gre-in-udp draft (was: RE: [tsvwg] Milestones changed for tsvwg WG)
"Black, David" <david.black@emc.com> Wed, 08 January 2014 23:21 UTC
Return-Path: <david.black@emc.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CF061AD939; Wed, 8 Jan 2014 15:21:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.539
X-Spam-Level:
X-Spam-Status: No, score=-2.539 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TdoKzYCdpBhx; Wed, 8 Jan 2014 15:21:23 -0800 (PST)
Received: from mailuogwhop.emc.com (mailuogwhop.emc.com [168.159.213.141]) by ietfa.amsl.com (Postfix) with ESMTP id E62051AD948; Wed, 8 Jan 2014 15:21:21 -0800 (PST)
Received: from maildlpprd05.lss.emc.com (maildlpprd05.lss.emc.com [10.253.24.37]) by mailuogwprd04.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id s08NL9TS002915 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 8 Jan 2014 18:21:10 -0500
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd04.lss.emc.com s08NL9TS002915
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1389223270; bh=OUxIZcRUGquTocbJ0OIOXDvQn5k=; h=From:To:CC:Date:Subject:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=enVMQYqyAJkvLwHELR9jIkRaA7GAWkd1Ff+wO8FLRisgUshou14CNHU79+He2m/Wa y9ydupMrfmH7RNRGFQ1gaq/OGeU0aloP+dTcmw4QSbsL5qponoChqsxm/fOQMdf02J rUoWK5zPeS6RjPYFfc8Vdjbdx0YNiFavT4EyWu7I=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd04.lss.emc.com s08NL9TS002915
Received: from mailusrhubprd04.lss.emc.com (mailusrhubprd04.lss.emc.com [10.253.24.22]) by maildlpprd05.lss.emc.com (RSA Interceptor); Wed, 8 Jan 2014 15:20:55 -0800
Received: from mxhub25.corp.emc.com (mxhub25.corp.emc.com [10.254.110.181]) by mailusrhubprd04.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id s08NKsDh028930 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 8 Jan 2014 18:20:54 -0500
Received: from mx15a.corp.emc.com ([169.254.1.107]) by mxhub25.corp.emc.com ([10.254.110.181]) with mapi; Wed, 8 Jan 2014 18:20:53 -0500
From: "Black, David" <david.black@emc.com>
To: "l.wood@surrey.ac.uk" <l.wood@surrey.ac.uk>, "gorry@erg.abdn.ac.uk" <gorry@erg.abdn.ac.uk>
Date: Wed, 08 Jan 2014 18:20:52 -0500
Subject: gre-in-udp draft (was: RE: [tsvwg] Milestones changed for tsvwg WG)
Thread-Topic: gre-in-udp draft (was: RE: [tsvwg] Milestones changed for tsvwg WG)
Thread-Index: Ac8MyEHqITdMSvN0R8qKanlihQAy2g==
Message-ID: <8D3D17ACE214DC429325B2B98F3AE712026EF305B4@MX15A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd04.lss.emc.com
X-RSA-Classifications: public
Cc: "ietf@ietf.org" <ietf@ietf.org>, "jnc@mit.edu" <jnc@mit.edu>, "lisp@ietf.org" <lisp@ietf.org>, "tsvwg@ietf.org" <tsvwg@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jan 2014 23:21:25 -0000
Lloyd, <tsvwg WG co-chair hat OFF> This is only at the draft adoption stage - the tsvwg WG gets to take a hard look at the zero checksum conditions in the gre-in-udp-encap draft and make sure that they're right (the WG could even remove the support for zero checksums) - that's among the good reasons for adopting the draft in tsvwg as opposed to elsewhere. Speaking of elsewhere, draft-ietf-mpls-in-udp is in IETF Last Call and has language allowing zero UDP checksums - I might suggest that you (and anyone else who cares about this topic) go read that draft and consider whether making Last Call comments would be appropriate. Thanks, --David </tsvwg WG co-chair hat OFF> > -----Original Message----- > From: tsvwg [mailto:tsvwg-bounces@ietf.org] On Behalf Of l.wood@surrey.ac.uk > Sent: Wednesday, January 08, 2014 3:58 PM > To: gorry@erg.abdn.ac.uk > Cc: lisp@ietf.org; jnc@mit.edu; tsvwg@ietf.org; ietf@ietf.org > Subject: Re: [tsvwg] Milestones changed for tsvwg WG > > Zero UDP checksums are being selected for convenience, without an appreciation > of the overall effects and costs on other traffic. I see this is occurring in > both tsvwg > and lisp, and it's probably happening elsewhere: > > From the recently adopted by tsvwg draft: > http://tools.ietf.org/html/draft-yong-tsvwg-gre-in-udp-encap-02 > To simplify packet processing at the tunnel egress, packets destined > to this assigned UDP destination port [TBD] SHOULD have their UDP > checksum and Sequence flags set to zero because the egress tunnel > only needs to identify this protocol. Although IPv6 [RFC2460] > restricts the processing a packet with the UDP checksum of zero, > [RFC6935] and [RFC6936] relax this constraint to allow the zero UDP > checksum. > > from http://tools.ietf.org/html/draft-ietf-lisp-introduction-03 > The UDP checksum is zero because the inner packet usually already has > a end-end checksum, and the outer checksum adds no value. [Saltzer] > > (That's a misreading of Saltzer - the UDP checksum is