IETF Logo Mail Archive

Re: [spring] C-SIDs and upper layer checksums (draft-ietf-spring-srv6-srh-compression)

Joel Halpern <jmh@joelhalpern.com> Fri, 05 April 2024 14:26 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEF4DC169422 for <spring@ietfa.amsl.com>; Fri, 5 Apr 2024 07:26:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qCH8YN3Mad6w for <spring@ietfa.amsl.com>; Fri, 5 Apr 2024 07:26:49 -0700 (PDT)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CB6DC1519A8 for <spring@ietf.org>; Fri, 5 Apr 2024 07:26:49 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 4VB15P18sRz6G7qx; Fri, 5 Apr 2024 07:26:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1712327209; bh=i3AuttgWTOu52sb0QErbsH/wxcHSA3UkWITfeDwn/e4=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=JZLwUrobhf/vDrcQwagws2xWb8ELu9pw/4Y+ukF0xY7jnpl86UQFkgZG08DnULUpk N3jH+YgJYA5y0yv7zC1FqPB3P1dhcDDoMZ4KDgoVTLjX0+bkxeptMxHIdtlAo8TyCf rBo9r5NjoiS2XMGiURC1/tlzUS9zsG/Y5T+JbKQg=
X-Quarantine-ID: <hmV2ex6LuSOL>
X-Virus-Scanned: Debian amavisd-new at a2.tigertech.net
Received: from [192.168.22.20] (unknown [50.233.136.230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 4VB15M6GyCz6G7YP; Fri, 5 Apr 2024 07:26:47 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------BH2w300kWyR1Q0oFmAJBVqOY"
Message-ID: <ffdf030d-0988-4b39-b400-0e7744503d02@joelhalpern.com>
Date: Fri, 05 Apr 2024 10:26:43 -0400
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Francois Clad <fclad.ietf@gmail.com>
Cc: spring@ietf.org
References: <4V9T74452Sz1nsk5@mailb2.tigertech.net> <548b1fbc-8106-40c0-aced-bc1f92bdf415@nokia.com> <c931f0af-8a98-4b61-bf19-44bffe29de7c@joelhalpern.com> <CAHT6gR_Ey4DGhyvZr_dfThPEe1SwFN++PfGFnJ=Edw91qv+S=A@mail.gmail.com>
Content-Language: en-US
From: Joel Halpern <jmh@joelhalpern.com>
In-Reply-To: <CAHT6gR_Ey4DGhyvZr_dfThPEe1SwFN++PfGFnJ=Edw91qv+S=A@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/5D6hZIFpmPIgeiPKQRVosbv43uo>
Subject: Re: [spring] C-SIDs and upper layer checksums (draft-ietf-spring-srv6-srh-compression)
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2024 14:26:54 -0000

<No Hats.>

I think I understand your description.  At base, I think you are arguing 
that a compresssed container should be understood to be a representation 
of a segment list.  As a corollary of that, you are saying that the text 
in 9.1 means that a host in an SRv6 domain must not have explicitly 
configured uSID containers as destination addresses (either in config 
files, in manually entered destinations, or from DNS resolution>)  And 
that 9.1 is sufficiently clear that users or admins will not be 
surprised by failures?

Yours,

Joel

On 4/5/2024 4:02 AM, Francois Clad wrote:
> Hi Joel,
>
> The current text of section 9.1 says:
>
> "When pinging a SID of this document without a segment list, the SR 
> source node places the SID in the destination address of the ICMPv6 
> echo request and MUST set the Argument of the SID to 0. [...]"
>
> "When pinging a SID of this document via a segment list, the SR source 
> node MUST construct the IPv6 packet as described in Section 6 and 
> compute the ICMPv6 checksum as described in Section 6.5.”
>
> It seems to me that the two cases are explicitly spelled out.
