IETF Logo Mail Archive

Re: [tsvwg] draft-ietf-udp-options issues from IETF 104

"Black, David" <David.Black@dell.com> Fri, 12 July 2019 14:10 UTC

Return-Path: <David.Black@dell.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 887021200F3 for <tsvwg@ietfa.amsl.com>; Fri, 12 Jul 2019 07:10:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dell.com header.b=MI4u8lc3; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=emc.com header.b=LNNGCYCZ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uCecONLdfh-Y for <tsvwg@ietfa.amsl.com>; Fri, 12 Jul 2019 07:10:40 -0700 (PDT)
Received: from mx0a-00154904.pphosted.com (mx0a-00154904.pphosted.com [148.163.133.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3669E1200CD for <tsvwg@ietf.org>; Fri, 12 Jul 2019 07:10:39 -0700 (PDT)
Received: from pps.filterd (m0170391.ppops.net [127.0.0.1]) by mx0a-00154904.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x6CE9xpv001557; Fri, 12 Jul 2019 10:10:38 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=smtpout1; bh=6ayMJfIUbF6JmDeL1p/WSsUd3WOIUTO8k1/OmDoY4GI=; b=MI4u8lc3KLNV/xzsasAocD+k4KNlGt80Jub7PGeW2zWB9A1btTSRhizOqXk4qHF2/g1R aOLahsqDZ7qasem16/r7ZSdAMnf4sPVXrA5c3hNY5Eg7bU0fMJww9Tf++MMKnugL8a5F QlgR+54vy6xKx22AU6gFc8Bezs2Ay6q2fMKkT1Ht1scJOCRWH+ye3QeMQ8iyYS1/lvzJ 7FUQZqrciu8Z87sApiAdmr9+p+L5YM+eCHhEfpeNe4JHCkAXl8AeX1461onjiTp8XI7l Tnjt2uxLhhDS4DFtAB37FwzDDPk7o1hX6044m1wW0TjuiMEITPc7ypO24WBDW3a5X+vU oA==
Received: from mx0b-00154901.pphosted.com (mx0b-00154901.pphosted.com [67.231.157.37]) by mx0a-00154904.pphosted.com with ESMTP id 2tp655cqw5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 12 Jul 2019 10:10:38 -0400
Received: from pps.filterd (m0089483.ppops.net [127.0.0.1]) by mx0b-00154901.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x6CE8XdB054416; Fri, 12 Jul 2019 10:10:37 -0400
Received: from mailuogwdur.emc.com (mailuogwdur.emc.com [128.221.224.79]) by mx0b-00154901.pphosted.com with ESMTP id 2tpt8csgeb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 12 Jul 2019 10:10:37 -0400
Received: from maildlpprd54.lss.emc.com (maildlpprd54.lss.emc.com [10.106.48.158]) by mailuogwprd51.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id x6CEAFxc003822 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 12 Jul 2019 10:10:36 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd51.lss.emc.com x6CEAFxc003822
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1562940636; bh=iT0r6JBRKguDE8eqg7gpPWQvxH0=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:MIME-Version; b=LNNGCYCZuKHc8dl4/Z7vKSGAboD+SoKU9YvBqIQAjpy9wRQFFG+qUVu0938rpv23a R/umtY8YnXoKjkShoWmSM3ohL/eXPNtcnj8cxccO85NFI0a4nhIqwFEFIWuYfAEka5 WfOJvLCZKDlBm8ucBEqwPyMw9o/shsTvFEsylzrc=
Received: from mailusrhubprd03.lss.emc.com (mailusrhubprd03.lss.emc.com [10.253.24.21]) by maildlpprd54.lss.emc.com (RSA Interceptor); Fri, 12 Jul 2019 10:09:59 -0400
Received: from MXHUB312.corp.emc.com (MXHUB312.corp.emc.com [10.146.3.90]) by mailusrhubprd03.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id x6CE9uGG014021 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL); Fri, 12 Jul 2019 10:09:59 -0400
Received: from MX307CL04.corp.emc.com ([fe80::849f:5da2:11b:4385]) by MXHUB312.corp.emc.com ([10.146.3.90]) with mapi id 14.03.0439.000; Fri, 12 Jul 2019 10:09:58 -0400
