Dear authors, In I-D.dec-stateless-4v6-02 there is a table on page 11, which says that IPv4 Header Checksum needs to be recalculated in stateless translation IPv4 address sharing solutions. Does this mean that _only_ the IPv4 header checksum should be recalculated?
This is how I see it: Practically, the answer could maybe be yes. In each traversal of a packet through double stateless translation, there could be just one IPv4 header recalculation, always in the second translation process, where the IPv4 header is put back on. However, RFC 6145 says: The original IPv4 header on the packet is removed and replaced by an IPv6 header, and the transport checksum is updated as needed, if that transport is supported by the translator. This means, since the I-D.dec-stateless-4v6-02 (and the same goes for I-D.xli-behave-divi-03, of course) refers to RFC 6145, that transport-layer checksum recalculation should also be performed. Which causes a significant performance impact (we need to include whole packets including packets to do checksum recalculation). So in this case, we would have 1 IPv4 checksum recalculation and 2 TCP/UDP checksum recalculations for every packet traversal through the mechanism. But since we know, that these packets will be translated two times in a row, we could just avoid the TCP/UDP recalculation, I guess? Would this work? I guess that devices in between the CPE and AFTR then shouldn't do any transport-layer processing, since this would probably be fatal for such "invalid" packets. So having any IDS/IPS/stateful firewall devices in the access network would cause issues? However, if this is not possible, then I think that I-D.dec-stateless-4v6-02 should also state that UDP/TCP Header Checksum recalculation has to be performed. Thanks, Nejc _______________________________________________ Softwires mailing list [email protected] https://www.ietf.org/mailman/listinfo/softwires