>
> If I understand correctly, the system that you are referring to is 
> steering traffic onto a segment list. Diagnostic packets should thus 
> be handled in the same way (2nd case above). From a user perspective, 
> the diagnostic tools (e.g., ping) are used with a compressed SRv6 
> SID-list in the same that they are used with any other SRv6 SID-list.
>
> Cheers,
> Francois
>
> On 4 Apr 2024 at 23:17:53, Joel Halpern <jmh@joelhalpern.com> wrote:
>> <No Hats>
>>
>> A uSID container is a list of destination.  It can  e specified as a DA
>> without an SRH.  If I had a sysstme which was using that, and I was
>> having trouble, trying a ping with the uSID container as the DA would
>> seem to be an obvious diagnostic.   If we want to tell folks they cabn't
>> do that, it seems like we need to say so. The existing text Francois
>> points to seems too vague to expect folks to understand the limitation
>> (assuming there is such a limitation.)
>>
>> Yours,
>>
>> Joel
>>
>> On 4/4/2024 2:47 PM, Martin Vigoureux (Nokia) wrote:
>>> Joel,
>>>
>>> do you mean specifying the sid *list* as the DA?
>>>
>>> -m
>>>
>>> Le 2024-04-04 à 19:26, jmh.direct a écrit :
>>> >
>>> > CAUTION:This is an external email. Please be very careful when
>>> > clicking links or opening attachments. See the URL nok.it/ext 
>>> <http://nok.it/ext> for
>>> > additional information.
>>> >
>>> > So you can't ping a uSID list by just specifying the uSID as the DA?
>>> > Yours,
>>> > Joel
>>> >
>>> >
>>> >
>>> > Sent via the Samsung Galaxy S20 FE 5G, an AT&T 5G smartphone
>>> >
>>> >
>>> > -------- Original message --------
>>> > From: Francois Clad <fclad.ietf@gmail.com>
>>> > Date: 4/4/24 1:10 PM (GMT-05:00)
>>> > To: Joel Halpern <jmh.direct@joelhalpern.com>
>>> > Cc: SPRING WG List <spring@ietf.org>, Robert Raszuk
>>> > <robert@raszuk.net>, Andrew Alston - IETF <andrew-ietf@liquid.tech>
>>> > Subject: Re: [spring] C-SIDs and upper layer checksums
>>> > (draft-ietf-spring-srv6-srh-compression)
>>> >
>>> > Hi Joel,
>>> >
>>> > One can ping a SID of this document without a segment list by simply
>>> > running the ping command with that SID as an argument (2nd paragraph
>>> > of section 9.1).
>>> >
>>> > To ping a SID of this document via a SID list, one needs to configure
>>> > the originator node to impose that SID list, like any other SRv6 SID
>>> > list.
>>> >
>>> > Hope this helps.
>>> >
>>> > Cheers,
>>> > Francois
>>> >
>>> >
>>> > On 4 Apr 2024 at 16:29:11, Joel Halpern <jmh.direct@joelhalpern.com
>>> > <mailto:jmh.direct@joelhalpern.com>> wrote:
>>> >>
>>> >> <No Hats>
>>> >>
>>> >> It seems that the text you quote requires that the ping code or
>>> >> kernel code know that the user has specified a uSID for the ping
>>> >> DA.   Maybe I am missing something, but it is not obvious to me how
>>> >> that would be achieved? And does seem to imply that an unmodified
>>> >> ping will get incompatible and unexpected results?
>>> >>
>>> >> Yours,
>>> >>
>>> >> Joel
>>> >>
>>> >> On 4/4/2024 10:23 AM, Francois Clad wrote:
>>> >>> Hi Joel,
>>> >>>
>>> >>> The ping behavior is described in section 9.1 of the draft
>>> >>> 
>>> (https://www.ietf.org/archive/id/draft-ietf-spring-srv6-srh-compression-14.html#section-9.1).
>>> >>>
>>> >>> Specifically,
>>> >>> "When pinging a SID of this document via a segment list, the SR
>>> >>> source node MUST construct the IPv6 packet as described in Section
>>> >>> 6 and compute the ICMPv6 checksum as described in Section 6.5."
