IETF Logo Mail Archive

Re: [Spud] Putting Network-Layer Information in the Network Layer

Tom Herbert <tom@herbertland.com> Fri, 10 July 2015 22:22 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 742061A0019 for <spud@ietfa.amsl.com>; Fri, 10 Jul 2015 15:22:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UJi83cGPaUPV for <spud@ietfa.amsl.com>; Fri, 10 Jul 2015 15:22:29 -0700 (PDT)
Received: from mail-ie0-f178.google.com (mail-ie0-f178.google.com [209.85.223.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BC5E1A00C0 for <spud@ietf.org>; Fri, 10 Jul 2015 15:19:54 -0700 (PDT)
Received: by iebmu5 with SMTP id mu5so204324610ieb.1 for <spud@ietf.org>; Fri, 10 Jul 2015 15:19:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=4WoZZ1ohgGJFxtTePkAN9+Ku7T2lfA4ilUaWkIO9OcQ=; b=hmdrJH73VT4ZONiJrK0XYCbnQUoUePnGZ7caXKxqsXE7525w3ADwYdQ5Rf2Uy3QLMg 5OPFEyuT93IVmCWzd8NIS2Cwp0sANr3VSkBd1y6j0XvZiwHT0/hM9SE6Cy6zNyk7Ntg8 4SITY02GpPRbOaT7ExUGhE+yZo9mycEcvBCwGfrQpG4Ln6D0rI2ODr8i8207bRovVK5o uIaqdF9ESgpJEw8zZkNRoUPL/3TDIDadnQkUgMRw4z/0pS16Fgx554IeQBJC9RXrz1JR Zz8eg+vis6HK3U0PixGTv6FuOJ8V5zK3sAWco+woQKjogGdZoweEbvXyeojEu/CKcgPY HIQA==
X-Gm-Message-State: ALoCoQkNJX+eTnPBE0lfAQ2QpHzU2ewbufZg6fjv3VuNMB5dzrgl5lZGuac3LUoaj82pMnvB0IZf
MIME-Version: 1.0
X-Received: by 10.107.9.142 with SMTP id 14mr8411485ioj.142.1436566793659; Fri, 10 Jul 2015 15:19:53 -0700 (PDT)
Received: by 10.107.142.86 with HTTP; Fri, 10 Jul 2015 15:19:53 -0700 (PDT)
In-Reply-To: <55A03CCC.1060904@isi.edu>
References: <176C39DB-16F3-4E46-9A1D-22290A38FBA6@tik.ee.ethz.ch> <CALx6S37Eo6eAE4GTkAWGe+w0ZhDHyuMym7+txgjai5GRw+pgiQ@mail.gmail.com> <7158BF85-8731-40A0-9920-36D21D73D7F2@trammell.ch> <CALx6S37w1J=v48gFCH18E-3UZyfC28_d_LTuKjC5VHtXC0eu2Q@mail.gmail.com> <5A64B99E-89C5-4D5C-BFF2-C5F0C25EC35D@trammell.ch> <559D8301.2020604@isi.edu> <006C9182-7352-4086-AF18-785AEFD44979@trammell.ch> <559EB134.2090905@isi.edu> <CB3FEFD0-1FE0-49D4-A650-349218ABD00A@trammell.ch> <559FFD93.8010307@isi.edu> <20150710204514.GA23837@cisco.com> <55A03CCC.1060904@isi.edu>
Date: Fri, 10 Jul 2015 15:19:53 -0700
Message-ID: <CALx6S34QT3ffis3Sq9+RQJ1H5Ve_cMwbMyBSrXv_KSfzSvwPJA@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
To: Joe Touch <touch@isi.edu>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/tnlOxZ-NitDFDHw0eeCs0Dzwp5M>
Cc: Brian Trammell <ietf@trammell.ch>, Toerless Eckert <eckert@cisco.com>, =?UTF-8?Q?Mirja_K=C3=BChlewind?= <mirja.kuehlewind@tik.ee.ethz.ch>, spud@ietf.org
Subject: Re: [Spud] Putting Network-Layer Information in the Network Layer
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jul 2015 22:22:31 -0000

