draft-ietf-intarea-frag-fragile-01.txt   draft-ietf-intarea-frag-fragile-02.txt 
Internet Area WG R. Bonica Internet Area WG R. Bonica
Internet-Draft Juniper Networks Internet-Draft Juniper Networks
Intended status: Best Current Practice F. Baker Intended status: Best Current Practice F. Baker
Expires: April 13, 2019 Unaffiliated Expires: April 21, 2019 Unaffiliated
G. Huston G. Huston
APNIC APNIC
R. Hinden R. Hinden
Check Point Software Check Point Software
O. Troan O. Troan
Cisco Cisco
F. Gont F. Gont
SI6 Networks SI6 Networks
October 10, 2018 October 18, 2018
IP Fragmentation Considered Fragile IP Fragmentation Considered Fragile
draft-ietf-intarea-frag-fragile-01 draft-ietf-intarea-frag-fragile-02
Abstract Abstract
This document describes IP fragmentation and explains how it reduces This document describes IP fragmentation and explains how it reduces
the reliability of Internet communication. the reliability of Internet communication.
This document also proposes alternatives to IP fragmentation and This document also proposes alternatives to IP fragmentation and
provides recommendations for developers and network operators. provides recommendations for developers and network operators.
Status of This Memo Status of This Memo
skipping to change at page 1, line 43 skipping to change at page 1, line 43
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 13, 2019. This Internet-Draft will expire on April 21, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 44 skipping to change at page 2, line 44
5. Alternatives to IP Fragmentation . . . . . . . . . . . . . . 13 5. Alternatives to IP Fragmentation . . . . . . . . . . . . . . 13
5.1. Transport Layer Solutions . . . . . . . . . . . . . . . . 13 5.1. Transport Layer Solutions . . . . . . . . . . . . . . . . 13
5.2. Application Layer Solutions . . . . . . . . . . . . . . . 15 5.2. Application Layer Solutions . . . . . . . . . . . . . . . 15
6. Applications That Rely on IPv6 Fragmentation . . . . . . . . 16 6. Applications That Rely on IPv6 Fragmentation . . . . . . . . 16
6.1. DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 6.1. DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
6.2. OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . 17 6.2. OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . 17
6.3. Packet-in-Packet Encapsulations . . . . . . . . . . . . . 17 6.3. Packet-in-Packet Encapsulations . . . . . . . . . . . . . 17
7. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 17 7. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 17
7.1. For Application Developers . . . . . . . . . . . . . . . 17 7.1. For Application Developers . . . . . . . . . . . . . . . 17
7.2. For System Developers . . . . . . . . . . . . . . . . . . 17 7.2. For System Developers . . . . . . . . . . . . . . . . . . 17
7.3. For Middle Box Developers . . . . . . . . . . . . . . . . 17 7.3. For Middle Box Developers . . . . . . . . . . . . . . . . 18
7.4. For Network Operators . . . . . . . . . . . . . . . . . . 18 7.4. For Network Operators . . . . . . . . . . . . . . . . . . 18
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18
9. Security Considerations . . . . . . . . . . . . . . . . . . . 18 9. Security Considerations . . . . . . . . . . . . . . . . . . . 18
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 18 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 18
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 19
11.1. Normative References . . . . . . . . . . . . . . . . . . 18 11.1. Normative References . . . . . . . . . . . . . . . . . . 19
11.2. Informative References . . . . . . . . . . . . . . . . . 20 11.2. Informative References . . . . . . . . . . . . . . . . . 20
Appendix A. Contributors' Address . . . . . . . . . . . . . . . 22 Appendix A. Contributors' Address . . . . . . . . . . . . . . . 23
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 23 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 23
1. Introduction 1. Introduction
Operational experience [Kent] [Huston] [RFC7872] reveals that IP Operational experience [Kent] [Huston] [RFC7872] reveals that IP
fragmentation reduces the reliability of Internet communication. fragmentation reduces the reliability of Internet communication.
This document describes IP fragmentation and explains how it reduces This document describes IP fragmentation and explains how it reduces
the reliability of Internet communication. This document also the reliability of Internet communication. This document also
proposes alternatives to IP fragmentation and provides proposes alternatives to IP fragmentation and provides
recommendations for developers and network operators. recommendations for developers and network operators.
