Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-zero checksums

[Joe Touch <touch@isi.edu>]

On 5/2/2014 3:34 PM, Tom Herbert wrote:
> On Fri, May 2, 2014 at 3:25 PM, Joe Touch <touch@isi.edu> wrote:
>>
>>
>>
>> On 5/2/2014 2:34 PM, Tom Herbert wrote:
>> ...
>>>
>>>             VXLAN draft also breaks this by making accepting packets with
>>>
>>>          zero checksums a MUST.
>>>
>>>      That's not "breaking" anything; VXLAN is - to UDP - an application.
>>>
>>> Perhaps not, but making it a MUST in the encapsulation protocol
>>> definition to always accept UDP packets with zero checksums seems a bit
>>> austere. For instance, if I know within my deployment that all senders
>>> are configured to use checksums, then receiving a packet with zero
>>> checksum should be considered an invalid packet.
>>
>>
>> Sorry if I'm missing something here - this started with the following, from draft-mahalingam-dutt-dcops-vxlan-09, which focuses on the non-zero checksum case:
>>
>>
>> "When a decapsulating endpoint receives a packet with a non-zero
>> checksum it MAY choose to verify the checksum"
>>
>> The point is that this is NOT an option. If the UDP checksum is nonzero, it MUST be validated.
>>
>> (this isn't open to interpretation; if you want to have VXLAN accept non-zero checksums that are invalid, then you are not compliant with what few standards the Internet has)
>>
> I am referring to:
>
> "When a packet is received with a UDP checksum of zero, it MUST be
> accepted for decapsulation."

That is a completely valid choice w.r.t. RFCs 1122 and 768.

1122 is the most specific on these points:

             A host MUST implement the facility to generate and validate
             UDP checksums.  An application MAY optionally be able to
             control whether a UDP checksum will be generated, but it
             MUST default to checksumming on.

             If a UDP datagram is received with a checksum that is non-
             zero and invalid, UDP MUST silently discard the datagram.
             An application MAY optionally be able to control whether UDP
             datagrams without checksums should be discarded or passed to
             the application.

The "application" here is VXLAN. So you can say that VXLAN SHOULD set 
the UDP checksum to zero, but you cannot say that it MUST (because 
app-layer control is a MAY).

When receiving nonzero invalid checksums, you cannot say that VLXAN will 
process those packets, because UDP MUST silently discard them.

When receiving zero checksums, you cannot say that VXLAN MUST NOT see 
them, because app-layer control of discard is optional.

----

I think your objection may be that you don't think we can assume that 
zero-checksum packets arrive at VXLAN, because of how RFC1122 is worded. 
However, RFC768 permits zero-checksum packets as valid and useful to the 
upper layer, so I interpret RFC 1122 as saying "the app might be able to 
configure UDP to discard zero-checksum packets", but if it doesn't, 
those packets already will end up at the application.

Joe