Re: [tcpm] draft-eggert-tcpm-historicize-00

Joe Touch <touch@isi.edu> Fri, 25 June 2010 18:37 UTC

Return-Path: <touch@isi.edu>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 206C53A67E7 for <tcpm@core3.amsl.com>; Fri, 25 Jun 2010 11:37:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GKZy4MAnJETE for <tcpm@core3.amsl.com>; Fri, 25 Jun 2010 11:37:51 -0700 (PDT)
Received: from nitro.isi.edu (nitro.isi.edu [128.9.208.207]) by core3.amsl.com (Postfix) with ESMTP id 0B1AB28C0E2 for <tcpm@ietf.org>; Fri, 25 Jun 2010 11:37:40 -0700 (PDT)
Received: from [75.212.178.160] (160.sub-75-212-178.myvzw.com [75.212.178.160]) (authenticated bits=0) by nitro.isi.edu (8.13.8/8.13.8) with ESMTP id o5PIam9m009893 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 25 Jun 2010 11:36:59 -0700 (PDT)
Message-ID: <4C24F73F.9060402@isi.edu>
Date: Fri, 25 Jun 2010 11:36:47 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Thunderbird 2.0.0.24 (Windows/20100228)
MIME-Version: 1.0
To: "Scheffenegger, Richard" <rs@netapp.com>
References: <20100609151532.8E75E28C0D0@core3.amsl.com><33D3BDE9-7E8D-4DF0-B8D5-BFFC66CF9C99@nokia.com><2262C708-DF9A-4DD9-9378-D84C5AF330AC@nokia.com><C304DB494AC0C04C87C6A6E2FF5603DB48105A5A82@NDJSSCC01.ndc.nasa.gov> <0C53DCFB700D144284A584F54711EC580A0CE306@xmb-sjc-21c.amer.cisco.com> <5FDC413D5FA246468C200652D63E627A0935F804@LDCMVEXC1-PRD.hq.netapp.com>
In-Reply-To: <5FDC413D5FA246468C200652D63E627A0935F804@LDCMVEXC1-PRD.hq.netapp.com>
X-Enigmail-Version: 0.96.0
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigB5024D45892739B0F7102730"
X-MailScanner-ID: o5PIam9m009893
X-ISI-4-69-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: tcpm@ietf.org, "Anantha Ramaiah \(ananth\)" <ananth@cisco.com>, "Biswas, Anumita" <Anumita.Biswas@netapp.com>
Subject: Re: [tcpm] draft-eggert-tcpm-historicize-00
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jun 2010 18:37:53 -0000

Richard,

Scheffenegger, Richard wrote:
> Anantha,
> 
> I think for purposes of documenting "legacy" implementations, the
> RFC1146 would still be valid.
> 
> I will try to define the goal of that recent proposal again, at least as
> far as I understand this, so that we are all on the same page here.
> 
> Our expirience has shown, that TCP often runs over links with much
> higher error rates, than intended for the technology (ie. Design goal of
> BER <= 1E-12 over Ethernet often has an actual BER >> 1E-12). If such
> error-prone links are running at a high speed and with large segment
> sizes (jumbo / giant frames), there exists the real problem that within
> a short timeframe (weeks to months), TCP will deliver corrupted data, as
> CRC-16 was not able to catch the error.

Just to confirm, is this a measured problem or a mathematical one? I.e., have
you seen this actually occur (i.e., TCP with invalid CRC-16 but valid checksum)
in the wild, in a lab, or have you never seen it but consider it important anyway?

> From my point of view, I understood the recent discussions around
> RFC1146 in such a way, that for the intended purpose, which is to
> provide a stronger payload checksum (equivalent to SCTP levels), a new
> option would be required rather than reusing the alternate checksum
> option. The reasoning is that currently deployed gear, especially NAT /
> PAT gateways - which have to re-calculate the TCP Checksum as the
> Pseudo-Header is changed - might know about the originally defined
> alternate checksum algorithms, but not the new ones.

NATs would recalculate the TCP checksum, which, for packets using alternate
checksums as per 1146, would remain valid. The NAT would destroy the alternate
checksum, though, since it is defined by 1146 over the pseudoheader and TCP
header, so any changes to IP addresses or ports would result in an incorrect
alternate checksum unless corrected by the NAT (which is, as you note, unlikely).

So no matter how you proceed, you're better off with RFC 1146's version of how
the existing checksum field is calculated. (your current proposal puts part of
the new checksum in the TCP header field, which the NAT would interpret as
invalid and drop). Which means you're calculating TWO checksums for every packet
- the current one (which the NAT will update), and the new (alternate) one
(which NATs won't/can't update).

> Furthermore, RFC1146 specifically requires the Pseudo Header to be
> included - which one wouldn't want to do if only payload CRC is
> required.

Agreed.

> Providing a Payload-only CRC (ie. as the first TCP option), would enable
> the transparent forwarding of such a new option by NAT/PAT gateways
> without any problems.

TCP options are not ordered. Their processing may be suggested, when defining
how the option interacts with other options, e.g.

> Of course, if RFC1146 could be extended to include algorithms which
> actually "violate" some of the specs of it, but maintain using the same
> TCP options with a new algorithm codepoint, that would be fine with me.

That would involve writing two docs (IMO):
	- one specifying a new algorithm you'd like to use
	- one specifying an alternate way to calculate the alt-cs value
	as a change to RFC1146

These are, in effect, two different issues.

> But this would probably ask for a new RFC obsoliting RFC1146 anyway (in
> effect making it again historic :) ).

It doesn't need to obsolete 1146; it does need to explain how an implementer
knows the difference between just a new algorithm and a different way to compute
it (i.e., over different data bits). That might be by redefining the codes so
that some codes mean "skip the header" and others don't, etc. The group would
need to discuss this as a legacy issue.

An interesting question is why you care that the payload doesn't get
accidentally altered, but you don't care if the port or address does (and you
don't notice), though.

Joe

>> -----Original Message-----
>> From: Anantha Ramaiah (ananth) [mailto:ananth@cisco.com] 
>> Sent: Donnerstag, 24. Juni 2010 20:17
>> To: Eddy, Wesley M. (GRC-MS00)[ASRC AEROSPACE CORP]; Lars 
>> Eggert; tcpm@ietf.org
>> Subject: Re: [tcpm] draft-eggert-tcpm-historicize-00
>>
>> I have already communicated earlier that the TCP alternate 
>> checksum option needs to be removed from this list. Reason 
>> being it is still being used and there are proposals out 
>> there that is trying to make use of this option. Other than 
>> that point I am fine with this draft moving forward.
>>
>> -Anantha
>> _______________________________________________
>> tcpm mailing list
>> tcpm@ietf.org
>> https://www.ietf.org/mailman/listinfo/tcpm
>>
> _______________________________________________
> tcpm mailing list
> tcpm@ietf.org
> https://www.ietf.org/mailman/listinfo/tcpm