Re: draft-ietf-6man-udpchecksums-02.txt
Marshall Eubanks <marshall.eubanks@gmail.com> Tue, 13 March 2012 21:40 UTC
Return-Path: <marshall.eubanks@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADD1F21E8015 for <ipv6@ietfa.amsl.com>; Tue, 13 Mar 2012 14:40:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.233
X-Spam-Level:
X-Spam-Status: No, score=-103.233 tagged_above=-999 required=5 tests=[AWL=-0.234, BAYES_00=-2.599, J_CHICKENPOX_46=0.6, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XXgPM0N3ZmZZ for <ipv6@ietfa.amsl.com>; Tue, 13 Mar 2012 14:40:44 -0700 (PDT)
Received: from mail-lpp01m010-f44.google.com (mail-lpp01m010-f44.google.com [209.85.215.44]) by ietfa.amsl.com (Postfix) with ESMTP id 2C72621F864A for <6man@ietf.org>; Tue, 13 Mar 2012 14:40:43 -0700 (PDT)
Received: by lagj5 with SMTP id j5so1063983lag.31 for <6man@ietf.org>; Tue, 13 Mar 2012 14:40:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=PuRjyhKV+NcNkBKfmdtMhZedw1OpCcLn2Pkil8rmMjE=; b=QH5JdtJILgpoLMV4OtABAwxerbjheZ3OYoi6HmUUWFE6/An9KrjbK7Dtp32Lc4hjlZ nQUY+xl5FH3PoQEV4Mb2QTfjuUqy/uhoex/y8feNJ1Q5fcIzuTHJXEp3q34FIEC/TBxL X8+W+R8hkG6w+yLjmEX/qPbaSLiSdCvDupC9zBzPlNAWNZ86IZCDpzujM47JVgspaKrb FAszueMy4/FVEJfK5PaC/uUNVeRkbYiQjiZcEbK4kie5DSKCociStP3SFPwt0t1F9rw4 Wljx3n1Uw3W4AtK7QiME5ewYhwU3T8SANDGMp4P8K9y5ImeyANkMhczHGWy11+90xI6l V2lw==
MIME-Version: 1.0
Received: by 10.112.83.105 with SMTP id p9mr51387lby.43.1331674843106; Tue, 13 Mar 2012 14:40:43 -0700 (PDT)
Received: by 10.112.115.98 with HTTP; Tue, 13 Mar 2012 14:40:43 -0700 (PDT)
In-Reply-To: <4F5FB248.6030407@erg.abdn.ac.uk>
References: <4F5F0B41.8070705@erg.abdn.ac.uk> <4F5FB248.6030407@erg.abdn.ac.uk>
Date: Tue, 13 Mar 2012 17:40:43 -0400
Message-ID: <CAJNg7VLg7tWvH=MO8N976tJwcYJDsHekN6WDTftm3H7xKBKUuQ@mail.gmail.com>
Subject: Re: draft-ietf-6man-udpchecksums-02.txt
From: Marshall Eubanks <marshall.eubanks@gmail.com>
To: gorry@erg.abdn.ac.uk
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Tue, 13 Mar 2012 15:06:41 -0700
Cc: 6man@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Mar 2012 21:40:45 -0000
Dear Gorry; Thanks for the read. On Tue, Mar 13, 2012 at 4:47 PM, Gorry Fairhurst <gorry@erg.abdn.ac.uk> wrote: > > Marshall & Philip, I've read the new draft, and have a few new comments. > Hope these are helpful - happy to discuss if this seems useful. > > Best wishes, > > Gorry > > ---- > BOILER PLATE: > - Please an Updates line:goprry > "Updates RFC2460 (if approved)" > > ---- > Section 3: > "there is no additional > benefit and indeed some cost to nodes to both compute and check the > UDP checksum of the outer (encapsulating) header." > > - I do not think this sentence is really true, and I think it's > important that we do get this right. I suggest there ARE benefits in > performing a UDP integrity check for IPv6, see Section 3 of > I-D.ietf-6man-udpzero. However, I agree that omitting this check can > reduce the forwarding cost for systems that perform the check in software. How about there is both a benefit and a cost to compute and check the UDP checksum of the outer (encapsulating) header. In certain cases, where reducing the forwarding cost is important, such as for systems that perform the check in software, the cost may outweigh the benefit; this document describes a means to avoid that cost, in the case where there is an inner header with a checksum. > > ---- > Section 3: > "to set the checksum field of the > outer header only to 0 and skip both the sender and receiver > computation." > > - Could we insert a "UDP transport" between "outer" and "header" above, > so there can be no confusion with the network layer headers. OK > > ---- > Section 4: > "In Section 5.1 of [I-D.ietf-6man-udpzero], the authors propose nine > (9) constraints on the usage of a zero checksum for UDP over IPv6. > We agree with the restrictions proposed, and in fact proposed some of > those restrictions ourselves in the previous version of the current > draft. These restrictions are incorporated into the proposed changes > below." > > - This reads rather like a paper. ietf-6man-udpzero is also a working > group document, and I would like to think we can find better language. > I suggest something like: > > "Section 5.1 of [I-D.ietf-6man-udpzero], identifies 9 requirements > that introduce constraints on the usage of a zero checksum for > UDP over IPv6. This document is intended to satisfy these > requirements." > This WFM, > ---- > Section 4: > "inspection firewall devices or other middleboxes actually checking" > - remove "actually"? WFM > > ---- > Section 4: > "This is would be an issue also for legacy systems > which have not implemented the change in the IPv6 specification. So > in any case, there may be packet loss of lightweight tunneling > packets because of mixed new-rule and old-rule nodes." > > - Seems like it could be improved. I suggest: > "This would be an issue also for any legacy IPv6 system > that has not implemented the change to the IPv6 specification. In > this case, the system will discard the zero-checksum UDP > packets, and should log this as an error." > This is not a prescription, but an observation (i.e. we can't say SHOULD log this as an error here). How about "This would be an issue also for any legacy IPv6 system that has not implemented the change