While this document identifies issues associated with IP While this document identifies issues associated with IP
fragmentation, it does not recommend deprecation. Some applications fragmentation, it does not recommend deprecation. Some applications
(e.g., [I-D.ietf-intarea-tunnels]) require IP fragmentation. (see Section 6) require IP fragmentation. Furthermore, fragmentation
is expected to work in limited domains where security and
interoperability issues can be addressed.
Rather than deprecating IP Fragmentation, this document recommends Rather than deprecating IP Fragmentation, this document recommends
that upper-layer protocols address the problem of fragmentation at that upper-layer protocols address the problem of fragmentation at
their layer, reducing their reliance on IP fragmentation to the their layer, reducing their reliance on IP fragmentation to the
greatest degree possible. greatest degree possible.
2. IP Fragmentation 2. IP Fragmentation
2.1. Links, Paths, MTU and PMTU 2.1. Links, Paths, MTU and PMTU
skipping to change at page 17, line 26 skipping to change at page 17, line 26
[RFC8086] and Generic Packet Tunneling in IPv6 [RFC2473]. [RFC4459] [RFC8086] and Generic Packet Tunneling in IPv6 [RFC2473]. [RFC4459]
describes fragmentation issues associated with all of the above- describes fragmentation issues associated with all of the above-
mentioned encapsulations. mentioned encapsulations.
The fragmentation strategy described for GRE in [RFC7588] has been The fragmentation strategy described for GRE in [RFC7588] has been
deployed for all of the above-mentioned encapsulations. This deployed for all of the above-mentioned encapsulations. This
strategy does not rely on IP fragmentation except in one corner case. strategy does not rely on IP fragmentation except in one corner case.
(see Section 3.3.2.2 of RFC 7588 and Section 7.1 of RFC 2473). (see Section 3.3.2.2 of RFC 7588 and Section 7.1 of RFC 2473).
Section 3.3 of [RFC7676] further describes this corner case. Section 3.3 of [RFC7676] further describes this corner case.
See [I-D.ietf-intarea-tunnels] for further discussion.
7. Recommendations 7. Recommendations
7.1. For Application Developers 7.1. For Application Developers
Application developers SHOULD NOT develop new applications that rely Application developers SHOULD NOT develop new applications that rely
on IP fragmentation. on IP fragmentation.
Application-layer protocols that depend upon IPv6 fragmentation Application-layer protocols that depend upon IPv6 fragmentation
SHOULD be updated to break that dependency. This can be achieved by SHOULD be updated to break that dependency. This can be achieved by
using a sufficiently small MTU (e.g. The protocol minimum link MTU), using a sufficiently small MTU (e.g. The protocol minimum link MTU),
skipping to change at page 18, line 11 skipping to change at page 18, line 17
Middle box developers SHOULD implement devices that support IP Middle box developers SHOULD implement devices that support IP
fragmentation. These boxes SHOULD not fail or cause failures when fragmentation. These boxes SHOULD not fail or cause failures when
processing fragmented IP packets. processing fragmented IP packets.
For example, in order to support IP fragmentation, a load balancer For example, in order to support IP fragmentation, a load balancer
might execute the following procedure: might execute the following procedure:
o Receive a fragmented packet o Receive a fragmented packet
o Identify a next-hop using information drawn from the first o Identify a next-hop using information drawn from the first
fragment fragment (i.e., the fragment containing offset 0)
o Forward the first fragment and all subsequent fragments through o Forward the first fragment and all subsequent fragments through
the above-mentioned next-hop the above-mentioned next-hop
7.4. For Network Operators 7.4. For Network Operators
As per RFC 4890, network operators MUST NOT filter ICMPv6 PTB As per RFC 4890, network operators MUST NOT filter ICMPv6 PTB
messages unless they are known to be forged or otherwise messages unless they are known to be forged or otherwise
illegitimate. As stated in Section 4.6, filtering ICMPv6 PTB packets illegitimate. As stated in Section 4.6, filtering ICMPv6 PTB packets
causes PMTUD to fail. Operators MUST ensure proper PMTUD operation causes PMTUD to fail. Operators MUST ensure proper PMTUD operation
 End of changes. 10 change blocks. 
10 lines changed or deleted 14 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/