IETF Logo Mail Archive

Re: [tsvwg] UDP Options: on forcing the use of UDP CS=0 in connection with FRAG+LITE

"C. M. Heard" <heard@pobox.com> Sat, 29 June 2019 06:31 UTC

Return-Path: <heard@pobox.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EB33120024 for <tsvwg@ietfa.amsl.com>; Fri, 28 Jun 2019 23:31:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com; domainkeys=pass (1024-bit key) header.from=heard@pobox.com header.d=pobox.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FeJss71UzFzP for <tsvwg@ietfa.amsl.com>; Fri, 28 Jun 2019 23:30:58 -0700 (PDT)
Received: from pb-smtp2.pobox.com (pb-smtp2.pobox.com [64.147.108.71]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67AC21200E6 for <tsvwg@ietf.org>; Fri, 28 Jun 2019 23:30:58 -0700 (PDT)
Received: from pb-smtp2.pobox.com (unknown [127.0.0.1]) by pb-smtp2.pobox.com (Postfix) with ESMTP id 66B72158B67 for <tsvwg@ietf.org>; Sat, 29 Jun 2019 02:30:55 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; s=sasl; bh=e2VeJMETDNZJhC+NfrhMQmXJG0I=; b=wAswBl eUlQim+mO3vrJU7VV2mRZ9TuPhelxdkZcvfT8t+ixuPOUieXsCqL8uOtQsQKSlUh 2tJyJ5h7s/n1wqlEVKW5Ebg599UwlHtPSwZmZAVGFCUq+yVm6D6K69gP9UcNxhce tqdp0eVzgAYlOKhxHSXsJOv0xgoxJgv+Ykzfs=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; q=dns; s=sasl; b=HFha5c5VIrAQ4+Mpt7DN/gmrzHKA1UKV hc9roHORCbX8aPbaFTILTyoYikvAzNDl6HjPEgM7dHmqcIzu8w/ZhbpgmrCAQ+GB cgxt6Yw4AjreAxnflDJiKowcYNsTQjHu/yqCoQXTvxMvfvTOES2aCUszkjWTG63V i+ftCZ4dvV4=
Received: from pb-smtp2.nyi.icgroup.com (unknown [127.0.0.1]) by pb-smtp2.pobox.com (Postfix) with ESMTP id 5F74A158B66 for <tsvwg@ietf.org>; Sat, 29 Jun 2019 02:30:55 -0400 (EDT)
Received: from mail-io1-f50.google.com (unknown [209.85.166.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp2.pobox.com (Postfix) with ESMTPSA id D3E19158B63 for <tsvwg@ietf.org>; Sat, 29 Jun 2019 02:30:54 -0400 (EDT)
Received: by mail-io1-f50.google.com with SMTP id s7so17164529iob.11 for <tsvwg@ietf.org>; Fri, 28 Jun 2019 23:30:54 -0700 (PDT)
X-Gm-Message-State: APjAAAUhPU4UYWtixg6yYwOYmOVpGy9+iQ7aekzSUH16mdiCdNu70rLF z1UtWJ3GOxMHzlwAxg0E9j1HppW2sJ4axN0aPX0=
X-Google-Smtp-Source: APXvYqwgQeEkubPk+7fFcC+Z5txMQeqSsaHPEd+Z8tA5iiZBOaBl3GHcWyXm5yAicegR6qE18l1u3yfwkVu9EJx+swY=
X-Received: by 2002:a6b:dd17:: with SMTP id f23mr4807969ioc.213.1561789854352; Fri, 28 Jun 2019 23:30:54 -0700 (PDT)
MIME-Version: 1.0
References: <CACL_3VHGtMz3htgfFLRGhjXm=qC7kOXQs+cchtamhh-giBnpLA@mail.gmail.com> <CALx6S35T9ApzMaoSVgHSJPpcpfXsbHHogoBbEjMPj6vH-kxYeA@mail.gmail.com>
In-Reply-To: <CALx6S35T9ApzMaoSVgHSJPpcpfXsbHHogoBbEjMPj6vH-kxYeA@mail.gmail.com>
From: "C. M. Heard" <heard@pobox.com>
Date: Fri, 28 Jun 2019 23:30:42 -0700
X-Gmail-Original-Message-ID: <CACL_3VE6kr33Vk5si5AxSZNmhqysZZGoy6HK37COUgwbvcRkdA@mail.gmail.com>
Message-ID: <CACL_3VE6kr33Vk5si5AxSZNmhqysZZGoy6HK37COUgwbvcRkdA@mail.gmail.com>
To: Tom Herbert <tom@herbertland.com>
Cc: TSVWG <tsvwg@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007b90f7058c70895c"
X-Pobox-Relay-ID: 72A56DB8-9A37-11E9-8D90-72EEE64BB12D-06080547!pb-smtp2.pobox.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/vHPTtNYDNXQ6XPq1NCZVsZFtjA8>
Subject: Re: [tsvwg] UDP Options: on forcing the use of UDP CS=0 in connection with FRAG+LITE
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Jun 2019 06:31:03 -0000

On Fri, Jun 28, 2019 at 2:30 PM Tom Herbert <tom@herbertland.com> wrote:

> On Fri, Jun 28, 2019 at 9:23 AM C. M. Heard <heard@pobox.com> wrote:
>
...

