Hi,
Unlike IPv4, when UDP packets are originated by
an IPv6 node, the UDP checksum is not optional.
But, why is it mandatory in IPv6 ? Any ideas ?

Thx in advans,
Karthik Balaguru

On Nov 20, 2:57=A0pm, karthikbalaguru <karthikbalagur...@gmail.com>
wrote:
> Hi,
> Unlike IPv4, when UDP packets are originated by
> an IPv6 node, the UDP checksum is not optional.
> But, why is it mandatory in IPv6 ? Any ideas ?

This was the topic of some lengthy debate in the 6man wg of the IETF.

The original reason was that unlike IPv4, IPv6 does not include a
packet checksum in the IP header. So that if the UDP checksum were not
made mandatory, there would be nothing protecting that UDP/IP packet
at all.

The debate was caused, at least in part, because when UDP is used to
encapsulate IP packets in a tunnel, for example IPv4 packets
encapsulated within UDP/IPv6, some think it's not necessary to have to
calculate the UDP checksum for the tunnel. It's more work, and
ultimately the encapsulated packet will get checked anyway.

The counter argument being, yes, but then you might get some packets
flowing through the tunnels by mistake, because there's nothing to
check that the IP addresses are correct.

Bert

Albert Manfredi <bert22306@hotmail.com> wrote:
> On Nov 20, 2:57?pm, karthikbalaguru <karthikbalagur...@gmail.com>
> wrote:
> > Hi,
> > Unlike IPv4, when UDP packets are originated by
> > an IPv6 node, the UDP checksum is not optional.
> > But, why is it mandatory in IPv6 ? Any ideas ?

> This was the topic of some lengthy debate in the 6man wg of the IETF.

> The original reason was that unlike IPv4, IPv6 does not include a
> packet checksum in the IP header. So that if the UDP checksum were
> not made mandatory, there would be nothing protecting that UDP/IP
> packet at all.

That might be more accurately put as IPv6 does not include an IP
*header* checksum - someone reading "packet checksum" might mistakenly
conclude the IPv4 header checksum includes the data of the IP
datagram.  The checksum in IPv4 only covers the IPv4 header, to verify
that there were no bit errors in the header.

With a mandatory UDP checksum (I'm sure the streaming types like
that...) when going over IPv6 you can still get misdirected IPv6
datagrams, but ostensibly some of them will be tossed at the
destination when they get to UDP and the UDP checksum fails thanks to
the inclusion of the "pseudo header" (IIRC).

IMO it is a perfect example of the sway the "router guys" had in
defining IPv6 - now they have no IP header checksum to check or
otherwise worry about.

rick jones
-- 
oxymoron n, Hummer H2 with California Save Our Coasts and Oceans plates
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

Rick Jones <rick.jones2@hp.com> wrote:
(snip on IPv4 vs IPv6 and UDP checksum)
 
> That might be more accurately put as IPv6 does not include an IP
> *header* checksum - someone reading "packet checksum" might mistakenly
> conclude the IPv4 header checksum includes the data of the IP
> datagram.  The checksum in IPv4 only covers the IPv4 header, to verify
> that there were no bit errors in the header.

I remember the discussions some years ago on Sun running
NFS with UDP checksum turned off.  The suggestion was that ethernet
checksum would apply, and verify that the data was correct.  NFS was,
and probably still is, mostly used on LANs, and rarely WANs.
Most often with no router in between, maybe at most one, and
ethernet all the way.  At that time (68020 Sun3) the time to calculate
and verify the checksum might have been significant, but should be
much less significant today.
 
> With a mandatory UDP checksum (I'm sure the streaming types like
> that...) when going over IPv6 you can still get misdirected IPv6
> datagrams, but ostensibly some of them will be tossed at the
> destination when they get to UDP and the UDP checksum fails thanks to
> the inclusion of the "pseudo header" (IIRC).
 
> IMO it is a perfect example of the sway the "router guys" had in
> defining IPv6 - now they have no IP header checksum to check or
> otherwise worry about.

-- glen

glen herrmannsfeldt <gah@ugcs.caltech.edu> wrote:
> Rick Jones <rick.jones2@hp.com> wrote:
> (snip on IPv4 vs IPv6 and UDP checksum)
>  
> > That might be more accurately put as IPv6 does not include an IP
> > *header* checksum - someone reading "packet checksum" might mistakenly
> > conclude the IPv4 header checksum includes the data of the IP
> > datagram.  The checksum in IPv4 only covers the IPv4 header, to verify
> > that there were no bit errors in the header.

> I remember the discussions some years ago on Sun running NFS with
> UDP checksum turned off.  The suggestion was that ethernet checksum
> would apply, and verify that the data was correct.  NFS was, and
> probably still is, mostly used on LANs, and rarely WANs.  Most often
> with no router in between, maybe at most one, and ethernet all the
> way.  At that time (68020 Sun3) the time to calculate and verify the
> checksum might have been significant, but should be much less
> significant today.

