IETF Logo Mail Archive

Re: [Softwires] MAP-T issue - UDP packets with zero checksum

"Poscic, Kristian (Nokia - US)" <kristian.poscic@nokia.com> Fri, 04 November 2022 16:19 UTC

Return-Path: <kristian.poscic@nokia.com>
X-Original-To: softwires@ietfa.amsl.com
Delivered-To: softwires@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26D6DC1527A1 for <softwires@ietfa.amsl.com>; Fri, 4 Nov 2022 09:19:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.478
X-Spam-Level:
X-Spam-Status: No, score=-7.478 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N95EYv_mM5CW for <softwires@ietfa.amsl.com>; Fri, 4 Nov 2022 09:19:33 -0700 (PDT)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2122.outbound.protection.outlook.com [40.107.223.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14B6DC14F607 for <softwires@ietf.org>; Fri, 4 Nov 2022 09:19:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jLXghgpyp+Xk/B6pbIuFHRaC1szkoWdCu616RaJRLa6rSwOTnorZjgQr7+qXPW29+aaJG76YSjA15JoH7sBIaxgPTbX2BSNfiUjfH2nNWacUKwzx8A7znk6/PVvrytPO5TnrZXVtXkLW59BMg4OACG3QMbtZ4W4hzIXyju0b6U/P6AVOxMg7PGuJOzsBL2un6Cweka9Bzt0m75SDSacQaJjQzujAh4HXV+0pkqYztZWBvM3zz+HIPsXzAkqIXMJH4RdrSxSLBPVNmZwxV4yJ8TrwYtGeYIoNlJXMeyEh3IsK6FRc7vupUdUplUj5XN2hL/sht5G/yMUmvwSu3z2nhA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Z+faojGDupAHqJh5S3drsmyPSNMjEsG4F6YAuj/RQzc=; b=ASteMKcEtjgnyfzeJljNj4az1lmJzpJCbBb3B+OLaLaS1z3qbgfN8aUF63A9i3Ys33eeaCqDIXIeDlEm89xy5T94gVdDoTBWOFEd1Ia8SG4zkPIFl971iN1b3WM86XPVntId62KhsgxansjRyl+Ez5HPbLBSpPYcmppyRqzHK7FwG848mR+dm8GEz4VmZs4F7r9Ul0C9SwhoF+GdsJHBP+W9YewfzhMloQTHHrfnynfOO0dmIzT6OyzHAWCRuNp19kQxPp2G/mLvJhE3q5CXl62DzjlpKU0C9iosY/IqBz6ikVqj47PwEBv47bY1NkipaNUymI+ObLyp2CkHTsDWTg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Z+faojGDupAHqJh5S3drsmyPSNMjEsG4F6YAuj/RQzc=; b=jGO78FfyIYTWRORqJQgH07lX564lBBiWfgY9Xn4gbIoc3GCYhghwB3shkGGxERwM4PnlAOpoyUxP/t+3snh30EJahXrdpq9ambUR3ELYtaPKkJHJtemB77Perw9KTznm8rw+B6il+gWph5WVPa8umiddvYEYJCpBzTBEagmQZF4=
Received: from SA2PR08MB6521.namprd08.prod.outlook.com (2603:10b6:806:fa::20) by DM5PR08MB2940.namprd08.prod.outlook.com (2603:10b6:3:146::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5791.23; Fri, 4 Nov 2022 16:19:29 +0000
Received: from SA2PR08MB6521.namprd08.prod.outlook.com ([fe80::4f16:da53:a11a:48e9]) by SA2PR08MB6521.namprd08.prod.outlook.com ([fe80::4f16:da53:a11a:48e9%4]) with mapi id 15.20.5791.022; Fri, 4 Nov 2022 16:19:29 +0000
From: "Poscic, Kristian (Nokia - US)" <kristian.poscic@nokia.com>
To: "Gottlieb, Jordan J" <Jordan.Gottlieb@charter.com>, "Overcash, Michael (CCI-Atlanta)" <michael.overcash@cox.com>, "softwires@ietf.org" <softwires@ietf.org>
Thread-Topic: MAP-T issue - UDP packets with zero checksum
Thread-Index: AdjwUUmY0/et/yqoSIW1ZoK7abCNIwAFSeXgAACacrA=
Date: Fri, 04 Nov 2022 16:19:29 +0000
Message-ID: <SA2PR08MB6521E712618525A7A703E846ED3B9@SA2PR08MB6521.namprd08.prod.outlook.com>
References: <BN0PR01MB6845514B7AA311E72CF066DD9F3B9@BN0PR01MB6845.prod.exchangelabs.com> <e574a7b999c246ea9391dc6399213c56@ncemexgp037.CORP.CHARTERCOM.com>
In-Reply-To: <e574a7b999c246ea9391dc6399213c56@ncemexgp037.CORP.CHARTERCOM.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nokia.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA2PR08MB6521:EE_|DM5PR08MB2940:EE_
x-ms-office365-filtering-correlation-id: 76944d94-1e2c-4419-3df3-08dabe8059a5