From: "Black, David" <David.Black@dell.com>
To: Joe Touch <touch@strayalpha.com>
CC: Tom Herbert <tom@quantonium.net>, tsvwg <tsvwg@ietf.org>
Thread-Topic: [tsvwg] draft-ietf-udp-options issues from IETF 104
Thread-Index: AQHVN6fJSr2fz2j+X0mdJ/EyrvZ1aKbFyZkAgAAMWICAAA4/AIAAHX2A///IYUCAAFy8gIAA2Giw
Date: Fri, 12 Jul 2019 14:09:57 +0000
Message-ID: <CE03DB3D7B45C245BCA0D24327794936306153C4@MX307CL04.corp.emc.com>
References: <156262970360.865.13042807682366763561.idtracker@ietfa.amsl.com> <CAPDqMeoMqsB8=tH5TBaq5Tw-sLW3HNc8tpfUU3htV=sWo7pJcA@mail.gmail.com> <D7E52D2B-3912-4897-80C6-0150CDE10218@strayalpha.com> <CAPDqMep9MYqjFvvJSVbqYwo-xJ1pUocYszNukveaZODhf9+75A@mail.gmail.com> <e73919f08202937bf45418cbf8bcc38c@strayalpha.com> <CAPDqMeoh3n5fL1k6Fw9D8rCpy4a9eWyUZvgStyzYfFuJbuWudw@mail.gmail.com> <3f6f54e0b828e2628af964d6ee7f33e1@strayalpha.com> <CALx6S37rt7OJtH5a2ZH23R21ATETuwTeFS-mZQECtgxPQ3nSZA@mail.gmail.com> <ccc386aa429bfe301998f39eb7fccfbf@strayalpha.com> <140f11c854e0ad96c51639f830cbb688@strayalpha.com> <CALx6S35MC_fj+fL6Ax9a-9=-QX0-mHLmMQ7cUs2Rir+AvYE=zA@mail.gmail.com> <5b35e91dd510119672a0836f868ade24@strayalpha.com> <CALx6S36AVbKfvb-6dj07rcGjsVsCz0daFM9qZOBSSstZOM-Ukg@mail.gmail.com> <8A584FFF-6C86-4154-8D9D-CF407CA77145@strayalpha.com> <CAPDqMeq9GjEQKukH1pZOTdE50e_rc3U6gpdxT-5qrS5phD0RGw@mail.gmail.com> <646D45AD-D79B-4BD2-A084-7DA97CE2C415@strayalpha.com> <CALx6S35grMA4uLYRGs4ioLfX BbS8zYN5ygprr=RKQ0hDk=Q1CQ@mail.gmail.com> <7EC37B50-45D5-4CF1-B113-205E55BF244E@strayalpha.com> <CALx6S34s7L7xo+26bt5Cdaqi4Es5Aci42GHk1WNKzugr5st-Gw@mail.gmail.com> <B525BF50-EFCC-44A5-A604-6CDDA914A1CB@strayalpha.com> <CAPDqMep3R6z9PRKkHyOvrh6sV9n5Sc0B++-zVz0FYJCwE6swrQ@mail.gmail.com> <E42A2AE2-F499-465E-BDE6-5EFC0AB20042@strayalpha.com> <CE03DB3D7B45C245BCA0D24327794936306138E9@MX307CL04.corp.emc.com> <f9f1701c2196c5db520d025294202353@strayalpha.com>
In-Reply-To: <f9f1701c2196c5db520d025294202353@strayalpha.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Enabled=True; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_SiteId=945c199a-83a2-4e80-9f8c-5a91be5752dd; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Owner=david.black@emc.com; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_SetDate=2019-07-12T14:07:02.8727909Z; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Name=External Public; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Application=Microsoft Azure Information Protection; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Extended_MSFT_Method=Manual; aiplabel=External Public
x-originating-ip: [10.238.21.131]
Content-Type: multipart/alternative; boundary="_000_CE03DB3D7B45C245BCA0D24327794936306153C4MX307CL04corpem_"
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd03.lss.emc.com
X-RSA-Classifications: public
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-12_04:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907120153
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907120154
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/AIIVKXcvOTDhj-zVySgw_hQyu6Y>
Subject: Re: [tsvwg] draft-ietf-udp-options issues from IETF 104
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jul 2019 14:10:44 -0000

