Re: [tsvwg] UDP Options: how to do FRAG without LITE and forced UDP CS=0
"C. M. Heard" <heard@pobox.com> Sat, 29 June 2019 06:30 UTC
Return-Path: <heard@pobox.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADE55120115 for <tsvwg@ietfa.amsl.com>; Fri, 28 Jun 2019 23:30:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com; domainkeys=pass (1024-bit key) header.from=heard@pobox.com header.d=pobox.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CCIaCucV3zai for <tsvwg@ietfa.amsl.com>; Fri, 28 Jun 2019 23:30:22 -0700 (PDT)
Received: from pb-smtp21.pobox.com (pb-smtp21.pobox.com [173.228.157.53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B5381200E6 for <tsvwg@ietf.org>; Fri, 28 Jun 2019 23:30:22 -0700 (PDT)
Received: from pb-smtp21.pobox.com (unknown [127.0.0.1]) by pb-smtp21.pobox.com (Postfix) with ESMTP id 9CD5A85652 for <tsvwg@ietf.org>; Sat, 29 Jun 2019 02:30:21 -0400 (EDT) (envelope-from heard@pobox.com)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; s=sasl; bh=T9m92RShhcH9Faz9wY8oCIFkXEw=; b=ET/tAq U/RQLc75G26OUmP57ALFAz76GjuYtjqzTUxm4j/02HDES3IEjbicaR9wKeZ9fcX9 y8eZWGnJNTBkFVdqRW+kkS7K295DNs+PftBwdMOtsktbIESh78Hw5EiEBdBfz+Ce F520Lrks1ON/qkOF78gwew9UIEs4gOaQ/DEEw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; q=dns; s=sasl; b=KcRhogv/cKZhGlk63JoPo2JqCU/D+ZLZ 8pKkrD2SxQid0+gXjkbv/4RmyS5tcYy/rjE1sSEje59Jb03fhU0lGeZ4tiSP1rWi 8MyiqCaJnXM7IJLD6sl3AIAWUykee4z2U9QB0ICDhcNsKswBCFfC6YIagH8t4Abr saN93W/glug=
Received: from pb-smtp21.sea.icgroup.com (unknown [127.0.0.1]) by pb-smtp21.pobox.com (Postfix) with ESMTP id 9517A85651 for <tsvwg@ietf.org>; Sat, 29 Jun 2019 02:30:21 -0400 (EDT) (envelope-from heard@pobox.com)
Received: from mail-io1-f53.google.com (unknown [209.85.166.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp21.pobox.com (Postfix) with ESMTPSA id 433B885650 for <tsvwg@ietf.org>; Sat, 29 Jun 2019 02:30:19 -0400 (EDT) (envelope-from heard@pobox.com)
Received: by mail-io1-f53.google.com with SMTP id e3so17191718ioc.12 for <tsvwg@ietf.org>; Fri, 28 Jun 2019 23:30:19 -0700 (PDT)
X-Gm-Message-State: APjAAAVsImdKiNVgHhaJAtqqxUBxfoWB7FBKAUTMfxOWrjRorEFCcEI0 jP4eZX1wgKMR1v6EAD+0rxpc5xRSr3OODIuqenU=
X-Google-Smtp-Source: APXvYqz4x5lCyTwIzIuS5yhGTz/Kc6pPeuWAkRuZBgx82NfFt0eVJyTlCGVu6M2CIPtmSqqy917BidOEvzcq+jr5BMg=
X-Received: by 2002:a6b:f910:: with SMTP id j16mr2629188iog.256.1561789818082; Fri, 28 Jun 2019 23:30:18 -0700 (PDT)
MIME-Version: 1.0
References: <CACL_3VFtF0B6N5Qk1t42hLvkP-=P2h5WUF=6XzOcOY1eYtwdBw@mail.gmail.com> <bdfff3b491c8eaadb99c7350ebef45dd@strayalpha.com>
In-Reply-To: <bdfff3b491c8eaadb99c7350ebef45dd@strayalpha.com>
From: "C. M. Heard" <heard@pobox.com>
Date: Fri, 28 Jun 2019 23:30:06 -0700
X-Gmail-Original-Message-ID: <CACL_3VE3nZnoK4QRAJKH=3yp7Zu=SG1iz0P9d0anSDVjeWHdDw@mail.gmail.com>
Message-ID: <CACL_3VE3nZnoK4QRAJKH=3yp7Zu=SG1iz0P9d0anSDVjeWHdDw@mail.gmail.com>
To: Joe Touch <touch@strayalpha.com>
Cc: TSVWG <tsvwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
X-Pobox-Relay-ID: 5D6DEB00-9A37-11E9-A857-8D86F504CC47-06080547!pb-smtp21.pobox.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/RJBWi_tiW6M_phfc22zKuVn_vh4>
Subject: Re: [tsvwg] UDP Options: how to do FRAG without LITE and forced UDP CS=0
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Jun 2019 06:30:25 -0000
On Fri, Jun 28, 2019 at 11:05 AM Joe Touch wrote: > Hi, Mike, > > Intriguing as this is, I think you've overlooked two key design goals: > > 1) we're not here to fix UDP CS=0. it either works or it doesn't. if > middleboxes are broken, they need to be fixed. > > in short, we cannot - and should not try to - make protocols robust to > arbitrary implementation errors. UDP isn't "byzantine robust" > > 2) the FRAG+LITE current design moves only a small, fixed number of > bytes. > > The solution below doesn't appear to avoid copying/moving large amounts > of data. > > At a minimum, can you address #2? If we can do this without moving > around a lot of data, it might be viable. Joe, unless I am missing something quite fundamental, my proposal involves essentially the same amount of data movement as does the current FRAG proposal (and even avoids the small, and I agree insignificant, data movement that come