Hi Ron, Good Try. See inline below.
From: Ronald Bonica [mailto:[email protected]] Sent: Thursday, April 02, 2015 2:39 PM To: Lucy yong; Black, David; [email protected]; [email protected]; Stewart Bryant (stbryant) Cc: [email protected]; [email protected] Subject: RE: Start of WGLC for draft-ietf-intarea-gre-ipv6 Lucy, Tom, Steward, I agree with what you are saying and have tried to craft some text that addresses all of your comments. Please tell me if the following text does the trick. Ron OLD> As stated in [RFC2784], the Checksum field contains the IP (one's complement) checksum sum of the all the 16 bit words in the GRE header and the payload packet. Therefore, the checksum does not ensure the integrity of the IPv6 delivery header. Because the IPv6 delivery header does not include a checksum of its own, it is subject to corruption. However, even if the delivery header is corrupted, to likelihood of that corruption resulting in misdelivery of the payload is extremely low. <OLD NEW> As stated in [RFC2784], the GRE header can contain a checksum. If present, the GRE header checksum can be used to detect corruption of the GRE header and GRE payload. The GRE header checksum cannot be used to detect corruption of the IPv6 delivery header. Furthermore, the IPv6 delivery header does not contain a checksum or its own. Therefore, no checksum can be used to detect corruption of the IPv6 delivery header. [Lucy] nit: “on its own” In one failure scenario, the destination address in the IPv6 delivery header is corrupted. As a result, the IPv6 delivery packet is delivered to a node other than the intended GRE egress node. Depending upon the state and configuration of that node, it will either: a) Drop the packet b) De-encapsulate the payload and forward it to its intended destination c) De-encapsulate the payload and forward it to a node other than its intended destination. For example, the payload might be intended for a node on one VPN, but delivered to an identically numbered node in another VPN. Behaviors a) and b) are acceptable. Behavior c) is not acceptable. Before deploying GRE over IPv6, network operators should consider the likelihood of behavior c) in their network. Network operators should deploy GRE over IPv6 if they can tolerate the risk associated with behavior c). [Lucy] “can deploy” is better than “should deploy” I am fine with the text for the corruption case. Do we need to address misdelivery as well. Thanks, Lucy <NEW Ron
_______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
