[IPsec] Re: Questions and comments on draft-liu-ipsecme-ikev2-mtu-dect

Mon, 17 Mar 2025 13:23:11 -0700 

Hi Mike,
I appreciate the feedback and comments provided. Kindly find my responses included inline. 

Yours,
Daniel

On 2025-03-17 15:29, C. M. Heard wrote:

Greetings authors,


I have read through your draft and look forward to your presentation 
at the upcoming TSVWG session.


Here are some questions / comments:


*_Terminology_*: is it correct to assume that wherever I see the 
acronym *LTP*, which is not defined in the draft, it should actually 
be *TLP*?

You are correct it is (Tunnel) link packet (TLP).



_*DPLPMTUD*_: I see that there is a reference to PLPMTUD (RFC 4821) 
but none to its datagram counterpart DPLPMTUD (RFC 8899). The latter 
is an essential underpinning tp 
draft-spiriyath-ipsecme-dynamic-ipsec-pmtu (which is also referenced). 
You may want to consider pointing to RFC 8899 also.

I am happy to add that reference.


*_LMAP value determination_*: In the draft I see:

if IPVersion is 4:
   LMAP = FragLen
elif IPVersion is 6:
   LMAP = FragLen + 40


As far as I am aware, there is no rule that requires that initial 
fragments be as large as possible; rather, the fragmenting node has 
discretion to "even out" the fragment sizes if the size of the packet 
to be fragmented would result in one (or a series of) maximum-sized 
fragment and one that is quite small. Indeed, I vaguely recall that 
this is encouraged to avoid further downstream fragmentation. If I am 
correct in this belief, then the formula above is fundamentally 
flawed. If you have a reference that supports the notion that an 
initial fragment is required to be as large as the outgoing MTU 
allows, please include a citation.



You are highlighting an important issue. It is accurate that RFC791 
seeks to prevent the generation of small fragments and aims to 
standardize fragment sizes. Although LMAP would mitigate fragmentation, 
it could lead to suboptimal outcomes. I will investigate how 
fragmentation is executed in practice and determine whether LMAP can be 
inferred or if Path MTU Discovery (PMTUD) is necessary.




See you at the presentation.

Thanks and regards,

Mike Heard

_______________________________________________
IPsec mailing list --ipsec@ietf.org
To unsubscribe send an email toipsec-le...@ietf.org
_______________________________________________
IPsec mailing list -- ipsec@ietf.org
To unsubscribe send an email to ipsec-le...@ietf.org






















					Reply via email to