On Fri, Jul 10, 2015 at 2:44 PM, Joe Touch <touch@isi.edu> wrote:
> +1, for somewhat different reasons, notably the problem deploying new IP
> options and layer separation.
>
> This really hints that UDP isn't quite sufficient without its own
> options. There seems only one place to do this - using the UDP length
> field.
>
> E.g., let's say you have a 1500B IP packet with a 20B IP header, leaving
> 1480 for UDP. But instead of saying that UDP's Length is 1280, we say
> it's 1400; in that case, the last 80 bytes could be used as a 'trailer
> option area'.
>
You get UDP data on a UDP socket, so 1400 bytes is returned. Returning
the extra bytes would be a simple kernel and API change (at least in
Linux). Besides that, I imagine that HW vendors probably want the
options to be in the headers due to the HW limitations of packet
processing.

> This is somewhat like UDP-lite, except that instead of declaring the
> length to indicate "checksum coverage", it would just indicate the UDP
> payload vs. extended header, and it would use the existing UDP protocol
> number (17) rather than that of UDPlite (136).
>
> ---
> The reason why this mechanism can use the current UDP protocol number is
> that we're not changing the semantics of UDP or the length of the data
> delivered to the application vs. the existing UDP length field.
>
> Because we're still assuming that the UDP checksum covers only the
> length indicated in the UDP header, there should be no inconsistency
> with "mismatching pseudoheaders" - I think. I'll check with the UDPlite
> crowd (unless any are already on this list - Gorry?)
> ---

IIRC there was a proposal to contort the UDP checksum to become
something closer to a UDP-lite checksum. The idea was to indicate this
mode by setting a UDP length less than 8, and inferring the actual
length of the UDP payload from the IP total length. Conceptually, this
same hack could be used to add options to UDP.

