[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: State of play with Shim6 documents



-----Original Message-----
From: Brian E Carpenter [mailto:brc@zurich.ibm.com] Sent: Saturday, January 27, 2007 12:32 PM
To: Henderson, Thomas R
Cc: Geoff Huston; shim6-wg; kurtis@kurtis.pp.se
Subject: Re: State of play with Shim6 documents

On 2007-01-24 19:06, Henderson, Thomas R wrote:
-----Original Message-----
...
     * TCP Checksum Failure

Its not clear what the WG want to do on this.
Suggestions?
I would vote to align the checksum with the locators, under the
assumption that defining an alternate probing mechanism to discover
these problems is more cumbersome. If you care strongly
enough about
using the transport checksum to detect incorrect address
rewriting in
certain error scenarios, that may argue for putting better error
detection in the shim proper, but I'm not sure it is a high enough
probability event.
I have the opposite view. I think we should keep rock solid
on the notion that shim6 preserves the end to end model as far
as upper layers are concerned. Fixing the TCP checksum twice,
on the way in and out of the shim, would be an ugly hack on
that model, and also the first step towards inserting all
sorts of ALG functionality in the shim to compensate for
misbehaving middleboxes.

Before taking any other decision, I'd want to see firm
observational evidence that there is a real problem. TCP
checksums are no business of middleboxes, except for the
TCP relay case which would probably need to be shim6-aware.


I agree that it would be best to make decision based on operational
experience, but I am suspicious about the future for IPv6 because there
is no IP checksum, so it might encourage routers or middleboxes to
provide transport checksum validation as a feature.

But perhaps it would be prudent to devise an extension only if
shim6-awareness doesn't materialize in practice, and keep it cleaner for
now.

I like that approach. I hope we have some spare bits that would allow
us to signal that TCP checksum recomputation is in use.

    Brian