[tsvwg] UDP Options: how to do FRAG without LITE and forced UDP CS=0
"C. M. Heard" <heard@pobox.com> Fri, 28 June 2019 16:23 UTC
Return-Path: <heard@pobox.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53C391203D1 for <tsvwg@ietfa.amsl.com>; Fri, 28 Jun 2019 09:23:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.689
X-Spam-Level:
X-Spam-Status: No, score=-2.689 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com; domainkeys=pass (1024-bit key) header.from=heard@pobox.com header.d=pobox.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DGHe_Uf_iY70 for <tsvwg@ietfa.amsl.com>; Fri, 28 Jun 2019 09:23:18 -0700 (PDT)
Received: from pb-smtp21.pobox.com (pb-smtp21.pobox.com [173.228.157.53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCCEA12040F for <tsvwg@ietf.org>; Fri, 28 Jun 2019 09:23:17 -0700 (PDT)
Received: from pb-smtp21.pobox.com (unknown [127.0.0.1]) by pb-smtp21.pobox.com (Postfix) with ESMTP id 1BCC981A2E for <tsvwg@ietf.org>; Fri, 28 Jun 2019 12:23:17 -0400 (EDT) (envelope-from heard@pobox.com)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=mime-version :from:date:message-id:subject:to:content-type; s=sasl; bh=UVTURc kDzJAuYd8Kw+AUvfVWMrs=; b=YDKros7ZxXx5E9GFjvIXbQOdsVbUbFn6CWmshq t/+JwOiUdcLaix+ARw6GRu/LQVXYLLDRGwP7vm5Gbr2GqTw/c1hPWMK+VqXU8/eM /rTlbtCJCOa5xZmStDDHDXJM1QnhV1GQvI6xZnk7RFyGtX91qHjM2lRrCtT0Mp92 E9PmY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=mime-version :from:date:message-id:subject:to:content-type; q=dns; s=sasl; b= PIYSx870d6TkHSSgp4aK5+PJNbS9xMCF5Qx5M/L8cZR7AG/INbgSxTXTQHZpTdvN Ngk09hckKBjAJwGrcRkgYnE2LbhQAlxGYvNoR6zqcOnSnlDIlARwyrO7coYLEbBV kYAIPZinqEW/+vaNTThTNCTsiyRV0/JAa0ZUCzFrD0g=
Received: from pb-smtp21.sea.icgroup.com (unknown [127.0.0.1]) by pb-smtp21.pobox.com (Postfix) with ESMTP id 13A2981A2D for <tsvwg@ietf.org>; Fri, 28 Jun 2019 12:23:17 -0400 (EDT) (envelope-from heard@pobox.com)
Received: from mail-io1-f47.google.com (unknown [209.85.166.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp21.pobox.com (Postfix) with ESMTPSA id 9EEBA81A2A for <tsvwg@ietf.org>; Fri, 28 Jun 2019 12:23:14 -0400 (EDT) (envelope-from heard@pobox.com)
Received: by mail-io1-f47.google.com with SMTP id w25so13705509ioc.8 for <tsvwg@ietf.org>; Fri, 28 Jun 2019 09:23:14 -0700 (PDT)
X-Gm-Message-State: APjAAAWl9Ol/Ji72hmswHEkfg6o35G4/rsmirPjsTUjoUZyYcIYs1Nk1 M6eyqyzrTSLE+vzbyQq2dcs6KMnWlV4NAe14LhM=
X-Google-Smtp-Source: APXvYqwU9r/dMvkoudQBxBraOFcZ9EuA9f96K1uasP3JjO56huskTlo3vc0li+n7Wh7sgIR+82ln0PQPeUQOMetne7A=
X-Received: by 2002:a05:6638:3d3:: with SMTP id r19mr12819190jaq.53.1561738993465; Fri, 28 Jun 2019 09:23:13 -0700 (PDT)
MIME-Version: 1.0
From: "C. M. Heard" <heard@pobox.com>
Date: Fri, 28 Jun 2019 09:23:02 -0700
X-Gmail-Original-Message-ID: <CACL_3VFtF0B6N5Qk1t42hLvkP-=P2h5WUF=6XzOcOY1eYtwdBw@mail.gmail.com>
Message-ID: <CACL_3VFtF0B6N5Qk1t42hLvkP-=P2h5WUF=6XzOcOY1eYtwdBw@mail.gmail.com>
To: TSVWG <tsvwg@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000efff24058c64b17b"
X-Pobox-Relay-ID: 07980C36-99C1-11E9-A4B4-8D86F504CC47-06080547!pb-smtp21.pobox.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/Wv--BLVMPAX6g5umok9BQsXAEGg>
Subject: [tsvwg] UDP Options: how to do FRAG without LITE and forced UDP CS=0
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jun 2019 16:23:21 -0000
