RE: Multiprotocol tunneling over UDP using AERO
"Templin, Fred L" <Fred.L.Templin@boeing.com> Tue, 02 December 2014 23:11 UTC
Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: routing-discussion@ietfa.amsl.com
Delivered-To: routing-discussion@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 304951A1A90; Tue, 2 Dec 2014 15:11:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pmQe7QcyqMiX; Tue, 2 Dec 2014 15:10:51 -0800 (PST)
Received: from stl-mbsout-02.boeing.com (stl-mbsout-02.boeing.com [130.76.96.170]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1BB31A1A6B; Tue, 2 Dec 2014 15:10:50 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by stl-mbsout-02.boeing.com (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id sB2NAn75025685; Tue, 2 Dec 2014 17:10:49 -0600
Received: from XCH-PHX-113.sw.nos.boeing.com (xch-phx-113.sw.nos.boeing.com [130.247.25.136]) by stl-mbsout-02.boeing.com (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id sB2NAk6U025655 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=OK); Tue, 2 Dec 2014 17:10:47 -0600
Received: from XCH-BLV-504.nw.nos.boeing.com ([169.254.4.76]) by XCH-PHX-113.sw.nos.boeing.com ([169.254.13.175]) with mapi id 14.03.0210.002; Tue, 2 Dec 2014 15:10:45 -0800
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: "l.wood@surrey.ac.uk" <l.wood@surrey.ac.uk>, "tsvwg@ietf.org" <tsvwg@ietf.org>, "int-area@ietf.org" <int-area@ietf.org>, "routing-discussion@ietf.org" <routing-discussion@ietf.org>
Subject: RE: Multiprotocol tunneling over UDP using AERO
Thread-Topic: Multiprotocol tunneling over UDP using AERO
Thread-Index: AdAOcPTIDrG60uxAS3KTsgWvKVuuvAAUSOmAAA9L6SA=
Date: Tue, 02 Dec 2014 23:10:45 +0000
Message-ID: <2134F8430051B64F815C691A62D9831832DA7DE4@XCH-BLV-504.nw.nos.boeing.com>
References: <2134F8430051B64F815C691A62D9831832DA7C70@XCH-BLV-504.nw.nos.boeing.com> <1417559198240.10209@surrey.ac.uk>
In-Reply-To: <1417559198240.10209@surrey.ac.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.247.104.6]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: http://mailarchive.ietf.org/arch/msg/routing-discussion/oJVMFUmRM60CBLyztkD_vLpS5ew
X-BeenThere: routing-discussion@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Routing Area General mailing list <routing-discussion.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/routing-discussion>, <mailto:routing-discussion-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/routing-discussion/>
List-Post: <mailto:routing-discussion@ietf.org>
List-Help: <mailto:routing-discussion-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/routing-discussion>, <mailto:routing-discussion-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Dec 2014 23:11:03 -0000
Hi Llloyd, Thanks for the excellent analysis. I have had my head down on other aspects of the spec and not following the UDP checksum discussions. I will fix it. Thanks - Fred fred.l.templin@boeing.com > -----Original Message----- > From: l.wood@surrey.ac.uk [mailto:l.wood@surrey.ac.uk] > Sent: Tuesday, December 02, 2014 2:27 PM > To: Templin, Fred L; tsvwg@ietf.org; int-area@ietf.org; routing-discussion@ietf.org > Subject: Re: Multiprotocol tunneling over UDP using AERO > > Fred, > > I see Adrian mentioned checksums in his reply to you. To elaborate on his point: > > http://datatracker.ietf.org/doc/draft-templin-aerolink/ > says: > > The AERO interface > also sets the UDP checksum field to zero (see: [RFC6935][RFC6936]) > unless an integrity check is required (see: Section 3.12.2). > > This misses the more subtle implications of zero checksums. As RFC6936 says: > The current recommendation > is to use or fall back to using UDP with full checksum coverage. > > RFC6935 is written from the perspective of tunnelled traffic that can have its own checks, rather than from the larger perspective of > what is good for the network; the zero checksum was inconvenient for tunnellers, hence RFC6935. (While RFC6936 is rather academic > and nuanced in its tone, as it steps through the necessary safeguards that that use of zero checksums requires of everything else; > sometimes 'don't do that, stupid!' is the clearer and simpler approach to both writing and engineering.) > > A zero UDP checksum means: > > - in IPv4, potential delivery to any port on the destination device if there is UDP header corruption. (the IPv4 header checksum can > prevent host misdelivery). This is port pollution. > > - in IPv6, potential delivery to anywhere if there is IP/UDP header corruption (as there is no IP header checksum, and using a zero