Re: [lisp] New Issue: UDP-TUNNELS inconsistent with 5.4.1 MTU Handling
Margaret Wasserman <mrw@sandstorm.net> Sun, 13 September 2009 13:24 UTC
Return-Path: <mrw@sandstorm.net>
X-Original-To: lisp@core3.amsl.com
Delivered-To: lisp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 534F93A6842 for <lisp@core3.amsl.com>; Sun, 13 Sep 2009 06:24:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.15
X-Spam-Level:
X-Spam-Status: No, score=-2.15 tagged_above=-999 required=5 tests=[AWL=0.115, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Rocq3AQ034k for <lisp@core3.amsl.com>; Sun, 13 Sep 2009 06:24:19 -0700 (PDT)
Received: from sirocco.sandstorm.net (sirocco.sandstorm.net [69.33.111.75]) by core3.amsl.com (Postfix) with ESMTP id 4C0213A677C for <lisp@ietf.org>; Sun, 13 Sep 2009 06:24:19 -0700 (PDT)
Received: from [10.36.0.42] (pool-173-48-144-147.bstnma.fios.verizon.net [173.48.144.147]) (authenticated bits=0) by sirocco.sandstorm.net (8.13.8/8.13.3) with ESMTP id n8DDOnHa018413 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Sun, 13 Sep 2009 09:24:49 -0400 (EDT) (envelope-from mrw@sandstorm.net)
Message-Id: <F3F05316-B0B3-41AD-8A22-5245D41166F3@sandstorm.net>
From: Margaret Wasserman <mrw@sandstorm.net>
To: Marshall Eubanks <tme@americafree.tv>
In-Reply-To: <4B4EFE25-BC75-4D96-987D-4F8D6589C6DB@americafree.tv>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Sun, 13 Sep 2009 09:24:48 -0400
References: <FFCF7FE8-8914-44EB-817E-3CE61715407F@cisco.com> <CFC89492-2821-415B-8A9F-9D84DE25EF0E@sandstorm.net> <tsltyz9qfwe.fsf@mit.edu> <B1628498-AA20-4F9E-89B3-F75ED4A6775D@sandstorm.net> <4B4EFE25-BC75-4D96-987D-4F8D6589C6DB@americafree.tv>
X-Mailer: Apple Mail (2.935.3)
Cc: Sam Hartman <hartmans-ietf-ietf@mit.edu>, Magnus Westerlund <magnus.westerlund@ericsson.com>, lisp@ietf.org
Subject: Re: [lisp] New Issue: UDP-TUNNELS inconsistent with 5.4.1 MTU Handling
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Sep 2009 13:24:20 -0000
Hi Marshall, Just FYI -- the UDP-TUNNEL draft is now expired. You might want to update (or resubmit) it. On Sep 12, 2009, at 1:45 PM, Marshall Eubanks wrote: > We also interpreted this as both a AD proscription, and as feedback > from IPv6 guru's, so we didn't question it much. However, the issue > can certainly be raised here. These issues can definitely be discussed further, alhtough perhaps it would be better to discuss them in 6man. I'll wait for an explanation from Magnus about why he proposed this restriction before stating an opinion on whether or not to remove it. In general, though, it would be good to explain the reasons for all of the restrictions in your draft, so that people won't be inclined to ignore them without realizing why they are important. If we can't give a good explanation of the reasons for a particular restriction, perhaps we should take it out. >> The UDP-TUNNELS draft is written with a different notion of tunnels >> than LISP -- like somehow the tunnel will be used for one >> application or one type of traffic. So, it doesn't actually talk >> about using zero checksums for some packets and non-zero checksums >> for others. It just says that you must discard, or can't send, >> certain types of packets. Presumably we don't want LISP ITRs to >> simply discard packets that are not integrity checked, but I think >> it would be consistent with UDP-TUNNELS to just use non-zero IPv6/ >> UDP checksums for those packets... >> > > It certainly would. > > - draft-eubanks-chimento-6man is intended to allow for tunneling > uses without an outer packet checksum in the case where the inner > packet does have a checksum. That way, on an end to end basis, the > packets will be checked. > > - Yes, that does imply it is intended for applications that only > send inner packets with checksums or check to verify that the inner > packet checksum is present. > > - My understanding is that LISP is such a situation, and that is how > I read the draft. LISP currently does nothing to ensure that "inner" packets have any sort of integrity checking. LISP does not (currently) discard UDP packets that have zero checksums before tunneling them as required in UDP-TUNNELS, and it doesn't do anything else to check that the inner packets have integrity checks. The LISP documents also describe a case where LISP packets would be tunneled in another LISP outer header for Traffic Engineering purposes. In that case, encapsulating an existing LISP packet (with a zero UDP checksum) in an IPv6/UDP/LISP header with a zero UDP checksum would clearly violate the restrictions in UDP-TUNNELs. > > I regard how stringently this should be enforced as open to > discussion and debate (i.e., what other integrity checks are > acceptable), but I don't think we are going to get a "ignore all > checksums" addition to IPv6.= I do understand that some of this could change, and hopefully LISP Folks will work with 6man to try to get our needs met. But in the meantime, we have two drafts, one of which normatively references the other, that are incompatible in certain ways. IMO, we should log a LISP issue indicating that LISP (-04) is not fully compatible with UDP-TUNNEL (-00) in four ways: (2) LISP does not discard packets with zero UDP checksums before enapsulating them in IPv6/UDP with a zero UDP checksum. (2) LISP does not ensure that all encapsulated packets contain an inner integrity checking mechanism before encapsulating in IPv6/UDP with a zero UDP checksum. (3) LISP contains an option that would result in fragmentation of inner packets, and it does not indicate that non-zero UDP checksums must be used when these packets are encapsulated in an IPv6 LISP header. (4) The LISP specifications provide for encapsulating LISP packets within a second LISP header and it does not indicate that non-zero UDP checksums must be used when the new outer header is an IPv6 LISP header. This issue will insure that we don't forget to check for compatibility between LISP and UDP-TUNNELS before we publish the LISP RFCs. After we enter the issue in the tracker, I think we should park the issue (for the LISP group, at least) and re-visit it after the 6man group (with help from those of us who participate) reaches consensus on the final form (if any) of the UDP-TUNNEL document. When UDP- TUNNEL is no longer a moving target, we can assess what changes (if any) will be required for LISP to use it properly. Margaret
- [lisp] Any objections for posting draft-ietf-lisp… Dino Farinacci
- [lisp] New Issue: UDP-TUNNELS inconsistent with 5… Margaret Wasserman
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Templin, Fred L
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Margaret Wasserman
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Marshall Eubanks
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Sam Hartman
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Margaret Wasserman
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Marshall Eubanks
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Margaret Wasserman
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Joel M. Halpern
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Margaret Wasserman
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Joel M. Halpern
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Margaret Wasserman
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Joel M. Halpern
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Magnus Westerlund
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Magnus Westerlund
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Templin, Fred L
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Magnus Westerlund
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Joel M. Halpern
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Magnus Westerlund
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Margaret Wasserman
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Marshall Eubanks
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Joel M. Halpern
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Margaret Wasserman
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Margaret Wasserman
- Re: [lisp] New Issue: UDP-TUNNELS inconsistent wi… Loránd Jakab