Applicability Statement for the use of IPv6 UDP Datagrams with Zero Checksums
draft-ietf-6man-udpzero-10
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 6936.
|
|
|---|---|---|---|
| Authors | Gorry Fairhurst , Magnus Westerlund | ||
| Last updated | 2013-01-24 (Latest revision 2013-01-21) | ||
| Replaces | draft-fairhurst-tsvwg-6man-udpzero, draft-6man-udpzero | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Formats | |||
| Reviews | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | Submitted to IESG for Publication | |
| Document shepherd | Ole Trøan | ||
| Shepherd write-up | Show Last changed 2012-09-12 | ||
| IESG | IESG state | Became RFC 6936 (Proposed Standard) | |
| Consensus boilerplate | Unknown | ||
| Telechat date |
(None)
Needs a YES. Needs 10 more YES or NO OBJECTION positions to pass. |
||
| Responsible AD | Brian Haberman | ||
| Send notices to | 6man-chairs@tools.ietf.org, draft-ietf-6man-udpzero@tools.ietf.org |
draft-ietf-6man-udpzero-10
usage and updates to end-points and middleboxes.
o IP-in-IP tunneling. As this method completely dispenses with a
transport protocol in the outer-layer it has reduced overhead and
complexity, but also reduced functionality. There is no outer
checksum over the packet and also no ports to perform
demultiplexing between different tunnel types. This reduces the
information available upon which a load balancer may act.
These options are compared and discussed further in the following
sections.
A.2. Comparison
This section compares the above listed methods to support datagram
tunneling. It includes proposals for updating the behaviour of UDP.
While this comparison focuses on applications that are expected to
execute on routers, the distinction between a router and a host is
not always clear, especially at the transport level. Systems (such
as unix-based operating systems) routinely provide both functions.
There is no way to identify the role of the receiving node from a
received packet.
A.2.1. Middlebox Traversal
Regular UDP with a standard checksum or the delta encoded
optimization for creating correct checksums have the best
possibilities for successful traversal of a middlebox. No new
support is required.
A method that ignores the UDP checksum on reception is expected to
have a good probability of traversal, because most middleboxes
perform an incremental checksum update. UDPTT would also have been
able to traverse a middlebox with this behaviour. However, a
middlebox on the path that attempts to verify a standard checksum
will not forward packets using either of these methods, preventing
traversal. A method that ignores the checksum has an additional
downside in that it prevents improvement of middlebox traversal,
because there is no way to identify UDP datagrams that use the
modified checksum behaviour.
IP-in-IP or GRE tunnels offer good traversal of middleboxes that have
not been designed for security, e.g. firewalls. However, firewalls
may be expected to be configured to block general tunnels as they
present a large attack surface.
A new IPv6 Destination Options header will suffer traversal issues
Fairhurst & Westerlund Expires July 25, 2013 [Page 30]
Internet-Draft Applicability of IPv6 UDP Zero Checksum January 2013
with middleboxes, especially Firewalls and NATs, and will likely
require them to be updated before the extension header is passed.
Datagrams with a zero UDP checksum will not be passed by any
middlebox that validates the checksum using RFC 2460 or updates the
checksum field, such as NAT or firewalls. This would require an
update to correctly handle a datagram with a zero UDP checksum.
UDP-Lite will require an update of almost all type of middleboxes,
because it requires support for a separate network-layer protocol
number. Once enabled, the method to support incremental checksum
update would be identical to that for UDP, but different for checksum
validation.
A.2.2. Load Balancing
The usefulness of solutions for load balancers depends on the
difference in entropy in the headers for different flows that can be
included in a hash function. All the proposals that use the UDP
protocol number have equal behavior. UDP-Lite has the potential for
equally good behavior as for UDP. However, UDP-Lite is currently
unlikely to be supported by deployed hashing mechanisms, which could
cause a load balancer to not use the transport header in the computed
hash. A load balancer that only uses the IP header will have low
entropy, but could be improved by including the IPv6 the flow label,
providing that the tunnel ingress ensures that different flow labels
are assigned to different flows. However, a transition to the common
use of good quality flow labels is likely to take time to deploy.
A.2.3. Ingress and Egress Performance Implications
IP-in-IP tunnels are often considered efficient, because they
introduce very little processing and low data overhead. The other
proposals introduce a UDP-like header incurring associated data
overhead. Processing is minimised for the method that uses a zero
UDP checksum, ignoring the UDP checksum on reception, and only
slightly higher for UDPTT, the extension header and UDP-Lite. The
delta-calculation scheme operates on a few more fields, but also
introduces serious failure modes that can result in a need to
calculate a checksum over the complete datagram. Regular UDP is
clearly the most costly to process, always requiring checksum
calculation over the entire datagram.
It is important to note that the zero UDP checksum method, ignoring
checksum on reception, the Option Header, UDPTT and UDP-Lite will
likely incur additional complexities in the application to
incorporate a negotiation and validation mechanism.
