Re: [lisp] New Issue: UDP-TUNNELS inconsistent with 5.4.1 MTU Handling
Marshall Eubanks <tme@americafree.tv> Sat, 12 September 2009 17:44 UTC
Return-Path: <tme@americafree.tv>
X-Original-To: lisp@core3.amsl.com
Delivered-To: lisp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A51FD3A6953 for <lisp@core3.amsl.com>; Sat, 12 Sep 2009 10:44:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.156
X-Spam-Level:
X-Spam-Status: No, score=-1.156 tagged_above=-999 required=5 tests=[AWL=-1.457, BAYES_00=-2.599, J_CHICKENPOX_22=0.6, MANGLED_OFF=2.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0DyECOcrSRTk for <lisp@core3.amsl.com>; Sat, 12 Sep 2009 10:44:33 -0700 (PDT)
Received: from mail.americafree.tv (rossini.americafree.tv [63.105.122.34]) by core3.amsl.com (Postfix) with ESMTP id 802993A6950 for <lisp@ietf.org>; Sat, 12 Sep 2009 10:44:33 -0700 (PDT)
Received: from [IPv6:::1] (rossini.americafree.tv [63.105.122.34]) by mail.americafree.tv (Postfix) with ESMTP id C17594B5EA04; Sat, 12 Sep 2009 13:45:12 -0400 (EDT)
Message-Id: <4B4EFE25-BC75-4D96-987D-4F8D6589C6DB@americafree.tv>
From: Marshall Eubanks <tme@americafree.tv>
To: Margaret Wasserman <mrw@sandstorm.net>
In-Reply-To: <B1628498-AA20-4F9E-89B3-F75ED4A6775D@sandstorm.net>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Sat, 12 Sep 2009 13:45:09 -0400
References: <FFCF7FE8-8914-44EB-817E-3CE61715407F@cisco.com> <CFC89492-2821-415B-8A9F-9D84DE25EF0E@sandstorm.net> <tsltyz9qfwe.fsf@mit.edu> <B1628498-AA20-4F9E-89B3-F75ED4A6775D@sandstorm.net>
X-Mailer: Apple Mail (2.936)
Cc: Sam Hartman <hartmans-ietf-ietf@mit.edu>, Magnus Westerlund <magnus.westerlund@ericsson.com>, lisp@ietf.org
Subject: Re: [lisp] New Issue: UDP-TUNNELS inconsistent with 5.4.1 MTU Handling
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Sep 2009 17:44:34 -0000
Dear Margaret; On Sep 11, 2009, at 9:25 PM, Margaret Wasserman wrote: > > On Sep 11, 2009, at 6:24 PM, Sam Hartman wrote: > >>>>>>> "Margaret" == Margaret Wasserman <mrw@sandstorm.net> writes: >> >> Margaret> I have a new issue that should probably go in the >> Margaret> tracker (for resolution in -05 or later, not to hold >> Margaret> anything up now). >> >> Margaret> The UDP-TUNNELS document contains the following >> Margaret> restriction: >> >> Margaret, I think this would be a duplicate of an open issue. Your >> existing issue requires us to normatively reference a spec that makes >> appropriate standards track changes to permit what we're doing. >> >> If you believe that Marshall's draft doesn't do that, then we either >> need to convince Marshall to do what we want or reference another >> draft. I might point out that our draft has not yet been accepted by 6Man, and we are certainly open to changes. This entire discussion here has been very good for our draft. >> >> I don't see how an extra issue will help. >> >> Does this work for you? > > No, I don't see why this is a duplicate. I am saying that if we use > IPv6/UDP zero checksums, the UDP-TUNNELS spec contains a restriction > that we can't send fragments. It says " The tunneling protocol and implementation must not use fragmentation of the inner packets being carried." This comes from an email of Magnus Westerlund ----- [MBONED] WGLC for <draft-ietf-mboned-auto-multicast-08.txt> - UDP checksum? Date: December 5, 2007 3:12:05 PM EST I think it will be acceptable to update RFC 2460 to say that the UDP checksum may be turned of[f] under the following restrictions: 1. The UDP payload must have the capability to verify its integrity by itself, for example by being a complete IP packet in itself. 2. That IP packet fragmentation must not be used. ------ We interpreted "2" as coming from "1" - i.e., the total "outer" packet could be fragmented, but the "inner" packet should not be a fragment of the original "inner" packet, as then I could not verify its integrity by itself. We also interpreted this as both a AD proscription, and as feedback from IPv6 guru's, so we didn't question it much. However, the issue can certainly be raised here. I personally think that we could live with fragments. Here is my reasoning - If I want to send fragments over IPv6 LISP, my understanding is that only the first will have the inner UDP header, and thus the inner fragments after the first will not have any data checks _inside their fragment_. However, when the inner packet is reassembled, it _will_ have a checksum check. This to me fits within the "other integrity checks" mentioned below. - The current draft draft-ietf-lisp-04.txt says (Section 5) It is recommended, in IPv4 that packets do not get fragmented as they are encapsulated by the ITR. Instead, the packet is dropped and an ICMP