Ballot for draft-ietf-v6ops-pmtud-ecmp-problem
Yes
No Objection
Recuse
Note: This ballot was opened for revision 04 and is now closed.
Given the current state of affairs, I think this is a quite useful document. I just have a question for my own knowledge. Is there any data that indicates how many of these PTB messages are due to tunneling?
I agree with Spencer's comment about not using the word "Ideally" when talking about payload inspection.
Thanks for a useful document. I'd probably have expanded ECMP in the abstract, and included a reference to the relevant RFC in Section 1.
The following sentence int he Security Considerations section is hard to read, can you adjust it? The proxy replication results in devices not associated with the flow that generated the PTB being recipients of an ICMPv6 message which contains a fragment of a packet.
In section 3, "Mitigation", I'm reading this. Mitigation of the potential for PTB messages to be mis-delivered involves ensuring that an ICMPv6 error message is distributed to the same anycast server responsible for the flow for which the error is generated. Ideally, mitigation could be done by the mechanism hosts ^^^^^^^ use to identify the flow, by looking into the payload of the ICMPv6 message (to determine which TCP flow it was associated with) before making a forwarding decision. Because the encapsulated IP header occurs at a fixed offset in the ICMP message it is not outside the realm of possibility that routers with sufficient header processing capability could parse that far into the payload. Employing a mediation device that handles the parsing and distribution of PTB messages after policy routing or on each load-balancer/server is a possibility. Most of the document is about using other mitigations that make this mitigation unnecessary, but it's still a bit odd to see Deep Packet Inspection characterised as "ideally", now that RFC 7258 is now BCP 188, and we've chartered TCPINC to make that DPI fail as often as possible. Could that one word go away? I see in email that Fred asked if any reviews were needed before submitting this draft for publication, and David Black suggested reviews from INT and TSV, and that made it as far as the shepherd writeup, but I'm not seeing a request for review popping up in TSV (at least not with "PMTUD" and "V6OPS" in an e-mail). I don't have concerns about this particular draft, but I wish it hadn't slipped through that particular crack. Yes, Fred copied TSVWG and TSVAREA on his note asking for guidance, and yes, there was an IETF Last Call, so I'm not hitting "Defer" to chase that. Just something to watch for, in the future. And yes, Martin and I have a call set up to talk with the TSVdir triage team next week ...
Really nice document, Thanks for writing it!
it's mine, what can I say.