>>> >>>
>>> >>> Please let me know if anything in this text is not clear.
>>> >>>
>>> >>> Thanks,
>>> >>> Francois
>>> >>>
>>> >>> On 4 Apr 2024 at 16:10:11, Joel Halpern
>>> >>> <jmh.direct@joelhalpern.com> wrote:
>>> >>>>
>>> >>>> <No Hat>
>>> >>>>
>>> >>>> Does this mean that if I have a source and destiantion host inside
>>> >>>> an SRv6 domain, and I am trying to verify a uSID path between
>>> >>>> them, so I issue the command ping <usUD-DA>, it will fail?  Given
>>> >>>> that we have documents describing the use of ping and traceroute
>>> >>>> with SRv6, shouldn't the comrpession document say someething about
>>> >>>> this?
>>> >>>>
>>> >>>> Your,s
>>> >>>>
>>> >>>> Joel
>>> >>>>
>>> >>>> On 4/4/2024 9:59 AM, Francois Clad wrote:
>>> >>>>> Hi Andrew,
>>> >>>>>
>>> >>>>> The originator (TX Linux box in your case) acting as an SR source
>>> >>>>> node for C-SID must follow the entire Section 6 of
>>> >>>>> draft-ietf-spring-srv6-srh-compression, including section 6.5
>>> >>>>> about the checksum calculation. One cannot expect it to work if
>>> >>>>> it only implements half of it.
>>> >>>>>
>>> >>>>> On the receive side, there is nothing special to do. The DA in
>>> >>>>> the received IPv6 header is the one that was used for the
>>> >>>>> checksum calculation.
>>> >>>>>
>>> >>>>> I do not see anything broken.
>>> >>>>>
>>> >>>>> Cheers,
>>> >>>>> Francois
>>> >>>>>
>>> >>>>> On 4 Apr 2024 at 15:32:12, Andrew Alston - IETF
>>> >>>>> <andrew-ietf@liquid.tech> wrote:
>>> >>>>>>
>>> >>>>>> So in investgiating this further, there is a further problem.
>>> >>>>>>
>>> >>>>>> I’ve checked on 4 different linux boxes with 4 different network
>>> >>>>>> cards.
>>> >>>>>>
>>> >>>>>> Linux by default offloads TX checksumming on a lot of network
>>> >>>>>> cards. If you originate a packet with a microsid and no SRH –
>>> >>>>>> and the linux box offloads the checksum generation – the
>>> >>>>>> checksum generated by the NIC will be incorrect – and when the
>>> >>>>>> packet arrives at the end host – if that end host is running RX
>>> >>>>>> checksumming – the checksum will fail and the packet will be
>>> >>>>>> dropped.
>>> >>>>>>
>>> >>>>>> If you disable TX checksumming – the kernel will have no way to
>>> >>>>>> tell if the packet is an Ipv6 or a microsid packet, it will
>>> >>>>>> therefore use the DA – and generate an incorrect checksum.
>>> >>>>>> Again – if RX checksumming is enabled on the receiving end point
>>> >>>>>> – the packet will get dropped.
>>> >>>>>>
>>> >>>>>> Effectively this does NOT just affect middle boxes – it effects
>>> >>>>>> anything generating a packet directed to a microsid that either
>>> >>>>>> offloads the tx to hardware (whichi will have no clue this is a
>>> >>>>>> microsid) or in the alternative is generating tx checksums
>>> >>>>>> itself via kernel mechanisms that will treat these packets as
>>> >>>>>> standard Ipv6 packets.
>>> >>>>>>
>>> >>>>>> This is broken – severely broken.