with LITE). Here's how I see it: - In my proposal, each fragment is preceded by a UDP header, an OCS option (if enabled), NOP options as desired for alignment, and a FRAG header. In the -07 draft, FRAG+LITE has the fragment data preceded by a UDP header, with the fragment data following that, and the LITE, OCS, and FRAG options at the end (this is after the LITE move on receive or before the LITE move on transmit). In either case, some preceding headers and/or options and (in the -07 draft) some trailing options need to be trimmed off prior to reassembly. If the incoming packet data is stored in some form of scatter/gather storage (e.g., mbufs) these are fairly inexpensive operations, and more to the point, the cost is comparable for the two approaches. - In both my proposal and FRAG+LITE in the -07 draft. the individual fragments need to be recombined into the complete user data field and passed to the application layer. I see no difference at all between the approaches in this phase of the processing. In a typical implementation it involves copying the data from kernel scatter-gather storage (e.g., mbufs) into a continguous user-supplied buffer. If this does not sound right, please let me know what I've gotten wrong. > Some further points embedded below... [...] > 1) A legacy host that does not understand UDP options will erroneously > interpret FRAG without LITE as a complete UDP datagram. > > > I thought we converged to "don't use FRAG without LITE until you > confirm the other end speaks UDP options". What's the reason for > needing FRAG without LITE? We don't need, or want, FRAG without LITE. I regard it as a disadvantage that FRAG without LITE can exist, if we don't need or want it; we end up with a waste case that creates opportunities for errors (i.e., erroneously sending it to legacy implementations). This could be forgiven if it were necessary. I believe that my proposal offers an existence proof that it is not. > 2) The same is true for an options-aware host if OCS fails. > > If OCS fails, why would an options-aware host do anything further > with the packet? Because the spec (as of -07) says that if OCS fails the options will discarded and the packet will be processed as it would be if the were no options present. In the case of FRAG without LITE that means that the fragment data would be processed as if it were a complete datagram. > 3) Because LITE data (by design) is not covered by OCS/CCO, FRAG+LITE > will have very poor middlebox traversal properties unless the UDP > checksum is set to zero. For IPv6, even that will not work well, > because UDP CS=0 is often blocked by the network (this happened on > 26%-36% of the paths in Raffaele Zullo's recent measurements) > > That's a significant bug, but we really shouldn't design protocols > simply to get around bugs. > > At least one reason is that IPv6 UDP CS=0 is valid for tunnels and > needs to be supported. And I am not proposing to drop support for IPv6 UDP CS=0. I am, however, insisting that it must not be a mandatory precondition for UDP FRAG. > All of these disadvantages can be avoided if the fragment data is > pulled into the option. That can be done as follows: instead of having > the FRAG option capture preceding conventional or LITE user data as > fragment data, insist that the FRAG option appear ***last*** in the > option list and have it capture all remaining octets in the packet as > fragment data. The length field is no longer needed (it is implicit), > so it can be replaced by a More Fragments (MF) flag. By convention, if > this option appears, OCS would cover all UDP options as well as all > octets in the UDP trailer that follow the FRAG option; thus, there > would be no need for a separate overall checksum -- the reassembled > datagram would be protected in a manner equivalent to the way TCP user > data is protected by the checksums on individual segments. > > > Frag reassembly is not the same as TCP reconstitution. Our IDs do not > operate in sequence, The IDs don't, but the fragment offsets do. The proper way to think of this is that the Fragment ID singles out a stream. The Fragment Offset within that stream is equivalent to the TCP sequence number. Mike Heard