IETF Logo Mail Archive

Re: [Softwires] Checksum neutrality and L4-protocol independence

Maoke <fibrib@gmail.com> Tue, 14 February 2012 11:09 UTC

Return-Path: <fibrib@gmail.com>
X-Original-To: softwires@ietfa.amsl.com
Delivered-To: softwires@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8FA621F87AB for <softwires@ietfa.amsl.com>; Tue, 14 Feb 2012 03:09:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.315
X-Spam-Level:
X-Spam-Status: No, score=-3.315 tagged_above=-999 required=5 tests=[AWL=-0.017, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1N2Y907PgHRf for <softwires@ietfa.amsl.com>; Tue, 14 Feb 2012 03:09:15 -0800 (PST)
Received: from mail-qw0-f51.google.com (mail-qw0-f51.google.com [209.85.216.51]) by ietfa.amsl.com (Postfix) with ESMTP id 5F66921F8729 for <softwires@ietf.org>; Tue, 14 Feb 2012 03:09:15 -0800 (PST)
Received: by qan41 with SMTP id 41so184181qan.10 for <softwires@ietf.org>; Tue, 14 Feb 2012 03:09:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=E1hMRS0ppIzGEEWzTNz2y+j7k+ch9wqmeX1O7aVw4w0=; b=frLNKDHIulHQlpo4k5pTP+WEzbowrXIr/R7mDDmHMrndVI6bmTyxh+mYcB+T/0EUuP rnJbiR9iGzYcLpczZdmrJpQv9NKwfJf9PKcoN7dQ/PwZmYuIyGjexdOm7MZfiazhk2S9 T6SQnfZ8Dabbir/2u2Hx4K64mWCoFOJIIyrZI=
MIME-Version: 1.0
Received: by 10.229.137.76 with SMTP id v12mr12156344qct.61.1329217754694; Tue, 14 Feb 2012 03:09:14 -0800 (PST)
Received: by 10.229.11.144 with HTTP; Tue, 14 Feb 2012 03:09:14 -0800 (PST)
In-Reply-To: <C38B2AD1-08F1-4ECD-8ADB-AE88BC34A0B9@laposte.net>
References: <B140D6B2-1B19-43D7-9B63-6BEA83CEB164@juniper.net> <3AAD65F3-5169-49B7-9698-E820EF419B35@employees.org> <53ACB4FC-988F-443C-A936-1CA5B13180EB@free.fr> <C694D7DC-2F98-434F-8123-751E2C1A98D0@employees.org> <081C7074-F5E2-46B7-B2C8-E033F3E5BC15@laposte.net> <B94D39A0-CA66-4AE6-BDC5-E4DFA2D47BEC@employees.org> <A8A6FDA2-0FFC-44D2-BEDF-29FB012D3113@laposte.net> <4749FAFA-A522-4795-9B8A-9AA4B030E075@employees.org> <C38B2AD1-08F1-4ECD-8ADB-AE88BC34A0B9@laposte.net>
Date: Tue, 14 Feb 2012 20:09:14 +0900
Message-ID: <CAFUBMqW+RrHKYJbgLBSbm3RebQWcr6oMZRcCwbv3_QR13MLV1Q@mail.gmail.com>
From: Maoke <fibrib@gmail.com>
To: Rémi Després <despres.remi@laposte.net>
Content-Type: multipart/alternative; boundary="00235452ea7019038804b8eaa0ef"
Cc: Softwires WG <softwires@ietf.org>
Subject: Re: [Softwires] Checksum neutrality and L4-protocol independence
X-BeenThere: softwires@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: softwires wg discussion list <softwires.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/softwires>, <mailto:softwires-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/softwires>
List-Post: <mailto:softwires@ietf.org>
List-Help: <mailto:softwires-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/softwires>, <mailto:softwires-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2012 11:09:17 -0000

Remi, Ole, and others,

sorry but i follow this quite late due to recent busy work. i would like to
share some of my understandings to this issue.

