The question is 'checksum at IP layer - is it even needed'
I say 'yes' as a useful header check that packets are senttowards the
correct destination at each hop; if the headersdon't pass scrutiny, don't
bother. IPv4's headerchecksum covering mutable fields (TTL and QoS)
maderecomputing at each hop painful and led to bizarre fixup checkbehaviour
(discussed in detail on the tsvwg list); ifthat header checksum only covered
non-mutable fields(and also overlapped pseudo header fields?) itwould have been
imo (and that's likely a minority imo)better. Any cost to NATs which treat
non-mutable fieldsas mutable is imo just a bonus to discourage NAT, really.
IPv6 leaving header checksums out in favour of assumingthat protocols would do
the right thing with endpointpseudoheader checks has not worked well - see
RFC6935and RFC6936 for hints of some of the consequences ofthat, or consider
where UDP-Lite becomes useful andnecessary. But it makes NAT of IPv6 easier, so
that'sthinking ahead!
In general, checksums and error detection are not wellunderstood in the IETF.
For example, DTNRG tried to design a protocolfor the most difficult errored
conditions imaginable -and left out any error detection from it at all. (Seethe
half-assed, half-baked RFC5050). Eight years afterthat problem was identified,
'find someone who understandschecksums to make a recommendation' is now a line
item inthe RFC5050bis todo list in DTNWG meetings.
Choosing checksums to suit coverage lengths is nontrivial,because, you know,
math. Math is hard, and the IETF is morearts and crafts of protocol
specification, really.It's all basketweaving and handcrafted pottery and
consensushums voicing approval of performance art. I mean,powerpoint slides.
L.
indaba hakuna matata ulwimi ululodwa alonelanga
Lloyd Wood lloyd(_dot_)wood(_at_)yahoo(_dot_)co(_dot_)uk
http://about.me/lloydwood ;
From: Alexey Eromenko <al4321(_at_)gmail(_dot_)com>
To: lloyd(_dot_)wood(_at_)yahoo(_dot_)co(_dot_)uk
Cc: ietf <ietf(_at_)ietf(_dot_)org>; stbryant(_at_)cisco(_dot_)com; Christopher
Morrow <morrowc(_dot_)lists(_at_)gmail(_dot_)com>; Jared Mauch
<jared(_at_)puck(_dot_)nether(_dot_)net>
Sent: Wednesday, 16 December 2015, 0:54
Subject: Re: Checksum at IP layer - is it even needed ?
Look, if IPv6 had a 32-bit checksum, it would increase their header by yet
another 4 bytes. To a monster of 44 bytes.This is a tradeoff - add those 4
bytes or let upper layer cover that one for you...
And assume what-if IPFF has those 4 bytes covered. Should it also cover "Hops"
aka TTL, or not? Should it also cover data or not ?And this will not prevent
device mangling (moving to NAT devices this time), instead of Ethernet switches.
On Dec 15, 2015 3:26 PM, <lloyd(_dot_)wood(_at_)yahoo(_dot_)co(_dot_)uk> wrote:
Stewart,
we've recently had much discussion of this in tsvwg. (AndFletcher isn't that
good...)
My working theory with hindsight is that, in many ways,IPv6 embodies the worst
of all possible choices.
Lloyd Wood lloyd(_dot_)wood(_at_)yahoo(_dot_)co(_dot_)uk
http://about.me/lloydwood ;
From: Stewart Bryant <stbryant(_at_)cisco(_dot_)com>
To: lloyd(_dot_)wood(_at_)yahoo(_dot_)co(_dot_)uk; Christopher Morrow
<morrowc(_dot_)lists(_at_)gmail(_dot_)com>; Alexey Eromenko
<al4321(_at_)gmail(_dot_)com>
Cc: ietf <ietf(_at_)ietf(_dot_)org>; Jared Mauch
<jared(_at_)puck(_dot_)nether(_dot_)net>
Sent: Tuesday, 15 December 2015, 21:55
Subject: Re: Checksum at IP layer - is it even needed ?
Lloyd
If that is a significant risk, then why did IPv6 not move
to a better protection when it was changing the other things
in the nw/xport interface? After all there were much
better c/s - such as Fletcher - that were well known
at the time?
Stewart
On 15/12/2015 00:32, lloyd(_dot_)wood(_at_)yahoo(_dot_)co(_dot_)uk wrote:
If the content is not understood by anyone except the intended endpoint
the occasional misdelivery is surely of no consequence.
There's still a risk of port pollution (IPv4) or destination pollution (IPv6)
from misdeliveries without checksums.
not understood != not handled and pushed up the stack.
Lloyd Wood lloyd(_dot_)wood(_at_)yahoo(_dot_)co(_dot_)uk
http://about.me/lloydwood ;
From: Stewart Bryant <stbryant(_at_)cisco(_dot_)com>
To: Christopher Morrow <morrowc(_dot_)lists(_at_)gmail(_dot_)com>; Alexey
Eromenko <al4321(_at_)gmail(_dot_)com>
Cc: ietf <ietf(_at_)ietf(_dot_)org>; Jared Mauch
<jared(_at_)puck(_dot_)nether(_dot_)net>
Sent: Tuesday, 15 December 2015, 10:04
Subject: Re: Checksum at IP layer - is it even needed ?
On 14/12/2015 21:55, Christopher Morrow wrote:
I suppose: "Why are we trying to solve this in tcp/udp? why not solve
this at the application layer with TLS?" .
Yes, I was wondering about this.
If the content is not understood by anyone except the intended endpoint
the occasional misdelivery is surely of no consequence.
Stewart
--
For corporate legal information go to:
http://www.cisco.com/web/about/doing_business/legal/cri/index.html