IETF Logo Mail Archive

Re: [mpls] Last Call: <draft-ietf-mpls-in-udp-04.txt> (Encapsulating MPLS in UDP) to Proposed Standard

<l.wood@surrey.ac.uk> Tue, 21 January 2014 21:28 UTC

Return-Path: <l.wood@surrey.ac.uk>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25E061A0263 for <mpls@ietfa.amsl.com>; Tue, 21 Jan 2014 13:28:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l3yDljq1kp7N for <mpls@ietfa.amsl.com>; Tue, 21 Jan 2014 13:28:32 -0800 (PST)
Received: from mail1.bemta3.messagelabs.com (mail1.bemta3.messagelabs.com [195.245.230.165]) by ietfa.amsl.com (Postfix) with ESMTP id 4D9601A0250 for <mpls@ietf.org>; Tue, 21 Jan 2014 13:28:32 -0800 (PST)
Received: from [85.158.137.99:63562] by server-5.bemta-3.messagelabs.com id AA/AF-25188-F76EED25; Tue, 21 Jan 2014 21:28:31 +0000
X-Env-Sender: l.wood@surrey.ac.uk
X-Msg-Ref: server-7.tower-217.messagelabs.com!1390339710!17322058!1
X-Originating-IP: [131.227.200.31]
X-StarScan-Received:
X-StarScan-Version: 6.9.16; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 28649 invoked from network); 21 Jan 2014 21:28:30 -0000
Received: from exht011p.surrey.ac.uk (HELO EXHT011P.surrey.ac.uk) (131.227.200.31) by server-7.tower-217.messagelabs.com with AES128-SHA encrypted SMTP; 21 Jan 2014 21:28:30 -0000
Received: from EXMB01CMS.surrey.ac.uk ([169.254.1.204]) by EXHT011P.surrey.ac.uk ([131.227.200.31]) with mapi; Tue, 21 Jan 2014 21:28:30 +0000
From: l.wood@surrey.ac.uk
To: curtis@ipv6.occnc.com, lars@netapp.com
Date: Tue, 21 Jan 2014 21:28:30 +0000
Thread-Topic: [mpls] Last Call: <draft-ietf-mpls-in-udp-04.txt> (Encapsulating MPLS in UDP) to Proposed Standard
Thread-Index: Ac8W5wNrNVCRkxLlSdiKUO4rBj1TjwABvlMs
Message-ID: <290E20B455C66743BE178C5C84F1240847E63346DE@EXMB01CMS.surrey.ac.uk>
References: Your message of "Tue, 21 Jan 2014 12:07:35 +0000." <558A15A9-204A-4447-923C-58DC2A3CED8A@netapp.com>, <201401212014.s0LKEDXM065730@maildrop2.v6ds.occnc.com>
In-Reply-To: <201401212014.s0LKEDXM065730@maildrop2.v6ds.occnc.com>
Accept-Language: en-US, en-GB
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-GB
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: joelja@bogus.com, mpls@ietf.org
Subject: Re: [mpls] Last Call: <draft-ietf-mpls-in-udp-04.txt> (Encapsulating MPLS in UDP) to Proposed Standard
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2014 21:28:36 -0000

> When encapsulating in UDP, the UDP checksum might be zero but the IP
> checksum can still be filled in so the IP destination is checked

IPv6 doesn't have an IP header checksum. So with an error in the
header the packet can go anywhere.


> Lack of UDP checksum should at worst mean that the destination gets a
> packet with a munged payload, pulls off the IP and UDP headers and
> continues to forward

... or a munged header, and forwards to a different application on a different port.

See RFC 6936 section 3, which goes through the scenarios -  but plays light
on the side-effects. My beef is with:

   A protocol or application that uses the zero UDP checksum method must
   ensure that the lack of checksum does not affect the protocol
   operation.  This includes being robust to receiving an unintended
   packet from another protocol or context following corruption of a
   destination or source address and/or port value.  It also includes
   considering the need for additional implicit protection mechanisms
   required when using the payload of a UDP packet received with a zero
   checksum.

Lack of a UDP checksum in one protocol can affect the operation of other
protocols minding their own business, until they receive and try to handle
a corrupted packet from the first protocol because port or address is
corrupted. There are a lot of applications that presume that the data they
are given is error-free, and they presume that rogue data is not injected into
their conversation.

I mean, if you're going to use a zero UDP checksum, and your application
messes up and gives itself corrupt data, fine. More fool you. By analogy
as a risk, it's like speeding while talking on a cellphone and crashing into a tree.
But if your lack of checksum means you affect other applications who have
to now protect themselves against your data, you're effectively now crashing
into and harming other people. They weren't in armoured cars to protect
against this? They had no right to be on the road!

Zero UDP checksums are hit-and-run accidents waiting to happen.

Lloyd Wood
http://about.me/lloydwood
________________________________________
From: Curtis Villamizar [curtis@ipv6.occnc.com]
Sent: 21 January 2014 20:14
To: Eggert, Lars
Cc: Stewart Bryant; Wood L  Dr (Electronic Eng); curtis@ipv6.occnc.com; Joel Jaeggli; mpls@ietf.org
Subject: Re: [mpls] Last Call: <draft-ietf-mpls-in-udp-04.txt> (Encapsulating MPLS in UDP) to Proposed Standard

In message <558A15A9-204A-4447-923C-58DC2A3CED8A@netapp.com>
"Eggert, Lars" writes:

> Hi,
>
> On 2014-1-21, at 12:50, Stewart Bryant <stbryant@cisco.com> wrote:
> > In terms of congestion and misdelivery it is interesting looking
> > at the number of horses that are already bounding around
> > in the paddock outside the stable:
> >
> > IP types: 47 (GRE) and 137 (MPLS-in-IP) for example.
>
> there is a big difference between encapsulation in IP and
> encapsulation in UDP. Everything encapsulated with "obscure" IP
> protocol numbers will get dropped by default at NATs and firewalls,
> whereas UDO traffic happily traverses them. The reach of UDP traffic
> is much broader.
>
> Lars


Stray UDP packets carrying MPLS getting to grandma's firewall is
really stretching the argument but ...

When encapsulating in UDP, the UDP checksum might be zero but the IP
checksum can still be filled in so the IP destination is checked and
grandma need not worry about these packets.  But ...

Grandma's firewall would block since there is no state established on
the firewall with the opposite port pair pattern.  But ...

Even if it went through when the packet reached grandma's subnet the
payload is junk bound to an unused port.  Maybe it hits grandma's DNS
server and is interpreted as a badly malformed DNS request.

So grandma seems safe from these bad packets.

Lack of UDP checksum should at worst mean that the destination gets a
packet with a munged payload, pulls off the IP and UDP headers and
continues to forward.  At worst has the wrong MPLS label and gets
blackholed in the provider network somewhere.  If it ends up at the
correct MPLS egress, if IP, the IP checksum is checked.  If a TCP or
UDP payload carried in that IP got munged the packet could end up at
the destination with a bad TCP or UDP checksum and get dropped.

Curtis

v2.23.0 | Report a Bug | By Email