2012/2/6 Rémi Després <despres.remi@laposte.net>

>
> Le 2012-02-05 à 10:05, Ole Trøan a écrit :
> ...
> >>> any A+P solution requires support for L4 protocols to extract ports.
> >>> L4 checksum rewrite, as well as port extraction will have to be
> supported for all new L4 protocols.
> >>> the L4 checksum rewrite approach can work with any checksum algorithm.
> >>> that said, do we really think NAT44s will be upgraded to support any
> new L4?
> >>
> >> Imagine a variant of the SCTP of RFC4960 is introduced where the
> TCP-like checksum MAY be used to facilitate its deployment, say SCTP-bis
> (not a bad idea IMHO, but here just a hypothesis to answer your point).
> >> => 4rd-H would be compatible with it without any evolution; RFC6145
> would need an upgrade to support it.
>

i understand that Remi's concern is, RFC6145 left an "OPTIONAL" for the
support of the DCCP checksum. this "OPTIONAL" may impact as 1) for the
single translation, DCCP checksum check might fail in the alien protocol
family; 2) for the double translation, there is a risk that the
sender-translator has done the L4 checksum rewrite while the receiver side
doesn't, and thus the DCCP checksum transparency is voilated. the same
concern is applicable for the SCTP, if someday TCP-fashion checksum is
applied too.

if the both sides consistently do not do L4 checksum-rewriting for DCCP,
there is no problem for the end-to-end communication but only the boxes in
IPv6 domains, if they check the L4 checksum to approve the packet
integrity, might drop packets with wrong checksum. it could be a
recommendation if RFC6145 would make the L4 checksum rewriting fixed for
any protocols or make an emphasis on the consistency in configuration,
(i.e., OPTIONAL in the term of domain operation rather than in the term of
equipment making/configuration).


> >>
> >> Upgrading NAT44s to support this SCTP-bis would be trivial (ports as
> the same place as usual can be mapped as usual.
> >
> > my point is that MAP is L4 aware anyway, and has to be modified to
> support any new transport protocol. since code modifications have to be
> made, then having a checksum neutral function at the network layer doesn't
> help much. you still need to change code. L4 rewrite is also more flexible
> in that it will support _any_ checksum algorithm, and most importantly is
> already implemented in every node.
>
> Thus, you continue to negate that 4rd-U would support without any change a
> protocol such as, for example, a SCTP variant using TCP-like checksum
> instead of its CRC32c checksum.
>
> This negation is AFAIK based on a lack of understanding:
> - UDP, TCP, DCCP, SCTP have the same places for port their fields, but
> have their own places for their checksum fields.
> - A solution based on L4 checksum adjustment MUST know _for each protocol_
> where checksum fields are placed.
> - A solution based on checksum neutrality of IPv6 addresses doesn't need
> to know where checksum fields are placed.
> - For address sharing, knowing places of port fields is sufficient.
>

however, dear Remi, the problem is, even we have the checksum neutrality in
address scheme, there are still some problems need to concern:
1) ICMPv6 checksum contains pseudo-header like TCP while ICMPv4 doesn't and
therefore the checksum rewrite is anyway needed for ICMP; we cannot ensure
that future L4 procotols may definitely have the same checksum as in TCP.
2) in the environment where single translation is also envolved (either
stateless or stateful), L4 checksum rewriting is a MUST because sometimes
there is only one address of the (src, dst)-pair following the
checksum-neutral address scheme. (this is mentioned in RFC6052, giving up
to enforce the checksum-neutrality in the address format, to my knowledge).


therefore, even it is possible that the address scheme could support
checksum neutrallity, the equipment designer must anyway make the module
for L4 rewrite for any well-known L4 protocol (and fortunately it is not a
big coding at all). i understand Ole has the same opinion: as we anyway
have it, we don't need it in the address scheme standard (but it could be a
recommendation for the operators to enable the address-level checksum
neutrality, put in either prefix or interface id, through the address
assignment, in order to help any L4 protocol when its TCP-flavor checksum
rewrite happens not to be considered/implemented).

cheers,
maoke


>
> I added Dan as destination of this mail, hoping to have his comment.
>
> RD
>
>
> _______________________________________________
> Softwires mailing list
> Softwires@ietf.org
> https://www.ietf.org/mailman/listinfo/softwires
>

v2.23.0 | Report a Bug | By Email