Fairhurst & Westerlund Expires July 25, 2013 [Page 31]
Internet-Draft Applicability of IPv6 UDP Zero Checksum January 2013
A.2.4. Deployability
The major factors influencing deployability of these solutions are a
need to update both end-points, a need for negotiation and the need
to update middleboxes. These are summarised below:
o The solution with the best deployability is regular UDP. This
requires no changes and has good middlebox traversal
characteristics.
o The next easiest to deploy is the delta checksum solution. This
does not modify the protocol on the wire and only needs changes in
tunnel ingress.
o IP-in-IP tunnels should not require changes to the end-points, but
raise issues when traversing firewalls and other security-type
devices, which are expected to require updates.
o Ignoring the checksum on reception will require changes at both
end-points. The never ceasing risk of path failure requires
additional checks to ensure this solution is robust and will
require changes or additions to the tunnel control protocol to
negotiate support and validate the path.
o The remaining solutions offer similar deployability. UDP-Lite
requires support at both end-points and in middleboxes. UDPTT and
the zero UDP checksum method with or without an extension header
require support at both end-points and in middleboxes. UDP-Lite,
UDPTT, and the zero UDP checksum method and use of extension
headers may additionally require changes or additions to the
tunnel control protocol to negotiate support and path validation.
A.2.5. Corruption Detection Strength
The standard UDP checksum and the delta checksum can both provide
some verification at the tunnel egress. This can significantly
reduce the probability that a corrupted inner packet is forwarded.
UDP-Lite, UDPTT and the extension header all provide some
verification against corruption, but do not verify the inner packet.
They only provide a strong indication that the delivered packet was
intended for the tunnel egress and was correctly delimited. The
methods using a zero UDP checksum, ignoring the UDP checksum on
reception and IP-and-IP encapsulation all provide no verification
that a received datagram was intended to be processed by a specific
tunnel egress or that the inner encapsulated packet was correct.
Fairhurst & Westerlund Expires July 25, 2013 [Page 32]
Internet-Draft Applicability of IPv6 UDP Zero Checksum January 2013
A.2.6. Comparison Summary
The comparisons above may be summarised as "there is no silver bullet
that will slay all the issues". One has to select which down side(s)
can best be lived with. Focusing on the existing solutions, this can
be summarized as:
Regular UDP: The method defined in RFC 2460 has good middlebox
traversal and load balancing and multiplexing, requiring a
checksum in the outer headers covering the whole packet.
IP in IP: A low complexity encapsulation, with limited middlebox
traversal, no multiplexing support, and currently poor load
balancing support that could improve over time.
UDP-Lite: A medium complexity encapsulation, with good multiplexing
support, limited middlebox traversal, but possible to improve over
time, currently poor load balancing support that could improve
over time, in most cases requiring application level negotiation
to select the protocol and validation to confirm the path forwards
UDP-Lite.
The delta-checksum is an optimization in the processing of UDP, as
such it exhibits some of the drawbacks of using regular UDP.
The remaining proposals may be described in similar terms:
Zero-Checksum: A low complexity encapsulation, with good
multiplexing support, limited middlebox traversal that could
improve over time, good load balancing support, in most cases
requiring application level negotiation and validation to confirm
the path forwards a zero UDP checksum.
UDPTT: A medium complexity encapsulation, with good multiplexing
support, limited middlebox traversal, but possible to improve over
time, good load balancing support, in most cases requiring
application level negotiation to select the transport and
validation to confirm the path forwards UDPTT datagrams.
IPv6 Destination Option IP in IP tunneling: A medium complexity,
with no multiplexing support, limited middlebox traversal,
currently poor load balancing support that could improve over
time, in most cases requiring negotiation to confirm the option is
supported and validation to confirm the path forwards the option.
Fairhurst & Westerlund Expires July 25, 2013 [Page 33]
Internet-Draft Applicability of IPv6 UDP Zero Checksum January 2013
IPv6 Destination Option combined with UDP Zero-checksuming: A medium
complexity encapsulation, with good multiplexing support, limited
load balancing support that could improve over time, in most cases
requiring negotiation to confirm the option is supported and
validation to confirm the path forwards the option.
Ignore the checksum on reception: A low complexity encapsulation,
with good multiplexing support, medium middlebox traversal that
never can improve, good load balancing support, in most cases
requiring negotiation to confirm the option is supported by the
remote endpoint and validation to confirm the path forwards a zero
UDP checksum.
There is no clear single optimum solution. If the most important
need is to traverse middleboxes, then the best choice is to stay with
regular UDP and consider the optimizations that may be required to
perform the checksumming. If one can live with limited middlebox
traversal, low complexity is necessary and one does not require load
balancing, then IP-in-IP tunneling is the simplest. If one wants
strengthened error detection, but with currently limited middlebox
traversal and load-balancing. UDP-Lite is appropriate. Zero UDP
checksum addresses another set of constraints, low complexity and a
need for load balancing from the current Internet, providing it can
live with currently limited middlebox traversal.
Techniques for load balancing and middlebox traversal do continue to
evolve. Over a long time, developments in load balancing have good
potential to improve. This time horizon is long since it requires
both load balancer and end-point updates to get full benefit. The
challenges of middlebox traversal are also expected to change with
time, as device capabilities evolve. Middleboxes are very prolific
with a larger proportion of end-user ownership, and therefore may be
expected to take long time cycles to evolve.
