Re: [lisp] IPv6 UDP checksum issue
Gorry Fairhurst <gorry@erg.abdn.ac.uk> Thu, 30 July 2009 19:19 UTC
Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B23163A7222; Thu, 30 Jul 2009 12:19:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.454
X-Spam-Level:
X-Spam-Status: No, score=-2.454 tagged_above=-999 required=5 tests=[AWL=0.145, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xyurBZhdFd+K; Thu, 30 Jul 2009 12:19:34 -0700 (PDT)
Received: from erg.abdn.ac.uk (dee.erg.abdn.ac.uk [IPv6:2001:630:241:204:203:baff:fe9a:8c9b]) by core3.amsl.com (Postfix) with ESMTP id 36C043A71A6; Thu, 30 Jul 2009 12:18:50 -0700 (PDT)
Received: from Gorry-Fairhursts-Laptop-6.local (ra-gorry.erg.abdn.ac.uk [139.133.204.42]) (authenticated bits=0) by erg.abdn.ac.uk (8.13.4/8.13.4) with ESMTP id n6UJIkxM026063 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 30 Jul 2009 20:18:47 +0100 (BST)
Message-ID: <4A71F215.2000604@erg.abdn.ac.uk>
Date: Thu, 30 Jul 2009 21:18:45 +0200
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Organization: The University of Aberdeen is a charity registered in Scotland, No SC013683.
User-Agent: Thunderbird 2.0.0.22 (Macintosh/20090605)
MIME-Version: 1.0
To: ipv6@ietf.org, lisp@ietf.org
Subject: Re: [lisp] IPv6 UDP checksum issue
References: <4A71EF25.7060307@erg.abdn.ac.uk>
In-Reply-To: <4A71EF25.7060307@erg.abdn.ac.uk>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ERG-MailScanner: Found to be clean
X-ERG-MailScanner-From: gorry@erg.abdn.ac.uk
Cc: gorry@erg.abdn.ac.uk
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: gorry@erg.abdn.ac.uk
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jul 2009 19:19:35 -0000
Thanks, As promised in 6man, I'll make a longer email on why I think setting the IPv6 UDP Checksum to zero is *not* the same as for IPv4 and what the implications are. We touched on this briefly in TSV today, but I'd like to take a little time to check the arguments - it seems there are many views here and it would be good to get to the bottom of this. A few other comments in-line, Gorry Gorry Fairhurst wrote: > On Jul 29, 2009, at 8:02 AM, Dino Farinacci wrote: > > >> >> This is a reminder that draft-fairhurst-6man-tsvwg-udptt and > >> >> > >> >> http://tools.ietf.org/html/draft-eubanks-chimento-6man-00 > >> >> > >> >> are still open and will be discussed at the 6man meeting Wednesday. > >> >> > >> >> Basically, one prescribes no checksum for the "outer" packet in > >> >> IPv6 encapsulations, the other a fixed checksum per flow. My > >> >> understanding is that this matter is relevant to LISP. > >> >> > >> >> If you are interested, please try to attend as a decision may be > >> >> made soon. > > > > > > Sorry, I have a conflict right now. But here is the position of one > > > LISP implementor and a coauthor of the LISP specifications: > > > > > > From a practical perspective, we prefer that a LISP encapsulator > > > (ITR and PTR) not incurred additional work when encapsulating > > > packets. The main LISP spec indicates: > > > > > > (1) The UDP checksum in the outer header MUST be set to 0 by an > > > encapsulator. > > > (2) The decapsulator MUST ignore the UDP checksum. > > > > > > We stand by this text and see no reason to change it. > > Are you using "we" to refer to yourself as both an implementor and a > co-author? ;-) > > FWIW, I have serious concerns about draft-fairhurst-6man-tsvwg-udptt, > as it involves overloading the UDP "next-header" value to refer to two > different header types (real UDP and UDP-TT). > One thing that was discussed in 6man was why thsi was different to UDP-Lite (which needed a separate protocol number), for the record there were two important differences here: 1) UDP-Lite implies very different semantics for the payload - i.e. error-tolerant data. Con fusing this with UDP data would not be good. 2) UDP-Lite needs to signal the link-driver