It was a very interesting juxtaposition - the NFS writes have to be to
"stable storage" before the replies were sent, but it was OK to eschew
the UDP checksum... :)

Back then there were vendors offering "NFS offload" cards - of course
the then-commodity/embedded CPUs on the NFS cards didn't keep-up with
the pace at which host CPUs were advancing and so the NFS offload
cards died-out.  I wonder if we will see the same thing with TOE (TCP
Offload Engine) cards :)

rick jones
-- 
Process shall set you free from the need for rational thought. 
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

On Nov 20, 7:26=A0pm, Rick Jones <rick.jon...@hp.com> wrote:
> Albert Manfredi <bert22...@hotmail.com> wrote:
> > On Nov 20, 2:57?pm, karthikbalaguru <karthikbalagur...@gmail.com>
> > wrote:
> > > Hi,
> > > Unlike IPv4, when UDP packets are originated by
> > > an IPv6 node, the UDP checksum is not optional.
> > > But, why is it mandatory in IPv6 ? Any ideas ?
> > This was the topic of some lengthy debate in the 6man wg of the IETF.
> > The original reason was that unlike IPv4, IPv6 does not include a
> > packet checksum in the IP header. So that if the UDP checksum were
> > not made mandatory, there would be nothing protecting that UDP/IP
> > packet at all.
>
> That might be more accurately put as IPv6 does not include an IP
> *header* checksum - someone reading "packet checksum" might mistakenly
> conclude the IPv4 header checksum includes the data of the IP
> datagram. =A0The checksum in IPv4 only covers the IPv4 header, to verify
> that there were no bit errors in the header.

Sorry, you're right, HEADER checksum. There's none in IPv6.

> With a mandatory UDP checksum (I'm sure the streaming types like
> that...) when going over IPv6 you can still get misdirected IPv6
> datagrams, but ostensibly some of them will be tossed at the
> destination when they get to UDP and the UDP checksum fails thanks to
> the inclusion of the "pseudo header" (IIRC).

Yes, and tunnel ingress and egress routers would have to do a full
packet checksum to protect against and check for misrouted packets, as
opposed to just a header checksum, because that's where the addresses
are protected. In the pseudo-header used in UDP checksums, as you
said.

Bert

glen herrmannsfeldt  <gah@ugcs.caltech.edu> wrote:
+---------------
| Rick Jones <rick.jones2@hp.com> wrote:
| (snip on IPv4 vs IPv6 and UDP checksum)
| > That might be more accurately put as IPv6 does not include an IP
| > *header* checksum - someone reading "packet checksum" might mistakenly
| > conclude the IPv4 header checksum includes the data of the IP
| > datagram.  The checksum in IPv4 only covers the IPv4 header, to verify
| > that there were no bit errors in the header.
| 
| I remember the discussions some years ago on Sun running
| NFS with UDP checksum turned off.  The suggestion was that ethernet
| checksum would apply, and verify that the data was correct.  NFS was,
| and probably still is, mostly used on LANs, and rarely WANs.
| Most often with no router in between, maybe at most one, and
| ethernet all the way. ...
+---------------

And then Jonathan Stone published his research on the relatively
huge numbers of incorrect checksums found in LANs with only Ethernet
checksum protection, see:

    http://www-dsg.stanford.edu/JonathanStone.html
    ...
    Research Interests:
    My PhD thesis research is on checksums in the Internet: how
    often errors survive link-level checks like CRCs, and are caught
    (or, worse, fail to be caught) by network- or transport-level
    checksums. My data shows that the TCP checksum is catching to
    errors in 1 in 4,000 packets, leading to an expected rate of
    undetected errors of up to 1 in 10 million.
    ...
    Selected Publications
    * ``When the Checksum and the data disagree'',
      Jonathan Stone and Craig Partridge,
      Proc. ACM SIGCOMM 2000, Stockholm, Sweden, August 2000. 
    ...

Also see:

    http://portal.acm.org/citation.cfm?id=294364
    Performance of checksums and CRC's over real data
    IEEE/ACM Transactions on Networking (TON)
    Volume 6, Issue 5 (October 1998)
    Jonathan Stone   	 Stanford Univ., Stanford, CA
    Michael Greenwald 	 Stanford Univ., Stanford, CA
    Craig Partridge 	 BBN Technologies, Cambridge, MA
    James Hughes 	 Storage Technology Corp., Brooklyn Park

People who cared about their data started turning NFS/UDP checksums on...


-Rob

-----
Rob Warnock			<rpw3@rpw3.org>
627 26th Avenue			<URL:http://rpw3.org/>
San Mateo, CA 94403		(650)572-2607