Internet Engineering Task Force (IETF) T. Mizrahi
Request for Comments: 7820 Marvell
Category: Experimental March 2016
ISSN: 2070-1721
Internet Engineering Task Force (IETF) T. Mizrahi
Request for Comments: 7820 Marvell
Category: Experimental March 2016
ISSN: 2070-1721
UDP Checksum Complement in the One-Way Active Measurement Protocol (OWAMP) and Two-Way Active Measurement Protocol (TWAMP)
单向主动测量协议(OWAMP)和双向主动测量协议(TWAMP)中的UDP校验和补码
Abstract
摘要
The One-Way Active Measurement Protocol (OWAMP) and the Two-Way Active Measurement Protocol (TWAMP) are used for performance monitoring in IP networks. Delay measurement is performed in these protocols by using timestamped test packets. Some implementations use hardware-based timestamping engines that integrate the accurate transmission time into every outgoing OWAMP/TWAMP test packet during transmission. Since these packets are transported over UDP, the UDP Checksum field is then updated to reflect this modification. This document proposes to use the last 2 octets of every test packet as a Checksum Complement, allowing timestamping engines to reflect the checksum modification in the last 2 octets rather than in the UDP Checksum field. The behavior defined in this document is completely interoperable with existing OWAMP/TWAMP implementations.
单向主动测量协议(OWAMP)和双向主动测量协议(TWAMP)用于IP网络中的性能监控。在这些协议中,通过使用时间戳测试数据包来执行延迟测量。一些实现使用基于硬件的时间戳引擎,该引擎在传输期间将准确的传输时间集成到每个传出的OWAMP/TWAMP测试数据包中。由于这些数据包是通过UDP传输的,因此UDP校验和字段随后会更新以反映此修改。本文档建议使用每个测试数据包的最后2个八位字节作为校验和补码,允许时间戳引擎在最后2个八位字节而不是UDP校验和字段中反映校验和修改。本文档中定义的行为可与现有的OWAMP/TWAMP实现完全互操作。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for examination, experimental implementation, and evaluation.
本文件不是互联网标准跟踪规范;它是为检查、实验实施和评估而发布的。
This document defines an Experimental Protocol for the Internet community. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.
本文档为互联网社区定义了一个实验协议。本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7820.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7820.
Copyright Notice
版权公告
Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2016 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction ....................................................3
2. Conventions Used in This Document ...............................5
2.1. Terminology ................................................5
2.2. Abbreviations ..............................................5
3. Using the UDP Checksum Complement in OWAMP and TWAMP ............6
3.1. Overview ...................................................6
3.2. OWAMP/TWAMP Test Packets with Checksum Complement ..........6
3.2.1. Transmission of OWAMP/TWAMP with Checksum
Complement .........................................10
3.2.2. Intermediate Updates of OWAMP/TWAMP with
Checksum Complement ................................10
3.2.3. Reception of OWAMP/TWAMP with Checksum Complement ..10
3.3. Interoperability with Existing Implementations ............10
3.4. Using the Checksum Complement with or without
Authentication ............................................11
3.4.1. Checksum Complement in Authenticated Mode ..........11
3.4.2. Checksum Complement in Encrypted Mode ..............11
4. Security Considerations ........................................12
5. References .....................................................12
5.1. Normative References ......................................12
5.2. Informative References ....................................13
Appendix A. Checksum Complement Usage Example .....................14
Acknowledgments ...................................................15
Author's Address ..................................................15
1. Introduction ....................................................3
2. Conventions Used in This Document ...............................5
2.1. Terminology ................................................5
2.2. Abbreviations ..............................................5
3. Using the UDP Checksum Complement in OWAMP and TWAMP ............6
3.1. Overview ...................................................6
3.2. OWAMP/TWAMP Test Packets with Checksum Complement ..........6
3.2.1. Transmission of OWAMP/TWAMP with Checksum
Complement .........................................10
3.2.2. Intermediate Updates of OWAMP/TWAMP with
Checksum Complement ................................10
3.2.3. Reception of OWAMP/TWAMP with Checksum Complement ..10
3.3. Interoperability with Existing Implementations ............10
3.4. Using the Checksum Complement with or without
Authentication ............................................11
3.4.1. Checksum Complement in Authenticated Mode ..........11
3.4.2. Checksum Complement in Encrypted Mode ..............11
4. Security Considerations ........................................12
5. References .....................................................12
5.1. Normative References ......................................12
5.2. Informative References ....................................13
Appendix A. Checksum Complement Usage Example .....................14
Acknowledgments ...................................................15
Author's Address ..................................................15
The One-Way Active Measurement Protocol [OWAMP] and the Two-Way Active Measurement Protocol [TWAMP] are used for performance monitoring in IP networks.