that it is a UDP-Lite packet to atke advantage of the partial coverage feature. The header value currently provides this way. I do however, suggest we discuss this after discussing the UDP checksum issue. I'd be most happy to withdraw my draft if the decision is to preserve standard IPv6 UDP Checksum behaviour. > However, I also have serious concerns about using zero UDP checksums > with IPv6. > > > > > > There are no practical reasons to use outer header UDP checksums > > > regardless of the 4 combinations of packet types (v4-in-v4, v6-in- > > > v6, v6-in-v4, or v4-or-v6) being forwarded by LISP routers. > > I think that this statement is answering the wrong question... > > Since we have standards-track protocols that indicate that UDP > checksums must not be zero in IPv6 (for good reasons), I believe that > we should use valid UDP checksums in IPv6 outer headers, unless we can > provide practical (and compelling) reasons why _not_ to do so. So, > what are those reasons? > > If we do manage to achieve consensus that it makes sense to zero-out > the UDP checksum in IPv6 outer headers, there are a number of > questions we will have to answer... > > The problem with eliminating the UDP checksum in UDP over IPv6 is that > (unlike in IPv4) the IPv6 source and destination addresses are not > protected. So, the packet may be corrupted such that it is sent to > the wrong destination. When it arrives at the wrong destination, it > may be processed by an IP stack that is unaware of LISP. > Agreed. > We need to consider what will happen if one of these packets is > received by a non-LISP node. Are you assuming that non-LISP stacks > will simply throw away these packets, because they have zero (and > therefore invalid) UDP checksums? That's only a good assumption if we > assume that LISP is the _only_ protocol that will allow the use of > zero checksums. If the packet is processed by the stack, there > shouldn't be a non-LISP application on port 4342, so the packet should > be dropped. We should define, however, how the sending LISP node will > deal with an ICMPv6 "port unreachable" error, so that an error > received from the wrong destination does not interfere with > communication with the right destination. > I suggest LISP is unlikely to be the only application to use this. AMT has already suggested a use in hosts. I suggest there will be others, especially once this is in the end-stack. > We also need to consider the possibility that a packet will be > received by a different LISP node than the one for which it was > intended, or that it will arrive at the correct LISP destination with > the wrong source address in the external header. What happens in > those cases? > > Margaret > I'd be keen to continue this later (sorry, but I will be disappearing from email for the next week after the IETF). best wishes, Gorry
- Re: [lisp] IPv6 UDP checksum issue Noel Chiappa
- Re: [lisp] IPv6 UDP checksum issue Iljitsch van Beijnum
- Re: [lisp] IPv6 UDP checksum issue Dino Farinacci
- Re: [lisp] IPv6 UDP checksum issue Margaret Wasserman
- Re: [lisp] IPv6 UDP checksum issue Christopher Morrow
- Re: [lisp] IPv6 UDP checksum issue Gorry Fairhurst
- Re: [lisp] IPv6 UDP checksum issue Lars Eggert
- Re: [lisp] IPv6 UDP checksum issue Margaret Wasserman
- Re: [lisp] IPv6 UDP checksum issue Noel Chiappa
- Re: [lisp] IPv6 UDP checksum issue Dino Farinacci
- Re: [lisp] IPv6 UDP checksum issue Dino Farinacci
- RE: [lisp] IPv6 UDP checksum issue Manfredi, Albert E
- Re: [lisp] IPv6 UDP checksum issue Lars Eggert
- Re: [lisp] IPv6 UDP checksum issue Lars Eggert
- Re: [lisp] IPv6 UDP checksum issue Dino Farinacci
- Re: [lisp] IPv6 UDP checksum issue Noel Chiappa
- Re: [lisp] IPv6 UDP checksum issue byzek
- Re: [lisp] IPv6 UDP checksum issue Rémi Denis-Courmont
- Re: [lisp] IPv6 UDP checksum issue Christopher Morrow
- Re: [lisp] IPv6 UDP checksum issue Pekka Savola
