Internet DRAFT - draft-herbert-guecsum
draft-herbert-guecsum
INTERNET-DRAFT T. Herbert
Intended Status: Proposed Standard Facebook
Expires: April 2016
October 19, 2015
Checksum option for Generic UDP Encapsulation
draft-herbert-guecsum-01
Abstract
This specification defines the Generic UDP Encapsulation (GUE)
checksum and an associated header option. This checksum covers the
GUE header, IP addresses, UDP ports, and optionally all or part of
the encapsulated payload. It provides verification of protocol header
elements, and is particularly relevant in the case where the UDP
checksum is set to zero.
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Copyright and License Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
T. Herbert Expires April 21, 2016 [Page 1]
�
INTERNET DRAFT draft-herbert-guecsum-01 October 19, 2015
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2 Option format . . . . . . . . . . . . . . . . . . . . . . . . . 3
3 Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 4
3.2. GUE pseudo header . . . . . . . . . . . . . . . . . . . . . 5
3.3. Checksum computation . . . . . . . . . . . . . . . . . . . 6
3.4. Transmitter operation . . . . . . . . . . . . . . . . . . . 6
3.5. Receiver operation . . . . . . . . . . . . . . . . . . . . 7
4 Security Considerations . . . . . . . . . . . . . . . . . . . . 7
5 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7
6 References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
6.1 Normative References . . . . . . . . . . . . . . . . . . . 7
6.2 Informative References . . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 8
T. Herbert Expires April 21, 2016 [Page 2]
�
INTERNET DRAFT draft-herbert-guecsum-01 October 19, 2015
1 Introduction
The UDP checksum provides a method to detected corrupted packets
[RFC0768]. The covered checksum includes a pseudo header consisting
of IP addresses, payload length, and protocol number (17 for UDP).
The pseudo header checksum protects against misdelivery due to
corrupted IP addresses, as well as some other issues occurring when
the IP header is corrupted. The IPv4 header contains its own header
checksum, however IPv6 does not. In the latter case there is
motivation when using UDP to enable the UDP checksum to protect
against misdelivery due to address corruption.
For UDP tunnels, there may be performance disadvantages in enabling
the UDP checksum. This may, for instance, be an issue in switch
hardware which might only have access to a limited portion of the
packet for inspection. Therefore, there is motivation to use zero
checksums with UDP tunneling. The requirements and applicability of
using zero UDP checksums with IPv6 are in RFC 6935 [RFC6935] and RFC
6936 [RFC6936].
In this document we define the Generic UDP Encapsulation [GUE]
checksum. This provides a checksum that covers the GUE header and a
GUE pseudo header. The GUE pseudo header includes the corresponding
IP addresses as well as the UDP ports of the encapsulating headers.
This checksum should provide adequate protection against address
corruption in IPv6 when the UDP checksum is zero. Additionally, the
GUE checksum provides protection of the GUE header when the UDP
checksum is set to zero with either IPv4 or IPv6. In particular, the
GUE checksum can provide protection for some sensitive data, such as
the virtual network identifier [GUENVO3], which when corrupted could
lead to misdelivery of the packet.
The GUE header checksum may optionally cover all or part of the
encapsulated payload. This is similar to the model of UDP-Lite
[RFC3828] where an additional field indicates the portion of the
payload that is covered in the checksum.
2 Option format
The GUE header checksum is sent in an optional field in the GUE
header. The format of the GUE checksum option field is:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum | Payload coverage |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
T. Herbert Expires April 21, 2016 [Page 3]
�
INTERNET DRAFT draft-herbert-guecsum-01 October 19, 2015
o Checksum: GUE checksum. This checksum covers the GUE header, the
GUE pseudo header, and optionally all or part of the payload
(encapsulated packet).
o Payload coverage: Number of bytes of payload to cover in the
checksum. Zero indicates that the checksum only covers the GUE
header and GUE pseudo header. If the value is greater than the
encapsulated payload length, the packet must be dropped. The
payload length is UDP_length - 12 - (Hlen * 4).
The format of the checksum option within the GUE header is:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source port | Destination port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0x0|C| Hlen | Proto/ctype |V|SEC|K| Flags |P|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ VNI and Security fields (optional) ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum | Payload coverage |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Private flags(optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Private fields (optional) ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
o K bit - Indicates presence of the checksum and payload coverage
fields.
3 Operation
3.1. Requirements
The GUE header checksum must be set on transmit when using a zero UDP
checksum with IPv6.
The GUE header checksum must be set when the UDP checksum is zero for
IPv4 if the GUE header includes data that when corrupted can lead to
misdelivery or other serious consequences, and there is no other
T. Herbert Expires April 21, 2016 [Page 4]
�
INTERNET DRAFT draft-herbert-guecsum-01 October 19, 2015
mechanism that provides protection (no security field for instance).
Otherwise the GUE header checksum should be used with IPv4 when the
UDP checksum is zero.
The GUE header checksum should not be set when the UDP checksum is
non-zero. In this case the UDP checksum provides adequate protection
and this avoids convolutions when a packet traverses NAT that does
address translation (in that case the UDP checksum is required).
3.2. GUE pseudo header
The GUE pseudo header checksum is included in the GUE checksum to
provide protection for the IP and UDP header elements which when
corrupted could lead to misdelivery of the GUE packet. The GUE pseudo
header checksum is similar to the standard IP pseudo header defined
in [RFC0768] and [RFC0793] for IPv4, and in [RFC2460] for IPv6.
