On 28 Jul 2022, at 13:19, Joe Abley wrote:

On Jul 28, 2022, at 12:24, Andrew McConachie <and...@depht.com> wrote:

PMTUD doesn’t work through NAT

That's a very definitive statement considering that there's no useful standard for NAT.

If there's actual research on this to demonstrate that, pragmatically speaking, no implementations use the payload of a type 3 code 4 ICMP message to identify a translated target for the packet I would like to read it, because that sounds interesting.


The document makes the claim that PMTUD “remains widely undeployed due to security issues.” My contention is that it has little to do with security and more to do with the current structure of the Internet. We don’t need a useful standard for NAT to recognize that most implementations break PMTUD, and that those implementations of NAT are deployed enough to make PMTUD significantly broken. Firewalls break PMTUD as well, and I guess that’s a security thing, but currently the sentence reads like operators don’t deploy PMTUD in favor of security and I don’t think that’s true.

Currently, DNS is known to be the largest
  user of IP fragmentation.

Compared to what? I would just drop this sentence because it doesn’t add anything to the document and it’s trying to make a point that doesn’t need to be made.

I'd also like to see a citation for this one if there has been a study. I agree that it's probably the most familiar example of fragmentation for an audience mainly preoccupied with the DNS, but that's probably not a helpful observation :-)

Before I was interested in the DNS I worked for an ethernet switch vendor for 8 years, and I often find the way MTU gets talked about in IETF documents simply weird.

RFC 791 introduces the term "maximum transmission unit" to be the maximum size of a datagram, not the maximum size of a frame whose payload is a datagram.

The maximum sized datagram that can be transmitted through the
      next network is called the maximum transmission unit (MTU).

MTU is a measurement of maximum frame size for a network segment starting at Layer 2.

I have also heard MTU used in that way. I have always assumed it was just sloppy writing.

There may be prior use of the phrase that I'm not aware of (prior to 1981) but even if that's the case I think it's reasonable to use the IETF definition of the phrase in the IETF.

I think Ethernet was not standardised until the publication of IEEE 802.3 in 1983. I also think the original specification did not anticipate switches but described a multi-access network with a broader collision domain.

So perhaps it's reasonable to say that the IETF use of MTU pre-dates Ethernet switch vendors' usage, since it pre-dates Ethernet switches, since it pre-dates Ethernet.

Ok. But the text still isn’t clear on how many bytes are assumed to be consumed by layer-2 protocols. We don’t need to have a super tight definition of MTU to progress this document. Implementors just need to know how big of packets they can transmit.


Joe


_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to