Hi Ole and Joe, Also not to be lost in this discussion is the potential for spoofed ICMP messages that would report a size that is either too large or too small. Thanks - Fred > -----Original Message----- > From: ipv6 [mailto:ipv6-bounces@xxxxxxxx] On Behalf Of otroan@xxxxxxxxxxxxx > Sent: Tuesday, February 07, 2017 12:07 PM > To: Joe Touch <touch@xxxxxxx> > Cc: 6man WG <ipv6@xxxxxxxx>; ietf@xxxxxxxx; draft-ietf-6man-rfc1981bis@xxxxxxxx; tsv-area@xxxxxxxx; Eggert, Lars > <lars@xxxxxxxxxx>; 6man-chairs@xxxxxxxx > Subject: Re: Last Call: <draft-ietf-6man-rfc1981bis-04.txt> (Path MTU Discovery for IP version 6) to Internet Standard > > Joe, > > [...] > > >>> If by "supports" you mean "doesn't work", then yes. That's why we now > >>> have PLPMTUD. > >>> > >> PLMTUD is unfortunately not a (complete) replacement of PMTUD. > > > > PLMTUD is a directive to protocols above the IP layer; it isn't a single protocol, so it wouldn't replace anything. > > > >> > >>>> Looking just at our specifications, we cannot state that PLMTUD can replace PMTUD. Take RFC2473 (IPv6 tunnelling) for > example. > >>>> > >>> See draft-ietf-intarea-tunnels, esp. v03 Section 5.5.2 > >>> > >>> (yes, that doc has expired while we're preparing the 04 update, which > >>> should be issued shortly) > >>> > >> Is this the paragraph you are referring to? > >> > >> PLPMTUD requires a separate, > >> direct control channel from the egress to the ingress that provides > >> positive feedback; the direct channel is not blocked by policy > >> filters and the positive feedback ensures fail-safe operation if > >> feedback messages are lost [RFC4821]. > >> > > That is nowhere near section 5.5.2. > > No, but it was unfortunately all that was written about how to use PLMTUD for tunnels. > > > 5.5.2 indicates places where RFC2473 has errors, esp. in how it interprets the MTU of the tunnel as being defined by the MTU of the > path within the tunnel, rather than by the tunnel egress reassembly limit. > > > >> I'm very much in favour of working on better ways of doing Path MTU discovery. > >> A blanket statement of "use "PLMTUD" seems very premature though. > >> > > The point is that this document fails to indicate the current state of PMTUD. It correctly notes that: > > An extension to Path MTU Discovery defined in this document can be > > found in [ > > RFC4821 > > ]. It defines a method for Packetization Layer Path > > MTU Discovery (PLPMTUD) designed for use over paths where delivery of > > ICMP messages to a host is not assured. > > > > > > > > IMO, it fails to note that this case - where ICMP messages are assured along a path - is effectively a unicorn except within systems > maintained by a single entity. > > > >> RFC1981 has 70 citations: > >> > >> http://www.arkko.com/tools/allstats/citations-rfc1981.html > >> > >> > >> Could you expand on your view of how this pertains to advancing RFC1981? > >> > > It's called last call input. My input is that this document needs to be more realistic in noting that, for all intents, ICMP-based MTU > discovery isn't viable and that other methods need to be *expected*, not just that they're available. > > Right, but if you are correct that ICMP-based MTU discovery is not viable then this document should not be advanced. > At the same time for many protocols we have nothing else. An operator can break any protocol if that's their policy. And that's the > breakage we're talking about here, not any issues with the protocol specification. > > There is a philosophical aspect of this. (Which I'm not the best person to represent as I skipped my University studies in philosophy > and used the student loan to buy a motorcycle... (and only read the art of motorcycle maintenance years later) ) > This is a tussle. The IETF specifies protocols under the assumption that operators treat those protocols largely as specified. The 5-10% > failure of PMTUD messages may be caused by misconfiguration, misunderstanding or mis-intent... Many of our protocols are suffering > from the same fate. Should the IETF adjust all its protocols to be as middlebox friendly as possible? You can make this argument about > IPv6 fragments, any packet with IPv6 extension headers, IPv4 fragments. Or anything but TCP port 443/80 and UDP port 53 for that > matter. Are we as the IETF going to continue standardising protocols to work as best as they possible can, ignoring protocol abuse, or > are we going to bend over and do whatever it takes to make it work for those 5-10% who've actively broken the protocol? What about > the 90-90% where the protocols work as expected? > > Best regards, > Ole >