> .For IPv6, at least, it seems that UDP CS=0 does not have very good
>> middlebox
>> traversal properties. Raffaele Zullo has shared with me the results of
>> some
>> (admittedly small-scale) measurements he did to look specifically at this,
>> and the results were not especially encouraging: depending on the test
>> case,
>> between 26% and 36% of the paths blocked UDP CS=0 over IPv6 from reaching
>> the final router before the  destination (see results for test cases B1
>> below). By contrast, a UDP packet with a properly compensated checksum was
>> seen in previous measurements to have around a 94% chance of getting to
>> the
>> destination under comparable circumstances (see results for IPv6 HTTP in
>>
>> https://datatracker.ietf.org/meeting/103/materials/slides-103-maprg-a-tale-of-two-checksums-tom-jones-00
>> <https://datatracker..ietf.org/meeting/103/materials/slides-103-maprg-a-tale-of-two-checksums-tom-jones-00>
>> ).
>>
>> Also, this is would be violation of RFC8200: "IPv6 receivers must
> discard UDP packets containing a zero checksum and should log the error".
> So it's not just middleboxes, end hosts will also have problems with UDPv6
> zero checksums.
>

Yes, of course -- the low DNS response rate in Raffaele's data below bear
that out -- but if the intent is to use it for the FRAG option, then hosts
would need modifications anyway.


> > On 2019-04-07 16:11, C. M. Heard wrote:
>> > > Hello Raffaele,
>> > >
>> > > Thank you for taking the time to dig out this information.
>> > >
>> > > I see that the response rates for UDP CS=0 over IPv6 are quite low,
>> > > with
>> > > or without UDP options.  However, as you point out, the measurements
>> > > cannot distinguish cases where middleboxes in the path discard CS=0
>> > > packets from cases where the server itself does so.  In order to draw
>> > > firm conclusions about the the proportion of paths that drop IPv6 UDP
>> > > CS=0,
>> > > it seems that one would need some independent means to estimate
>> > > the proportion of servers that discard IPv6 UDP CS=0..
>> > >
>> > > Do you think it would be useful to share this data with the TSVWG
>> list?
>> > >
>> > > Good luck on the job hunt.
>> > >
>> > > Mike Heard
>> > >
>> > > On Sun, Apr 7, 2019 at 6:25 AM Raffaele Zullo wrote:
>> > > >
>> > > > Hello Gorry,
>> > > > Hello Mike,
>> > > >
>> > > > Sorry for the late reply.
>> > > > I've got lost in a few other things (basically job hunting is a
>> job).
>> > > >
>> > > > Anyway I finally got my VPN access to the lab network restored so I
>> > > > could retrieve measurements data.
>> > > >
>> > > >
>> > > > We tested a limited number of (paths to) IPv6 servers, obtained from
>> > > > Alexa top-1m:
>> > > > 17110 authoritative DNS servers
>> > > > and
>> > > > 12184 HTTP servers.
>> > > >
>> > > > DNS servers were tested with well-crafted DNS queries.
>> > > > The first packet was a regular UDP packet with correct CS.
>> > > > If the server replied to the query then it was tested with CS=0,
>> > > > Options, etc.
>> > > >
>> > > > Paths to HTTP servers were instead tested with padded packets sent
>> to
>> > > > UDP port 80.
>> > > > The first packet was again a regular UDP packet with correct CS.
>> > > > If the server replied with ICMP Port Unreachable, then it was tested
>> > > > with CS=0, Options, etc.
>> > > >
>> > > > Out of 17110 DNS servers
>> > > > 1.75% replied to UDP CS=0
>> > > > 1.43% replied to UDP+Opt CS=0
>> > > >
>> > > > Out of 12184 HTTP servers
>> > > > 17.21% replied to UDP CS=0
>> > > > 16.67% replied to UDP+Opt CS=0
>> > > >
>> > > >
>> > > > These are the raw data.
>> > > >
>> > > >
>> > > > I would add that the portion of paths OK with IPv6 UDP CS=0 can be
>> > > > underestimated.
>> > > > Since we are measuring paths to servers, the server itself can
>> affect
>> > > > the measurement,
>> > > > for instance if the path is clean but the server's stack discards
>> IPv6
>> > > > with UDP CS=0, the outcome of the measurement will be negative.
>> > > >
>> > > >
>> > > > Cheers,
>> > > > Raffaele
>> > > >
>> > >
>> >
>>
>

v2.23.0 | Report a Bug | By Email