IETF Logo Mail Archive

Re: [tsvwg] draft-ietf-udp-options issues from IETF 104

Tom Herbert <tom@herbertland.com> Fri, 12 July 2019 16:40 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E4AF1201E4 for <tsvwg@ietfa.amsl.com>; Fri, 12 Jul 2019 09:40:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.602
X-Spam-Level:
X-Spam-Status: No, score=-0.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yskmTC1rQdWO for <tsvwg@ietfa.amsl.com>; Fri, 12 Jul 2019 09:40:23 -0700 (PDT)
Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF5C61200E6 for <tsvwg@ietf.org>; Fri, 12 Jul 2019 09:40:22 -0700 (PDT)
Received: by mail-ed1-x532.google.com with SMTP id w13so9764464eds.4 for <tsvwg@ietf.org>; Fri, 12 Jul 2019 09:40:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=6JNJ/G6Ri1K22v6swqem13yoqXKSpDohXeUoBPQOSB0=; b=YepC2iagH6iKVOO3FjUi9hAcopPJuEWHdDoO336OLDazf4WkDDSukZHsVplFTlPOgi e/RHWdLAQhUj4Z10TvB04zlK+s4nDM7QS8pLiItp+6ybCFu8rUgEbSoTq19l4PmQcBma tW074/d5Mg3CLilgT0vBNd7YthuhkPVlfNb5Or2ms+Ac5Rfi7+xhO2b8RH9m8zsF7d5e 9kAD/UzjrNGiskEN/0JBWVKbe4oaa/0UN8rXKjh11fcAWFRs1C8m5wMKBu7gGXp0bYsE /dYBtOw8GJ1oqD/ZxmR8Pb+nONEER6daei4sWxDcZ1jeV/i0IaH+Zf1W9qSIGEx3gnMD rQow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=6JNJ/G6Ri1K22v6swqem13yoqXKSpDohXeUoBPQOSB0=; b=MGBJo7CSD/oZhU7gh7WtgjQ77Ni3uvEirwayZsl76Xuin9qRss7fKGE8jvja1nLAQJ 7yj9PoTf31B/01285MvN5hOf2m1ug+tHkHU3y3dSPU2oNOpahUHZd9RyMe7dZUa+M2Jf Ag2RhclJ/Chb0nAB3ZXwlPcVCS5jN5p7NzoIebM2YLA5ZBZYVovDHg43hY7B5+NYHzRO D8r3sQuOqWssHI/14UdTArGwIgbaJbmcV9DmrN5EL1+2qBADN3Ovf05kPjNIJ7TNvP/E 1u4Wib5n5NE028YS8kalUKy3ZuTWoVXD4+FXdSJIBwoIw/7XZ8vR45KpjQEEI4kYbl6E /pbQ==
X-Gm-Message-State: APjAAAUdhmMfFVBtgoy6OqM+uo0WP9ifl1NVjtUVGM72JS48LJDq5fO8 Kc92NjRr48lbzxiWLA0C2yHXOD2cbZbhB4OI8yU=
X-Google-Smtp-Source: APXvYqzn1OYlr07UQSNZCiPeu/2JJEAgI08D/ybIGUJQYMZ2gGD2N1hJ/QROmLA9fhLcvLMxmMuBlr8dsim/5Lp+ZZo=
X-Received: by 2002:a17:906:8591:: with SMTP id v17mr9043604ejx.244.1562949621148; Fri, 12 Jul 2019 09:40:21 -0700 (PDT)
MIME-Version: 1.0
