RE: [tsvwg] Multiprotocol tunneling over UDP using AERO
"Templin, Fred L" <Fred.L.Templin@boeing.com> Tue, 02 December 2014 23:18 UTC
Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: routing-discussion@ietfa.amsl.com
Delivered-To: routing-discussion@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81E3F1A6F0A; Tue, 2 Dec 2014 15:18:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UoFWySaG6SP2; Tue, 2 Dec 2014 15:18:06 -0800 (PST)
Received: from blv-mbsout-02.boeing.com (blv-mbsout-02.boeing.com [130.76.32.232]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C9D41A1BCA; Tue, 2 Dec 2014 15:18:06 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by blv-mbsout-02.boeing.com (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id sB2NI58R006778; Tue, 2 Dec 2014 15:18:05 -0800
Received: from XCH-PHX-410.sw.nos.boeing.com (xch-phx-410.sw.nos.boeing.com [10.57.37.41]) by blv-mbsout-02.boeing.com (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id sB2NHwNd006582 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=OK); Tue, 2 Dec 2014 15:17:58 -0800
Received: from XCH-BLV-504.nw.nos.boeing.com ([169.254.4.76]) by XCH-PHX-410.sw.nos.boeing.com ([169.254.10.179]) with mapi id 14.03.0210.002; Tue, 2 Dec 2014 15:17:58 -0800
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Tom Herbert <therbert@google.com>, "l.wood@surrey.ac.uk" <l.wood@surrey.ac.uk>
Subject: RE: [tsvwg] Multiprotocol tunneling over UDP using AERO
Thread-Topic: [tsvwg] Multiprotocol tunneling over UDP using AERO
Thread-Index: AQHQDoDvIrLJzf+uZkSV+8i05eS+EJx87W7Q
Date: Tue, 02 Dec 2014 23:17:57 +0000
Message-ID: <2134F8430051B64F815C691A62D9831832DA7E08@XCH-BLV-504.nw.nos.boeing.com>
References: <2134F8430051B64F815C691A62D9831832DA7C70@XCH-BLV-504.nw.nos.boeing.com> <1417559198240.10209@surrey.ac.uk> <CA+mtBx9kuDoarkdPHeZCLEDZUW2PThc13hjkNtmf9va1G_XF=g@mail.gmail.com>
In-Reply-To: <CA+mtBx9kuDoarkdPHeZCLEDZUW2PThc13hjkNtmf9va1G_XF=g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.247.104.6]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: http://mailarchive.ietf.org/arch/msg/routing-discussion/Rn6dnlXNMHKvpoFxgNFtBTBsgqk
Cc: "int-area@ietf.org" <int-area@ietf.org>, "tsvwg@ietf.org" <tsvwg@ietf.org>, "routing-discussion@ietf.org" <routing-discussion@ietf.org>
X-BeenThere: routing-discussion@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Routing Area General mailing list <routing-discussion.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/routing-discussion>, <mailto:routing-discussion-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/routing-discussion/>
List-Post: <mailto:routing-discussion@ietf.org>
List-Help: <mailto:routing-discussion-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/routing-discussion>, <mailto:routing-discussion-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Dec 2014 23:18:08 -0000
Hi Tom, > -----Original Message----- > From: Tom Herbert [mailto:therbert@google.com] > Sent: Tuesday, December 02, 2014 2:40 PM > To: l.wood@surrey.ac.uk > Cc: Templin, Fred L; tsvwg@ietf.org; int-area@ietf.org; routing-discussion@ietf.org > Subject: Re: [tsvwg] Multiprotocol tunneling over UDP using AERO > > On Tue, Dec 2, 2014 at 2:26 PM, <l.wood@surrey.ac.uk> wrote: > > Fred, > > > > I see Adrian mentioned checksums in his reply to you. To elaborate on his point: > > > > http://datatracker.ietf.org/doc/draft-templin-aerolink/ > > says: > > > > The AERO interface > > also sets the UDP checksum field to zero (see: [RFC6935][RFC6936]) > > unless an integrity check is required (see: Section 3.12.2). > > > > This misses the more subtle implications of zero checksums. As RFC6936 says: > > The current recommendation > > is to use or fall back to using UDP with full checksum coverage. > > > > RFC6935 is written from the perspective of tunnelled traffic that can have its own checks, rather than from the larger perspective of > what is good for the network; the zero checksum was inconvenient for tunnellers, hence RFC6935. (While RFC6936 is rather academic > and nuanced in its tone, as it steps through the necessary safeguards that that use of zero checksums requires of everything else; > sometimes 'don't do that, stupid!' is the clearer and simpler approach to both writing and engineering.) > > > > A zero UDP checksum means: > > > > - in IPv4, potential delivery to any port on the destination device if there is UDP header corruption. (the IPv4 header checksum can > prevent host misdelivery). This is port pollution. > > > > - in IPv6, potential delivery to anywhere if there is IP/UDP header corruption (as there is no IP header checksum, and using a zero > UDP sum turns off the endhost pseudoheader check - and tunnels often terminate on routers that forward packets...). This is > network pollution. > > > > So, use a zero UDP checksum, and the IPv6 traffic you generate can be potentially injected anywhere to affect anything, modulo all > the careful nuance in RFC6936 to start guarding against this - guards required by everything else. But