Too Big message is returned to the source. For this reason, there is currently no plan for LISP to add any new additional, complex mechanism for implementing fragmentation and reassembly in the face of limited-MTU transit links. I am assuming that the discussion in Section 5.4.1 applies to IPv6 as well as IPv4. Section 5.4.1 : When an ETR receives encapsulated fragments, it treats them as two individually encapsulated packets. It strips the LISP headers then forwards each fragment to the destination host of the destination site. The two fragments are reassembled at the destination host into the single IP datagram that was originated by the source host. So, again, this would lead to unprotected fragments but errors in the inner packet should be caught at the end. In the Tunneling draft there is an implicit assumption that catching errors only at the end is acceptable. In IPv6 itself, it is also not possible to perform a checksum test except at the end node, as there is no separate checksum for any fragments, so if tunneling was not used, any errors would still only be caught at the end. Magnus might care to provide more insight as to the push-back here, so I have cc:ed him. > > After reading Fred Templin's mail, I realize that there is another > possible solution to this problem -- to state in the fragmentation > section that you MUST NOT set the UDP/IPv6 chekcsum to zero for > packets that contain fragments. > > The UDP-TUNNELS draft is written with a different notion of tunnels > than LISP -- like somehow the tunnel will be used for one > application or one type of traffic. So, it doesn't actually talk > about using zero checksums for some packets and non-zero checksums > for others. It just says that you must discard, or can't send, > certain types of packets. Presumably we don't want LISP ITRs to > simply discard packets that are not integrity checked, but I think > it would be consistent with UDP-TUNNELS to just use non-zero IPv6/ > UDP checksums for those packets... > It certainly would. - draft-eubanks-chimento-6man is intended to allow for tunneling uses without an outer packet checksum in the case where the inner packet does have a checksum. That way, on an end to end basis, the packets will be checked. - Yes, that does imply it is intended for applications that only send inner packets with checksums or check to verify that the inner packet checksum is present. - My understanding is that LISP is such a situation, and that is how I read the draft. I regard how stringently this should be enforced as open to discussion and debate (i.e., what other integrity checks are acceptable), but I don't think we are going to get a "ignore all checksums" addition to IPv6. Regards Marshall > Margaret > > > _______________________________________________ > lisp mailing list > lisp@ietf.org > https://www.ietf.org/mailman/listinfo/lisp >
- [lisp] Any objections for posting draft-ietf-lisp… Dino Farinacci
- [lisp] New Issue: UDP-TUNNELS inconsistent with 5… Margaret Wasserman
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Templin, Fred L
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Margaret Wasserman
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Marshall Eubanks
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Sam Hartman
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Margaret Wasserman
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Marshall Eubanks
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Margaret Wasserman
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Joel M. Halpern
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Margaret Wasserman
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Joel M. Halpern
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Margaret Wasserman
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Joel M. Halpern
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Magnus Westerlund
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Magnus Westerlund
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Templin, Fred L
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Magnus Westerlund
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Joel M. Halpern
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Magnus Westerlund
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Margaret Wasserman
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Marshall Eubanks
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Joel M. Halpern
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Margaret Wasserman
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Margaret Wasserman
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Loránd Jakab