>>> >>>>>>
>>> >>>>>> Andrew
>>> >>>>>>
>>> >>>>>> *
>>> >>>>>> *
>>> >>>>>>
>>> >>>>>> *
>>> >>>>>>
>>> >>>>>> Internal All Employees
>>> >>>>>>
>>> >>>>>> From: *spring <spring-bounces@ietf.org> on behalf of Francois
>>> >>>>>> Clad <fclad.ietf@gmail.com>
>>> >>>>>> *Date: *Thursday, 4 April 2024 at 14:49
>>> >>>>>> *To: *Joel Halpern <jmh.direct@joelhalpern.com>
>>> >>>>>> *Cc: *SPRING WG List <spring@ietf.org>, Robert Raszuk
>>> >>>>>> <robert@raszuk.net>
>>> >>>>>> *Subject: *Re: [spring] C-SIDs and upper layer checksums
>>> >>>>>> (draft-ietf-spring-srv6-srh-compression)
>>> >>>>>>
>>> >>>>>>
>>> >>>>>>
>>> >>>>>> Some people who received this message don't often get email from
>>> >>>>>> fclad.ietf@gmail.com. Learn why this is important
>>> >>>>>> <https://aka.ms/LearnAboutSenderIdentification>
>>> >>>>>>
>>> >>>>>>
>>> >>>>>>
>>> >>>>>> CAUTION: This email has originated from a free email service
>>> >>>>>> commonly used for personal email services, please be guided
>>> >>>>>> accordingly especially if this email is asking to click links or
>>> >>>>>> share information.
>>> >>>>>>
>>> >>>>>> Hi all,
>>> >>>>>>
>>> >>>>>> Section 6.5 of draft-ietf-spring-srv6-srh-compression specifies
>>> >>>>>> how an SR source node originating a packet with an upper layer
>>> >>>>>> checksum determines the Destination Address for use in the IPv6
>>> >>>>>> pseudo-header.
>>> >>>>>>
>>> >>>>>> As a co-author, I’d say that the current text of 6.5 is good.
>>> >>>>>>
>>> >>>>>> This text is aligned with RFC 8200. It only indicates how the
>>> >>>>>> text in Section 8.1 of RFC 8200 applies to the SIDs of
>>> >>>>>> draft-ietf-spring-srv6-srh-compression. This is necessary since
>>> >>>>>> RFC 8200 does not specify the format nor behavior of any source
>>> >>>>>> routing scheme.
>>> >>>>>>
>>> >>>>>> Thanks,
>>> >>>>>>
>>> >>>>>> Francois
>>> >>>>>>
>>> >>>>>> On 4 Apr 2024 at 00:10:55, Joel Halpern
>>> >>>>>> <jmh.direct@joelhalpern.com> wrote:
>>> >>>>>>
>>> >>>>>>     I can not speak to the "norm" for other working groups.  The
>>> >>>>>> SPRING charter is very specific about what we have to do if we
>>> >>>>>>     want to change an underlying protocol.  We have to go back to
>>> >>>>>>     the WG which owns that protocol.
>>> >>>>>>
>>> >>>>>>     6man gets to decide if the change is acceptable, and if it is
>>> >>>>>> acceptable how it is to be represented.  SPRINGs job is to
>>> >>>>>>     make sure we are asking the question we intend.
>>> >>>>>>
>>> >>>>>> Yours,
>>> >>>>>>
>>> >>>>>>     Joel
>>> >>>>>>
>>> >>>>>>     On 4/3/2024 6:05 PM, Robert Raszuk wrote:
>>> >>>>>>
>>> >>>>>> Ok Joel,
>>> >>>>>>
>>> >>>>>> Thank you for this clarification.
>>> >>>>>>
>>> >>>>>> To me the actual spirit of RFC8200 8.1 is to say that it
>>> >>>>>> is ok to compute the checksum by the src such that it
>>> >>>>>> comes out right at the final destination.
>>> >>>>>>
>>> >>>>>> But I guess we can have different opinions about that.
>>> >>>>>>
>>> >>>>>> But what I find specifically surprising here is that it is
>>> >>>>>>         a norm in IETF to have new specifications
>>> >>>>>> defining protocol extensions and their behaviour and never
>>> >>>>>> go back to the original protocol RFC to check if this is
>>> >>>>>> ok or not. If that would not be a normal process I bet we
>>> >>>>>> would still be using classful IPv4 routing all over the
>>> >>>>>> place.
