RE: UDP+Fragmentation (was: "Deprecate")
"Templin, Fred L" <Fred.L.Templin@boeing.com> Tue, 06 August 2013 22:35 UTC
Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B5BF21F9EFE for <ipv6@ietfa.amsl.com>; Tue, 6 Aug 2013 15:35:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.499
X-Spam-Level:
X-Spam-Status: No, score=-6.499 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x2vbV6+2bfcL for <ipv6@ietfa.amsl.com>; Tue, 6 Aug 2013 15:35:47 -0700 (PDT)
Received: from blv-mbsout-02.boeing.com (blv-mbsout-02.boeing.com [130.76.32.232]) by ietfa.amsl.com (Postfix) with ESMTP id 4FDB421F9E9E for <ipv6@ietf.org>; Tue, 6 Aug 2013 15:35:47 -0700 (PDT)
Received: from blv-mbsout-02.boeing.com (localhost.localdomain [127.0.0.1]) by blv-mbsout-02.boeing.com (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with ESMTP id r76MZivL019923 for <ipv6@ietf.org>; Tue, 6 Aug 2013 15:35:44 -0700
Received: from XCH-PHX-313.sw.nos.boeing.com (xch-phx-313.sw.nos.boeing.com [130.247.25.175]) by blv-mbsout-02.boeing.com (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id r76MZij1019918 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=OK); Tue, 6 Aug 2013 15:35:44 -0700
Received: from XCH-BLV-504.nw.nos.boeing.com ([169.254.4.29]) by XCH-PHX-313.sw.nos.boeing.com ([169.254.13.109]) with mapi id 14.02.0328.011; Tue, 6 Aug 2013 15:35:46 -0700
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Ronald Bonica <rbonica@juniper.net>, "C. M. Heard" <heard@pobox.com>, IPv6 <ipv6@ietf.org>
Subject: RE: UDP+Fragmentation (was: "Deprecate")
Thread-Topic: UDP+Fragmentation (was: "Deprecate")
Thread-Index: AQHOjsXExBsThTTW2kO9nlkD8PFVZ5mAluIAgAb8kICAAPVUoIAABuLggAAsSnCAAAXBcIAACeHg
Date: Tue, 06 Aug 2013 22:35:45 +0000
Message-ID: <2134F8430051B64F815C691A62D983180E0E0D@XCH-BLV-504.nw.nos.boeing.com>
References: <782A011A-B28F-4BD9-B3F1-C194D6244DFA@gmail.com> <Pine.LNX.4.64.1308010951100.15607@shell4.bayarea.net> <Pine.LNX.4.64.1308052027420.28100@shell4.bayarea.net> <f4cb5436e86b4ec88d34f2d21e2bbb24@BL2PR05MB243.namprd05.prod.outlook.com> <2134F8430051B64F815C691A62D983180E0A69@XCH-BLV-504.nw.nos.boeing.com> <fee4460daf2748e0bc5efda62c00b7df@BL2PR05MB243.namprd05.prod.outlook.com> <2134F8430051B64F815C691A62D983180E0D96@XCH-BLV-504.nw.nos.boeing.com>
In-Reply-To: <2134F8430051B64F815C691A62D983180E0D96@XCH-BLV-504.nw.nos.boeing.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.247.104.6]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-MML: disable
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Aug 2013 22:35:52 -0000
Ron, One other thing for now is that Mike's proposal doesn't even address the attack vector that 'draft-bonica-6man-frag-deprecate' is concerned about. To address the tiny fragment concern, the protocol must ensure that tiny fragments cannot ever be created. Thanks - Fred fred.l.templin@boeing.com > -----Original Message----- > From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On Behalf Of > Templin, Fred L > Sent: Tuesday, August 06, 2013 3:07 PM > To: Ronald Bonica; C. M. Heard; IPv6 > Subject: RE: UDP+Fragmentation (was: "Deprecate") > > Hi Ron, > > > -----Original Message----- > > From: Ronald Bonica [mailto:rbonica@juniper.net] > > Sent: Tuesday, August 06, 2013 2:54 PM > > To: Templin, Fred L; C. M. Heard; IPv6 > > Subject: RE: UDP+Fragmentation (was: "Deprecate") > > > > Fred, > > > > If that's the case, we have a good argument for changing Mike's > > proposal ever so slightly, so that it uses a new protocol ID. But > > still, Mike's proposal is elegant because: > > > > a) It solves the problem at the right layer > > b) It reuses UDP transport machinery. (The only exception is the in > > LENGTH field) > > c) It reuses IP fragmentation machinery (moving it to the transport > > layer) > > d) Aside from b) and c), it introduces no new protocol machinery. So, > > it can be described in a few