- Re: [lisp] IPv6 UDP checksum issue Dino Farinacci
- Re: [lisp] IPv6 UDP checksum issue Dino Farinacci
- Re: [lisp] IPv6 UDP checksum issue Lars Eggert
- Re: [lisp] IPv6 UDP checksum issue Noel Chiappa
- Re: [lisp] IPv6 UDP checksum issue Dino Farinacci
- Re: [lisp] IPv6 UDP checksum issue Fred Baker
- Re: [lisp] IPv6 UDP checksum issue Benny Amorsen
- RE: [lisp] IPv6 UDP checksum issue Manfredi, Albert E
- Re: [lisp] IPv6 UDP checksum issue Brian E Carpenter
- Re: [lisp] IPv6 UDP checksum issue Marshall Eubanks
- Re: [lisp] IPv6 UDP checksum issue Lars Eggert
- Re: [lisp] IPv6 UDP checksum issue Margaret Wasserman
- Re: [lisp] IPv6 UDP checksum issue Margaret Wasserman
- Re: [lisp] IPv6 UDP checksum issue Rémi Denis-Courmont
- Re: [lisp] IPv6 UDP checksum issue Iljitsch van Beijnum
- Re: [lisp] IPv6 UDP checksum issue Iljitsch van Beijnum
- Re: [lisp] IPv6 UDP checksum issue Iljitsch van Beijnum
- Re: [lisp] IPv6 UDP checksum issue Sam Hartman
- Re: [lisp] IPv6 UDP checksum issue Shane Amante
- Re: [lisp] IPv6 UDP checksum issue Marshall Eubanks
- Re: [lisp] IPv6 UDP checksum issue Iljitsch van Beijnum
- Re: [lisp] IPv6 UDP checksum issue Margaret Wasserman
- Re: [lisp] IPv6 UDP checksum issue Margaret Wasserman
- Re: [lisp] IPv6 UDP checksum issue Joel M. Halpern
- Re: [lisp] IPv6 UDP checksum issue Iljitsch van Beijnum
- Re: [lisp] IPv6 UDP checksum issue Sam Hartman
- Re: [lisp] IPv6 UDP checksum issue - Flowlabel us… Rémi Després
- Re: [lisp] IPv6 UDP checksum issue - Flowlabel us… Iljitsch van Beijnum
- Re: [lisp] IPv6 UDP checksum issue Margaret Wasserman
- Re: [lisp] IPv6 UDP checksum issue Margaret Wasserman
- Re: [lisp] IPv6 UDP checksum issue Rémi Denis-Courmont
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Brian E Carpenter
- Re: [lisp] IPv6 UDP checksum issue Margaret Wasserman
- Re: [lisp] IPv6 UDP checksum issue Margaret Wasserman
- Re: [lisp] IPv6 UDP checksum issue Margaret Wasserman
- Re: [lisp] IPv6 UDP checksum issue Rémi Denis-Courmont
- Re: [lisp] IPv6 UDP checksum issue Marshall Eubanks
- Re: [lisp] IPv6 UDP checksum issue - Flowlabel us… Brian E Carpenter
- Flow label redux [Re: [lisp] IPv6 UDP checksum is… Brian E Carpenter
- Re: [lisp] IPv6 UDP checksum issue Margaret Wasserman
- Re: [lisp] IPv6 UDP checksum issue Margaret Wasserman
- Re: [lisp] IPv6 UDP checksum issue Margaret Wasserman
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Vince Fuller
- Re: Flow label redux [Re: [lisp] IPv6 UDP checksu… Joel M. Halpern
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Iljitsch van Beijnum
- Re: [lisp] IPv6 UDP checksum issue Sam Hartman
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Margaret Wasserman
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Margaret Wasserman
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Pekka Savola
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Shane Amante
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Sam Hartman
- Re: [lisp] IPv6 UDP checksum issue byzek
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Shane Amante
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Christopher Morrow
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Sam Hartman
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Joel M. Halpern
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Christopher Morrow
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Margaret Wasserman
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Christopher Morrow
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Margaret Wasserman
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Joel M. Halpern
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Margaret Wasserman
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Christopher Morrow
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Margaret Wasserman
