On Jul 29, 2009, at 8:02 AM, Dino Farinacci wrote:
This is a reminder that draft-fairhurst-6man-tsvwg-udptt and
http://tools.ietf.org/html/draft-eubanks-chimento-6man-00
are still open and will be discussed at the 6man meeting Wednesday.
Basically, one prescribes no checksum for the "outer" packet in
IPv6 encapsulations, the other a fixed checksum per flow. My
understanding is that this matter is relevant to LISP.
If you are interested, please try to attend as a decision may be
made soon.
Sorry, I have a conflict right now. But here is the position of one
LISP implementor and a coauthor of the LISP specifications:
From a practical perspective, we prefer that a LISP encapsulator
(ITR and PTR) not incurred additional work when encapsulating
packets. The main LISP spec indicates:
(1) The UDP checksum in the outer header MUST be set to 0 by an
encapsulator.
(2) The decapsulator MUST ignore the UDP checksum.
We stand by this text and see no reason to change it.
Are you using "we" to refer to yourself as both an implementor and a
co-author? ;-)
FWIW, I have serious concerns about draft-fairhurst-6man-tsvwg-udptt,
as it involves overloading the UDP "next-header" value to refer to two
different header types (real UDP and UDP-TT).
However, I also have serious concerns about using zero UDP checksums
with IPv6.
There are no practical reasons to use outer header UDP checksums
regardless of the 4 combinations of packet types (v4-in-v4, v6-in-
v6, v6-in-v4, or v4-or-v6) being forwarded by LISP routers.
I think that this statement is answering the wrong question...
Since we have standards-track protocols that indicate that UDP
checksums must not be zero in IPv6 (for good reasons), I believe that
we should use valid UDP checksums in IPv6 outer headers, unless we can
provide practical (and compelling) reasons why _not_ to do so. So,
what are those reasons?
If we do manage to achieve consensus that it makes sense to zero-out
the UDP checksum in IPv6 outer headers, there are a number of
questions we will have to answer...
The problem with eliminating the UDP checksum in UDP over IPv6 is that
(unlike in IPv4) the IPv6 source and destination addresses are not
protected. So, the packet may be corrupted such that it is sent to
the wrong destination. When it arrives at the wrong destination, it
may be processed by an IP stack that is unaware of LISP.
We need to consider what will happen if one of these packets is
received by a non-LISP node. Are you assuming that non-LISP stacks
will simply throw away these packets, because they have zero (and
therefore invalid) UDP checksums? That's only a good assumption if we
assume that LISP is the _only_ protocol that will allow the use of
zero checksums. If the packet is processed by the stack, there
shouldn't be a non-LISP application on port 4342, so the packet should
be dropped. We should define, however, how the sending LISP node will
deal with an ICMPv6 "port unreachable" error, so that an error
received from the wrong destination does not interfere with
communication with the right destination.
We also need to consider the possibility that a packet will be
received by a different LISP node than the one for which it was
intended, or that it will arrive at the correct LISP destination with
the wrong source address in the external header. What happens in
those cases?
Margaret
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
