Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-zero checksums
Joe Touch <touch@isi.edu> Sat, 03 May 2014 04:07 UTC
Return-Path: <touch@isi.edu>
X-Original-To: tofoo@ietfa.amsl.com
Delivered-To: tofoo@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21DCA1A000A; Fri, 2 May 2014 21:07:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RiV1cXZLsaUT; Fri, 2 May 2014 21:07:35 -0700 (PDT)
Received: from darkstar.isi.edu (darkstar.isi.edu [128.9.128.127]) by ietfa.amsl.com (Postfix) with ESMTP id 1B08A1A0004; Fri, 2 May 2014 21:07:35 -0700 (PDT)
Received: from [192.168.1.93] (pool-71-105-87-112.lsanca.dsl-w.verizon.net [71.105.87.112]) (authenticated bits=0) by darkstar.isi.edu (8.13.8/8.13.8) with ESMTP id s43478Tf005500 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 2 May 2014 21:07:15 -0700 (PDT)
Message-ID: <53646B6D.9050203@isi.edu>
Date: Fri, 02 May 2014 21:07:09 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Tom Herbert <therbert@google.com>
References: <CA+mtBx8+OyN5UUsL-sS1AuPF69p6=T3kw4Mq-BogjQhEF-Cpsw@mail.gmail.com> <CAC8QAccqYygAZrX=P1S7Av4KXtU82RWANv=BAaKjYm=hDH0hAA@mail.gmail.com> <CA+mtBx9YfBtizy+a1Wi+z5isYQ7AtLm_Hevx7U66U8HS8u_6LQ@mail.gmail.com> <CAC8QAcdXLbdVw3FYcdqSg163_w76ThYXuK3M9-vvw_wx5d52_Q@mail.gmail.com> <5362ACA5.1030102@isi.edu> <CAC8QAcfi=CEc_a43R1ZgidtmdjGL2G4C_+PPj-uDCMkZ+aheuw@mail.gmail.com> <5362AFBB.6080008@isi.edu> <CA+mtBx8G6kBzOiKP2r7W3i1JV43A8feg8Xqbo6t1Kfhj3jwpJA@mail.gmail.com> <5362B7E4.8060809@isi.edu> <CA+mtBx8hLyvQ+3Bs9cFjGPV0dWtK+TDO+J6Mg_gLtgxHECiCRw@mail.gmail.com> <53641B46.5000200@isi.edu> <CA+mtBx-3on5jyEteRnNLAb6Pv5n6y2UkHUdKCnbmJDMk6yrKFQ@mail.gmail.com> <53642009.6000805@isi.edu> <CA+mtBx_DXxr-nHExc+Rxg8VDTU-3Eszv9o5oOqKHsQX9A6__Hw@mail.gmail.com> <5364310E.5010306@isi.edu> <CA+mtBx97Xf9D3FcJx-ggQmzXcnFoDEGUQmG4toAGd0Y9BgfsPg@mail.gmail.com>
In-Reply-To: <CA+mtBx97Xf9D3FcJx-ggQmzXcnFoDEGUQmG4toAGd0Y9BgfsPg@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/tofoo/nA9v4wd3slujmVHlGpzOc4ry4oM
Cc: "tofoo@ietf.org" <tofoo@ietf.org>, sarikaya@ieee.org, "nvo3@ietf.org" <nvo3@ietf.org>, "mallik_mahalingam@yahoo.com" <mallik_mahalingam@yahoo.com>, "ddutt.ietf@hobbesdutt.com" <ddutt.ietf@hobbesdutt.com>
Subject: Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-zero checksums
X-BeenThere: tofoo@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for Tunneling over Foo \(with\)in IP networks \(TOFOO\)." <tofoo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tofoo>, <mailto:tofoo-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tofoo/>
List-Post: <mailto:tofoo@ietf.org>
List-Help: <mailto:tofoo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tofoo>, <mailto:tofoo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 May 2014 04:07:37 -0000
On 5/2/2014 6:47 PM, Tom Herbert wrote: >> I don't know how you can make this claim. >> >> You don't know it's a corrupted packet - esp. because it's highly unlikely >> that the checksum would be zero'd solely by corruption. What you know - at >> best - is that the source decided to send a zero-checksum packet. >> > Factually, I only know that I received a packet with checksum of zero, > not that one want sent. If I have external information that says the > sender has not disabled checksums then something must have gone awry. Absolutely. Let's assume you follow the VXLAN draft. In that case: The UDP checksum field SHOULD be transmitted as zero. When a packet is received with a UDP checksum of zero, it MUST be accepted for decapsulation. The proposed spec says that the source can either enable or disable the checksum (SHOULD doesn't mean MUST). It says nothing about tracking whether the source has disabled zero checksum. It's very clear that when you get a zero checksum, you should accept it. If you want to track things the way you're proposing, then you need to update that draft. --- However, the case you're proposing is bizarre - it would happen only if the endpoint said one thing and did another. It *could* happen from an error, but that's unlikely. So let's say it DID happen - and that the spec says to check (which it currently doesn't). You then have conflicting info - on one hand, the endpoint said it would not zero the checksum, and on the other hand it did. So what do you do? You can treat *EITHER* the packet or the info about the endpoint as incorrect - and you have *no* information that tells you which. You want to treat the packet as an error, but the info you have about the endpoint is equally suspect. IMO, this is a case that's useless to consider in the spec; at that point, you're have no reason to trust anything you know about that endpoint at all, and you might as well cut it off completely -- regardless of what it sends. > This is not just the rare case of corrupted checksum value, but > unfortunately zero is the likely value if the sender is not properly > setting the checksum. Protocol specs are not designed to address or avoid all implementation errors. Your protocol ought to care whether the checksum is zero - or not care. The current draft doesn't care. > Since the checksum is always zeroed in the > packet before computation, there are many opportunities for bugs in > drivers, stacks, and HW where the checksum is not actually written > correctly (especially possible in presence of TSO and checksum offload > in NICs)-- in this case packets may be sent incorrectly with a > checksum of zero. If you want to prevent your protocol from being susceptible to this kind of implementation error, you need to change the spec so you always drop packets when the checksum is zero. However, checksum errors aren't there to find implementation errors; they're there to find transmission or copying errors. > This condition could be difficult to detect since > everything might otherwise appear okay. I would take this into > consideration when contemplating use of zero checksums. This discussion wasn't about zero checksums, but if that's what you want to discuss, here's my view: - allow zero checksums when you don't care about checksums - if you care about checksums, don't allow zero checksums Anything else, esp. per endpoint, is madness, IMO. The use of checksums ought to depend on whether you care about the errors they find - not the failure modes that might generate zero checksums. Joe
- [Tofoo] VXLAN (UDP tunnel protocols) and non-zero… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Gorry Fairhurst
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Behcet Sarikaya
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Behcet Sarikaya
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Larry Kreeger (kreeger)
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Larry Kreeger (kreeger)
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] [nvo3] VXLAN (UDP tunnel protocols) a… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Larry Kreeger (kreeger)
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Joe Touch
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Behcet Sarikaya
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Joe Touch
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Behcet Sarikaya
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Joe Touch
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Stewart Bryant
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Joe Touch
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Joe Touch
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Joe Touch
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Joe Touch