IETF Logo Mail Archive

[mpls] 答复: Last Call: <draft-ietf-mpls-in-udp-04.txt> (Encapsulating MPLS in UDP) to Proposed Standard

Xuxiaohu <xuxiaohu@huawei.com> Wed, 22 January 2014 10:12 UTC

Return-Path: <xuxiaohu@huawei.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49D6F1A0422 for <mpls@ietfa.amsl.com>; Wed, 22 Jan 2014 02:12:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.553
X-Spam-Level: *
X-Spam-Status: No, score=1.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, CHARSET_FARAWAY_HEADER=3.2, CN_BODY_35=0.339, MIME_8BIT_HEADER=0.3, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9TpFUUkR1gz4 for <mpls@ietfa.amsl.com>; Wed, 22 Jan 2014 02:12:37 -0800 (PST)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) by ietfa.amsl.com (Postfix) with ESMTP id 171B01A041E for <mpls@ietf.org>; Wed, 22 Jan 2014 02:12:33 -0800 (PST)
Received: from 172.18.7.190 (EHLO lhreml203-edg.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BAH39278; Wed, 22 Jan 2014 10:12:32 +0000 (GMT)
Received: from LHREML404-HUB.china.huawei.com (10.201.5.218) by lhreml203-edg.huawei.com (172.18.7.221) with Microsoft SMTP Server (TLS) id 14.3.158.1; Wed, 22 Jan 2014 10:12:15 +0000
Received: from NKGEML410-HUB.china.huawei.com (10.98.56.41) by lhreml404-hub.china.huawei.com (10.201.5.218) with Microsoft SMTP Server (TLS) id 14.3.158.1; Wed, 22 Jan 2014 10:12:27 +0000
Received: from NKGEML512-MBS.china.huawei.com ([169.254.8.45]) by nkgeml410-hub.china.huawei.com ([10.98.56.41]) with mapi id 14.03.0158.001; Wed, 22 Jan 2014 18:12:23 +0800
From: Xuxiaohu <xuxiaohu@huawei.com>
To: "Eggert, Lars" <lars@netapp.com>, "curtis@ipv6.occnc.com" <curtis@ipv6.occnc.com>
Thread-Topic: [mpls] Last Call: <draft-ietf-mpls-in-udp-04.txt> (Encapsulating MPLS in UDP) to Proposed Standard
Thread-Index: AQHPF0bUVpx4VpP9lE+4fynfG27EApqQgu4g
Date: Wed, 22 Jan 2014 10:12:22 +0000
Message-ID: <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE08246CA3@NKGEML512-MBS.china.huawei.com>
References: <201401212014.s0LKEDXM065730@maildrop2.v6ds.occnc.com> <1811208D-230A-4EA7-B5AA-07E2C0460120@netapp.com>
In-Reply-To: <1811208D-230A-4EA7-B5AA-07E2C0460120@netapp.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.111.98.134]
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Cc: Joel Jaeggli <joelja@bogus.com>, "mpls@ietf.org" <mpls@ietf.org>
Subject: [mpls] 答复: Last Call: <draft-ietf-mpls-in-udp-04.txt> (Encapsulating MPLS in UDP) to Proposed Standard
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jan 2014 10:12:39 -0000

Hi all,

Thanks a lot for your comments.

I wonder whether the following text is OK to you:

Since the MPLS-in-UDP encapsulation causes MPLS packets to be forwarded through "UDP tunnels", the congestion control guidelines for UDP tunnels as defined in Section 3.1.3 of [RFC5405] SHOULD be followed. Specifically, MPLS can carry a number of different protocols as payloads. When an UDP tunnel is used for MPLS payload traffic that is known at configuration time to be IP-based and congestion-controlled, the UDP tunnel SHOULD NOT employ its own congestion control mechanism, because congestion losses of tunneled traffic will trigger an congestion response at the original senders of the tunneled traffic. When an UDP tunnel is used for MPLS payload traffic that is known at configuration time not to be IP-based and congestion-controlled, the UDP tunnel SHOULD employ an appropriate congestion control mechanism as described in [RFC3985]. Note that it STRONGLY RECOMMENDED to deploy such encapsulation technology only within a SP network or networks of an adjacent set of co-operating SPs, rather than over the Internet. Furthermore, packet filters should be added to block traffic with the UDP port number for MPLS over UDP to prevent MPLS over UDP packets to escape from the service provider networks due to misconfiguation or packet errors.

Best regards,
Xiaohu

> -----邮件原件-----
> 发件人: mpls [mailto:mpls-bounces@ietf.org] 代表 Eggert, Lars
> 发送时间: 2014年1月22日 15:52
> 收件人: curtis@ipv6.occnc.com
> 抄送: Joel Jaeggli; mpls@ietf.org
> 主题: Re: [mpls] Last Call: <draft-ietf-mpls-in-udp-04.txt> (Encapsulating MPLS
> in UDP) to Proposed Standard
> 
> This is not at all the argument I am making. My emails have not touched at all
> on the issue of zero checksums.
> 
> My point is that UDP encapsulation changes the potential *reach* of
> congestion-uncontrolled traffic that was otherwise limited to L2 networks.
> 
> Lars
> 
> On 2014-1-21, at 21:14, Curtis Villamizar <curtis@ipv6.occnc.com> wrote:
> 
> >
> > In message <558A15A9-204A-4447-923C-58DC2A3CED8A@netapp.com>
> > "Eggert, Lars" writes:
> >
> >> Hi,
> >>
> >> On 2014-1-21, at 12:50, Stewart Bryant <stbryant@cisco.com> wrote:
> >>> In terms of congestion and misdelivery it is interesting looking at
> >>> the number of horses that are already bounding around in the paddock
> >>> outside the stable:
> >>>
> >>> IP types: 47 (GRE) and 137 (MPLS-in-IP) for example.
> >>
> >> there is a big difference between encapsulation in IP and
> >> encapsulation in UDP. Everything encapsulated with "obscure" IP
> >> protocol numbers will get dropped by default at NATs and firewalls,
> >> whereas UDO traffic happily traverses them. The reach of UDP traffic
> >> is much broader.
> >>
> >> Lars
> >
> >
> > Stray UDP packets carrying MPLS getting to grandma's firewall is
> > really stretching the argument but ...
> >
> > When encapsulating in UDP, the UDP checksum might be zero but the IP
> > checksum can still be filled in so the IP destination is checked and
> > grandma need not worry about these packets.  But ...
> >
> > Grandma's firewall would block since there is no state established on
> > the firewall with the opposite port pair pattern.  But ...
> >
> > Even if it went through when the packet reached grandma's subnet the
> > payload is junk bound to an unused port.  Maybe it hits grandma's DNS
> > server and is interpreted as a badly malformed DNS request.
> >
> > So grandma seems safe from these bad packets.
> >
> > Lack of UDP checksum should at worst mean that the destination gets a
> > packet with a munged payload, pulls off the IP and UDP headers and
> > continues to forward.  At worst has the wrong MPLS label and gets
> > blackholed in the provider network somewhere.  If it ends up at the
> > correct MPLS egress, if IP, the IP checksum is checked.  If a TCP or
> > UDP payload carried in that IP got munged the packet could end up at
> > the destination with a bad TCP or UDP checksum and get dropped.
> >
> > Curtis

v2.23.0 | Report a Bug | By Email