IETF Logo Mail Archive

Re: ´ð¸´: [mpls] Last Call: <draft-ietf-mpls-in-udp-04.txt> (Encapsulating MPLS in UDP) to Proposed Standard

Curtis Villamizar <curtis@ipv6.occnc.com> Wed, 22 January 2014 20:43 UTC

Return-Path: <curtis@ipv6.occnc.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 507671A02C8 for <mpls@ietfa.amsl.com>; Wed, 22 Jan 2014 12:43:05 -0800 (PST)
X-Quarantine-ID: <lMa8pJkNifSv>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char B4 hex): Subject: Re: \264\360\270\264: [mpls] Las[...]
X-Spam-Flag: NO
X-Spam-Score: -0.231
X-Spam-Level:
X-Spam-Status: No, score=-0.231 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, CN_BODY_35=0.339, MIME_8BIT_HEADER=0.3, RP_MATCHES_RCVD=-0.535, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, SUBJECT_NEEDS_ENCODING=0.049, SUBJ_ILLEGAL_CHARS=1.518] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lMa8pJkNifSv for <mpls@ietfa.amsl.com>; Wed, 22 Jan 2014 12:43:04 -0800 (PST)
Received: from maildrop2.v6ds.occnc.com (maildrop2.v6ds.occnc.com [IPv6:2001:470:88e6:3::232]) by ietfa.amsl.com (Postfix) with ESMTP id 3DCFF1A0158 for <mpls@ietf.org>; Wed, 22 Jan 2014 12:42:58 -0800 (PST)
Received: from harbor3.ipv6.occnc.com (harbor3.v6ds.occnc.com [IPv6:2001:470:88e6:3::239]) (authenticated bits=128) by maildrop2.v6ds.occnc.com (8.14.7/8.14.7) with ESMTP id s0MKgoTZ087832; Wed, 22 Jan 2014 15:42:50 -0500 (EST) (envelope-from curtis@ipv6.occnc.com)
Message-Id: <201401222042.s0MKgoTZ087832@maildrop2.v6ds.occnc.com>
To: Xuxiaohu <xuxiaohu@huawei.com>
From: Curtis Villamizar <curtis@ipv6.occnc.com>
Subject: Re: ��: [mpls] Last Call: <draft-ietf-mpls-in-udp-04.txt> (Encapsulating MPLS in UDP) to Proposed Standard
In-reply-to: Your message of "Wed, 22 Jan 2014 10:12:22 +0000." <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE08246CA3@NKGEML512-MBS.china.huawei.com>
Date: Wed, 22 Jan 2014 15:42:50 -0500
Cc: Joel Jaeggli <joelja@bogus.com>, "mpls@ietf.org" <mpls@ietf.org>, "Eggert, Lars" <lars@netapp.com>
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: curtis@ipv6.occnc.com
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jan 2014 20:43:05 -0000

In message <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE08246CA3@NKGEML512-MBS.china.huawei.com>
Xuxiaohu writes:
 
> Hi all,
>  
> Thanks a lot for your comments.
>  
> I wonder whether the following text is OK to you:
>  
>    Since the MPLS-in-UDP encapsulation causes MPLS packets to be
>    forwarded through "UDP tunnels", the congestion control guidelines
>    for UDP tunnels as defined in Section 3.1.3 of [RFC5405] SHOULD be
>    followed. Specifically, MPLS can carry a number of different
>    protocols as payloads. When an UDP tunnel is used for MPLS payload
>    traffic that is known at configuration time to be IP-based and
>    congestion-controlled, the UDP tunnel SHOULD NOT employ its own
>    congestion control mechanism, because congestion losses of tunneled
>    traffic will trigger an congestion response at the original senders
>    of the tunneled traffic. When an UDP tunnel is used for MPLS
>    payload traffic that is known at configuration time not to be
>    IP-based and congestion-controlled, the UDP tunnel SHOULD employ an
>    appropriate congestion control mechanism as described in
>    [RFC3985]. Note that it STRONGLY RECOMMENDED to deploy such
>    encapsulation technology only within a SP network or networks of an
>    adjacent set of co-operating SPs, rather than over the
>    Internet. Furthermore, packet filters should be added to block
>    traffic with the UDP port number for MPLS over UDP to prevent MPLS
>    over UDP packets to escape from the service provider networks due
>    to misconfiguation or packet errors.
>  
> Best regards,
> Xiaohu

Xiaohu,

Looks good.