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Eon5YmaCroVjpqRzD2iCfcC8Xo4EFP1V+/zBDt2Hj0zYvt+4+099y8nqV7FZOKjUJ2IADlIIOSNSlONIRAmOQ0hyy84enjA/Wk9+BkSZ7NAG6/8iNii1dvKUCfTGKEPdmST1D/QJ0hu6cSP+nWM4DFVrZdiiPsAabMiWdfFf6AqwaGAtI2zlZLCHqW4adt9+KTFfuD6DeGyXnVZj1cEsmnhBsVE/wajP2evRDUAMqUbjfaSmWrwC8Kbu42c/+QIbhB460P1w+doqXzxILmUIBX+R0zoTYqYe8EDBKlk8LDhVRbXjfpmOBt0hHZgrTK7KeKSu9JH3qJfISK3lDo8rcf0YcQ6FGZ717X+XemD2sk+udyKss6cMamlU62CJ5fK1GurDyTwaCBHKsBxxCuhbLXmbpMR5hCJ1BYiMvLK/DeYQvspY3AMukzg+H5w+UKaLu5vbsMRcSxZk4Wp9KA/Ih4hwvW/7CV1LsTLxzMn8lAKYuYkvOhWTP3nMjDJNqktoOLcyVw9QfnejN48I0PfZX35Bxvjmii+XVF5MRYVl3VUZbirTgLHtwANuoBxyRkyCzXAnwItNRAYl9fqundIqKxiDVFOKnqU/Ef4saAqwQJCOr8TmQ3h2HkhdOWB5pGa/YEdxby8lkjGqHDZv3vvWNh3HBNo9M8eoBXcjTuXzosLOmYghVcSIkzM24yFBmMqO2Kd4w7hV+jF0mPoRYMpOYB42PrVpQwwcX2UwGne+G77oQCDXVw8ZmkC/EhBQ5HkyiZ/Wiz7BboX6IlDumfXCtA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA2PR08MB6521.namprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(396003)(366004)(39860400002)(376002)(346002)(136003)(451199015)(33656002)(40140700001)(86362001)(99936003)(122000001)(38070700005)(5660300002)(8936002)(2906002)(186003)(26005)(9686003)(82960400001)(38100700002)(66446008)(316002)(41300700001)(110136005)(8676002)(76116006)(52536014)(66556008)(64756008)(66946007)(66476007)(55016003)(7696005)(6506007)(53546011)(478600001)(71200400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: p00c8AgE1P4JnI1FgyzMTuSbFAHSlHN+iQRq/qEAsmOIzo3N5tkn3qhb5/67/q/Tr7QLUM0Nx9NpXwDH2EbGoXIhsaItRMDISJEDQ5cXAg1N3d4z7ec38/fPRQSyz6MH3RcHzgU0rHKBIRuhE2GA/wqSXS4V/BA2cpWgI9jhp2UQ/JX2s3X69Oq0OiXFaoXzTOC/sYRRewHj2/6lEJIBGeI5Xjoi+ausWpWqVIsOf8/VKqoo5KsxfE8V3JlcXEYe4EFr9TbUujjR5yHxZO5Mp4GSkTls44FWC6Lg58Ah/rQu5FrjBLwubyzHLhq2HExjUaUX+/ZKF4svLBHfIOYdFhJ05dUjofZonzYo4eTMYrGxcMAgKSBsnSowp5ldeK5ewIl6HSgCTvpK4KPO22FmqVJwg3aMGZwAFrQjuMZvuZKvRsm0PzUWWJLQTg+Y9E+J+bxDkSP1n8oY417toOcgcQY5JPFoEPJK5PMNNXOy9CGKexV8Iukd+ua784uI5y3sYOIriN60dErEwLYEhVXYy/xylcr5jZOD9k04WZ4aIShdpFtwlLw+NIA/HIeW6kA0hA0b1VE9WffSH+DrYZ567yrj7NMaa3TH+4jPbz1I8NnM2K1NQue6sBGuYTNXUWcq6PuP1WdHwO96MnjPzuYIqU5Xn+ucT3FKW+uUlp1EVtxLoI0tDkqi5I8VUEEwTdLY34tdqaJ79Bi5w7/pR21GNjSnzmMqfVvfn4TIa5+brtaV3X2ssEFV3MCjTpzwUDhXYoPGjYtywdUlhx+YBZx3Rxsqn8YK2XUIQwRC3pRrMYIrEtgdegDxyNUBJNIP+VPLDh01h5f7RKujsjlJ9Em75iqy3YnMcf0kyuN50aG/KXuDORORY6kll8sxSMt1rulhh0voiFFXTiHvoxflARV9/bSlI0kkfuUKPRrxGiexFTRmRNKzmY347A0/HGyUTza90CPDGZB1QUi2Fs5hK7aAlLEtHSgYaPXmBzOl/YNNeRvtMVfeBl9//8NNUrsqivNEqwgmaSxfnGOmr6jK4QvUCm2DJI8GYjBV2vdVmb/RR20FNwvZz01HeApVF6hBqrIIUur+XVtrcGT2sR0imFYSTGuuw7xmOGKHeeW/8FC2cwAOrgs1V/cjSUSnfcRC+vScglRMRTioe9gqQhk4keYaLpz03JWyShs3A/XVgHY++Y7LoSwHaerYuakz/yrQEFaVyefqWD6adXUF0cgUVGaZOE4Jd5DbM9l9SRwjmMZHqCxIUQYfC2Xnqzz496rjS1f77JVU1WCOMJy16uBLrTC0++D2PWcIRWgljWHTguJAJ3Jn7wbr9ElvQDuZPTvACWcVErxtV/sWigtsDS3E+rCYA18jhd0HMppwAsdJPNEAJKdPOjo6ivzxL9b7zfT2BnhmX6f6/7wpu/MXd9uA7fuE3vzid+syAycm0sTwr2fG/CbEnm/GoCTBaOoK4dvbJDtwxuzmJhhpWmuXJcq0Pliu184JmBVTUqcsI8lJIaSh4DlBtdRX9ep7W4ExLVdshZSYyDNNVtBvPSZcXlbIMJyVECSispijZJKTgO6L/9K5NkWqiMwZXjIMu3SLI0s0mxUzPxV9K+3Pp9TtxO0gGXtu1Q==
Content-Type: multipart/related; boundary="_004_SA2PR08MB6521E712618525A7A703E846ED3B9SA2PR08MB6521namp_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA2PR08MB6521.namprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 76944d94-1e2c-4419-3df3-08dabe8059a5
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Nov 2022 16:19:29.4970 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: cIq0SJVUpDqCxnmOVPIFfR+BbiSte5tDaLLDJQB4uyhelzthjCfOC3VQpqqAdFDmJp/IGAy6U4EfvHuFTj8cMHQKwVnh/vgOKFZRsmPMmpY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR08MB2940
Archived-At: <https://mailarchive.ietf.org/arch/msg/softwires/vHdfsPU8x754Ei-IfXgO8LYaqW0>
Subject: Re: [Softwires] MAP-T issue - UDP packets with zero checksum
X-BeenThere: softwires@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: softwires wg discussion list <softwires.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/softwires>, <mailto:softwires-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/softwires/>
List-Post: <mailto:softwires@ietf.org>
List-Help: <mailto:softwires-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/softwires>, <mailto:softwires-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Nov 2022 16:19:35 -0000

