Re: Ronald Bonica's Discuss on draft-ietf-6man-udpzero-06: (with DISCUSS)
gorry@erg.abdn.ac.uk Wed, 10 October 2012 14:38 UTC
Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 802D421F8686; Wed, 10 Oct 2012 07:38:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.385
X-Spam-Level:
X-Spam-Status: No, score=-102.385 tagged_above=-999 required=5 tests=[AWL=-0.045, BAYES_00=-2.599, SARE_SUB_OBFU_Z=0.259, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U2eeBf85x0yf; Wed, 10 Oct 2012 07:38:51 -0700 (PDT)
Received: from spey.erg.abdn.ac.uk (spey.erg.abdn.ac.uk [139.133.204.173]) by ietfa.amsl.com (Postfix) with ESMTP id 685D121F852C; Wed, 10 Oct 2012 07:38:51 -0700 (PDT)
Received: from www.erg.abdn.ac.uk (blake.erg.abdn.ac.uk [139.133.210.30]) by spey.erg.abdn.ac.uk (Postfix) with ESMTPSA id C1D842B45DB; Wed, 10 Oct 2012 15:38:49 +0100 (BST)
Received: from 2001:630:241:210:3615:9eff:fe1b:2376 (SquirrelMail authenticated user gorry) by www.erg.abdn.ac.uk with HTTP; Wed, 10 Oct 2012 15:38:50 +0100
Message-ID: <c11ff26a015c27fa2360326334526948.squirrel@www.erg.abdn.ac.uk>
In-Reply-To: <50756F59.5090307@cisco.com>
References: <20121009185726.29097.69699.idtracker@ietfa.amsl.com> <507538F1.5080505@ericsson.com> <50756F59.5090307@cisco.com>
Date: Wed, 10 Oct 2012 15:38:50 +0100
Subject: Re: Ronald Bonica's Discuss on draft-ietf-6man-udpzero-06: (with DISCUSS)
From: gorry@erg.abdn.ac.uk
To: stbryant@cisco.com, ipv6@ietf.org
User-Agent: SquirrelMail/1.4.22
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: 6man-chairs@tools.ietf.org, draft-ietf-6man-udpzero@tools.ietf.org, The IESG <iesg@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Oct 2012 14:38:52 -0000
See comments in-line. Gorry > On 10/10/2012 09:59, Magnus Westerlund wrote: >> On 2012-10-09 20:57, Ronald Bonica wrote: >>> Ronald Bonica has entered the following ballot position for >>> draft-ietf-6man-udpzero-06: Discuss >>> >>> When responding, please keep the subject line intact and reply to all >>> email addresses included in the To and CC lines. (Feel free to cut this >>> introductory paragraph, however.) >>> >>> >>> Please refer to >>> http://www.ietf.org/iesg/statement/discuss-criteria.html >>> for more information about IESG DISCUSS and COMMENT positions. >>> >>> >>> >>> >>> ---------------------------------------------------------------------- >>> DISCUSS: >>> ---------------------------------------------------------------------- >>> >>> This is a two-part DISCUSS-DISCUSS. Both parts relate to bullet points >>> in >>> Section 5.1. >>> >>> Bullet 5 >>> ====== >>> "Tunnels that encapsulate IP may rely on the inner packet >>> integrity checks provided that the tunnel will not significantly >>> increase the rate of corruption of the inner IP packet." >>> >>> - What does it mean to *significantly* increase the rate of corruption >>> of >>> the inner IP packet? >> That is a good question. And the answer is it depends. If you are >> considering a tunnel protocols which target deployment area is one where >> you have very low rates of corruption, lets say below 10^-6 then a >> factor of 2 or even 10 might be fine as the resulting end-to-end basic >> IP service may still be fine. But if that same tunnel is supposed to >> support something that requires a packet loss rate below 10^-6 then any >> increase in corruption might be to high. > > A useful and relevant question, which is worth asking the user to consider > is what exactly are those loss rates. A lot of systems do much better than > 10^-6. At 10Gb/s that is 10^4 errors/sec, so you can see they have to > do better that that. I am not sure what state of the art is, but the > range 10^-12 is often quoted as a working number. > > Maybe we need to text of the form where the underlying IPv6 network is > considered to have an acceptably low error rate, that may indicate that > it is safe to operate without a UDP checksum, without further analysis > consideration of the protocols to be carried over the UDP tunnel. > I don't think that is what we need to debate or comment upon. We were never intending to review the PILC WG recommendations on link design. I suggest that link error rate will dictate the need for link CRC. The draft is about a transport checksum and the focus of the draft is on two cases: end-to-end paths and tunnel paths between network endpoints, but done over transport layer connections. In these cases we worry about not just cables - middlebox manipulations (RTP mixers, load balancers, NAPT, firewalls, etc) and end stack implications are arguably more important. >> >>> - Shouldn't we also be concerned about corruption of the UDP header and >>> any additional encapsulation that comes between the UDP header and the >>> inner IP packet? >> I think the formulation actually is considering that. If the >> IPv6/UDP/FOO tunnel protocol carries IP and FOO is senesitive to >> corruption then isn't the payload of the tunnel, i.e. the inner IP going >> to suffer an increased corruption rate. >> >>> - How does a tunnel ingress node know whether the tunnel will >>> significantly increase the rate of corruption of the inner IP packet? >> That is something you have to statistically analyze when designing the >> protocol and deciding on using