One potential advantage is that the deployment of IPv6-capable
middleboxes are still in its initial phase and the quicker a new
method becomes standardized, the fewer boxes will be non-compliant.
Thus, the question of whether to permit use of datagrams with a zero
UDP checksum for IPv6 under reasonable constraints, is therefore best
viewed as a trade-off between a number of more subjective questions:
o Is there sufficient interest in using a zero UDP checksum with the
given constraints (summarised below)?
o Are there other avenues of change that will resolve the issue in a
better way and sufficiently quickly ?
Fairhurst & Westerlund Expires July 25, 2013 [Page 34]
Internet-Draft Applicability of IPv6 UDP Zero Checksum January 2013
o Do we accept the complexity cost of having one more solution in
the future?
The analysis concludes that the IETF should carefully consider
constraints on sanctioning the use of any new transport mode. The
6man working group of the IETF has determined that the answer to the
above questions are sufficient to update IPv6 to standardise use of a
zero UDP checksum for use by tunnel encapsulations for specific
applications.
Each application should consider the implications of choosing an IPv6
transport that uses a zero UDP checksum. In many cases, standard
methods may be more appropriate, and may simplify application design.
The use of checksum off-loading may help alleviate the checksum
processing cost and permit use of a checksum using method defined in
RFC 2460.
Appendix B. Document Change History
{RFC EDITOR NOTE: This section must be deleted prior to publication}
Individual Draft 00 This is the first DRAFT of this document - It
contains a compilation of various discussions and contributions
from a variety of IETF WGs, including: mboned, tsv, 6man, lisp,
and behave. This includes contributions from Magnus with text on
RTP, and various updates.
Individual Draft 01
* This version corrects some typos and editorial NiTs and adds
discussion of the need to negotiate and verify operation of a
new mechanism (3.3.4).
Individual Draft 02
* Version -02 corrects some typos and editorial NiTs.
* Added reference to ECMP for tunnels.
* Clarifies the recommendations at the end of the document.
Working Group Draft 00
* Working Group Version -00 corrects some typos and removes much
of rationale for UDPTT. It also adds some discussion of IPv6
extension header.
Fairhurst & Westerlund Expires July 25, 2013 [Page 35]
Internet-Draft Applicability of IPv6 UDP Zero Checksum January 2013
Working Group Draft 01
* Working Group Version -01 updates the rules and incorporates
off-list feedback. This version is intended for wider review
within the 6man working group.
Working Group Draft 02
* This version is the result of a major rewrite and re-ordering
of the document.
* A new section comparing the results have been added.
* The constraints list has been significantly altered by removing
some and rewording other constraints.
* This contains other significant language updates to clarify the
intent of this draft.
Working Group Draft 03
* Editorial updates
Working Group Draft 04
* Resubmission only updating the AMT and RFC2765 references.
Working Group Draft 05
* Resubmission to correct editorial NiTs - thanks to Bill Atwood
for noting these.Group Draft 05.
Working Group Draft 06
* Resubmission to keep draft alive (spelling updated from 05).
Working Group Draft 07
* Interim Version
* Submission after IESG Feedback
* Updates to enable the document to become a PS Applicability
Statement
Fairhurst & Westerlund Expires July 25, 2013 [Page 36]
Internet-Draft Applicability of IPv6 UDP Zero Checksum January 2013
Working Group Draft 08
* First Version written as a PS Applicability Statement
* Changes to reflect decision to update RFC 2460, rather than
recommend decision
* Updates to requirements for middleboxes
* Inclusion of requirements for security, API, and tunnel
* Move of the rationale for the update to an Annex (former
section 4)
Working Group Draft 09
* Submission after second WGLC (note mistake corrected in -09).
* Clarified role of API for supporting full checksum.
* Clarified that full checksum is required in security
considerations, and therefore noting that full checksum should
not be treated as an attack - consistent with remainder of
document.
* Added mention that API can set a mode in transport stack - to
link to similar statement in RFC 2460 update.
* Fixed typos.
Working Group Draft 08
* Submission to correct unwanted removal of text from section 5
bullets 5-7 by GF.
* Replaced section 5 text with the text from 08, and reapplied
the editorial correction.
* Note to reviewers: Please compare this revision with -08 used
in the IETF LC).
Fairhurst & Westerlund Expires July 25, 2013 [Page 37]
Internet-Draft Applicability of IPv6 UDP Zero Checksum January 2013
Authors' Addresses
Godred Fairhurst
University of Aberdeen
School of Engineering
Aberdeen, AB24 3UE
Scotland, UK
Email: gorry@erg.abdn.ac.uk
URI: http://www.erg.abdn.ac.uk/users/gorry
Magnus Westerlund
Ericsson
Farogatan 6
Stockholm, SE-164 80
Sweden
Phone: +46 8 719 0000
Email: magnus.westerlund@ericsson.com
Fairhurst & Westerlund Expires July 25, 2013 [Page 38]