Reviewer: Joseph Touch
Review result: Not Ready

This documents most significant transport issue is the use of path MTU
discovery. Sec 2 recommends the use of path MTU discovery [RFC1191] [RFC8201],
but this is known to be problematic black holing where ICMPs are blocked or
filtered (which should be noted everywhere PMTU is suggested, including Sec
4.2). It would be more appropriate to incorporate PLPMTUD [RFC4821] [RFC8899],
especially in conjunction with congestion control, as both assume bidirectional
stateful ingress/egress coordination. This is particularly important given the
sending side’s prerogative to change the size of the tunnel EMTU_S (see below).

The most significant concern is not at the transport layer – it is the
assumption of in-order delivery and insufficient consideration of the impact of
loss at the network layer. Loss could orphan received fragments – for which a
timeout should be recommended. Loss or reordering could generate faulty
reassembly at the egress – which is actually very likely here, e.g., when a
short packet is followed by a sequence of packets that are exactly the tunnel
MAP (as defined in draft-ietf-intarea-tunnels). As noted below, persistent
fragmentation could make this situation worse, esp. in the presence of frequent
reordering or loss.

Other significant issues, largely at the network/tunnel layer:

There is no clear utility in having the blockoffset point past the end of the
current packet. It serves – at best – as only a partially useful check on the
next packet. I.e., if the two blockoffsets disagree, presumably a packet is
lost – but if they agree, it cannot be concluded that a packet is not lost. It
is sufficient that it points to the end of the tunnel packet.

Although the mechanism allows for padding, it appears too aggressive in trying
to be work-conserving. Consider a tunnel that could support 1000B payloads; if
a stream of packets comes in as 200B, 1000B, 1000B, 1000B, etc. (more 1000B
packets), EVERY 1000B would be fragmented, which means loss of a single tunnel
packet would cause two inner packets to be incomplete. The protocol should
allow padding in some cases to avoid fragmentation, e.g., every 100th packet it
might allow insertion of padding rather splitting a packet across the stream.
The heuristic shown here is just an example.

Fig 1 shows the blocksize as always occurring in the latter half of a word; is
this always the case? If so, it would be useful to indicate the left side of
that word as “ESP – con’t”. If not, other examples should be provided.

At the end of Sec 2.2, the blockoffset helps recover the next inner packet, but
the term “full” in that sentence implies the inner packet is entirely inside
that outer packet (which it may not be).

The  option of congestion control and the claim of “unidirectional” should be
discussed more consistently (i.e., mention the need for bidirectional channels
when mentioning thec claim of unidirectionality).

Like all tunnels, this approach needs to more clearly indicate a number of
different MTU values and how they interact [draft-ietf-intarea-tunnels], both
for the underlying network and the tunnel provided: -       EMTU_S -      
EMTU_R -       Path MTU -       Link MTU

It may also be useful to use the terms developed in that doc, e.g., tunnel link
packet (the packet that traverses a tunnel) as well as inner vs. outer
fragmentation, tunnel maximum atomic packet, etc.

There are a number of other tunnel considerations that should be addressed,
again as discussed in draft-ietf-intarea-tunnels. These include: -       The
impact of tunnel traversal on the inner hopcount/TTL (there should be none, as
per that doc; hopcount should be adjusted by routers, not tunnels) -      
Impact of errors in the tunnel on the ingress -       Specification of the
EMTU_R of the tunnel itself, and how that is determined -       What the
ingress should do if an incoming packet exceeds EMTU_R -       It should be
noted that this is a unicast tunnel -       What you expect if there are
multiple paths between the tunnel ingress and egress -       Does the tunnel
itself have a flow ID? (if the outer packet is IPv6) If so, is it fixed or
intended to vary arbitrarily (and if so, how)? -       If the outer packet is
IPv4, do you expect to use DF=1? If not, how are you handling ID issues in RFC
6864? If so, it might be useful to add a reminder that the ID can be anything
(including constant, which may be useful in avoiding a covert channel).



_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to