IETF Logo Mail Archive

Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-zero checksums

Tom Herbert <therbert@google.com> Fri, 02 May 2014 23:15 UTC

Return-Path: <therbert@google.com>
X-Original-To: tofoo@ietfa.amsl.com
Delivered-To: tofoo@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FD1E1A6FDE for <tofoo@ietfa.amsl.com>; Fri, 2 May 2014 16:15:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.03
X-Spam-Level:
X-Spam-Status: No, score=-2.03 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UM9_Mt7c2REa for <tofoo@ietfa.amsl.com>; Fri, 2 May 2014 16:15:35 -0700 (PDT)
Received: from mail-ig0-x231.google.com (mail-ig0-x231.google.com [IPv6:2607:f8b0:4001:c05::231]) by ietfa.amsl.com (Postfix) with ESMTP id 9FF881A6FD4 for <tofoo@ietf.org>; Fri, 2 May 2014 16:15:35 -0700 (PDT)
Received: by mail-ig0-f177.google.com with SMTP id l13so60093iga.10 for <tofoo@ietf.org>; Fri, 02 May 2014 16:15:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=vzryqxBQqYEhNy6m/3sEMl5HlIOmC2oqYHQaer421zM=; b=KfF7Qm8H+U9KrkB6ikeD5MPCjq1JiA5HQEjeVfU/6mHEt3HphOMPKde/yPawCX6FU2 KLtv3jAE3azXaJKMRmbC9LJNoZO/Zu3U7lr84+AnARefS8gnZ4+3qnCxD7m3IiuSDyaz LHdzw017gd694uONzv+Dr3cfkGmBJDCDDxSwHm61Yo8KpvIp+8dwzSR5wyLpJP4paO7Y lXm1jyyIhsTBGM6InnlSjF9QvbhuvdBnX8GWCYhZxzGC2DlFYiF76+zMilCFIopwg3e4 ER4YItWCgK6oFfTc0Nor+Wd2DEjYsnsRV/ChCckiNNiqo5A8ghyipKZ2UdB6S5wqswCp 5XyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=vzryqxBQqYEhNy6m/3sEMl5HlIOmC2oqYHQaer421zM=; b=cvfZdkNZxYzEf8Grr3aMz0mPZtyMTUWIGqsNLOZAD3R0vLNrN1QIXyEWAkMw7vMu3u OzINfkMDGPYxExTXKBpml6H/knK1AfMID1J78vLcDiijJkUaZitXTaqAvW/gX4S9t0T9 tiIOcoYm3ZZK8AoUfxnKKfBAWnAhVu4dqEUQ4fZRjWUW0TdTFAr1TFInuuI0s5B323Im zheGqEM1qTsDowD2T5HFKtR+HIuI4F1pKuJPuZwh4uSd5KI59Xjhq32FswRZ5xxD/pVh zH3cwu0fgbuJmGQAVEmxqimI4w1GITHVf4WL8bNDxjOhIhzTFthnw1Vdoc7/nStiTgco z6jQ==
X-Gm-Message-State: ALoCoQkLrFXriZtjptA2iyWJUTvp/DkJnrOJE+unqfDOy+zii79xHMhuy12582WVJrLBDlf9tF9R
MIME-Version: 1.0
X-Received: by 10.43.59.82 with SMTP id wn18mr19896014icb.6.1399072532931; Fri, 02 May 2014 16:15:32 -0700 (PDT)
Received: by 10.64.148.98 with HTTP; Fri, 2 May 2014 16:15:32 -0700 (PDT)
In-Reply-To: <53642009.6000805@isi.edu>
References: <CA+mtBx8+OyN5UUsL-sS1AuPF69p6=T3kw4Mq-BogjQhEF-Cpsw@mail.gmail.com> <CAC8QAccqYygAZrX=P1S7Av4KXtU82RWANv=BAaKjYm=hDH0hAA@mail.gmail.com> <CA+mtBx9YfBtizy+a1Wi+z5isYQ7AtLm_Hevx7U66U8HS8u_6LQ@mail.gmail.com> <CAC8QAcdXLbdVw3FYcdqSg163_w76ThYXuK3M9-vvw_wx5d52_Q@mail.gmail.com> <5362ACA5.1030102@isi.edu> <CAC8QAcfi=CEc_a43R1ZgidtmdjGL2G4C_+PPj-uDCMkZ+aheuw@mail.gmail.com> <5362AFBB.6080008@isi.edu> <CA+mtBx8G6kBzOiKP2r7W3i1JV43A8feg8Xqbo6t1Kfhj3jwpJA@mail.gmail.com> <5362B7E4.8060809@isi.edu> <CA+mtBx8hLyvQ+3Bs9cFjGPV0dWtK+TDO+J6Mg_gLtgxHECiCRw@mail.gmail.com> <53641B46.5000200@isi.edu> <CA+mtBx-3on5jyEteRnNLAb6Pv5n6y2UkHUdKCnbmJDMk6yrKFQ@mail.gmail.com> <53642009.6000805@isi.edu>
Date: Fri, 02 May 2014 16:15:32 -0700
Message-ID: <CA+mtBx_DXxr-nHExc+Rxg8VDTU-3Eszv9o5oOqKHsQX9A6__Hw@mail.gmail.com>
From: Tom Herbert <therbert@google.com>
To: Joe Touch <touch@isi.edu>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tofoo/BqfK3imMyP3R4FbCCMKr9w_wjYM
Cc: "tofoo@ietf.org" <tofoo@ietf.org>, sarikaya@ieee.org, "nvo3@ietf.org" <nvo3@ietf.org>, "mallik_mahalingam@yahoo.com" <mallik_mahalingam@yahoo.com>, "ddutt.ietf@hobbesdutt.com" <ddutt.ietf@hobbesdutt.com>
Subject: Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-zero checksums
X-BeenThere: tofoo@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for Tunneling over Foo \(with\)in IP networks \(TOFOO\)." <tofoo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tofoo>, <mailto:tofoo-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tofoo/>
List-Post: <mailto:tofoo@ietf.org>
List-Help: <mailto:tofoo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tofoo>, <mailto:tofoo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 May 2014 23:15:37 -0000

> I think your objection may be that you don't think we can assume that
> zero-checksum packets arrive at VXLAN, because of how RFC1122 is worded.
No, I expect zero checksums will be the common case.

> However, RFC768 permits zero-checksum packets as valid and useful to the
> upper layer, so I interpret RFC 1122 as saying "the app might be able to
> configure UDP to discard zero-checksum packets", but if it doesn't, those
> packets already will end up at the application.
>
My interpretation of the VXLAN draft precludes the possibility of an
implementation being able to reject received zero-checksums even as a
configuration option, or even for select senders. So if we receive a
zero checksum from a sender that we know has not disabled checksums,
per the draft we need to accept even though we know this is a
corrupted packet. This may not break the standard, but it doesn't seem
robust either. Is my interpretation correct?

My core concern in all of this is still whether the vni in VXLAN in
being adequately protected against corruption (this would apply to
other encapsulation protocols that carry vni also). The integrity of
the vni is paramount in supporting the isolation requirements of
network virtualization.

Thanks,
Tom






> Joe

v2.23.0 | Report a Bug | By Email