- Re: Flow label redux [Re: [lisp] IPv6 UDP checksu… Hesham Soliman
- Flow label collision [Flow label redux [Re: IPv6 … Brian E Carpenter
- Re: Flow label collision [Flow label redux [Re: I… Pekka Savola
- Re: Flow label collision [Flow label redux [Re: I… Shane Amante
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Margaret Wasserman
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Joel M. Halpern
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Luigi Iannone
- RE: [lisp] Flow label redux [Re: IPv6 UDP checksu… Templin, Fred L
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Margaret Wasserman
- RE: [lisp] Flow label redux [Re: IPv6 UDP checksu… Templin, Fred L
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Margaret Wasserman
- Re: Flow label collision [Flow label redux [Re: I… Brian E Carpenter
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Christopher Morrow
- RE: [lisp] Flow label redux [Re: IPv6 UDP checksu… Templin, Fred L
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Iljitsch van Beijnum
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Iljitsch van Beijnum
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Christopher Morrow
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Francis Dupont
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Shane Amante
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Shane Amante
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Iljitsch van Beijnum
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Shane Amante
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Christopher Morrow
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Marshall Eubanks
- Re: [lisp] IPv6 UDP checksum issue Dino Farinacci
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Christopher Morrow
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Iljitsch van Beijnum
- Re: [lisp] IPv6 UDP checksum issue Dino Farinacci
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… David Malone
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Francis Dupont
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Margaret Wasserman
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Margaret Wasserman
- Re: [lisp] IPv6 UDP checksum issue Margaret Wasserman
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Luigi Iannone
- Re: [lisp] Flow label redux sthaug
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Margaret Wasserman
- Re: [lisp] Flow label redux Margaret Wasserman
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Luigi Iannone
- Re: [lisp] IPv6 UDP checksum issue Dino Farinacci
- Re: [lisp] IPv6 UDP checksum issue Margaret Wasserman
- Re: [lisp] IPv6 UDP checksum issue Dino Farinacci
- Re: [lisp] IPv6 UDP checksum issue Joel M. Halpern
- Re: [lisp] IPv6 UDP checksum issue Joel M. Halpern
- Re: [lisp] IPv6 UDP checksum issue Dino Farinacci
- Re: [lisp] IPv6 UDP checksum issue Sam Hartman
- Re: [lisp] IPv6 UDP checksum issue Dino Farinacci
- Re: [lisp] IPv6 UDP checksum issue Joel M. Halpern
- Re: [lisp] IPv6 UDP checksum issue Dino Farinacci
- Re: [lisp] IPv6 UDP checksum issue Luigi Iannone
- Re: [lisp] IPv6 UDP checksum issue Margaret Wasserman
- Re: [lisp] IPv6 UDP checksum issue Dino Farinacci
- Re: [lisp] IPv6 UDP checksum issue Sam Hartman
- Re: [lisp] IPv6 UDP checksum issue Dino Farinacci
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Francis Dupont
- Re: [lisp] IPv6 UDP checksum issue Margaret Wasserman
- Re: [lisp] IPv6 UDP checksum issue Luigi Iannone
- Re: [lisp] IPv6 UDP checksum issue Dino Farinacci
- Re: [lisp] IPv6 UDP checksum issue Margaret Wasserman
- Re: [lisp] IPv6 UDP checksum issue Luigi Iannone
- Re: [lisp] IPv6 UDP checksum issue Dino Farinacci
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Francis Dupont
- Re: [lisp] Flow label redux [Re: IPv6 UDP checksu… Luigi Iannone
- Re: [lisp] IPv6 UDP checksum issue Gorry Fairhurst