short pages. This is in stark contrast > to > > SEAL (draft-templin-intarea-seal-61) whose protocol machinery > requires > > 41 pages to describe > > There is a lot of boiler plate in the draft that is not required to > describe the protocol machinery. Plus, there are many things that > need to be described in a functional specification beyond just > posting a concept in an e-mail thread. > > > which required 61 draft versions to get right. > > The best things in life are worth investing the time and energy > to get right. Plus, SEAL is a universal format that handles both > tunnel- and transport-mode requirements for all manners of > existing protocols. > > If we are going to define a new protocol type, let's define one > that addresses everything we are currently struggling with and > has the extensibility to address additional requirements moving > forward into the future. > > Thanks - Fred > fred.l.templin@boeing.com > > > Ron > > > > > > > -----Original Message----- > > > From: Templin, Fred L [mailto:Fred.L.Templin@boeing.com] > > > Sent: Tuesday, August 06, 2013 2:58 PM > > > To: Ronald Bonica; C. M. Heard; IPv6 > > > Subject: RE: UDP+Fragmentation (was: "Deprecate") > > > > > > With a protocol as ossified as UDP, I have a hard time imagining > all > > > middleboxes passing the packets with what they would see as a > > corrupted > > > length field. > > > > > > Thanks - Fred > > > fred.l.templin@boeing.com > > > > > > > -----Original Message----- > > > > From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On > > Behalf > > > > Of Ronald Bonica > > > > Sent: Tuesday, August 06, 2013 11:49 AM > > > > To: C. M. Heard; IPv6 > > > > Subject: RE: UDP+Fragmentation (was: "Deprecate") > > > > > > > > Mike, > > > > > > > > The proposal sounds elegant. I will try to paraphrase it to make > > sure > > > > that I understand. > > > > > > > > When originating a UDP datagram, the host always queries it > > > underlying > > > > IP stack to determine the PMTU for the destination. If the PMTU > > > > greater than or equal to the size of the payload plus the UDP > > header > > > > plus the IP header, plus all IP extension headers, the > originating > > > > host emits a conventional UDP packet which is characterized as > > > follows: > > > > > > > > - Protocol = 17 > > > > - Length <= L4 length from IP > > > > > > > > If the PMTU less than the size of the payload plus the UDP header > > > plus > > > > the IP header, plus all IP extension headers, the originating > host > > > > emits an unconventional UDP packet which is characterized as > > follows: > > > > > > > > - Protocol = 17 > > > > - Length > L4 length from IP > > > > - Segment Offset, M-bit and Identification fields added to UDP > > header > > > > before the payload > > > > > > > > If an unconventional UDP packet arrives a destination that > supports > > > > unconventional packets, it is reassembled at the transport layer. > > If > > > > an unconventional UDP packet arrives a destination that does not > > > > support unconventional packets, it is discarded. > > > > > > > > Do I have this much right? > > > > > > > > Ron > > > > > > > > > > > > > -----Original Message----- > > > > > From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On > > > Behalf > > > > Of > > > > > C. M. Heard > > > > > Sent: Monday, August 05, 2013 11:53 PM > > > > > To: IPv6 > > > > > Subject: Re: UDP+Fragmentation (was: "Deprecate") > > > > > > > > > > On Thu, 1 Aug 2013, C. M. Heard wrote: > > > > > > On Thu, 1 Aug 2013, RJ Atkinson wrote: > > > > > > > I agree that C.M. Heard's ideas should be explored in more > > > > > > > detail > > > > > by > > > > > > > the IETF. > > > > > > > > > > The idea was essentially UDP with segmentation fields, which > > would > > > > > require a new protocol number. > > > > > > > > > > In an offline discussion with Mark Smith and I kicked around an > > > idea > > > > > for an alternate version not requiring a new protocol number, > but > > > > > relying instead on the redundancy of the UDP Length field. The > > UDP > > > > > Length field is not actually needed; TCP does not have one but > > > > > rather relies on the length reported by the IP layer. Under > > > current > > > > > standards, the UDP Length field must be at least 8 and cannot > > > exceed > > > > > the IP payload length minus the combined length of any > extension > > > > > headers -- let's call this the L4 length from IP. Existing > > > > > implementations are supposed to drop UDP datagrams that fail > this > > > > > check, and all the ones I know of do so. > > > > > > > > > > The question then arises whether it might reasonably be > possible > > to > > > > re- > > > > > purpose the case UDP Length > L4 length from IP to mean a > > segmented > > > > UDP > > > > > datagram. > > > > > > > > > > In that case 8 <= UDP Length <= L4 length from IP would be > > > > > intepreted as a standard unsegmented UDP datagram, as is it > now. > > > > > That's the case pictured below. Note that if the L4 length > > > > > indicated by the IP layer exceeds the UDP Length, then the > extra > > > > > octets would > > > > be > > > > > discarded and are not delivered to the application; that is the > > > > > behavior of the implementations I know of. > > > > > > > > > > 0 15 16 > > > 31 > > > > > +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|-+-+-+-+- > +- > > +- > > > +-+ > > > > > | Source Port | Destination Port > > > | > > > > > +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|-+-+-+-+- > +- > > +- > > > +-+ > > > > > | Length <= L4 length from IP | Checksum > > > | > > > > > +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+- > +- > > +- > > > +-+ > > > > > | data octets ... > > > > > +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-| ... > > > > > > > > > > Now suppose that we have a long UDP datagram that we want to > send > > > in > > > > > segments. We set the Length and Checksum fields as usual, and > > then > > > > cut > > > > > the datagram into segments, each of which looks like this: > > > > > > > > > > 0 15 16 > > > 31 > > > > > +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|-+-+-+-+- > +- > > +- > > > +-+ > > > > > | Source Port | Destination Port > > > | > > > > > +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|-+-+-+-+- > +- > > +- > > > +-+ > > > > > | Length > L4 length from IP | Checksum > > > | > > > > > +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+- > +- > > +- > > > +-+ > > > > > | (reserved = 0) | Segment Offset > > > |Res|M| > > > > > +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+- > +- > > +- > > > +-+ > > > > > | Identification > > > | > > > > > +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+- > +- > > +- > > > +-+ > > > > > | data octets ... > > > > > +-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-| ... > > > > > > > > > > We put the same UDP header in each segment, so (if we take some > > > care > > > > in > > > > > how we choose the length of the segments) each one will have a > > UDP > > > > > Length field that is greater than the IP payload length minus > the > > > > > combined length of any extension headers. Implementations that > > > > conform > > > > > to the current specifications should discard these segments, > and > > so > > > > > should not mistakenly consider the segmentation fields as part > of > > > > > the application data. That should make it possible for > segmented > > > > > UDP datagrams to safely coexist with conventional unsegmented > > one, > > > > without > > > > > getting a new protocol number. > > > > > > > > > > Possible downsides: some middleboxes may filter such > "erroneous" > > > > > datagrams, and some existing erroneous implementations may fail > > to > > > > > do the checks they