单向主动测量协议[OWAMP]和双向主动测量协议[TWAMP]用于IP网络中的性能监控。
Delay and delay variation are two of the metrics that OWAMP/TWAMP can measure. Measurement is performed using timestamped test packets. In some use cases, such as carrier networks, these two metrics are an essential aspect of the Service Level Agreement (SLA) and therefore must be measured with a high degree of accuracy. If packets are timestamped in hardware as they exit the host, then greater accuracy is possible in comparison to higher-layer timestamps (as explained further below).
延迟和延迟变化是OWAMP/TWAMP可以测量的两个指标。使用时间戳测试数据包执行测量。在某些用例中,如运营商网络,这两个指标是服务水平协议(SLA)的一个重要方面,因此必须以高精度进行度量。如果数据包在离开主机时在硬件中加上时间戳,那么与更高层的时间戳相比,可能会有更高的准确性(如下所述)。
The accuracy of delay measurements relies on the timestamping method and its implementation. In order to facilitate accurate timestamping, an implementation can use a hardware-based timestamping engine, as shown in Figure 1. In such cases, the OWAMP/TWAMP packets are sent and received by a software layer, whereas the timestamping engine modifies every outgoing test packet by incorporating its accurate transmission time into the Timestamp field in the packet.
延迟测量的准确性取决于时间戳方法及其实现。为了方便准确的时间戳,实现可以使用基于硬件的时间戳引擎,如图1所示。在这种情况下,OWAMP/TWAMP分组由软件层发送和接收,而时间戳引擎通过将其准确传输时间合并到分组中的时间戳字段来修改每个传出测试分组。
OWAMP/TWAMP-enabled Node
+-------------------+
| |
| +-----------+ |
Software | |OWAMP/TWAMP| |
| | protocol | |
| +-----+-----+ |
| | | +-----------------------+
| +-----+-----+ | / Intermediate entity |
| | Accurate | | / in charge of: |
ASIC/FPGA | | Timestamp | | /__ - Timestamping |
| | engine | | |- Updating checksum or |
| +-----------+ | | Checksum Complement |
| | | +-----------------------+
+---------+---------+
|
|test packets
|
___ v _
/ \_/ \__
/ \_
/ IP /
\_ Network /
/ \
\__/\_ ___/
\_/
OWAMP/TWAMP-enabled Node
+-------------------+
| |
| +-----------+ |
Software | |OWAMP/TWAMP| |
| | protocol | |
| +-----+-----+ |
| | | +-----------------------+
| +-----+-----+ | / Intermediate entity |
| | Accurate | | / in charge of: |
ASIC/FPGA | | Timestamp | | /__ - Timestamping |
| | engine | | |- Updating checksum or |
| +-----------+ | | Checksum Complement |
| | | +-----------------------+
+---------+---------+
|
|test packets
|
___ v _
/ \_/ \__
/ \_
/ IP /
\_ Network /
/ \
\__/\_ ___/
\_/
ASIC: Application-Specific Integrated Circuit FPGA: Field-Programmable Gate Array
专用集成电路现场可编程门阵列
Figure 1: Accurate Timestamping in OWAMP/TWAMP
图1:OWAMP/TWAMP中的精确时间戳
OWAMP/TWAMP test packets are transported over UDP. When the UDP payload is changed by an intermediate entity such as the timestamping engine, the UDP Checksum field must be updated to reflect the new payload. When using UDP over IPv4 [UDP], an intermediate entity that cannot update the value of the UDP Checksum has no choice except to assign a value of zero to the Checksum field, causing the receiver to ignore the Checksum field and potentially accept corrupted packets. UDP over IPv6, as defined in [IPv6], does not allow a zero checksum, except in specific cases [ZeroChecksum]. As discussed in [ZeroChecksum], the use of a zero checksum is generally not recommended and should be avoided to the extent possible.
OWAMP/TWAMP测试数据包通过UDP传输。当UDP有效负载被中间实体(如时间戳引擎)更改时,必须更新UDP校验和字段以反映新的有效负载。在IPv4[UDP]上使用UDP时,无法更新UDP校验和值的中间实体别无选择,只能为校验和字段指定一个零值,这会导致接收器忽略校验和字段,并可能接受损坏的数据包。[IPv6]中定义的IPv6上的UDP不允许零校验和,除非在特定情况下[ZeroChecksum]。如[ZeroChecksum]中所述,通常不建议使用零校验和,应尽可能避免使用零校验和。
Since an intermediate entity only modifies a specific field in the packet, i.e., the Timestamp field, the UDP Checksum update can be performed incrementally, using the concepts presented in [Checksum].
由于中间实体仅修改数据包中的特定字段,即时间戳字段,因此可以使用[Checksum]中介绍的概念以增量方式执行UDP校验和更新。
A similar problem is addressed in Annex E of [IEEE1588]. When the Precision Time Protocol (PTP) is transported over IPv6, 2 octets are appended to the end of the PTP payload for UDP Checksum updates. The value of these 2 octets can be updated by an intermediate entity, causing the value of the UDP Checksum field to remain correct.