Joe,

> So no matter what you do, they're still easily optional unless we decide to FORCE the user to do otherwise. Why exactly would that be the case?

I think I’m over on the “FORCE” side of that dichotomy (i.e., I don’t agree with “easily optional”), although we can split hairs on what degree of “FORCE” is appropriate.   My underlying reasons are these two:
                1) strong "running code" evidence of what breaks when the OCS is omitted,
                2) helps defend against … possibility [of] … other uses of surplus space

IMHO, OCS being the “default” is a good starting point, but … my current view is that on its own, item 1) justifies “MUST implement/SHOULD use” language for OCS (and “SHOULD use” is complementary to and stronger than “default”) and setting the space aside for OCS, at least when LITE is not present.  That view is reinforced by item 2), and I note neither of those two items are within the control of the endpoint implementer or application that uses the endpoint’s UDP option support.

> I think you contradict this below, here:
>
> One exception to OCS being mandatory that makes sense to me is that OCS doesn't seem to make a lot of sense with LITE,

Point taken – my response is “not exactly” … but I clearly need to explain my thinking in more detail :-).  IMHO, LITE is “special” …

My rationale for OCS not making a lot of sense with LITE is that use of LITE is a clear indication from the sending application that correctness of the LITE data on receipt is optional.  Beyond that, I believe you’ve pointed out that zeroing the UDP checksum is a related scenario where correctness of all of the UDP data may be optional – that scenario is more subtle, because one of the rationales for zeroing the UDP checksum is presence of another integrity mechanism elsewhere in the protocol stack that covers the data (although protocol designers need to watch out for uncovered IPv6 headers – see RFC 6935 and RFC 6936).  In both cases, if the scenario is one in which “correctness of .. data is optional,” then IMHO (as an individual) correctness of UDP options also has to be optional, and we (WG) need to carefully consider which options are ok vs. ought not to be used when correctness of them on receipt doesn’t matter.

Thanks, --David

From: Joe Touch <touch@strayalpha.com>
Sent: Thursday, July 11, 2019 4:45 PM
To: Black, David
Cc: Tom Herbert; tsvwg
Subject: Re: [tsvwg] draft-ietf-udp-options issues from IETF 104


[EXTERNAL EMAIL]

Notes embedded below...


So far, I'm beginning to see that this argument boils down to 1 byte. If that's all it is, then fine - let's add OCS as a fixed field at the head, possibly after NOPs.

NOTE: OCS would still probably need to have a way to be disabled, ala UDPv4 checksums, by setting to zero.

So no matter what you do, they're still easily optional unless we decide to FORCE the user to do otherwise. Why exactly would that be the case?

Joe

On 2019-07-11 13:01, Black, David wrote:
Commenting as an individual, **not** as a WG chair.

-- Option Checksum (OCS)

The IETF 104 tsvwg minutes match my impression that the topic of whether the offsetting option checksum (OCS) should be optional vs. mandatory remains an open issue for UDP options.

Tom has kept this issue open for over a year; there hasn't exactly been a groundswell behind the issue. I also note that you seem to argue yourself out of your own support below, FWIW.

For my part, I've seen strong "running code" evidence of what breaks when the OCS is omitted,

In SOME Internet paths. The issue is whether we need to require this even when we might not need it in the future.

But note that the same thing is largely true for UDP checksums - they find real errors, yet some people choose to turn them off (esp. for IPv4). So even if we kept OCS as a required field, we would still need a way to turn them off in a corresponding way (e.g., set to zero).

in contrast to almost no evidence of things broken by the presence of OCS (computed to offset the UDP checksum calculation when that is done over IP length instead of UDP length).

I think you contradict this below, here:

...
One exception to OCS being mandatory that makes sense to me is that OCS doesn't seem to make a lot of sense with LITE, as the OCS would cover all the LITE payload data, thereby defeating the LITE goal of not having to checksum data whose reliability is not of interest.   One consequence is that UDP Options become unreliable when LITE is used, which may have implications for which UDP options are acceptable to use with LITE.  An important tradeoff is that LITE won't work on network paths that pass  UDP Options only when OCS is present.

There are some other possibilities, such as including an OCS on transmit but not checking it on each fragment received. That would trick middleboxes as needed but avoid duplicate work at the receiver (which is where load tends to be bigger anyway).

This is both why the current doc indicates OCS as both optional and default enabled. In the future, if/when it isn't needed, we can remove it that way - as well as disabling it if needed/possible for LITE.

-- Other uses of surplus space

Any hypothetical existing use of surplus space is incompatible with both UDP options and a new surplus header.  While I haven't seen evidence of any such existing use "running code," making the OCS mandatory helps defend against that possibility, as well as against bad endpoint implementations that put whatever junk bytes happen to be lying around in memory into that extra space, improving UDP Options robustness.

*Using* OCS accomplishes this - and remember, it's default to being used.

Making OCS mandatory is a decision - why do you think that's critical for us to make for all future users?

And regarding the last point, if you really care, users are always welcome to just leave OCS on as defaulted anyway.

--

v2.23.0 | Report a Bug | By Email