IETF Logo Mail Archive

Re: [tsvwg] Fwd: New Version Notification for draft-touch-tsvwg-udp-options-05.txt

Joe Touch <touch@isi.edu> Tue, 28 February 2017 23:14 UTC

Return-Path: <touch@isi.edu>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B977F129458 for <tsvwg@ietfa.amsl.com>; Tue, 28 Feb 2017 15:14:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Iv_G7SWnSEPl for <tsvwg@ietfa.amsl.com>; Tue, 28 Feb 2017 15:14:23 -0800 (PST)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D44C129435 for <tsvwg@ietf.org>; Tue, 28 Feb 2017 15:14:23 -0800 (PST)
Received: from [128.9.184.129] ([128.9.184.129]) (authenticated bits=0) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id v1SNDhCi022296 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 28 Feb 2017 15:13:44 -0800 (PST)
To: Tom Herbert <tom@herbertland.com>
References: <148823787288.13843.6091386736320524682.idtracker@ietfa.amsl.com> <800de1a6-cb9b-f22b-946a-8b6832fc9a05@isi.edu> <CALx6S34stwtPAnDo-CSt02bvtnds82TB19VqV=ac_vXpuqYdvA@mail.gmail.com>
From: Joe Touch <touch@isi.edu>
Message-ID: <e4f487d9-c7c0-fd6a-3ec0-2602d0766f2e@isi.edu>
Date: Tue, 28 Feb 2017 15:13:43 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1
MIME-Version: 1.0
In-Reply-To: <CALx6S34stwtPAnDo-CSt02bvtnds82TB19VqV=ac_vXpuqYdvA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------D6164A808D7A53A93B2193CD"
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/wuWFXPOztUdHEepScGetuOfz_Yk>
Cc: tsvwg <tsvwg@ietf.org>
Subject: Re: [tsvwg] Fwd: New Version Notification for draft-touch-tsvwg-udp-options-05.txt
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Feb 2017 23:14:24 -0000

Hi, Tom,


On 2/28/2017 3:02 PM, Tom Herbert wrote:
>
> ...
>
> From section 9:
>
> "It is useful that the above requirements prevent using UDP options to
> implement transport-layer fragmentation and reassembly unless that
> capability has been negotiated with an endpoint in advance for a
> socket pair. Legacy systems would need to be able to interpret the
> transport payload fragments as individual transport datagrams."
> This can probably more broadly be worded as saying that any option
> that cannot be safely ignored requires the capability to be
> negotiated. So that clearly includes fragmentation, encryption, and
> any other option that modifies the payload of the original UDP packet.

It depends; the variant that Mike proposed for FRAG using LITE with a
zero-size UDP user payload is backward compatible, but just ends up
dropping everything at a legacy receiver). We could actually pull the
same trick with any other mechanism that would have corrupted the
receiver, FWIW (not just FRAG) (see below, though).

> We can also include authentication in that list since that needs key
> negotiation also.
AE wouldn't (just as TCP-AO doesn't); both rely on predeployed keys.

> So probably the next question is whether a checksum or CRC can be
> ignored by a receiver.
> Note, VXLAN and LISP have already taken liberty to allow a non-zero
> received UDP checksum to be ignored, however this contrary to RFC1122
> which says:
> "If a UDP datagram is received with a checksum that is non-zero and
> invalid, UDP MUST silently discard the datagram."
>
> There is similar wording for IP and TCP checksums.
>
> I think this is the correct and robust policy for checksum/CRC. If a
> sender took the time to compute them and set them in the packet then
> it should be incumbent on the receiver to verify them. The whole point
> of enabling integrity checks is to catch errors and corruption, if we
> don't catch the errors at this layer we can only hope that they are
> caught later on but there's no guarantee. What's worse if I'm
> debugging an issue and snoop packets on the wire and see that sender
> is sending checksums but receiver is not catching bad packets then
> this is completely misleading. Allowing a receiver to ignore checksums
> undermines usefulness of the mechanism.
I agree that a required checksum cannot be ignored...
>
> So IMO, checksums and CRCs are in the class of options that cannot be
> ignored by a receiver and would need to be negotiated. That leaves TS
> and MSS options which probably can be safely ignored.
ACS is intended to provide better protection for receivers that support
them, but are intended to be ignored by those that do not.

Using ACS before reassembly would imply "drop if it fails if you support
it" - by design.

Using a CRC after reassembly would not, though - it MUST be dropped (but
then we'd know it was supported if the reassembly succeeded).

Joe

v2.23.0 | Report a Bug | By Email