References: <156262970360.865.13042807682366763561.idtracker@ietfa.amsl.com> <CAPDqMeoMqsB8=tH5TBaq5Tw-sLW3HNc8tpfUU3htV=sWo7pJcA@mail.gmail.com> <D7E52D2B-3912-4897-80C6-0150CDE10218@strayalpha.com> <CAPDqMep9MYqjFvvJSVbqYwo-xJ1pUocYszNukveaZODhf9+75A@mail.gmail.com> <e73919f08202937bf45418cbf8bcc38c@strayalpha.com> <CAPDqMeoh3n5fL1k6Fw9D8rCpy4a9eWyUZvgStyzYfFuJbuWudw@mail.gmail.com> <3f6f54e0b828e2628af964d6ee7f33e1@strayalpha.com> <CALx6S37rt7OJtH5a2ZH23R21ATETuwTeFS-mZQECtgxPQ3nSZA@mail.gmail.com> <ccc386aa429bfe301998f39eb7fccfbf@strayalpha.com> <140f11c854e0ad96c51639f830cbb688@strayalpha.com> <CALx6S35MC_fj+fL6Ax9a-9=-QX0-mHLmMQ7cUs2Rir+AvYE=zA@mail.gmail.com> <5b35e91dd510119672a0836f868ade24@strayalpha.com> <CALx6S36AVbKfvb-6dj07rcGjsVsCz0daFM9qZOBSSstZOM-Ukg@mail.gmail.com> <8A584FFF-6C86-4154-8D9D-CF407CA77145@strayalpha.com> <CAPDqMeq9GjEQKukH1pZOTdE50e_rc3U6gpdxT-5qrS5phD0RGw@mail.gmail.com> <646D45AD-D79B-4BD2-A084-7DA97CE2C415@strayalpha.com> <7EC37B50-45D5-4CF1-B113-205E55BF244E@strayalpha.com> <CALx6S34s7L7xo+26bt5Cdaqi4Es5Aci42GHk1WNKzugr5st-Gw@mail.gmail.com> <B525BF50-EFCC-44A5-A604-6CDDA914A1CB@strayalpha.com> <CAPDqMep3R6z9PRKkHyOvrh6sV9n5Sc0B++-zVz0FYJCwE6swrQ@mail.gmail.com> <E42A2AE2-F499-465E-BDE6-5EFC0AB20042@strayalpha.com> <CE03DB3D7B45C245BCA0D24327794936306138E9@MX307CL04.corp.emc.com> <f9f1701c2196c5db520d025294202353@strayalpha.com> <CE03DB3D7B45C245BCA0D24327794936306153C4@MX307CL04.corp.emc.com> <CALx6S37U5Q9qkxDFfR6w9MpN4qvRagThb+p0GqnAS118cKDuZw@mail.gmail.com> <CE03DB3D7B45C245BCA0D2432779493630615838@MX307CL04.corp.emc.com>
In-Reply-To: <CE03DB3D7B45C245BCA0D2432779493630615838@MX307CL04.corp.emc.com>
From: Tom Herbert <tom@herbertland.com>
Date: Fri, 12 Jul 2019 09:40:08 -0700
Message-ID: <CALx6S36SL2X5StJ59zyKKwNafS1WXh0HMDqbYs+OaDdMLoNTmg@mail.gmail.com>
To: "Black, David" <David.Black@dell.com>
Cc: Joe Touch <touch@strayalpha.com>, tsvwg <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/BQQeHVQqJurQr0-3vKx1GnWZsRI>
Subject: Re: [tsvwg] draft-ietf-udp-options issues from IETF 104
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jul 2019 16:40:25 -0000

