IETF Logo Mail Archive

Re: [tsvwg] design assumptions - draft-ietf-udp-options - trying to see the bigger picture

"C. M. Heard" <heard@pobox.com> Sun, 21 July 2019 15:28 UTC

Return-Path: <heard@pobox.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4811012004D for <tsvwg@ietfa.amsl.com>; Sun, 21 Jul 2019 08:28:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.689
X-Spam-Level:
X-Spam-Status: No, score=-2.689 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com; domainkeys=pass (1024-bit key) header.from=heard@pobox.com header.d=pobox.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z7c-ODKeweBC for <tsvwg@ietfa.amsl.com>; Sun, 21 Jul 2019 08:28:10 -0700 (PDT)
Received: from pb-smtp20.pobox.com (pb-smtp20.pobox.com [173.228.157.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96B4E120019 for <tsvwg@ietf.org>; Sun, 21 Jul 2019 08:28:10 -0700 (PDT)
Received: from pb-smtp20.pobox.com (unknown [127.0.0.1]) by pb-smtp20.pobox.com (Postfix) with ESMTP id 26ED285A39 for <tsvwg@ietf.org>; Sun, 21 Jul 2019 11:28:10 -0400 (EDT) (envelope-from heard@pobox.com)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; s=sasl; bh=8pKUN9GQno+wAMy4OZONwq6dnIE=; b=OZVjLz BtXl9s7Lkroc+7Sm5hMiYaQl+ui5Nf+tZ9PTi6lah2qFaUtlmziGXHi5BkBEhqu0 Tk5yz+H1VuVH7hn8MCxlsjMNna/NSqHAzuTk32rhDHH/ARGOeZw7XbK5p6nXtFL3 R8qrOW0cjZrQyKhq77EenB/rUxhq1+m6HDDCQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; q=dns; s=sasl; b=I9aRk8kxK646DfoZdfy0uR7/sP1Ol27Q DPPrNGAv+j6YlYS6eWe41vEtYZsH5FY+abtL9aTFVrIs+IqAO2f0aH2soTs5GxTT Va1/bnhifiJwU+v7zepZjYFz3ImMZWr/KMMs7qg5g3WrPnh/agQgYmtYZQr6XHNE 9ZSz4ylLL5I=
Received: from pb-smtp20.sea.icgroup.com (unknown [127.0.0.1]) by pb-smtp20.pobox.com (Postfix) with ESMTP id 201EA85A38 for <tsvwg@ietf.org>; Sun, 21 Jul 2019 11:28:10 -0400 (EDT) (envelope-from heard@pobox.com)
Received: from mail-io1-f48.google.com (unknown [209.85.166.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp20.pobox.com (Postfix) with ESMTPSA id 394CE85A37 for <tsvwg@ietf.org>; Sun, 21 Jul 2019 11:28:06 -0400 (EDT) (envelope-from heard@pobox.com)
Received: by mail-io1-f48.google.com with SMTP id k8so68583955iot.1 for <tsvwg@ietf.org>; Sun, 21 Jul 2019 08:28:06 -0700 (PDT)
X-Gm-Message-State: APjAAAXF9lNx+U/f5ueRFKcTP0K5qK2zFcTwO4/kGcjz+h+v+9xYSGTC JYUQnJTpSiuQvQxnjVxvTD08AhQa7/CKuxz//Wc=
X-Google-Smtp-Source: APXvYqzIG0SBT9dNDkTENXB5WrDhGt4PGWCjruInxs/kjWtllcqpFPUtfIJzCh7Ycyaoq2dXbItmQCfiJiiJih8gE8w=
X-Received: by 2002:a02:862b:: with SMTP id e40mr41884893jai.7.1563722884886; Sun, 21 Jul 2019 08:28:04 -0700 (PDT)
MIME-Version: 1.0
References: <CAPDqMeq9GjEQKukH1pZOTdE50e_rc3U6gpdxT-5qrS5phD0RGw@mail.gmail.com> <CACL_3VGs7j+y5vFNT3OL9OKX8ue4rv-Cxi467KR-vbhnMdx86g@mail.gmail.com> <2f71a292f924a9b8de4227c4bbc2f809@strayalpha.com> <0ce46e21249f0dc55310b192d382f50a@strayalpha.com> <CALx6S36gaMqNRo_hYKr45T_vTkUB-vRrYRYJz2_KgvejNsJtLQ@mail.gmail.com> <efbf65646a0e0d2535dc5726b34f3472@strayalpha.com> <CALx6S37sZxmGQJq5mxDiF88NeUjj2HMRnQG5KyZA_4ujrLJkqg@mail.gmail.com> <079d7d849d0e6260497a6c0ed37595a2@strayalpha.com> <CALx6S37wOkz0436CmevOjSe=VwAxKstSR9Jc66PUmXwUKK4vBw@mail.gmail.com> <075C3166-DF88-4160-8E6C-1C32511F4D46@strayalpha.com> <811C4C35-48D8-4382-A4B4-784FAC1B9F1D@strayalpha.com> <787AE7BB302AE849A7480A190F8B93302F797897@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <198F5F25-7ECE-431C-A7F2-F0CCFC0BDAA9@strayalpha.com> <787AE7BB302AE849A7480A190F8B93302FA63BED@OPEXCNORMAE.corporate.adroot.infra.ftgroup> <5D304C35.5020004@erg.abdn.ac.uk> <CACL_3VGqn3mFJWSEb=RKkW0dNAF8zZfa=2kxmvaTYzH86KSgqA@mail.gmail.com> <5D309B48.7030501@erg.abdn.ac.uk> <CACL_3VG1jyzWTG3wmryJSd=pboQ212QE3kUVP_LN3oW2fzc2Wg@mail.gmail.com>
In-Reply-To: <CACL_3VG1jyzWTG3wmryJSd=pboQ212QE3kUVP_LN3oW2fzc2Wg@mail.gmail.com>
From: "C. M. Heard" <heard@pobox.com>
Date: Sun, 21 Jul 2019 08:27:49 -0700
X-Gmail-Original-Message-ID: <CACL_3VHqLQAvWoq3ycFuGc7aOkp2HMdNPDUmZD9O6jafKG3rpA@mail.gmail.com>
Message-ID: <CACL_3VHqLQAvWoq3ycFuGc7aOkp2HMdNPDUmZD9O6jafKG3rpA@mail.gmail.com>
To: TSVWG <tsvwg@ietf.org>
Cc: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Content-Type: multipart/alternative; boundary="00000000000014b669058e329b9f"
X-Pobox-Relay-ID: 231FA424-ABCC-11E9-BAC8-B0405B776F7B-06080547!pb-smtp20.pobox.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/EitrPbsy7-sREZC06xI48ac0sIU>
Subject: Re: [tsvwg] design assumptions - draft-ietf-udp-options - trying to see the bigger picture
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Jul 2019 15:28:13 -0000

