ietf
[Top] [All Lists]

Re: Checksum at IP layer - is it even needed ?

2015-12-15 20:07:45
The question is 'checksum at IP layer - is it even needed'

I say 'yes' as a useful header check that packets are senttowards the 
correct destination at each hop; if the headersdon't pass scrutiny, don't 
bother. IPv4's headerchecksum covering mutable fields (TTL and QoS) 
maderecomputing at each hop painful and led to bizarre fixup checkbehaviour 
(discussed in detail on the tsvwg list); ifthat header checksum only covered 
non-mutable fields(and also overlapped pseudo header fields?) itwould have been 
imo (and that's likely a minority imo)better. Any cost to NATs which treat 
non-mutable fieldsas mutable is imo just a bonus to discourage NAT, really.

IPv6 leaving header checksums out in favour of assumingthat protocols would do 
the right thing with endpointpseudoheader checks has not worked well - see 
RFC6935and RFC6936 for hints of some of the consequences ofthat, or consider 
where UDP-Lite becomes useful andnecessary. But it makes NAT of IPv6 easier, so 
that'sthinking ahead!

In general, checksums and error detection are not wellunderstood in the IETF.

For example, DTNRG tried to design a protocolfor the most difficult errored 
conditions imaginable -and left out any error detection from it at all. (Seethe 
half-assed, half-baked RFC5050). Eight years afterthat problem was identified, 
'find someone who understandschecksums to make a recommendation' is now a line 
item inthe RFC5050bis todo list in DTNWG meetings.

Choosing checksums to suit coverage lengths is nontrivial,because, you know, 
math. Math is hard, and the IETF is morearts and crafts of protocol 
specification, really.It's all basketweaving and handcrafted pottery and 
consensushums voicing approval of performance art. I mean,powerpoint slides.

L.

indaba hakuna matata ulwimi ululodwa alonelanga
 Lloyd Wood lloyd(_dot_)wood(_at_)yahoo(_dot_)co(_dot_)uk 
http://about.me/lloydwood ;
      From: Alexey Eromenko <al4321(_at_)gmail(_dot_)com>
 To: lloyd(_dot_)wood(_at_)yahoo(_dot_)co(_dot_)uk 
Cc: ietf <ietf(_at_)ietf(_dot_)org>; stbryant(_at_)cisco(_dot_)com; Christopher 
Morrow <morrowc(_dot_)lists(_at_)gmail(_dot_)com>; Jared Mauch 
<jared(_at_)puck(_dot_)nether(_dot_)net>
 Sent: Wednesday, 16 December 2015, 0:54
 Subject: Re: Checksum at IP layer - is it even needed ?
   
Look, if IPv6 had a 32-bit checksum,  it would increase their header by yet 
another 4 bytes.  To a monster of 44 bytes.This is a tradeoff - add those 4 
bytes or let upper layer cover that one for you...
And assume what-if IPFF has those 4 bytes covered. Should it also cover "Hops" 
aka TTL, or not? Should it also cover data or not ?And this will not prevent 
device mangling (moving to NAT devices this time), instead of Ethernet switches.

On Dec 15, 2015 3:26 PM, <lloyd(_dot_)wood(_at_)yahoo(_dot_)co(_dot_)uk> wrote:

Stewart,

we've recently had much discussion of this in tsvwg. (AndFletcher isn't that 
good...)

My working theory with hindsight is that, in many ways,IPv6 embodies the worst 
of all possible choices.
 Lloyd Wood lloyd(_dot_)wood(_at_)yahoo(_dot_)co(_dot_)uk 
http://about.me/lloydwood ;
      From: Stewart Bryant <stbryant(_at_)cisco(_dot_)com>
 To: lloyd(_dot_)wood(_at_)yahoo(_dot_)co(_dot_)uk; Christopher Morrow 
<morrowc(_dot_)lists(_at_)gmail(_dot_)com>; Alexey Eromenko 
<al4321(_at_)gmail(_dot_)com> 
Cc: ietf <ietf(_at_)ietf(_dot_)org>; Jared Mauch 
<jared(_at_)puck(_dot_)nether(_dot_)net>
 Sent: Tuesday, 15 December 2015, 21:55
 Subject: Re: Checksum at IP layer - is it even needed ?
  
 Lloyd
 
 If that is a significant risk, then why did IPv6 not move
 to a better protection when it was changing the other things
 in the nw/xport interface? After all there were much
 better c/s - such as Fletcher - that were well known
 at the time?
 
 Stewart
 
 
 On 15/12/2015 00:32, lloyd(_dot_)wood(_at_)yahoo(_dot_)co(_dot_)uk wrote:
  
 


If the content is not understood by anyone except the intended endpoint 
the occasional misdelivery is surely of no consequence. 
  There's still a risk of port pollution (IPv4) or destination pollution (IPv6) 
from misdeliveries without checksums. 
  not understood != not handled and pushed up the stack.  
    Lloyd Wood lloyd(_dot_)wood(_at_)yahoo(_dot_)co(_dot_)uk 
http://about.me/lloydwood ; 
      From: Stewart Bryant <stbryant(_at_)cisco(_dot_)com>
 To: Christopher Morrow <morrowc(_dot_)lists(_at_)gmail(_dot_)com>; Alexey 
Eromenko <al4321(_at_)gmail(_dot_)com> 
 Cc: ietf <ietf(_at_)ietf(_dot_)org>; Jared Mauch 
<jared(_at_)puck(_dot_)nether(_dot_)net>
 Sent: Tuesday, 15 December 2015, 10:04
 Subject: Re: Checksum at IP layer - is it even needed ?
  
 On 14/12/2015 21:55, Christopher Morrow wrote: 
 
  
I suppose: "Why are we trying to solve this in tcp/udp? why not solve 
this at the application layer with TLS?" .  
 Yes, I was wondering about this.
 
 If the content is not understood by anyone except the intended endpoint 
 the occasional misdelivery is surely of no consequence.
 
 Stewart 
 
  
 
     
 
 -- 
For corporate legal information go to:

http://www.cisco.com/web/about/doing_business/legal/cri/index.html