Greetings, The version of FRAG defined in draft-ietf-tsvwg-udp-options-07 suffers from the following disadvantages: 1) A legacy host that does not understand UDP options will erroneously interpret FRAG without LITE as a complete UDP datagram. 2) The same is true for an options-aware host if OCS fails. 3) Because LITE data (by design) is not covered by OCS/CCO, FRAG+LITE will have very poor middlebox traversal properties unless the UDP checksum is set to zero. For IPv6, even that will not work well, because UDP CS=0 is often blocked by the network (this happened on 26%-36% of the paths in Raffaele Zullo's recent measurements) All of these disadvantages can be avoided if the fragment data is pulled into the option. That can be done as follows: instead of having the FRAG option capture preceding conventional or LITE user data as fragment data, insist that the FRAG option appear ***last*** in the option list and have it capture all remaining octets in the packet as fragment data. The length field is no longer needed (it is implicit), so it can be replaced by a More Fragments (MF) flag. By convention, if this option appears, OCS would cover all UDP options as well as all octets in the UDP trailer that follow the FRAG option; thus, there would be no need for a separate overall checksum -- the reassembled datagram would be protected in a manner equivalent to the way TCP user data is protected by the checksums on individual segments. The revised FRAG option formats would be as follows: +--------+--------+--------+--------+ | Kind=6 | MF=1 | Frag. Offset | +--------+--------+--------+--------+ | Identification | +--------+--------+--------+--------+ | ... Fragment Data ... | +--------+--------+--------+--------+ UDP non-terminal FRAG option format +--------+--------+--------+--------+ | Kind=6 | MF=0 | Frag. Offset | +--------+--------+--------+--------+ | Identification | +--------+--------+--------+--------+ | ... Fragment Data ... | +--------+--------+--------+--------+ UDP terminal FRAG option format The following requirements would apply: >> When the FRAG option appears, it MUST come last in the UDP options list. All remaining octets in the packet are interpreted as fragment data. >> OCS, if present, covers both the FRAG option and the trailing fragment data. >> A host that wishes to signal that it is able to accept and process the FRAG option MAY do so by transmitting an unfragmented datagram with an empty terminal FRAG option whose Offset field is set to zero. >> Non-empty FRAG options MUST NOT be present in packets with ordinary UDP user data or LITE data. Any such options MUST be silently dropped. >> UDP options other than OCS and padding MUST NOT accompany the FRAG option in non-terminal fragments. Any such options MUST be silently dropped. All other options that apply to a reassembled packet must accompany the FRAG header in the terminal fragment. To handle the case when the user UDP CS setting specifies that the UDP checksum should be zero, we just omit the OCS option (in line with the proposal to always tie the presence or absence of OCS to the user UCP CS setting). By not having a distinct overall checksum for the reassembled packet, this version of FRAG avoids duplicate work (just as FRAG+LITE does in the -07 draft). Having the OCS cover the data in each fragment provides protection that is essentially the same as what TCP provides with checksums and sequence numbers on individual segments, if the user has requested a checksum. For in order to deliver the reassembled data, we require all fragments to be present and to fit together exactly, with no gaps and no overlap. The result is essentially equivalent to what is provided by the post-reassembly checksum in the -07 draft, the main difference being that the options are also included. Note that ACS is still available if a stronger post-reassembly checksum is wanted. I believe that this proposal squarely addresses the disadvantages of the -07 version of FRAG that are enumerated at the beginning of this message. It offers a solution that provides protection equivalent to conventional IP fragmentation coupled with the standard UDP checksum, allows for middlebox traversal, and avoids duplicate checksum computations. Mike Heard