FWIW there is an incompletely edited sentence in the message below.

OLD
The first two bullets establish that per-fragment protection by OCS is

NEW
The first two bullets establish that per-fragment protection by OCS is
sufficient to protect reassembled datagrams passed to UDP-based applications
as well as TCP protects user data that is passed to TCP-based applications.

Sorry.

--cmh

On Thu, Jul 18, 2019 at 2:23 PM C. M. Heard <heard@pobox.com> wrote:

> On Thu, Jul 18, 2019 at 9:16 AM Gorry Fairhurst wrote:
> > On 18/07/2019, 16:46, C. M. Heard wrote:
> >>> I'm hesitant to agree that the complexity of LITE is worth the
> perceived
> >>> cost saving and there may be other ways that don't need this:
> >>> cost saving and there may be other ways that don't need this:
> >>> (*) Hardware  off-load of the checksum (e.g. Tom Herbert commened)
> means
> >>> the cost can be minimal.
> >>> (*) For a method designed just for reassembly, it is also possible to
> >>> "checksum" the fragment checksums in a fragmentation protocol to
> provide
> >>> equivalent one-pass checksum.
> >>
> >> I've argued that last point repeatedly (though Joe does not agree).
> >>
> >> If delivery of damaged payloads is adequately covered by UDP-Lite, it
> >> would IMO make sense to strike support for LITE (#8) from the list of
> >> design requirements. That would leave it only as a means to support
> >> FRAG, and I think there are much better ways to do that (I've made two
> >> proposals for FRAG that do not require LITE).
> >>
> > It would be interesting to understand the real desire to eliminate the
> > cost of doing both a UDP and a reassembly checksum - so we can rule
> > that out. It's going to waste cycles when there is no off-load, but
> > it also allows full offload, and means you don't need LITE to do Frag.
>
> My position is basically that the per-fragment checksum provided by OCS
> should be mandatory, and any additional checksum on the reassembled
> should be enabled only by user request. Here's the reasoning.
>
> Having a checksum on each fragment that covers both options and fragment
> data is necessary both for middlebox traversal and to ensure robustness
> of the reassembly process. It provides protection equivalent to TCP
> segment checksums, which should be good enough in most cases. An additional
> checksum on the reassembled datagram payload is relatively expensive, so
> it should be turned on only for applications that explicitly request it.
> ACS is perfect for that purpose since it is defined to be per-datagram
> and not per-packet and uses a different checksum than the the fragment OCS.
>
> Consider:
>
> - If fragment data is covered by OCS/CCO, that's comparable protection to
>   what a TCP segment gets from the TCP checksum.
>
> - Fragments are kept in sequence (and duplicates are discarded) by means
>   of the fragment offset. That accomplished the same thing that TCP's
>   sequence number does for segments.
>
> - OCS/CCO on individual fragments can be readily offloaded, provided that
>   the checksum is placed early in the packet. A checksum on the reassembled
>   datagram, on the other hand, is very likely relegated to software, since
>   the reassembled datagram will probably be in scatter-gather storage.
>
> The first two bullets establish that per-fragment protection by OCS is
> The third bullet plausibly suggests that the checksum on the reassembled
> datagram payload is relatively expensive.
>
> Furthermore, using the Internet checksum to check the reassembled datagram
> payload won't add much protection if the ratio of fragment data to
> headers+options is large. Every undetectable error pattern that hits the
> data area in a single fragment will also go undetected in the reassembled
> datagram payload. On the other hand, undetectable error patterns that hit
> the data in multiple fragments may well be detected by the individual
> fragment checksum. To me, this suggests that the two checksums should be
> different, something that ACS will provide.
>
> >>> A 16b CRC isn't that strong for a full-sized IP packet (but better
> >>> than the Internet checksum), but a CRC32 would be.
>
> +1
>
> > DPLPMTUD works best with *just* padding packets (i.e. that carry no
> > payloads or fragments). It's just so much easier to run the algorithm.
>
> Yes, and the MTU discovery support requirement should be expanded to
> say that. A probe packet consisting of padding data plus the request
> and/or response options would fill the bill nicely.
>
> Mike
>

v2.23.0 | Report a Bug | By Email