should and might mistake these segments for > > > > > ordinary UDP datagrams. > > > > > > > > > > Note that this idea does not work with UDP-lite, which replaces > > the > > > > > Length field with a Checksum Coverage field. That could easily > > be > > > > too > > > > > short to exceed the L4 length from IP. > > > > > > > > > > Mike Heard > > > > > --------------------------------------------------------------- > -- > > -- > > > - > > > > > IETF IPv6 working group mailing list ipv6@ietf.org > Administrative > > > > > Requests: https://www.ietf.org/mailman/listinfo/ipv6 > > > > > --------------------------------------------------------------- > -- > > -- > > > - > > > > > > > > > > > > > > > > > ----------------------------------------------------------------- > -- > > - > > > > IETF IPv6 working group mailing list > > > > ipv6@ietf.org > > > > Administrative Requests: > https://www.ietf.org/mailman/listinfo/ipv6 > > > > ----------------------------------------------------------------- > -- > > - > > > > > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > --------------------------------------------------------------------
- Re: UDP+Fragmentation (was: "Deprecate") C. M. Heard
- Re: UDP+Fragmentation (was: "Deprecate") RJ Atkinson
- Re: UDP+Fragmentation (was: "Deprecate") C. M. Heard
- Re: UDP+Fragmentation (was: "Deprecate") Mark ZZZ Smith
- Re: UDP+Fragmentation (was: "Deprecate") Mark ZZZ Smith
- Re: UDP+Fragmentation Brian E Carpenter
- Re: UDP+Fragmentation C. M. Heard
- RE: UDP+Fragmentation Templin, Fred L
- Re: UDP+Fragmentation Mark Andrews
- Re: UDP+Fragmentation Mark Andrews
- Re: UDP+Fragmentation C. M. Heard
- Re: UDP+Fragmentation Mark Andrews
- RE: UDP+Fragmentation Templin, Fred L
- RE: UDP+Fragmentation Templin, Fred L
- RE: UDP+Fragmentation (was: "Deprecate") Ronald Bonica
- RE: UDP+Fragmentation (was: "Deprecate") Templin, Fred L
- RE: UDP+Fragmentation (was: "Deprecate") Ronald Bonica
- RE: UDP+Fragmentation (was: "Deprecate") Templin, Fred L
- RE: UDP+Fragmentation (was: "Deprecate") Templin, Fred L
- Re: UDP+Fragmentation Doug Barton
- RE: UDP+Fragmentation Templin, Fred L
- RE: UDP+Fragmentation (was: "Deprecate") Ronald Bonica
- Re: UDP+Fragmentation Mark Andrews
- RE: UDP+Fragmentation (was: "Deprecate") Templin, Fred L
- RE: UDP+Fragmentation Templin, Fred L
- RE: UDP+Fragmentation Templin, Fred L
- Re: UDP+Fragmentation Mark Andrews
- RE: UDP+Fragmentation Templin, Fred L
- Re: UDP+Fragmentation Mark Andrews
- RE: UDP+Fragmentation Templin, Fred L
- Re: UDP+Fragmentation Mark Andrews
- RE: UDP+Fragmentation (was: "Deprecate") Ronald Bonica
- RE: UDP+Fragmentation (was: "Deprecate") Templin, Fred L
- RE: UDP+Fragmentation (was: "Deprecate") C. M. Heard
- RE: UDP+Fragmentation (was: "Deprecate") C. M. Heard
- RE: UDP+Fragmentation (was: "Deprecate") C. M. Heard
- RE: UDP+Fragmentation (was: "Deprecate") Templin, Fred L
- Re: [6MAN] UDP+Fragmentation (was: "Deprecate") Warren Kumari
- Re: [6MAN] UDP+Fragmentation (was: "Deprecate") Mark Andrews
- Re: [6MAN] UDP+Fragmentation (was: "Deprecate") C. M. Heard
- RE: [6MAN] UDP+Fragmentation (was: "Deprecate") Templin, Fred L
- Re: UDP+Fragmentation (was: "Deprecate") C. M. Heard
- Re: UDP+Fragmentation (was: "Deprecate") Mark Andrews
- Re: UDP+Fragmentation (was: "Deprecate") Fernando Gont
- RE: UDP+Fragmentation (was: "Deprecate") Templin, Fred L
- RFC4821 for tunnels using SEAL Templin, Fred L
- Re: UDP+Fragmentation (was: "Deprecate") C. M. Heard
- Re: [6MAN] UDP+Fragmentation (was: "Deprecate") Warren Kumari
- Re: [6MAN] UDP+Fragmentation (was: "Deprecate") Fernando Gont
- Re: [6MAN] UDP+Fragmentation (was: "Deprecate") Warren Kumari
- Re: [6MAN] UDP+Fragmentation Fernando Gont
- Re: UDP+Fragmentation (was: "Deprecate") Fernando Gont
- RE: RFC4821 for tunnels using SEAL Templin, Fred L
- RE: RFC4821 for tunnels using SEAL Templin, Fred L