[tsvwg] UDP Options: how to do FRAG without LITE and forced UDP CS=0
"C. M. Heard" <heard@pobox.com> Fri, 28 June 2019 16:23 UTC
Return-Path: <heard@pobox.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53C391203D1 for <tsvwg@ietfa.amsl.com>; Fri, 28 Jun 2019 09:23:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.689
X-Spam-Level:
X-Spam-Status: No, score=-2.689 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com; domainkeys=pass (1024-bit key) header.from=heard@pobox.com header.d=pobox.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DGHe_Uf_iY70 for <tsvwg@ietfa.amsl.com>; Fri, 28 Jun 2019 09:23:18 -0700 (PDT)
Received: from pb-smtp21.pobox.com (pb-smtp21.pobox.com [173.228.157.53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCCEA12040F for <tsvwg@ietf.org>; Fri, 28 Jun 2019 09:23:17 -0700 (PDT)
Received: from pb-smtp21.pobox.com (unknown [127.0.0.1]) by pb-smtp21.pobox.com (Postfix) with ESMTP id 1BCC981A2E for <tsvwg@ietf.org>; Fri, 28 Jun 2019 12:23:17 -0400 (EDT) (envelope-from heard@pobox.com)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=mime-version :from:date:message-id:subject:to:content-type; s=sasl; bh=UVTURc kDzJAuYd8Kw+AUvfVWMrs=; b=YDKros7ZxXx5E9GFjvIXbQOdsVbUbFn6CWmshq t/+JwOiUdcLaix+ARw6GRu/LQVXYLLDRGwP7vm5Gbr2GqTw/c1hPWMK+VqXU8/eM /rTlbtCJCOa5xZmStDDHDXJM1QnhV1GQvI6xZnk7RFyGtX91qHjM2lRrCtT0Mp92 E9PmY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=mime-version :from:date:message-id:subject:to:content-type; q=dns; s=sasl; b= PIYSx870d6TkHSSgp4aK5+PJNbS9xMCF5Qx5M/L8cZR7AG/INbgSxTXTQHZpTdvN Ngk09hckKBjAJwGrcRkgYnE2LbhQAlxGYvNoR6zqcOnSnlDIlARwyrO7coYLEbBV kYAIPZinqEW/+vaNTThTNCTsiyRV0/JAa0ZUCzFrD0g=
Received: from pb-smtp21.sea.icgroup.com (unknown [127.0.0.1]) by pb-smtp21.pobox.com (Postfix) with ESMTP id 13A2981A2D for <tsvwg@ietf.org>; Fri, 28 Jun 2019 12:23:17 -0400 (EDT) (envelope-from heard@pobox.com)
Received: from mail-io1-f47.google.com (unknown [209.85.166.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp21.pobox.com (Postfix) with ESMTPSA id 9EEBA81A2A for <tsvwg@ietf.org>; Fri, 28 Jun 2019 12:23:14 -0400 (EDT) (envelope-from heard@pobox.com)
Received: by mail-io1-f47.google.com with SMTP id w25so13705509ioc.8 for <tsvwg@ietf.org>; Fri, 28 Jun 2019 09:23:14 -0700 (PDT)
X-Gm-Message-State: APjAAAWl9Ol/Ji72hmswHEkfg6o35G4/rsmirPjsTUjoUZyYcIYs1Nk1 M6eyqyzrTSLE+vzbyQq2dcs6KMnWlV4NAe14LhM=
X-Google-Smtp-Source: APXvYqwU9r/dMvkoudQBxBraOFcZ9EuA9f96K1uasP3JjO56huskTlo3vc0li+n7Wh7sgIR+82ln0PQPeUQOMetne7A=
X-Received: by 2002:a05:6638:3d3:: with SMTP id r19mr12819190jaq.53.1561738993465; Fri, 28 Jun 2019 09:23:13 -0700 (PDT)
MIME-Version: 1.0
From: "C. M. Heard" <heard@pobox.com>
Date: Fri, 28 Jun 2019 09:23:02 -0700
X-Gmail-Original-Message-ID: <CACL_3VFtF0B6N5Qk1t42hLvkP-=P2h5WUF=6XzOcOY1eYtwdBw@mail.gmail.com>
Message-ID: <CACL_3VFtF0B6N5Qk1t42hLvkP-=P2h5WUF=6XzOcOY1eYtwdBw@mail.gmail.com>
To: TSVWG <tsvwg@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000efff24058c64b17b"
X-Pobox-Relay-ID: 07980C36-99C1-11E9-A4B4-8D86F504CC47-06080547!pb-smtp21.pobox.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/Wv--BLVMPAX6g5umok9BQsXAEGg>
Subject: [tsvwg] UDP Options: how to do FRAG without LITE and forced UDP CS=0
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jun 2019 16:23:21 -0000
Greetings,
The version of FRAG defined in draft-ietf-tsvwg-udp-options-07 suffers
from the following disadvantages:
1) A legacy host that does not understand UDP options will erroneously
interpret FRAG without LITE as a complete UDP datagram.