also protecting against > misdelivery and pseudoheader corruption, and 'usually' is not a good defence. > For shame, Noel.) > > After all, the best examples of end2end systems failure are with zero > checksums > at the endhosts. > > The TCP and UDP checksums catch significant numbers of errors, e.g. Stone's > work: > http://conferences.sigcomm.org/sigcomm/2000/conf/paper/sigcomm2000-9-1.pdf > and some of those errors will appear in the headers, where they will send > the data to other ports and destinations. > > The potential for polluting other ports and applications because > there is no pseudoheader demultiplexing sanity check is there. > > IPv6 leaving this check implemented on a per-transport basis has opened the > door, > and rewriting that section of RFC2460 in RFC6935 has taken the door off its > hinges. > These RFCs break the minimal multiplexing pseudoheader sanity check that > RFC2460 > offered; IPv6 is a mess in so many ways, but making it worse? > > I think publishing RFC6935 and 6936 and letting in zero checksums again to > IPv6 > was a mistake, frankly. (alas, I wasn't paying much attention at the time - > moving > countries etc.) > > A strong recommendation that UDP-Lite covering headers offers minimal > computation > overhead on tunnelled packets while protecting against polluting other ports > is one > solution, while acknowledging deployment limitations. Section 2.4 of RFC696 is > mostly there. > But zero UDP checksums should always come with copious warnings on the effects > not on the > carried traffic, which can have its own payload checks, but on traffic sharing > the network > with traffic delivered with zero UDP checksums. Drafts relying on zero > checksums should be discouraged, not adopted by workgroups. > > It's a tragedy of the commons, but the I'm-alright-Jack engineers who want > zero udp checksums for their traffic, and do protect against the effects of > zero > checksums on their own payloads, won't care about effects on other traffic. > Hey, maybe this should be treated as an attack, which falls under perpass? > That > should get it attention... > > tsvwg needs to give (or get) some careful input on the implications here. > > Lloyd Wood > http://about.me/lloydwood > ________________________________________ > From: gorry@erg.abdn.ac.uk [gorry@erg.abdn.ac.uk] > Sent: 08 January 2014 12:55 > To: Wood L Dr (Electronic Eng) > Cc: tsvwg@ietf.org > Subject: Re: [tsvwg] Milestones changed for tsvwg WG > > Lloyd, > > Here is a little context... which could help. The IETF agreed to update > the UDP checksum behaviour for IPv6 in RFC 6935, but only subject to the > applicability specified in RFC 6936. > > One of the reasons why a simple encapsulation like this needs to be done > in tsvwg is to minimise the end-to-end implications on other traffic. > Sure, using a zero checksum has such implications, and my own first > concern is that the new GRE-in-UDP work follows the applicability > statement in RFC 6936. To me, it seems the authors are heading this way - > but maybe more help is needed. It would be no bad thing to highlight the > implications of using zero checksums on other traffic. > > Gorry > > > Am I the only one who finds putting zero checksums in proposed standards > > to be a worrying > > trend? > > > > Lloyd Wood > > http://about.me/lloydwood > > ________________________________________ > > From: tsvwg [tsvwg-bounces@ietf.org] On Behalf Of IETF Secretariat > > [ietf-secretariat-reply@ietf.org] > > Sent: 07 January 2014 20:20 > > To: tsvwg@ietf.org > > Subject: [tsvwg] Milestones changed for tsvwg WG > > > > Added milestone "Submit 'Specification of GRE in UDP encapsulation' to > > IESG as a PS RFC", due December 2014. > > > > URL: http://datatracker.ietf.org/wg/tsvwg/charter/ > > > >
- gre-in-udp draft (was: RE: [tsvwg] Milestones cha… Black, David
- draft-ietf-mpls-in-udp was RE: gre-in-udp draft (… l.wood
- Re: draft-ietf-mpls-in-udp was RE: gre-in-udp dra… Randy Bush
- RE: draft-ietf-mpls-in-udp was RE: gre-in-udp dra… l.wood
- RE: [mpls] draft-ietf-mpls-in-udp was RE: gre-in-… Adrian Farrel
- Re: draft-ietf-mpls-in-udp was RE: gre-in-udp dra… Stewart Bryant
- Re: [mpls] draft-ietf-mpls-in-udp was RE: gre-in-… Stewart Bryant
- Re: [mpls] draft-ietf-mpls-in-udp was RE: gre-in-… Mark Tinka
- Re: [mpls] draft-ietf-mpls-in-udp was RE: gre-in-… Mark Tinka
- misdelivered mpls packets - Was: Re: [mpls] draft… Loa Andersson
- Re: [mpls] misdelivered mpls packets - Was: Re: d… Huub van Helvoort
- Re: [mpls] draft-ietf-mpls-in-udp was RE: gre-in-… Andrew G. Malis
- RE: [mpls] misdelivered mpls packets - Was: Re: d… l.wood
- Re: misdelivered mpls packets - Was: Re: [mpls] d… t.p.