A few nits:

s/an congestion response/a congestion response/

s/Note that it STRONGLY RECOMMENDED/Note that it is STRONGLY RECOMMENDED/

s/to deploy such encapsulation technology
 /that such encapsulation technology be deployed/

s/UDP packets to escape from/UDP packets from escaping/

I suggest that you also add a paragraph saying that UDP checksums
SHOULD be used in all cases where it is feasible to do so.  Try to
capture the reasoning behind the tsvwg recommendations that UDP
checksums be used whenever it is possible to do so.  You can
optionally add wording from past email outlining the known cases where
adding UDP checksums are infeasible (such as cut-through routing).

thanks.

Curtis


> > -----ÓʼþÔ­¼þ-----
> > ·¢¼þÈË: mpls [mailto:mpls-bounces@ietf.org] ´ú±í Eggert, Lars
> > ·¢ËÍʱ¼ä: 2014Äê1ÔÂ22ÈÕ 15:52
> > ÊÕ¼þÈË: curtis@ipv6.occnc.com
> > ³­ËÍ: Joel Jaeggli; mpls@ietf.org
> > Ö÷Ìâ: Re: [mpls] Last Call: <draft-ietf-mpls-in-udp-04.txt> (Encapsulating MPLS
> > in UDP) to Proposed Standard
> > 
> > This is not at all the argument I am making. My emails have not touched at all
> > on the issue of zero checksums.
> > 
> > My point is that UDP encapsulation changes the potential *reach* of
> > congestion-uncontrolled traffic that was otherwise limited to L2 networks.
> > 
> > Lars
> > 
> > On 2014-1-21, at 21:14, Curtis Villamizar <curtis@ipv6.occnc.com> wrote:
> > 
> > >
> > > In message <558A15A9-204A-4447-923C-58DC2A3CED8A@netapp.com>
> > > "Eggert, Lars" writes:
> > >
> > >> Hi,
> > >>
> > >> On 2014-1-21, at 12:50, Stewart Bryant <stbryant@cisco.com> wrote:
> > >>> In terms of congestion and misdelivery it is interesting looking at
> > >>> the number of horses that are already bounding around in the paddock
> > >>> outside the stable:
> > >>>
> > >>> IP types: 47 (GRE) and 137 (MPLS-in-IP) for example.
> > >>
> > >> there is a big difference between encapsulation in IP and
> > >> encapsulation in UDP. Everything encapsulated with "obscure" IP
> > >> protocol numbers will get dropped by default at NATs and firewalls,
> > >> whereas UDO traffic happily traverses them. The reach of UDP traffic
> > >> is much broader.
> > >>
> > >> Lars
> > >
> > >
> > > Stray UDP packets carrying MPLS getting to grandma's firewall is
> > > really stretching the argument but ...
> > >
> > > When encapsulating in UDP, the UDP checksum might be zero but the IP
> > > checksum can still be filled in so the IP destination is checked and
> > > grandma need not worry about these packets.  But ...
> > >
> > > Grandma's firewall would block since there is no state established on
> > > the firewall with the opposite port pair pattern.  But ...
> > >
> > > Even if it went through when the packet reached grandma's subnet the
> > > payload is junk bound to an unused port.  Maybe it hits grandma's DNS
> > > server and is interpreted as a badly malformed DNS request.
> > >
> > > So grandma seems safe from these bad packets.
> > >
> > > Lack of UDP checksum should at worst mean that the destination gets a
> > > packet with a munged payload, pulls off the IP and UDP headers and
> > > continues to forward.  At worst has the wrong MPLS label and gets
> > > blackholed in the provider network somewhere.  If it ends up at the
> > > correct MPLS egress, if IP, the IP checksum is checked.  If a TCP or
> > > UDP payload carried in that IP got munged the packet could end up at
> > > the destination with a bad TCP or UDP checksum and get dropped.
> > >
> > > Curtis

v2.23.0 | Report a Bug | By Email