I agree with Jordan, that it should NOT be made a MUST.
In the extreme, someone can use this as attack so that BR does nothing but recalculates checksums.
Kris

From: Softwires <softwires-bounces@ietf.org> On Behalf Of Gottlieb, Jordan J
Sent: Friday, November 4, 2022 11:12 AM
To: Overcash, Michael (CCI-Atlanta) <michael.overcash@cox.com>; softwires@ietf.org
Subject: Re: [Softwires] MAP-T issue - UDP packets with zero checksum

Hi all,

I just to highlight that RFC6145 (a normative reference to RFC7599) which is obsoleted by RFC7915 covers this in detail.  They very appropriately have assigned a SHOULD on the calculation function of zero checksum IPv4 traffic.   I also want to point out that rfc6936 addresses tunneling protocol rather than a header translation based softwire and therefore should not be included as any kind of reference to RFC7599.

I am very much opposed to making it a MUST as it has significant performance implications on the BR.  It makes more sense on the CE for outgoing traffic as it has significant implications for IPv4-mapped IPv6 address traffic.

Sincerely,

Jordan

From: Softwires <softwires-bounces@ietf.org<mailto:softwires-bounces@ietf.org>> On Behalf Of Overcash, Michael (CCI-Atlanta)
Sent: Friday, November 4, 2022 7:44 AM
To: softwires@ietf.org<mailto:softwires@ietf.org>
Subject: [EXTERNAL] [Softwires] MAP-T issue - UDP packets with zero checksum

CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance.
Hi,

IPv4 packets are allowed to have a zero checksum, but IPv6 packets are not. The problem of tunnelling zero checksum IPv4 packets through IPv6 tunnels is described in RFC 6935.

Currently RFC 7599 doesn't address this issue, and as a result we've found that some existing BR and CE implementations don't handle zero checksum UDP IPv4 packets correctly.

I think it would be helpful to add RFC 6935 as a normative reference and add a new section 8.5 to discuss the issue. Something like the following would help:
8.5. UDP Checksum Considerations
IPv4 UDP packets arriving at the BR or CE are can have a checksum value of zero, indicating no checksum was calculated. Historically, a zero checksum value is not
permitted in IPv6 UDP datagrams, and some implementations will discard these packets. The MAP-T CE and BR MUST translate and forward zero checksum UDP
datagrams in both the IPv4 and IPv6 domains as described in [RFC6935].

The text above could use some wordsmithing, but hopefully you get the idea.

Michael Overcash
Principal Architect, Premises Technology
C 678.637.5649

[cid:image001.png@01D8F03F.4D177B20]

v2.23.0 | Report a Bug | By Email