On Fri, Jul 12, 2019 at 8:49 AM Black, David <David.Black@dell.com> wrote:
>
> Tom,
>
> Inline ...
>
> Reminder: All of my comments in this thread are as an individual, not as a WG chair.
>
> Thanks, --David
>
> > -----Original Message-----
> > From: Tom Herbert <tom@herbertland.com>
> > Sent: Friday, July 12, 2019 11:26 AM
> > To: Black, David
> > Cc: Joe Touch; Tom Herbert; tsvwg
> > Subject: Re: [tsvwg] draft-ietf-udp-options issues from IETF 104
> >
> >
> > [EXTERNAL EMAIL]
> >
> > On Fri, Jul 12, 2019 at 7:10 AM Black, David <David.Black@dell.com> wrote:
> > >
> > > Joe,
> > >
> > >
> > >
> > > > So no matter what you do, they're still easily optional unless we decide to
> > FORCE the user to do otherwise. Why exactly would that be the case?
> > >
> > > I think I’m over on the “FORCE” side of that dichotomy (i.e., I don’t agree
> > with “easily optional”), although we can split hairs on what degree of
> > “FORCE” is appropriate.   My underlying reasons are these two:
> > >
> > >                 1) strong "running code" evidence of what breaks when the OCS is omitted,
> > >
> > >                 2) helps defend against … possibility [of] … other uses of surplus space
> > >
> > >
> > >
> > > IMHO, OCS being the “default” is a good starting point, but … my current
> > view is that on its own, item 1) justifies “MUST implement/SHOULD use”
> > language for OCS (and “SHOULD use” is complementary to and stronger than
> > “default”) and setting the space aside for OCS, at least when LITE is not
> > present.  That view is reinforced by item 2), and I note neither of those two
> > items are within the control of the endpoint implementer or application that
> > uses the endpoint’s UDP option support.
> > >
> > >
> > >
> > > > I think you contradict this below, here:
> > >
> > > >
> > > > One exception to OCS being mandatory that makes sense to me is that
> > OCS doesn't seem to make a lot of sense with LITE,
> > >
> > >
> > >
> > > Point taken – my response is “not exactly” … but I clearly need to explain
> > my thinking in more detail :-).  IMHO, LITE is “special” …
> > >
> > >
> > >
> > > My rationale for OCS not making a lot of sense with LITE is that use of LITE is
> > a clear indication from the sending application that correctness of the LITE
> > data on receipt is optional.  Beyond that, I believe you’ve pointed out that
> > zeroing the UDP checksum is a related scenario where correctness of all of
> > the UDP data may be optional – that scenario is more subtle, because one of
> > the rationales for zeroing the UDP checksum is presence of another integrity
> > mechanism elsewhere in the protocol stack that covers the data (although
> > protocol designers need to watch out for uncovered IPv6 headers – see RFC
> > 6935 and RFC 6936).  In both cases, if the scenario is one in which
> > “correctness of .. data is optional,” then IMHO (as an individual) correctness
> > of UDP options also has to be optional, and we (WG) need to carefully
> > consider which options are ok vs. ought not to be used when correctness of
> > them on receipt doesn’t matter.
> >
> > David,
> >
> > The integrity provided by the checksum is only part of the story. An
> > important observation is that many devices will include the surplus
> > space in their calculation of the UDP checksum. Unless the surplus
> > space sums to zero, an incorrect UDP checksum may be derived and the
> > result is a high probability that packets will be dropped somewhere in
> > the network. The other important use is disambiguation with legacy
> > uses of the surplus space.
> >
> > So the first requirement is simple:
> >
> > "If the UDP checksum is used (non-zero) then a checksum MUST be used
> > in the surplus space such that the surplus space sums to zero"
>
> [David>] With the exception of LITE, I agree.
>
> [David>]I think LITE deserves more thought/discussion, as a user of LITE has already agreed to tolerate things that the network is not supposed to do to non-LITE traffic, and that tolerance may extend further.