2) The same is true for an options-aware host if OCS fails.
3) Because LITE data (by design) is not covered by OCS/CCO, FRAG+LITE
will have very poor middlebox traversal properties unless the UDP
checksum is set to zero. For IPv6, even that will not work well,
because UDP CS=0 is often blocked by the network (this happened on
26%-36% of the paths in Raffaele Zullo's recent measurements)
All of these disadvantages can be avoided if the fragment data is
pulled into the option. That can be done as follows: instead of having
the FRAG option capture preceding conventional or LITE user data as
fragment data, insist that the FRAG option appear ***last*** in the
option list and have it capture all remaining octets in the packet as
fragment data. The length field is no longer needed (it is implicit),
so it can be replaced by a More Fragments (MF) flag. By convention, if
this option appears, OCS would cover all UDP options as well as all
octets in the UDP trailer that follow the FRAG option; thus, there
would be no need for a separate overall checksum -- the reassembled
datagram would be protected in a manner equivalent to the way TCP user
data is protected by the checksums on individual segments.
The revised FRAG option formats would be as follows:
+--------+--------+--------+--------+
| Kind=6 | MF=1 | Frag. Offset |
+--------+--------+--------+--------+
| Identification |
+--------+--------+--------+--------+
| ... Fragment Data ... |
+--------+--------+--------+--------+
UDP non-terminal FRAG option format
+--------+--------+--------+--------+
| Kind=6 | MF=0 | Frag. Offset |
+--------+--------+--------+--------+
| Identification |
+--------+--------+--------+--------+
| ... Fragment Data ... |
+--------+--------+--------+--------+
UDP terminal FRAG option format
The following requirements would apply:
>> When the FRAG option appears, it MUST come last in the UDP options
list. All remaining octets in the packet are interpreted as fragment
data.
>> OCS, if present, covers both the FRAG option and the trailing
fragment data.
>> A host that wishes to signal that it is able to accept and process
the FRAG option MAY do so by transmitting an unfragmented datagram
with an empty terminal FRAG option whose Offset field is set to zero.
>> Non-empty FRAG options MUST NOT be present in packets with ordinary
UDP user data or LITE data. Any such options MUST be silently dropped.
>> UDP options other than OCS and padding MUST NOT accompany the FRAG
option in non-terminal fragments. Any such options MUST be silently
dropped. All other options that apply to a reassembled packet must
accompany the FRAG header in the terminal fragment.
To handle the case when the user UDP CS setting specifies that the UDP
checksum should be zero, we just omit the OCS option (in line with the
proposal to always tie the presence or absence of OCS to the user UCP CS
setting). By not having a distinct overall checksum for the reassembled
packet, this version of FRAG avoids duplicate work (just as FRAG+LITE does
in the -07 draft). Having the OCS cover the data in each fragment provides
protection that is essentially the same as what TCP provides with
checksums and sequence numbers on individual segments, if the user has
requested a checksum. For in order to deliver the reassembled data, we
require all fragments to be present and to fit together exactly, with no
gaps and no overlap. The result is essentially equivalent to what is
provided by the post-reassembly checksum in the -07 draft, the main
difference being that the options are also included. Note that ACS is
still available if a stronger post-reassembly checksum is wanted.
I believe that this proposal squarely addresses the disadvantages of the
-07 version of FRAG that are enumerated at the beginning of this message.
It offers a solution that provides protection equivalent to conventional
IP fragmentation coupled with the standard UDP checksum, allows for
middlebox traversal, and avoids duplicate checksum computations.
Mike Heard