Re: Stewart Bryant's Discuss on draft-ietf-6man-udpchecksums-04: (with DISCUSS and COMMENT)

Tue, 09 Oct 2012 05:44:08 -0700 

On 08/10/2012 19:13, Carsten Bormann wrote:

On Oct 8, 2012, at 19:22, Stewart Bryant <stbry...@cisco.com> wrote:


My point is that we have a practical experiment ongoing with the
huge number of PWs in deployment running over MPLS without
c/s protection at the tunnel or network layer and I have never seen
anyone raise an issue in either the PWE3 or MPLS WG. Hence
my conclusion that whilst there is a theoretical risk, the evidence
is that there are no reported issues.

One reason the occasional misdirected packet is not causing problems here might 
be that there are higher level headers that prevent delivery to an application 
(be it for a checksum mismatch or more likely because the higher level 
addresses just don't point in the direction of trouble).  Which would mesh fine 
with the argument made in the draft that UDP zero checksum is fine for tunnels 
but not so much for other applications like end-to-end.

I definitely agree with the subtext that the udpzero issue is often seen a bit 
more dogmatic than needs be, but I also think that having this degree of 
robustness in a widely deployed protocol is a desirable property that shouldn't 
be given up lightly.

Grüße, Carsten


Carsten
I think you are correct the few packets that have errors and actually get delivered probably then either get caught by the packet parser, or hit an idempotent system that corrects the state based 
on a later packet or local state.
Let's look at this from another perspective for a moment. The tunnel use of UDP is really "GRE that goes through firewalls and gets ECMPed". GRE has no c/s and as far as I know has no c/s added for IPv6 and thus is subject to the same issues that we are talking about here.
What is going to happen in practice is that the tunnel implementers are all going to say (for reasons in the text) that c/s is too hard, we will not do c/s and the application had better look after itself. You can see this is what is happening in LISP, which is one of the protocols that triggered this document pair. Thus my goal here is to align the text with actually is happening and is likely to continue to happen, since I think that benefits the community in the long term. 

- Stewart


--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

Reply via email to