[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Wrap-up: TCP checksum calculation

To: shim6-wg <shim6@psg.com>
Subject: Wrap-up: TCP checksum calculation
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
Date: Sat, 10 Mar 2007 20:12:08 +0100
Cc: Thomas R Henderson <thomas.r.henderson@boeing.com>, Brian E Carpenter <brc@zurich.ibm.com>, Geoff Huston <gih@apnic.net>, Iljitsch van Beijnum <iljitsch@muada.com>

Hi,

this has been an interesting discussion

Let me see if i can propose a way forward.

The problem is that shim6 payload packets that carry locators differentthan ULIDs, will have the checksum calculated based on the ULIDs andnot on the actual addresses carried in the ipv6 header. This wouldimply that any device in the middle (from NIC to middle boxes(firewalls and TCP relays)) will fail the checksum verification (anddrop the packet). It is possible that TCP checksum verification is morecommon, since there is no IP checksum in IPv6.

Proposed approach:

First: Add a new section titled "Middle-boxes considerations" with thefollowing text.

It is recommended that firewalls and other middleboxes do not drop TCP,UDP and ICMP packets with apparently incorrect checksums based on thatfact alone unless they implement (monitoring of) the full shim6protocol and are able to determine the checksum that must be present ina packet with addresses rewritten by shim6."

Second: allow the possibility that shim6 nodes can use the locators forcalculating the TCP/UDP checksum, in case they detect that there is amiddle box that does not support the shim6 protocol and drops thepackets that contain the checksum calculated using the ULIDs (which arenot used a addresses in the IPv6 header). In order to do that, we needto use a bit in the shim6 payload header to signal whether the ULIDs orthe locators are used for the pseudoheader. The bad news is that thereare no more spare bits in the shim6 payload header. I think this wasnot the best choice, since we haven't finished the spec and we alreadyare out of bits.My suggestion is that we reduce the context tag to 40 bits and the wereserve 8 bits for flags and other information. In the current spec wewould define two bits. The P flag that is already defined and the Lflag, which would be set if the Locators are used to calculate thetcp/UDP checksum.

Third: Define a mechanism for detecting the presence of these middleboxes. I think that this could be achieved by adding a TCP or UDPheader in the I1/R1 exchange, but making sure that the tcp/udpchecksum is calculated with other than the addresses contained in theipv6 header. One simple option would be to use TCP header and leave thechecksum filed to 0. If packets are dropped, then the peer should retryusing a checksum calculated based on the addresses carried in the ipv6header. If this works, then it should use the locators for thepeusoheader and set the L bit in the shim6 payload header.

Makes sense?

Regards, marcelo

Follow-Ups:
- Re: Wrap-up: TCP checksum calculation
  - From: Erik Nordmark <erik.nordmark@sun.com>
- RE: Wrap-up: TCP checksum calculation
  - From: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
- RE: Wrap-up: TCP checksum calculation
  - From: "Alvaro Vives" <alvaro.vives@consulintel.es>

Prev by Date: Re: Changes in version 8 resulting from comments in: Re: Retransmission of I2 messages
Next by Date: Changes in version 8 w.r.t. Shim6 messages length
Previous by thread: cost of provider independence in p-shim6
Next by thread: RE: Wrap-up: TCP checksum calculation
Index(es):
- Date
- Thread