The user may see "random" packet loss which could be a bear to debug.
I'm not sure we're doing them a favor by making checksums optional.

> >
> > Given that IPv6 requires the UDP checksum, the surplus space checksum
> > needs to be present in all IPv6 packets.
>
> [David>] That IPv6 requirement statement is incorrect, even though it's "digging in the right place" (IMHO) - see RFC 6935 and RFC 6936.

Yes, that's correct. However, I think you'll agree that the
requirements of RFC6935 and RFC6936 are very narrow and only apply to
UDP tunneling protocols that explicitly meet the requirements (which
AFAIK are only MPLS/UDP, GRE/UDP, an GUE). UDP options proposal
doesn't generally meet the requirements of RFC6936 for using UDPv6
zero checksum.

>
> > For cases in IPv4 where the
> > UDP checksum is zero, I think use of the surplus space checksum is
> > still a MUST. A common misnomer is that optional UDP checksums is
> > somehow a benefit to hosts since it allows them to omit the checksum
> > calculation. It's not. We've already accounted for presence required
> > checksums in TCP and UDPv6. For instance, RFC6936 only benefited
> > routers not hosts; the effect of supporting RFC6936 in hosts has been
> > more complexity, more test cases, and more bugs to fix. Making surplus
> > space checksum optional is more work for little gain.
>
> [David>] I acknowledge that view, and for now I will agree to disagree, as I currently see a clear case for "SHOULD use OCS" but not for "MUST use OCS" ... and reserve the right to change my mind as more information is added to the discussion.
> >
> > Tom
> >
> > >
> > >
> > >
> > > Thanks, --David
> > >
> > >
> > >
> > > From: Joe Touch <touch@strayalpha.com>
> > > Sent: Thursday, July 11, 2019 4:45 PM
> > > To: Black, David
> > > Cc: Tom Herbert; tsvwg
> > > Subject: Re: [tsvwg] draft-ietf-udp-options issues from IETF 104
> > >
> > >
> > >
> > > [EXTERNAL EMAIL]
> > >
> > > Notes embedded below...
> > >
> > >
> > >
> > > So far, I'm beginning to see that this argument boils down to 1 byte. If
> > that's all it is, then fine - let's add OCS as a fixed field at the head, possibly
> > after NOPs.
> > >
> > > NOTE: OCS would still probably need to have a way to be disabled, ala
> > UDPv4 checksums, by setting to zero.
> > >
> > > So no matter what you do, they're still easily optional unless we decide to
> > FORCE the user to do otherwise. Why exactly would that be the case?
> > >
> > > Joe
> > >
> > > On 2019-07-11 13:01, Black, David wrote:
> > >
> > > Commenting as an individual, **not** as a WG chair.
> > >
> > > -- Option Checksum (OCS)
> > >
> > > The IETF 104 tsvwg minutes match my impression that the topic of whether
> > the offsetting option checksum (OCS) should be optional vs. mandatory
> > remains an open issue for UDP options.
> > >
> > >
> > >
> > > Tom has kept this issue open for over a year; there hasn't exactly been a
> > groundswell behind the issue. I also note that you seem to argue yourself
> > out of your own support below, FWIW.
> > >
> > >
> > >
> > > For my part, I've seen strong "running code" evidence of what breaks
> > when the OCS is omitted,
> > >
> > >
> > >
> > > In SOME Internet paths. The issue is whether we need to require this even
> > when we might not need it in the future.
> > >
> > >
> > >
> > > But note that the same thing is largely true for UDP checksums - they find
> > real errors, yet some people choose to turn them off (esp. for IPv4). So even
> > if we kept OCS as a required field, we would still need a way to turn them off
> > in a corresponding way (e.g., set to zero).
> > >
> > >
> > >
> > > in contrast to almost no evidence of things broken by the presence of OCS
> > (computed to offset the UDP checksum calculation when that is done over IP
> > length instead of UDP length).
> > >
> > >
> > >
> > > I think you contradict this below, here:
> > >
> > >
> > >
> > > ...
> > > One exception to OCS being mandatory that makes sense to me is that OCS
> > doesn't seem to make a lot of sense with LITE, as the OCS would cover all the
> > LITE payload data, thereby defeating the LITE goal of not having to checksum
> > data whose reliability is not of interest.   One consequence is that UDP
> > Options become unreliable when LITE is used, which may have implications
> > for which UDP options are acceptable to use with LITE.  An important
> > tradeoff is that LITE won't work on network paths that pass  UDP Options
> > only when OCS is present.
> > >
> > >
> > >
> > > There are some other possibilities, such as including an OCS on transmit but
> > not checking it on each fragment received. That would trick middleboxes as
> > needed but avoid duplicate work at the receiver (which is where load tends
> > to be bigger anyway).
> > >
> > >
> > >
> > > This is both why the current doc indicates OCS as both optional and default
> > enabled. In the future, if/when it isn't needed, we can remove it that way -
> > as well as disabling it if needed/possible for LITE.
> > >
> > >
> > >
> > > -- Other uses of surplus space
> > >
> > > Any hypothetical existing use of surplus space is incompatible with both
> > UDP options and a new surplus header.  While I haven't seen evidence of any
> > such existing use "running code," making the OCS mandatory helps defend
> > against that possibility, as well as against bad endpoint implementations that
> > put whatever junk bytes happen to be lying around in memory into that
> > extra space, improving UDP Options robustness.
> > >
> > >
> > >
> > > *Using* OCS accomplishes this - and remember, it's default to being used.
> > >
> > >
> > >
> > > Making OCS mandatory is a decision - why do you think that's critical for us
> > to make for all future users?
> > >
> > >
> > >
> > > And regarding the last point, if you really care, users are always welcome to
> > just leave OCS on as defaulted anyway.
> > >
> > > --
> > >
> > >
> > >
> > >

v2.23.0 | Report a Bug | By Email