>
> I'm still not convinced it's safe, though. It would not be covered by
> the UDP checksum. I have no idea whether existing stacks would handle it
> correctly (i.e., ignoring the extra bytes) vs. shortening the IP packet
> to make the lengths match.
>
> NOTE: this appears valid per RFC1122 and RFC768, but I haven't tried it
> to see whether it makes various OSes blow up yet...
>
> Hmmm.
>
> Joe
>
> On 7/10/2015 1:45 PM, Toerless Eckert wrote:
>> IMHO, IP options do not get us anywhere.
>>
>> I want a solution that works against the lowest common denominator
>> of APIs for applications that i have across not only platfornms,
>> but also application development environments. I have UDP APIs on
>> a lot more SDKs that UDP + IP options. I bet if i looked, i wouldn't
>> find IP optoins in a lot of interpreted language SDKs.
>>
>> Even if supported by language SDK, its an OS issue whether IP optoins
>> are supported. I remember that some investigation for a project we did
>> 2? years back now resulted in us finding that at C level system APIs,
>> android for example was not supporting IP router alert for a UDP socket
>> for IPv6, even though it supported it for IPv4 (i hope i remember these
>> details correctly). And its just one example.
>>
>> If all of this stuff is fine, i am totally not persuaded that IP
>> options are going to be accepted by network operators. There is no
>> way to guarantee to a network operator that packets with IP options are
>> NOT punted and cause performance impacts.
>>
>> We went through this exercise with ECN, and still haven't moved ahead.
>> After 10 years or so. Where is the stealth data-collection facility in
>> eg: firefox that tries randomn ECN flows not only to see whether they
>> pass through, but also checking latency & jitter to validate that
>> these ECN packets where not punted in routers when they did pass through ?
>>
>> I am not saying we shouldn't have a glorified plan for STUN that ALSO
>> includes the architecture for doing it correctly for the
>> 1980's Internet architecture, but please lets not make this plan A.
>>
>> The Internet architecture has evolved on so many fronts. Can we not
>> learn in the network/transport layer structure too how to get the
>> best solutions for reality ?
>>
>> Just saying.
>>
>> Toerless
>>
>> On Fri, Jul 10, 2015 at 10:14:59AM -0700, Joe Touch wrote:
>>> Hi, Brian,
>>>
>>> On 7/10/2015 3:44 AM, Brian Trammell wrote:
>>>>
>>>>> On 09 Jul 2015, at 19:36, Joe Touch <touch@isi.edu> wrote:
>>> ...
>>>>> IPv4 options can be jumped over in one step using the IHL field.
>>>>
>>>> yes, |set| = 1.
>>>
>>> Well, it's actually also because the offset is in the default header and
>>> nowhere else. The number of options varies, as does the length of many
>>> options.
>>>
>>>>> There's
>>>>> no such field for IPv6 - routers have to walk the chain of headers one
>>>>> by one.
>>>>
>>>> Right. It seems to me the way out of this (which is not just a
>>>> problem for boxes that want to muck about in transport protocols, but
>>>> ones thatwant to properly process hop by hop options) would be to
>>>> define a new(small) set of IPv6 options headers that themselves would
>>>> (1) not be combinable and (2) have a fixed length, allowing the
>>>> next-header field to be _treated_ in constant time / with relatively
>>>> few gates as the IHL field.
>>>
>>> There are several hurdles, not the least of which is that the length of
>>> HBH options can change in transit.
>>>
>>> You don't really need a fixed length to solve this, or even a fixed set.
>>> The options can even be mutable.
>>>
>>> What you really need is a "jump to transport" header that comes before
>>> all the others, and that is maintained by any device that adds, deletes,
>>> or changes the length of an option.
>>>
>>> The real problem there isn't doing that; its knowing whether you've
>>> traversed a router that obeys those rules without dropping packets at
>>> routers that don't. That would kill IPv6.
>>>
>>>> I haven't followed 6man, though I presume this approach or
>>>> approaches like it have been discussed there ad nauseam.
>>>
>>> See above.
>>>
>>>> The fixed-lengthness of these new v6 options headers would make them
>>>> problematic for freely extensible options, though one could use these
>>>> to stick common fast path options in the "fixed" point of the header,
>>>> and otherwise point to space elsewhere in the packet for things that
>>>> can happen slowly. You eat the cost of following pointers and doing
>>>> the more expensive deframing only if you need to in this case.
>>>
>>> The real issue, AFIACT, is detecting the behavior of legacy devices that
>>> wouldn't know to follow these rules - without having them drop the
>>> packet because it is an unknown option (i.e., you can set "drop if
>>> unknown", but that would be bad; if you don't set that bit, then you
>>> can''t detect when changes occur easily).
>>>
>>>>>>> I suspect you'll find that IP options are basically a non-starter except
>>>>>>> for research purposes.
>>>>>>
>>>>>> For the story on the v4 side, do you know of anything newer than
>>>>>> Fonseca et al "IP Options are Not and Option" (tech report version at
>>>>>> http://www.eecs.berkeley.edu/Pubs/TechRpts/2005/EECS-2005-24.pdf)? It's
>>>>>> ten years old -- but given where the engineering effort has gone during
>>>>>> that decade, I doubt strongly much has changed here.
>>>>>
>>>>> Not much. Those old studies have been used in other WGs to drive
>>>>> documents (IMO, unfortunately).
>>>>
>>>> I've been thinking about whether it would be worth the effort to do
>>>> an updated IP options transparency study.
>>>
>>> The IETF has a persistent problem with extensibility. Vendors don't make
>>> money supporting capabilities not in current use, but that ossifies the
>>> protocols badly.
>>>
>>> Joe
>>>
>>> _______________________________________________
>>> Spud mailing list
>>> Spud@ietf.org
>>> https://www.ietf.org/mailman/listinfo/spud

v2.8.7 | Report a Bug | By Email