- Re: [mpls] misdelivered mpls packets - Was: Re: d… Curtis Villamizar
- RE: [mpls] misdelivered mpls packets - Was: Re: d… David Allan I
- RE: [mpls] misdelivered mpls packets - Was: Re: d… Gregory Mirsky
- Re: misdelivered mpls packets - Was: Re: [mpls] d… Mark Tinka
- Re: misdelivered mpls packets - Was: Re: [mpls] d… Randy Bush
- RE: [mpls] draft-ietf-mpls-in-udp was RE: gre-in-… l.wood
- Re: [mpls] draft-ietf-mpls-in-udp was RE: gre-in-… Curtis Villamizar
- OT was Re: [mpls] draft-ietf-mpls-in-udp was RE: … Curtis Villamizar
- Re: [lisp] [mpls] draft-ietf-mpls-in-udp was RE: … Dino Farinacci
- RE: [mpls] draft-ietf-mpls-in-udp was RE: gre-in-… l.wood
- RE: [mpls] draft-ietf-mpls-in-udp was RE: gre-in-… l.wood
- RE: [lisp] [mpls] draft-ietf-mpls-in-udp was RE: … l.wood
- Re: [mpls] draft-ietf-mpls-in-udp was RE: gre-in-… Mark Tinka
- Re: OT was Re: [mpls] draft-ietf-mpls-in-udp was … Mark Tinka
- Re: [mpls] [lisp] draft-ietf-mpls-in-udp was RE: … gorry
- Re: OT was Re: [mpls] draft-ietf-mpls-in-udp was … Mark Tinka
- Re: [mpls] draft-ietf-mpls-in-udp was RE: gre-in-… Stewart Bryant
- Re: [mpls] [lisp] draft-ietf-mpls-in-udp was RE: … Curtis Villamizar
- Re: OT was Re: [mpls] draft-ietf-mpls-in-udp was … Curtis Villamizar
- RE: [mpls] [tsvwg] OT (was Re: draft-ietf-mpls-in… Alexander Vainshtein
- OT (was Re: [mpls] draft-ietf-mpls-in-udp was RE:… Curtis Villamizar
- Re: [mpls] OT (was Re: draft-ietf-mpls-in-udp was… Curtis Villamizar
- Re: [tsvwg] [mpls] OT (was Re: draft-ietf-mpls-in… Curtis Villamizar
- RE: [mpls] OT (was Re: draft-ietf-mpls-in-udp was… l.wood
- RE: [tsvwg] [mpls] OT (was Re: draft-ietf-mpls-in… l.wood
- RE: [tsvwg] [mpls] OT (was Re: draft-ietf-mpls-in… l.wood
- RE: [tsvwg] [mpls] OT (was Re: draft-ietf-mpls-in… l.wood
- Re: [tsvwg] [mpls] OT (was Re: draft-ietf-mpls-in… Randy Bush
- Re: [mpls] OT (was Re: draft-ietf-mpls-in-udp was… Stewart Bryant
- Re: [tsvwg] [mpls] OT (was Re: draft-ietf-mpls-in… Stewart Bryant
- Re: [tsvwg] [mpls] OT (was Re: draft-ietf-mpls-in… Stewart Bryant
- Re: [tsvwg] [mpls] OT (was Re: draft-ietf-mpls-in… Stewart Bryant
- Re: [tsvwg] [mpls] OT (was Re: draft-ietf-mpls-in… Wesley Eddy
- Re: [tsvwg] [mpls] OT (was Re: draft-ietf-mpls-in… Curtis Villamizar
- Re: [tsvwg] [mpls] OT (was Re: draft-ietf-mpls-in… Curtis Villamizar
- Re: [tsvwg] [mpls] OT (was Re: draft-ietf-mpls-in… Curtis Villamizar
- Re: [mpls] [tsvwg] OT (was Re: draft-ietf-mpls-in… Curtis Villamizar
- Re: [tsvwg] [mpls] OT (was Re: draft-ietf-mpls-in… Curtis Villamizar
- Re: [tsvwg] [mpls] OT (was Re: draft-ietf-mpls-in… gorry
- Re: [mpls] [tsvwg] [lisp] draft-ietf-mpls-in-udp … Curtis Villamizar
- Re: [tsvwg] [mpls] [lisp] draft-ietf-mpls-in-udp … Saku Ytti
- Re: [mpls] [tsvwg] [lisp] draft-ietf-mpls-in-udp … Saku Ytti