zero-checksum. > > My concern is that is impractical, the tunnel payload is opaque. > Remember the UDP tunnel will in many cases be the functional > equivalent of GRE, and we neither have the ability to include > a c/s for IPv6/GRE, nor the ability to predict the payload type. > If one uses GRE, there are indeed no issues providing you stick with the requirement that encapsulated data itself uses a UDP checksum - I don't see GRE as an end-to-end transport. > BTW, you need to realize that it's going to be very difficult > to do the do the c/s checking in a fast tunnel router and will > often need h/w changes. Unlike a common transport protocol > stack implementation a fast tunneling router does not > have access to all the packet data to run the c/s check. > For that reason alone, I predict that most of these routers > will neither impose or verify the UDP c/s in the tunnel case. > Isn't this discussed already? For an end host, it can even be that a zero checksum will be replaced by an actual checksum in common hardware interfaces! >>> Bullet 7 >>> =====- >>> " UDP applications that support use of a zero-checksum, should not >>> rely upon correct reception of the IP and UDP protocol >>> information (including the length of the packet) when decoding >>> and processing the packet payload. In particular, the >>> application must be designed so that corruption of this >>> information does not result in accumulated state or incorrect >>> processing of a tunneled payload." >>> >>> - How could any application achieve this goal? Possibly by analyzing >>> the >>> consequences if any field in the IPv6 or UDP header were corrupted? >>> (draft-ietf-6man-udpchecksums begins this analysis.) Again, wouldn't >>> the >>> analysis have to include any additional encapsulation that comes >>> between >>> the UDP header and the inner IP header? >> Yes, this is a design analysis which includes the tunnel protocols >> headers. >> >>> - Wouldn't the analysis, mentioned above, have to include assurances >>> regarding the case when the destination port is corrupted? >>> Specifically, >>> would it have to include a guarantee that if the encapsulated inner >>> packet were delivered to any randomly chosen port, it would not cause >>> any >>> harm to the application listening on that port? >> Clearly it can't include a guarantee that it will not harm what ever is >> at the randomly chosen port. But one part we try to get across in this >> document is that this is the reason we want to ensure that default >> remains to have the UDP checksum enabled to avoid having applications >> not having considered this in their design or at least been analyzed to >> be safe enough to get zero checksummed packets. >> >> The next step is the question of potential harm is a statistics game. >> And the more traffic that are transported over the network with >> zero-checksum the higher the probability that you will get a packet not >> intended for your context. Thus you will have to deal with it. Here I >> think most tunnel egresses are reasonably simple to analyze what >> happens. You attempt to decapsulate it according to whats in the packet. >> If that is not a mismatch you try to do the next step for the inner >> packet, switching or forwarding that based on whats there. That either >> matches or not the context and are thus sent further or discarded. If >> there is a checksum on that level it can help discarding packets that >> completely misses the context. >> > Let me take another cut on this. We accept that IPv6/GRE is safe, since > we did not update GRE for IPv6, and we have not deprecated it. > Why are we not simply saying : > > "It will commonly be the case that the use of a UDP tunnel is > functionally equivalent to GRE, and consequently when the > UDP c/s is not used, there may be some level of undetected > data corruption in the tunnel which is propagated to the recipient > of the tunnel payload. Thus, where the UDP c/s is not used > in a tunnel application, the same consideration of data integrity > apply to both UDP tunnels as apply to GRE tunnels, and must > be taken into consideration by the tunnel provider." > > That is probably the necessary and sufficient text for the the > reader to understand the context and the design considerations. > No, I think we've lost context here about how end hosts handle UDP packets and what the implications are - that precisely why there are two drafts on this topic and it has taken quite some debate at the IETF to get to the stage of this particular update request. I'm sure you'd agree that end hosts can be tunnel end points and that linux-based routers are common, hence we need to treat packets with GRE header different to those with UDP. > - Stewart > > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- >
- Ronald Bonica's Discuss on draft-ietf-6man-udpzer… Ronald Bonica
- Re: Ronald Bonica's Discuss on draft-ietf-6man-ud… Magnus Westerlund
- Re: Ronald Bonica's Discuss on draft-ietf-6man-ud… Stewart Bryant
- Re: Ronald Bonica's Discuss on draft-ietf-6man-ud… gorry
- RE: Ronald Bonica's Discuss on draft-ietf-6man-ud… Ronald Bonica
- Re: Ronald Bonica's Discuss on draft-ietf-6man-ud… Magnus Westerlund
- RE: Ronald Bonica's Discuss on draft-ietf-6man-ud… Ronald Bonica