your tunnel traffic can have its > own checks and its own repeat/replay, so you're alright. > > > > (UDP-Lite provides a minimal interface to build on with necessary endhost pseudo-header check and low computation cost for > application designers; shame it's not more prevalent.) > > > > Analogies with nice clean factories pumping into dirty rivers fit nicely here. It's a tragedy that people downstream were relying on > the river water, but it's clearly not the factory designer's fault. As if. Those people just didn't implement the safeguards in the small > print. And environmental protection wasn't a design goal. Why care about the commons? > > > > My take here is that IPv6 was not well-designed in this regard. An IP header checksum across non-mutable fields, excluding QoS/TTL > etc., that did not need to be recomputed, would have been preferable. A mandatory endhost pseudoheader check would have been > preferable. Expecting protocol designers to do the right thing above IP and do the necessary pseudo-header check has been > repeatedly demonstrated to presume too much knowledge in those that follow. Hardly the only IPv6 mistake, but not one we should > be compounding. > > > > Please fix AERO, and follow RFC6936's recommendation. > > > Another alternative might be to include a checksum in the > encapsulation header that includes a pseudo header covering ports and > addresses. This is what we intend to do in Generic UDP Encapsulation > (draft-herbert-guecsum-00). Thanks for supplying the fix. This same approach can be adopted by AERO, but perhaps it would be sufficient to include just the pseudoheader checksum and not worry about supplying a coverage length to check additional bytes beyond the pseudoheader? AERO is a generic UDP encapsulation format for IP-in-(foo)-in-UDP-in-IP encapsulation. The "(foo)" can be anything, e.g., GRE, MPLS, ESP, AH, etc. Is that what your are trying to do, too? Thanks - Fred fred.l.templin@boeing.com > > Lloyd Wood > > http://about.me/lloydwood > > > > you'll notice I'm not also asking you to fix the bundle protocol. Lost cause. > > ________________________________________ > > From: tsvwg <tsvwg-bounces@ietf.org> on behalf of Templin, Fred L <Fred.L.Templin@boeing.com> > > Sent: Wednesday, 3 December 2014 7:57 AM > > To: tsvwg@ietf.org; int-area@ietf.org; routing-discussion@ietf.org > > Subject: [tsvwg] Multiprotocol tunneling over UDP using AERO > > > > Hello, > > > > I am replaying a message below that was originally posted on the routing-discussion > > list yesterday. Follow-up discussion was then posted in two additional messages. The > > messages are here: > > > > http://www.ietf.org/mail-archive/web/routing-discussion/current/msg01949.html > > http://www.ietf.org/mail-archive/web/routing-discussion/current/msg01950.html > > http://www.ietf.org/mail-archive/web/routing-discussion/current/msg01951.html > > > > I am cross-posting to transport area and int area now, because there seems to be > > an overlap of interests with respect to UDP tunneling that may transcend traditional > > area boundaries. Original message appears below; please post comments to the lists. > > > > Thanks - Fred > > fred.l.templin@boeing.com > > > > --- > > > > Hello, > > > > I am working on a spec for generic tunneling of any protocol over UDP, including > > MPLS, GRE, IPsec, etc. The spec is called "AERO", and it includes: > > > > - an encapsulation format > > - a fragmentation and reassembly capability for MTU mitigation > > - a virtual link model > > - a control messaging mechanism > > - a routing and addressing system based on BGP > > > > https://datatracker.ietf.org/doc/draft-templin-aerolink/ > > > > I understand that there have been discussions regarding protocol-specific > > GRE and MPLS encapsulations within UDP, but I would like to offer up AERO > > as a protocol-independent way of accommodating UDP encapsulations. I > > also believe the routing system and other aspects of AERO should be of > > interest to the routing area. > > > > This work is derived from an earlier experimental RFC (RFC6706) which was > > originally briefed to the routing area several years ago and published as an > > AD-sponsored Individual Submission RFC. The current document can be > > considered as a second edition of AERO, and the goal is to advance it to > > standards track. Please send any comments or questions to the list. > > > > Thanks - Fred > > fred.l.templin@boeing.com > > > >
- Multiprotocol tunneling over UDP using AERO Templin, Fred L
- RE: Multiprotocol tunneling over UDP using AERO Adrian Farrel
- RE: Multiprotocol tunneling over UDP using AERO Templin, Fred L
- Multiprotocol tunneling over UDP using AERO Templin, Fred L
- Re: Multiprotocol tunneling over UDP using AERO l.wood
- Re: [tsvwg] Multiprotocol tunneling over UDP usin… Tom Herbert
- RE: Multiprotocol tunneling over UDP using AERO Templin, Fred L
- RE: [tsvwg] Multiprotocol tunneling over UDP usin… Templin, Fred L
- RE: Multiprotocol tunneling over UDP using AERO Templin, Fred L