wrong to MUST NOT that requirement. The > text > in the other I-Ds is a compromise to strke a balance between this and having > everything fit in 576 byte; I think we have the balance right. Tom, My response to Alexey was that this I-D borrows that particular requirement from RFC4347 and that this I-D shouldn't be upping the requirement. If it's okay with you, I'll forward him your response. The way I read his comment was that he's just asking why - he's not really requesting a change. spt _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