The GUE pseudo header for IPv4 is:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Destination Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source port | Destination port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The GUE pseudo header for IPv6 is:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Source Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Destination Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source port | Destination port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
T. Herbert Expires April 21, 2016 [Page 5]
�
INTERNET DRAFT draft-herbert-guecsum-01 October 19, 2015
Note that the GUE pseudo header does not include payload length or
protocol as in the standard IP pseudo headers. The length field is
deemed unnecessary because:
o If the length is corrupted this will usually be detected by a
checksum validation failure on the inner packet.
o Fragmentation of packets in a tunnel should occur on the inner
packet before being encapsulated. GUE packets are not expected
to be fragmented when using IPv6. See RFC6936 for considerations
of payload length and IPv6 checksum.
o A corrupted length field in itself should not lead to
misdelivery of a packet.
o Without the length field, the GUE pseudo header checksum is the
same for all packets of flow. This is a useful property for
optimizations such as TCP Segment Offload (TSO).
3.3. Checksum computation
The GUE checksum is computed and verified following the standard
process for computing the Internet checksum [RFC1071]. Checksum
computation may be optimized per the mathematical properties
including parallel computation and incremental updates.
3.4. Transmitter operation
The procedure for setting the GUE checksum on transmit is:
1) Create the GUE header including the checksum and payload
coverage fields. The checksum field is initially set to zero.
2) Calculate the 1's complement checksum of the GUE header from
the start (GUE version) through the its length as indicated in
GUE Hlen.
3) Calculate the checksum of the GUE pseudo header for IPv4 or
IPv6.
4) Calculate checksum of payload portion if payload coverage is
enabled (payload coverage field is non-zero). If the length of
the payload coverage is odd, logically append a single zero
byte for the purposes of checksum calculation.
5) Add and fold the computed checksums for the GUE header, GUE
pseudo header and payload coverage. Set the result in the GUE
checksum field.
T. Herbert Expires April 21, 2016 [Page 6]
�
INTERNET DRAFT draft-herbert-guecsum-01 October 19, 2015
3.5. Receiver operation
If the GUE checksum is option is present, the receiver must validate
the checksum before processing any other fields or accepting the
packet.
The procedure for verifying the checksum is:
1) If the payload coverage length is greater than the length of
the encapsulated payload then drop the packet. The length of
the encapsulated payload is: UDP_length - 12 - (Hlen * 4).
2) Calculate the checksum of the GUE header from the start of the
header to the end as indicated by Hlen.
3) Calculate the checksum of the appropriate GUE pseudo header.
4) Calculate the checksum of payload if payload coverage is
enabled (payload coverage is non-zero). If the length of the
payload coverage is odd logically append a single zero byte for
the purposes of checksum calculation.
5) Sum the computed checksums for the GUE header, GUE pseudo
header, and payload coverage. If the result is all 1 bits (-0
in 1's complement arithmetic), the checksum is valid and the
packet is accepted; otherwise the checksum is considered
invalid and the packet must be dropped.
4 Security Considerations
The checksum option is only a mechanism for corruption
detection, it is not a security mechanism. To provide integrity
checks or authentication of the GUE header, the GUE security
option should be used [GUESEC].
5 IANA Considerations
There are no IANA considerations in this specification. One of
the GUE reserved flag bits is allocated to indicate presence of
the checksum field.
6 References
6.1 Normative References
[GUE] Generic UDP Encapsulation draft-ietf-nvo3-gue-01
T. Herbert Expires April 21, 2016 [Page 7]
�
INTERNET DRAFT draft-herbert-guecsum-01 October 19, 2015
[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, September
1981.
[RFC1122] Braden, R., Ed., "Requirements for Internet Hosts -
Communication Layers", STD 3, RFC 1122, October 1989.
[RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
August 1980.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998.
[RFC1071] Braden, R., Borman, D., and C. Partridge, "Computing the
Internet checksum", RFC 1071, September 1988.
6.2 Informative References
[RFC6935] Eubanks, M. Chimento, P., and M. Westerlund, "IPv6 and UDP
Checksums for Tunneled Packets", RFC 6935, April 2013.
[RFC6936] Fairhurst, G. and M. Westerlund, "Applicability Statement
for the Use of IPv6 UDP Datagrams with Zero Checksums", RFC
6936, April 2013.
[RFC3828] Larzon, L-A., Degermark, M., Pink, S., Jonsson, L-E., Ed.,
and G. Fairhurst, Ed., "The Lightweight User Datagram
Protocol (UDP-Lite)", RFC 3828, July 2004.
[RFC0793] Postel, J., "Transmission Control Protocol", STD 7, RFC
793, September 1981.
[GUENVO3] Generic UDP Encapsulation (GUE) for Network Virtualization
Overlay draft-hy-nvo3-gue-4-nvo-00
[GUESEC] Generic UDP Encapsulation (GUE) for Secure Transport draft-
hy-gue-4-secure-transport-00
Author's Address
Tom Herbert
Facebook
Menlo Park, CA
USA
Email: tom@herbertland.com
T. Herbert Expires April 21, 2016 [Page 8]
�
INTERNET DRAFT draft-herbert-guecsum-01 October 19, 2015
T. Herbert Expires April 21, 2016 [Page 9]
