Requirements for ip in ip tunnel mtu assurance
Download
1 / 7

Requirements for IP-in-IP Tunnel MTU Assurance - PowerPoint PPT Presentation


  • 74 Views
  • Uploaded on

Requirements for IP-in-IP Tunnel MTU Assurance. V6OPS Working Group - IETF 64 Fred L. Templin [email protected] Problem Statement. IP-in-IP tunnels span multiple L2 segments but are seen by L3 as ordinary links that must present an assured MTU

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Requirements for IP-in-IP Tunnel MTU Assurance' - lindsey


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Requirements for ip in ip tunnel mtu assurance

Requirements for IP-in-IP Tunnel MTU Assurance

V6OPS Working Group - IETF 64

Fred L. Templin

[email protected]


Problem statement
Problem Statement

  • IP-in-IP tunnels span multiple L2 segments but are seen by L3 as ordinary links that must present an assured MTU

  • Common tunneling mechanisms set fixed MTU (e.g.,1280 bytes or larger for IPv6), but cannot assure delivery for packets of that size. Current approaches:

    • don’t set the DF bit and allow IPv4 fragmentation

    • set the DF bit and watch for ICMPv4 fragmentation needed msgs, i.e., use IPv4 Path MTU Discovery


Problems with ipv4 fragmentation
Problems with IPv4 Fragmentation

  • No mechanism for determining decapsulator’s MRU

  • Network-based IPv4 fragmentation has negative impact on performance

  • IPv4 fragmentation can result in black holes when firewalls/NATs in the path


Problems with ipv4 pmtud
Problems with IPv4 PMTUD

  • ICMPv4 fragmentation needed messages can be spoofed by on/off-path adversaries; dropped or altered by on-path adversaries

  • ICMPv4 fragmentation needed messages can’t always be translated into ICMPv6 packet too big messages


Requirements for new mechanism
Requirements for New Mechanism

  • tunnel endpoint negotiation (means for encapsulator to determine whether decapsulator implements scheme)

  • Backwards compatibility with IPv4 fragmentation; IPv4 PMTUD

  • “Above-IPv4” host-based segmentation at the encapsulator

  • “Above-IPv4” reassembly at the decapsulator


Requirements for new mechanism1
Requirements for New Mechanism

  • Packet splicing error detection

  • Accommodate out-of-order delivery

  • Means for encapsulator to probe PMTU

  • Means for decapsulator to send authenticated probe response

  • Proactive path probing to determine best MTU; detect MTU-related black holes

  • Means to discover decapsulator’s MRU


Summary
Summary

  • Existing tunnel mechanisms have no means of assuring tunnel MTU

  • Most problematic for tunnels that traverse NATs; Firewalls

  • Tunnel MTU assurance needed for tunnels that span NATs; Firewalls


ad