UDP > sum turns off the endhost pseudoheader check - and tunnels often terminate on routers that forward packets...). This is network > pollution. > > So, use a zero UDP checksum, and the IPv6 traffic you generate can be potentially injected anywhere to affect anything, modulo all > the careful nuance in RFC6936 to start guarding against this - guards required by everything else. But your tunnel traffic can have its > own checks and its own repeat/replay, so you're alright. > > (UDP-Lite provides a minimal interface to build on with necessary endhost pseudo-header check and low computation cost for > application designers; shame it's not more prevalent.) > > Analogies with nice clean factories pumping into dirty rivers fit nicely here. It's a tragedy that people downstream were relying on the > river water, but it's clearly not the factory designer's fault. As if. Those people just didn't implement the safeguards in the small print. > And environmental protection wasn't a design goal. Why care about the commons? > > My take here is that IPv6 was not well-designed in this regard. An IP header checksum across non-mutable fields, excluding QoS/TTL > etc., that did not need to be recomputed, would have been preferable. A mandatory endhost pseudoheader check would have been > preferable. Expecting protocol designers to do the right thing above IP and do the necessary pseudo-header check has been > repeatedly demonstrated to presume too much knowledge in those that follow. Hardly the only IPv6 mistake, but not one we should > be compounding. > > Please fix AERO, and follow RFC6936's recommendation. > > Lloyd Wood > http://about.me/lloydwood > > you'll notice I'm not also asking you to fix the bundle protocol. Lost cause. > ________________________________________ > From: tsvwg <tsvwg-bounces@ietf.org> on behalf of Templin, Fred L <Fred.L.Templin@boeing.com> > Sent: Wednesday, 3 December 2014 7:57 AM > To: tsvwg@ietf.org; int-area@ietf.org; routing-discussion@ietf.org > Subject: [tsvwg] Multiprotocol tunneling over UDP using AERO > > Hello, > > I am replaying a message below that was originally posted on the routing-discussion > list yesterday. Follow-up discussion was then posted in two additional messages. The > messages are here: > > http://www.ietf.org/mail-archive/web/routing-discussion/current/msg01949.html > http://www.ietf.org/mail-archive/web/routing-discussion/current/msg01950.html > http://www.ietf.org/mail-archive/web/routing-discussion/current/msg01951.html > > I am cross-posting to transport area and int area now, because there seems to be > an overlap of interests with respect to UDP tunneling that may transcend traditional > area boundaries. Original message appears below; please post comments to the lists. > > Thanks - Fred > fred.l.templin@boeing.com > > --- > > Hello, > > I am working on a spec for generic tunneling of any protocol over UDP, including > MPLS, GRE, IPsec, etc. The spec is called "AERO", and it includes: > > - an encapsulation format > - a fragmentation and reassembly capability for MTU mitigation > - a virtual link model > - a control messaging mechanism > - a routing and addressing system based on BGP > > https://datatracker.ietf.org/doc/draft-templin-aerolink/ > > I understand that there have been discussions regarding protocol-specific > GRE and MPLS encapsulations within UDP, but I would like to offer up AERO > as a protocol-independent way of accommodating UDP encapsulations. I > also believe the routing system and other aspects of AERO should be of > interest to the routing area. > > This work is derived from an earlier experimental RFC (RFC6706) which was > originally briefed to the routing area several years ago and published as an > AD-sponsored Individual Submission RFC. The current document can be > considered as a second edition of AERO, and the goal is to advance it to > standards track. Please send any comments or questions to the list. > > Thanks - Fred > fred.l.templin@boeing.com
- Multiprotocol tunneling over UDP using AERO Templin, Fred L
- RE: Multiprotocol tunneling over UDP using AERO Adrian Farrel
- RE: Multiprotocol tunneling over UDP using AERO Templin, Fred L
- Multiprotocol tunneling over UDP using AERO Templin, Fred L
- Re: Multiprotocol tunneling over UDP using AERO l.wood
- Re: [tsvwg] Multiprotocol tunneling over UDP usin… Tom Herbert
- RE: Multiprotocol tunneling over UDP using AERO Templin, Fred L
- RE: [tsvwg] Multiprotocol tunneling over UDP usin… Templin, Fred L
- RE: Multiprotocol tunneling over UDP using AERO Templin, Fred L