IETF Logo Mail Archive

Re: [tsvwg] UDP options and header-data split (zero copy)

Joseph Touch <touch@strayalpha.com> Sun, 01 August 2021 19:42 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5CAF3A0B1D for <tsvwg@ietfa.amsl.com>; Sun, 1 Aug 2021 12:42:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.318
X-Spam-Level:
X-Spam-Status: No, score=-1.318 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DE22MCQ0BPXo for <tsvwg@ietfa.amsl.com>; Sun, 1 Aug 2021 12:42:32 -0700 (PDT)
Received: from server217-4.web-hosting.com (server217-4.web-hosting.com [198.54.116.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5DFF3A0B05 for <tsvwg@ietf.org>; Sun, 1 Aug 2021 12:42:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=DBoneclb0JPoIej4OrJNpCmmd54A0vMP7rfa6aunOMs=; b=HwSJFBxJ2hRBUFn5BApdYBSfGV MAluFx/PA0wsJGn5VEsGskYTAMqWDIUhNpCi3PHvbvE8n/RcN9wSNcoc8L+4U0frmCgfTKoVTFj22 6SXfvBUee/7bNrH04w7uv6nwYPf+Eny0VOj7ve2hbDV7b9QjyX2PMr2ktnvfHzmXBv3n4D1gsVHw4 5dN1awjqv6+j+ytwdffmJKM3fAIlszXt/Ra1wjVTbs7Gh2vItsqSID0s2jUeqzABeHTby+LYRdc3X oOTsi0VsRaRi0h9a9xH1LVWoIFJivWYIMOQIE3fzs0X46kER/vOEibfbVTOlwqY2DwXcK8NzjSgEg 8Tyak7Ww==;
Received: from cpe-172-114-237-88.socal.res.rr.com ([172.114.237.88]:49650 helo=smtpclient.apple) by server217.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <touch@strayalpha.com>) id 1mAHLu-003SkC-Oy; Sun, 01 Aug 2021 15:42:31 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_99606638-89E7-4316-AE5E-43AEF760AC7B"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Joseph Touch <touch@strayalpha.com>
In-Reply-To: <CALx6S35h3H-mvkHKFcpp3-k-Sq48NAMVRe-LEhfHxEA=hP49qQ@mail.gmail.com>
Date: Sun, 01 Aug 2021 12:42:25 -0700
Cc: tsvwg <tsvwg@ietf.org>
Message-Id: <72098C16-868E-4A9A-80E7-5FFEE1382337@strayalpha.com>
References: <CALx6S37zVVXnCH+Dv7_QXgwOoqcL4h0SThh+LnmAWn-5enprZQ@mail.gmail.com> <FA155FD9-2319-405C-B082-C023DEC2BF28@strayalpha.com> <CALx6S3435ZjAz8ECgbFbH=Hxm-cXAGRQjTbxgtGb9U-CTXMw=A@mail.gmail.com> <C8CE3912-55B2-4DC0-AB39-2D6EA6953500@strayalpha.com> <1178DE92-175A-4293-8A97-9B6FEBAF7B02@strayalpha.com> <CALx6S35tB=j5y3-xr5S22y0p+WJxKX_hqk8rm30oCruFxZp5Dw@mail.gmail.com> <87662B22-F63B-4EA4-94B3-DF4B2439A4E1@strayalpha.com> <CALx6S35h3H-mvkHKFcpp3-k-Sq48NAMVRe-LEhfHxEA=hP49qQ@mail.gmail.com>
To: Tom Herbert <tom@herbertland.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/DlceKj8bCKOpjr-t7nRWFsilzLY>
Subject: Re: [tsvwg] UDP options and header-data split (zero copy)
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Aug 2021 19:42:41 -0000


> On Aug 1, 2021, at 12:03 PM, Tom Herbert <tom@herbertland.com> wrote:
>> ...
>> Again, that means that the FRAG option itself would float far inside the TLV list, which complicates DMA.
>> 
> I don't understand your concerns. The method I am describing is
> functionally equivalent to how fragmentation is done in IPv6. There is
> a fragment extension header that "floats" inside the IPv6 header
> chain, options that are before the fragment extension header are
> applied per packet and those after the extension header are applied to
> the reassembled packet. This is no issue with DMA since there are no
> trailers and we can use header-data split with fragments.

We moved the FRAG header to the front due to previously expressed concerns - notably long TLV processing prior to DMA.

>> Also, the trailing variant allows per-reassembled options to be arbitrarily long (limited by the reassembled length), rather than requiring them to fit inside a single fragment.
>> 
>> That’s a key reason for using trailing options - no limit on length, even with fragmentation. That’s why we need a version that allows that, otherwise the options would be limited to what will fit in exactly one option.
>> 
> Deployment experience has shown arbitrarily long lists of TLVs in a
> datapath protocol is more a problem than a benefit. Implementations
> have a lot of trouble with these and to date the only use case for
> this is DoS attack.

The issue isn’t just whether it’s arbitrarily long; it’s also that it’s restricted to a single fragment, which could be quite small.
>> ...
>> We need to keep a way to allow arbitrary option lengths;
> 
> Why? Can you provide a *specific* example of an option or set of
> options that needs hundreds of bytes of options?

Had we limited the option length as a few suggested when this work started, we would not have FRAG.

We don’t know what others are, but we also don’t know that the first frag will have hundreds of bytes of available space either.

...
>> We’ve been down the path of fixed headers before.
> 
> And we've been down the path of protocols that allow arbitrarily long
> lists of TLVs. See IPv6 Hop-by-Hop options and Destination options.
> There is about no deployment of these and a major reason is that
> implementations efficiently implement necessary support.

RFC8504 discusses these; they are all MAY limits via receiver configuration, notably that the default is that it accepts both sets of options of any length.

Your suggestion would limit options by design, not receiver configuration.

>> It wastes space for some uses to conserve it for others. E.g., in tunnel cases where UDP CS==0, it would waste space for OCS when not needed.
> 
> Somehow the whole purpose of having a checksum in protocol is lost in
> this draft. The point of a checksum is that it's an integrity check of
> the protocol. Frankly, the requirements described in the draft seem
> more concerned with making sure the checksum is set properly to
> packets to get through some misbehaving routers on the Internet. The
> argument that UDP Options doesn't need a checksum is disingenuous
> given that UDP doesn't have options in the first place so making the
> checksum required in UDP to cover options; however the other major
> transport protocol of IETF, namely TCP, has a checksum that always
> covers TCP options. Similarly, the argument that the IPV6 UDP tunnels
> can have a zero checksum is disingenuous. If you read RFC6935 and
> RFC6936 you'll find that the conditions for which a zero checksum can
> be safely set are quite narrow. One of those conditions is if the
> encapsulated protocol has an integrity check of its own.

Yes, but that’s actually the dominant case where Mike’s optimization fails, i.e., where UDP CS==0 but OCS is optional. In that case, if OCS fails, the TLV chain still needs to be checked to decide whether to drop the packet. It’s only when it succeeds that it need not be checked.

> IMO, a checksum should always be required over the surplus area.

This, like the proposal for fixed headers, has already been discussed.

New discussions would be useful; rehashing previous ones can probably be left to the interim.

Joe

v2.23.0 | Report a Bug | By Email