>>> >>>>>>
>>> >>>>>> Regards,
>>> >>>>>>
>>> >>>>>> Robert
>>> >>>>>>
>>> >>>>>> On Wed, Apr 3, 2024 at 11:28 PM Joel Halpern
>>> >>>>>> <jmh@joelhalpern.com> wrote:
>>> >>>>>>
>>> >>>>>>             The concern with regard to the text that the chairs
>>> >>>>>>             are asking about is not about intermediate nodes
>>> >>>>>>             verifying the checksum.  The text does not talk 
>>> aabout
>>> >>>>>>             that, so we are not asking about that.
>>> >>>>>>
>>> >>>>>>             But, the text in 8200 specifies how the originating
>>> >>>>>>             node is to compute the upper layer checksum.  It
>>> >>>>>>             doesn't say "do whatever you need to do to make the
>>> >>>>>>             destination come out right".  It provides specific
>>> >>>>>>             instructions.  Yes, it is understandable that those
>>> >>>>>>             instructions do not cover the compressed container
>>> >>>>>>             cases.  Which is why the compression document
>>> >>>>>>             specifies changes to those procedures.
>>> >>>>>>
>>> >>>>>>             Thus, we need to ask 6man how they want to handle the
>>> >>>>>>             change in the instructions in 8200.
>>> >>>>>>
>>> >>>>>>             the question we are asking SPRING is whether there is
>>> >>>>>>             any clarification people want to the text in the
>>> >>>>>>             compression draft before we send the question over to
>>> >>>>>>             6man.
>>> >>>>>>
>>> >>>>>>             Yours,
>>> >>>>>>
>>> >>>>>>             Joel
>>> >>>>>>
>>> >>>>>>             On 4/3/2024 5:15 PM, Robert Raszuk wrote:
>>> >>>>>>
>>> >>>>>>                 Hi Joel,
>>> >>>>>>
>>> >>>>>>                 My interpretation of text from RFC8200 is that it
>>> >>>>>>                 allows discrepancy between the header and the
>>> >>>>>>                 upper layer checksum as long as final packet's
>>> >>>>>>                 destination sees the correct one.
>>> >>>>>>
>>> >>>>>>                 The last condition is met.
>>> >>>>>>
>>> >>>>>>                 So I see no issue.
>>> >>>>>>
>>> >>>>>>                 Sure RFC8200 does not talk about SRH nor cSIDs,
>>> >>>>>>                 but provides a hint on how to handle such future
>>> >>>>>>                 situations.
>>> >>>>>>
>>> >>>>>>                 With that being said I would like to still
>>> >>>>>>                 understand what real problem are we hitting here
>>> >>>>>> ...
>>> >>>>>>
>>> >>>>>>                 Kind regards,
>>> >>>>>>
>>> >>>>>>                 Robert
>>> >>>>>>
>>> >>>>>>                 On Wed, Apr 3, 2024 at 11:09 PM Joel Halpern
>>> >>>>>>                 <jmh@joelhalpern.com> wrote:
>>> >>>>>>
>>> >>>>>>                     There are two cases covered in section 6.5 of
>>> >>>>>>                     the compression draft that appear to be at
>>> >>>>>>                     variance with secton 8.1 of RFC 8200.
>>> >>>>>>
>>> >>>>>>                     First, if the final destination in the 
>>> routing
>>> >>>>>>                     header is a compressed container, then the
>>> >>>>>>                     ultimate destination address will not be the
>>> >>>>>>                     same as the final destination shown in the
>>> >>>>>>                     routing header.
>>> >>>>>>
>>> >>>>>>                     Second, if a uSID container is used as the
>>> >>>>>>                     destination address and no SRH is present,
>>> >>>>>>                     then in addition to the above problem 
>>> there is
>>> >>>>>>                     no routing header to trigger the behavior
>>> >>>>>>                     described.