to the IPv6 specification. In this case, the system should discard the zero-checksum UDP packets, and log this as an error." > ---- > Section 4: > " As an example, we discuss how can errors be detected and " > ^^^ > - remove "can" ACK > > ---- > Section 4: > "Note that other (non-tunneling) protocols may have > different approaches." > - suggest replace add: > ", but these are not the topic of this update." > WFM > ---- > Section 4: > "The control packets can > also contain any negotiation that is necessary to set up the > endpoint/adapters to accept UDP packets with a zero checksum." > - this needs to be enabled for each flow, so please add: > "The control packets may > also carry any negotiation that is necessary to set up the how about s/that is necessary to set up the/required to enable the/ > endpoint/adapters to identify the set of ports that > need to enable reception UDP datagrams with a zero > checksum." > > ---- > Section 4: > "Only UDP packets containing tunneled packets should have a UDP > checksum equal to zero." > - Please use keywords. e.g. > "A system MUST NOT set the UDP checksum to zero in packets that do > not contain tunneled packets." > OK > ---- > Section 4: > "We note that > these outcomes not equally likely, as most require multiple bit > errors with errored bits in separate fields. " > - It seems wrong to suggest that single bit inversions are a likely > cause of residual errors at the transport layer. I do not think this is > the case. I suggest direct replacement of a sequence of bytes is a > likely form of corruption. Suggest you omit the second part of the sentence? OK. Note that there is a missing "are" before "not," which I have also fixed. > > ---- > Section 4: > " If it is some > other application, with very high probability, the application > will not recognize the contents of the packet." > - I disagree - it all comes down to applications design. The detection > is only if the app is defined this way, since the transport does not > know, etc. RFC 5405 provides recommended best current practice for > applications in general. Do you have alternate text ? How about s/will not/may not/ ? > > ---- > Section 4: > - I think the wording of this section needs to be tightened.It would be > good to see more of a focus on what needs to be implemented, rather than > discussing the guidance provided in the other working group document. > > If the guidance itself needs to be updated, then it would be good to > explore this - We'd be happy to update the text and guidance if there is > something more that should be said. > > ---- > Section 5: > " outer encapsulating packet of a lightweight tunneling protocol." > - is it intentional to permit this only for *lightweight* tunneling > protocols? - The initial request was for *any* tunneling protocol that > meets the requirements. s/lightweight // I am not sure why we say "lightweight tunneling protocols" - I think that is a legacy from previous discussions. I don't think that there is a definition of what "lightweight" means , and propose changing most occurrences of it to simple "tunneling protocols." > > ---- > Section 5: > "UDP > endpoints that implement this solution MUST change their behavior and > not discard UDP packets received with a 0 checksum on the outer > packet of tunneling protocols." > - I think we really should add a few words about being enabled only for > the set of ports that are supported by system for use by tunneling > protocol(s). > OK > ---- > > Section 5: > "its behavior should be as specified originally." > - replace "should be as specified originally", by "is not updated and > uses the method specified in RFC2460". > OK > ---- > Section 6: > " The persistence of this issue among a significant number of > protocols being developed in the IETF requires a definitive policy." > - Is this a recommendation for more work, or a statement of the > motivation for this document. I was not sure. The latter. I will adjust the text to make that clear. > > ---- > Section 6: > - I think it could be useful to include the points in section 6 possibly > also as a part of ietf-6man-udpzero. What do you think? > OK by me. > > ---- > I'd suggest we add a normative citation to RFC 5405, stating that this > provides the IETF guidance on the design of applications using UDP and > includes guidelines on the usage of checksums by application designers. > > - Possibly best placed in the introduction, indicating that this > document adds to this for the case of tunneling applications. OK. I will reference section 3.4 Thanks again ! Regards Marshall > > ---- > > > -- > Prof Gorry Fairhurst, School of Engineering, University of Aberdeen. > The University of Aberdeen is a charity registered in Scotland, > No SC013683. > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > --------------------------------------------------------------------
- draft-ietf-6man-udpchecksums-02.txt Gorry Fairhurst
- Re: draft-ietf-6man-udpchecksums-02.txt Marshall Eubanks
- Re: draft-ietf-6man-udpchecksums-02.txt gorry
- Re: draft-ietf-6man-udpchecksums-02.txt Marshall Eubanks
- Re: draft-ietf-6man-udpchecksums-02.txt gorry
- List name? [Re: draft-ietf-6man-udpchecksums-02.t… Brian E Carpenter
- Re: List name? [Re: draft-ietf-6man-udpchecksums-… Brian Haberman