[Tofoo] VXLAN (UDP tunnel protocols) and non-zero checksums
Tom Herbert <therbert@google.com> Wed, 30 April 2014 19:02 UTC
Return-Path: <therbert@google.com>
X-Original-To: tofoo@ietfa.amsl.com
Delivered-To: tofoo@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3B811A8891 for <tofoo@ietfa.amsl.com>; Wed, 30 Apr 2014 12:02:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.03
X-Spam-Level:
X-Spam-Status: No, score=-2.03 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u5bRe9-OWHaB for <tofoo@ietfa.amsl.com>; Wed, 30 Apr 2014 12:02:24 -0700 (PDT)
Received: from mail-ig0-x231.google.com (mail-ig0-x231.google.com [IPv6:2607:f8b0:4001:c05::231]) by ietfa.amsl.com (Postfix) with ESMTP id EE82E1A8882 for <tofoo@ietf.org>; Wed, 30 Apr 2014 12:01:53 -0700 (PDT)
Received: by mail-ig0-f177.google.com with SMTP id h3so2277895igd.10 for <tofoo@ietf.org>; Wed, 30 Apr 2014 12:01:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=HNzHEgPtX+QvKxclLSbjfzhLKbx6Xb6eH4QrSBwW6S0=; b=Gb2yuBWb5wxfr6s7+qj65PUIUIq6Debo8rbQPA+vEXrauMz7K/EUouSZJyVpBZ2a4f cx4oJ0qJ0XoZkjsF/mejDkqmbYkrJqU9mU6IswxdpTlCv4ig+z5GN+KLXYVzO8JvT8s7 HueL3vHayXU4dXZp/Hcc5qYJJeReFVNXqHtae/M1x/5wum736QOMyTTBaODwHiN5rMwy q0sgkacvTtPp3zQXTG7JQdSr6xCB+qF0sMUFuOKBgE+qUUQcd70gua1jVObyR7mgsrW6 92p775x8iYMQn0J0PpgLAaXj0vFPsvES/274dMiBMsjjXXwu3BIoF5xBwoY5qC6A3mpk 46xQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=HNzHEgPtX+QvKxclLSbjfzhLKbx6Xb6eH4QrSBwW6S0=; b=IkDXmpMT1fPHG7FteI5/Z3/fWojOuauFGSZlvWbGXB0LQKDoyug+IES4Alv0lniSaz aSMGZrfK2Tlg8mcm042RLkwYvA2NkbhYAU4POJbYz9bZcpoyNiZEuThQRcctKI0JN/0g 1MgtEZbh1lOOJPQBdKBvDXAqW93L7CYu3uFCLCCs9BJn8Ix+mbNd0NuQTLMxm52IKwPM sSPZUdm+zrdNpC4Q/uEWJB59ZlUgDZ/F5hxo2Dn1fsONgrXDjAZBiAuM3PXDMgdkqvDg GYGUwxHoLiWmySqT+5sV4hwHyuzq2+zhxw04KzunEYclbtl/z9SRyL7Rne7x/MRcIB7t 5/7Q==
X-Gm-Message-State: ALoCoQnyPvPGE7xjovKCEXRPHP/FCUsAmBLrJ1EjgjG0jU22n94OHK0eUOjzyg76/T6FRjssR5x4Z2dBQqPBOUZRPuPVCAtu8RiGiPPqyPia39LPWUCJESMUWhdeEvLm6yqCBl3dPNYI0rdyGhLMj+Ujh1Uy5R30qh3VTBfw3HOzx6F182JqOXVdPyyjvIPWNlJuyFrC65Es
MIME-Version: 1.0
X-Received: by 10.43.151.7 with SMTP id kq7mr3846051icc.78.1398884512154; Wed, 30 Apr 2014 12:01:52 -0700 (PDT)
Received: by 10.64.148.98 with HTTP; Wed, 30 Apr 2014 12:01:52 -0700 (PDT)
Date: Wed, 30 Apr 2014 12:01:52 -0700
Message-ID: <CA+mtBx8+OyN5UUsL-sS1AuPF69p6=T3kw4Mq-BogjQhEF-Cpsw@mail.gmail.com>
From: Tom Herbert <therbert@google.com>
To: "nvo3@ietf.org" <nvo3@ietf.org>, "tofoo@ietf.org" <tofoo@ietf.org>, mallik_mahalingam@yahoo.com, ddutt.ietf@hobbesdutt.com
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tofoo/qoYGVp-hPdhg9cXdwe4HugwvIrs
Subject: [Tofoo] VXLAN (UDP tunnel protocols) and non-zero checksums
X-BeenThere: tofoo@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for Tunneling over Foo \(with\)in IP networks \(TOFOO\)." <tofoo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tofoo>, <mailto:tofoo-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tofoo/>
List-Post: <mailto:tofoo@ietf.org>
List-Help: <mailto:tofoo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tofoo>, <mailto:tofoo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Apr 2014 19:02:30 -0000
Hi, I noticed that the VXLAN draft allows an implementation to potentially ignore a non-zero invalid UDP checksum. From: http://tools.ietf.org/html/draft-mahalingam-dutt-dcops-vxlan-09 "When a decapsulating endpoint receives a packet with a non-zero checksum it MAY choose to verify the checksum" However, from RFC 1122: "If a UDP datagram is received with a checksum that is non-zero and invalid, UDP MUST silently discard the datagram." It doesn't seem like 1122 allows checksum verification to be optional, so these would seem to be a conflict. Presumably, ignoring the RX csum is included for performance but since the sender can already send zero checksums in UDP (they are optional in IPv4 and allowed for IPv6 tunnels in RFC 6935) I'm not sure this is necessary. Besides that, the UDP checksum is potentially the only thing that protection of the vni against corruption end to end so allowing a receiver to ignore a bad checksum seems very risky. As a comparison, RFC 3931 (L2TP) has the following wording: "Thus, UDP checksums MAY be disabled in order to reduce the associated packet processing burden at the L2TP endpoints." This is somewhat ambiguous, but seems like the correct interpretation should be that zero checksums may be sent with L2TP/UDP, but on receive non-zero checksums should still be validated. Are these interpretations correct? Is there there a need to clarify the requirement for UDP tunnel protocols and checksums? Thanks, Tom
- [Tofoo] VXLAN (UDP tunnel protocols) and non-zero… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Gorry Fairhurst
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Behcet Sarikaya
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Behcet Sarikaya
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Larry Kreeger (kreeger)
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Larry Kreeger (kreeger)
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] [nvo3] VXLAN (UDP tunnel protocols) a… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Larry Kreeger (kreeger)
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Joe Touch
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Behcet Sarikaya
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Joe Touch
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Behcet Sarikaya
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Joe Touch
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Stewart Bryant
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Joe Touch
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Joe Touch
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Joe Touch
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Tom Herbert
- Re: [Tofoo] VXLAN (UDP tunnel protocols) and non-… Joe Touch