>>> >>>>>>
>>> >>>>>>                     Yours,
>>> >>>>>>
>>> >>>>>>                     Joel
>>> >>>>>>
>>> >>>>>>                     On 4/3/2024 4:22 PM, Robert Raszuk wrote:
>>> >>>>>>
>>> >>>>>>                         Hi Alvaro,
>>> >>>>>>
>>> >>>>>>                             Section 6.5 of
>>> >>>>>> draft-ietf-spring-srv6-srh-compression
>>> >>>>>>                             describes the
>>> >>>>>>                             behavior when an originating node
>>> >>>>>>                             inside an SRv6 domain creates a
>>> >>>>>>                             packet with a C-SID as the final
>>> >>>>>>                             destination. _This description 
>>> differs
>>> >>>>>>                             from the text in Section 8.1 of
>>> >>>>>> RFC8200._
>>> >>>>>>
>>> >>>>>>                         I would like you to clarify the above
>>> >>>>>>                         statement - specifically of the last
>>> >>>>>>                         sentence.
>>> >>>>>>
>>> >>>>>>                         Reason for this that after looking at 
>>> both
>>> >>>>>>                         drafts I find section 6.5 of the subject
>>> >>>>>>                         draft to be exactly in line with RFC8200
>>> >>>>>>                         section 8.1 especially with the paragraf
>>> >>>>>>                         which says:
>>> >>>>>>
>>> >>>>>>                         *         If the IPv6 packet contains a
>>> >>>>>>                         Routing header, the Destination
>>> >>>>>>                                  Address used in the 
>>> pseudo-header
>>> >>>>>>                         is that of the final
>>> >>>>>>                                  destination.  At the originating
>>> >>>>>>                         node, that address will be in
>>> >>>>>>                                  the last element of the Routing
>>> >>>>>>                         header; at the recipient(s),
>>> >>>>>>                                  that address will be in the
>>> >>>>>>                         Destination Address field of the
>>> >>>>>>                                  IPv6 header.*
>>> >>>>>>
>>> >>>>>>                         So before we dive into solutions (as
>>> >>>>>>                         Andrew has already provided a few of) I
>>> >>>>>>                         think we should first agree on what
>>> >>>>>>                         precise problem are we solving here ?
>>> >>>>>>
>>> >>>>>>                         Many thx,
>>> >>>>>>
>>> >>>>>>                         Robert
>>> >>>>>>
>>> >>>>>>                         PS. As a side note I spoke with my
>>> >>>>>>                         hardware folks - just to check if
>>> >>>>>>                         validation of upper-layer checksum is 
>>> even
>>> >>>>>>                         an option for transit nodes. The 
>>> answer is
>>> >>>>>>                         NO as most data plane hardware can 
>>> read at
>>> >>>>>>                         most 256 bytes of packets. So unless 
>>> there
>>> >>>>>>                         is some specialized hardware 
>>> processing up
>>> >>>>>>                         to 9K packets in hardware at line rates
>>> >>>>>>                         this entire discussion about checksum
>>> >>>>>>                         violations, fears of firing appeals is
>>> >>>>>>                         just smoke.
>>> >>>>>>
>>> >>>>>> _______________________________________________
>>> >>>>>> spring mailing list
>>> >>>>>> spring@ietf.org
>>> >>>>>> https://www.ietf.org/mailman/listinfo/spring
>>> >>>>>>
>>> >
>>> > _______________________________________________
>>> > spring mailing list
>>> > spring@ietf.org
>>> > https://www.ietf.org/mailman/listinfo/spring
>>>
>>> _______________________________________________
>>> spring mailing list
>>> spring@ietf.org
>>> https://www.ietf.org/mailman/listinfo/spring
>>
>> _______________________________________________
>> spring mailing list
>> spring@ietf.org
>> https://www.ietf.org/mailman/listinfo/spring

v2.23.0 | Report a Bug | By Email