Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-zero checksums
Behcet Sarikaya <sarikaya2012@gmail.com> Thu, 01 May 2014 20:30 UTC
Return-Path: <sarikaya2012@gmail.com>
X-Original-To: tofoo@ietfa.amsl.com
Delivered-To: tofoo@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21D411A6F62; Thu, 1 May 2014 13:30:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GubdFXRD00Hr; Thu, 1 May 2014 13:30:21 -0700 (PDT)
Received: from mail-lb0-x22c.google.com (mail-lb0-x22c.google.com [IPv6:2a00:1450:4010:c04::22c]) by ietfa.amsl.com (Postfix) with ESMTP id AA76F1A0974; Thu, 1 May 2014 13:30:20 -0700 (PDT)
Received: by mail-lb0-f172.google.com with SMTP id p9so2476097lbv.17 for <multiple recipients>; Thu, 01 May 2014 13:30:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=C2fokqfoMgm2zwBD/y9sHBi86kyCubGJg/Y+LhD+Lzc=; b=K8q+FaMr//bWSZbdZd/Ldzh/+R5W4PHo08kHQqYuXUEcASQjwzoDehKXl2V/jTUOpm gepeqPMkA5BKxAesKBLxRTCjea6DyqL1sYI44ZGOLEWOTgFsaXdC4Cp9nO22pxIvDB4F ciCzQ4BfUSxmhMJeN/zZSIwM/qvGwfoOIimRCi2Je1qA1hPlHeispd2jo+amqPj8a/5V 6sp4mwE33lxBeFNfNAiokIt1H/ADcPytuxGmI2Hj94rvleb28uNigXec3NdSsOFFnmJb jCbPXlaAzmbq3c9rEKYHqnrHOQOrQN361dP+pqPd/jqiKqe1cMNu4VNxcSDGfk4r18BN DXLw==
MIME-Version: 1.0
X-Received: by 10.112.35.202 with SMTP id k10mr8541373lbj.14.1398976218072; Thu, 01 May 2014 13:30:18 -0700 (PDT)
Received: by 10.114.70.165 with HTTP; Thu, 1 May 2014 13:30:18 -0700 (PDT)
In-Reply-To: <5362ACA5.1030102@isi.edu>
References: <CA+mtBx8+OyN5UUsL-sS1AuPF69p6=T3kw4Mq-BogjQhEF-Cpsw@mail.gmail.com> <CAC8QAccqYygAZrX=P1S7Av4KXtU82RWANv=BAaKjYm=hDH0hAA@mail.gmail.com> <CA+mtBx9YfBtizy+a1Wi+z5isYQ7AtLm_Hevx7U66U8HS8u_6LQ@mail.gmail.com> <CAC8QAcdXLbdVw3FYcdqSg163_w76ThYXuK3M9-vvw_wx5d52_Q@mail.gmail.com> <5362ACA5.1030102@isi.edu>
Date: Thu, 01 May 2014 15:30:18 -0500
Message-ID: <CAC8QAcfi=CEc_a43R1ZgidtmdjGL2G4C_+PPj-uDCMkZ+aheuw@mail.gmail.com>
From: Behcet Sarikaya <sarikaya2012@gmail.com>
To: Joe Touch <touch@isi.edu>
Content-Type: multipart/alternative; boundary="001a11c36bb2870cb204f85c8868"
Archived-At: http://mailarchive.ietf.org/arch/msg/tofoo/VJgeIocZZ6fd_QEs1g4AeoNunXo
Cc: "tofoo@ietf.org" <tofoo@ietf.org>, "nvo3@ietf.org" <nvo3@ietf.org>, ddutt.ietf@hobbesdutt.com, mallik_mahalingam@yahoo.com, Tom Herbert <therbert@google.com>
Subject: Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-zero checksums
X-BeenThere: tofoo@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: sarikaya@ieee.org
List-Id: "Discussion list for Tunneling over Foo \(with\)in IP networks \(TOFOO\)." <tofoo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tofoo>, <mailto:tofoo-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tofoo/>
List-Post: <mailto:tofoo@ietf.org>
List-Help: <mailto:tofoo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tofoo>, <mailto:tofoo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 May 2014 20:30:22 -0000
On Thu, May 1, 2014 at 3:20 PM, Joe Touch <touch@isi.edu> wrote: > > > On 4/30/2014 2:23 PM, Behcet Sarikaya wrote: > >> Here is what VXLAN says on tunneled traffic: >> >> Tunneled traffic over the IP network can be secured with traditional >> security mechanisms like IPsec that authenticate and optionally >> encrypt VXLAN traffic. This will, of course, need to be coupled with >> an authentication infrastructure for authorized endpoints to obtain >> and distribute credentials. >> >> Based on this, UDP checksum text seems to be consistent, no? >> > > No; the UDP checksum is not for authetication. It is an error check. > > The only party that can decide to make the UDP checksum optional when > using IPv4 is the source - by inserting zero. > > It's not the receiver's choice to ignore that checksum if it's not zero. > That's where this doc breaks the current standards. > > The important point in the above text that I quoted was encryption being optional not about authentication. So checksum would be zero if the payload is encrypted and non-zero if it is not not and both cases are possible. Behcet > Joe >
- [Tofoo] VXLAN (UDP tunnel protocols) and non-zero… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Gorry Fairhurst
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Behcet Sarikaya
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Behcet Sarikaya
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Larry Kreeger (kreeger)
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Larry Kreeger (kreeger)
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] [nvo3] VXLAN (UDP tunnel protocols) a… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Larry Kreeger (kreeger)
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Joe Touch
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Behcet Sarikaya
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Joe Touch
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Behcet Sarikaya
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Joe Touch
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Stewart Bryant
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Joe Touch
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Joe Touch
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Joe Touch
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Joe Touch