On 10/8/10 1:54 AM, L.Wood@xxxxxxxxxxxx wrote:
Andrew,
a few points:
- turning off the UDP checksum (which also acts as a necessary demultiplexing at-the-right-endpoint check) has repeatedly proven to be a very bad idea. Subtle NFS corruption etc. See the end-to-end papers. Saying 'well, the higher layers will obviously check their work in this case' hasn't worked out so well in practice.
That's not my/your problem nor my/your decision. *Forcing* these
choices on a user is always a bad idea.
If that checksum is necessary, make it necessary in the DCCP stack.
You can't work with what you wish; you have to work with what *exists*.
And what exists on the Internet is a smelly, steaming, fly-attracting
pile of UDP and NAT.
- That UDP encap overhead is trivial, even on smaller systems. Leaving out TCP - big code space win. Removing UDP as well and giving up going through many firewalls/NATs - not so great a tradeoff for the smaller space saved. (I've worked with endhosts that only speak UDP.)
I never said you could remove UDP overall. The only thing I'm against
is the DCCP and UDP stacks mucking about with each other's checksums.
That's *BAD*. Anytime a protocol starts mucking about outside of
itself, it fails to deploy.
DCCP can't, shouldn't, and won't know the state of the UDP universe that
packet travelled through.
- that UDP can now compute a checksum only on its headers, using a redundant length field to indicate checksum coverage length. It's called UDP-Lite - this would carry DCCP without having to checksum the payload twice. Unfortunately, Lite was eventually given a different protocol number, rather than being a simple upgrade to UDP, because pretty much all existing implementations relied on the 'wrong' UDP length field and preferred it over the IP length field, so the redundant field wasn't really redundant after all.
So you can argue for DCCP over UDP-Lite as more efficient from a checksum coverage computation viewpoint, in that both DCCP and UDP-Lite can protect (checksum) just their headers, and leave payload checking to the application. But UDP-Lite has the same problems with NAT and firewalls that DCCP does, as it's an unusual protocol number... (And Lite's pass-errored-stuff-to-application focus is pretty useless over any MAC layer checking its own payloads against channel errors, e.g. Ethernet's CRC32c frame check.)
I'm really looking forward to reading a possible specification for the UDP-Lite in UDP encap, where handwaving will be used to justify turning off the outer UDP checksum for IPv4!
UDP-Lite is irrelevant. As far as every router on the Internet is
concerned, it doesn't exist.
The whole point of this encap is to allow DCCP to deploy in the broken,
reality we call the current Internet.
Nobody cares about DCCP on big machines. Some of us on tiny machines
care a lot, but if you make it hard for us to deploy, we can't use it.
-a