[IEEE1588]的附录E中解决了类似问题。当通过IPv6传输精确时间协议(PTP)时,PTP有效负载的末尾会附加2个八位字节,用于UDP校验和更新。中间实体可以更新这两个八位字节的值,从而使UDP校验和字段的值保持正确。
This document defines a similar concept for [OWAMP] and [TWAMP], allowing intermediate entities to update OWAMP/TWAMP test packets and maintain the correctness of the UDP Checksum by modifying the last 2 octets of the packet.
本文档定义了[OWAMP]和[TWAMP]的类似概念,允许中间实体更新OWAMP/TWAMP测试数据包,并通过修改数据包的最后2个八位字节来维护UDP校验和的正确性。
The term "Checksum Complement" is used throughout this document and refers to the 2 octets at the end of the UDP payload, used for updating the UDP Checksum by intermediate entities.
术语“校验和补码”贯穿于本文档,指UDP有效负载末尾的2个八位字节,用于通过中间实体更新UDP校验和。
The usage of the Checksum Complement can in some cases simplify the implementation, because if the packet data is processed in serial order, it is simpler to first update the Timestamp field and then update the Checksum Complement, rather than to update the timestamp and then update the UDP Checksum residing at the UDP header.
在某些情况下,校验和补码的使用可以简化实现,因为如果以串行顺序处理分组数据,则首先更新时间戳字段然后更新校验和补码比更新时间戳然后更新驻留在UDP报头处的UDP校验和更简单。
The Checksum Complement mechanism is also defined for the Network Time Protocol in [RFC7821].
[RFC7821]中还为网络时间协议定义了校验和补码机制。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [KEYWORDS].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[关键词]中所述进行解释。
HMAC Hashed Message Authentication Code
HMAC哈希消息身份验证码
OWAMP One-Way Active Measurement Protocol
OWAMP单向主动测量协议
PTP Precision Time Protocol
精确时间协议
TWAMP Two-Way Active Measurement Protocol
双向主动测量协议
UDP User Datagram Protocol
UDP用户数据报协议
The UDP Checksum Complement is a 2-octet field that is piggybacked at the end of the test packet. It resides in the last 2 octets of the UDP payload.
UDP校验和补码是一个2-octet字段,它在测试数据包的末尾被携带。它位于UDP有效负载的最后2个八位字节中。
+----------------------------------+
| IPv4/IPv6 Header |
+----------------------------------+
| UDP Header |
+----------------------------------+
^ | |
| | OWAMP/TWAMP |
UDP | packet |
Payload +----------------------------------+
| |UDP Checksum Complement (2 octets)|
v +----------------------------------+
+----------------------------------+
| IPv4/IPv6 Header |
+----------------------------------+
| UDP Header |
+----------------------------------+
^ | |
| | OWAMP/TWAMP |
UDP | packet |
Payload +----------------------------------+
| |UDP Checksum Complement (2 octets)|
v +----------------------------------+
Figure 2: Checksum Complement in OWAMP/TWAMP Test Packets
图2:OWAMP/TWAMP测试数据包中的校验和补码
The Checksum Complement is used to compensate for changes performed in the packet by intermediate entities, as described in the Introduction (Section 1). An example of the usage of the Checksum Complement is provided in Appendix A.
校验和补码用于补偿中间实体在数据包中执行的更改,如引言(第1节)所述。附录A中提供了使用校验和补码的示例。
The One-Way Active Measurement Protocol [OWAMP] and the Two-Way Active Measurement Protocol [TWAMP] both make use of timestamped test packets. A Checksum Complement MAY be used in the following cases:
单向主动测量协议[OWAMP]和双向主动测量协议[TWAMP]都使用时间戳测试数据包。校验和补码可用于以下情况:
o In OWAMP test packets sent by the sender to the receiver.
o 在OWAMP中,发送方发送给接收方的测试数据包。
o In TWAMP test packets sent by the sender to the reflector.
o 发送方发送到反射器的TWAMP测试数据包。
o In TWAMP test packets sent by the reflector to the sender.
o 反射器发送给发送器的TWAMP测试数据包。
OWAMP/TWAMP test packets are transported over UDP, either over IPv4 or over IPv6. This document applies to both OWAMP and TWAMP over IPv4 and over IPv6.
OWAMP/TWAMP测试数据包通过UDP(通过IPv4或IPv6)传输。本文档适用于IPv4和IPv6上的OWAMP和TWAMP。
OWAMP/TWAMP test packets contain a Packet Padding field. This document proposes to use the last 2 octets of the Packet Padding field as the Checksum Complement. In this case, the Checksum Complement is always the last 2 octets of the UDP payload, and thus the field is located at (UDP Length - 2 octets) after the beginning of the UDP header.
OWAMP/TWAMP测试数据包包含数据包填充字段。本文档建议使用数据包填充字段的最后2个八位字节作为校验和补码。在这种情况下,校验和补码总是UDP有效负载的最后2个八位字节,因此该字段位于UDP报头开头之后的(UDP长度-2个八位字节)。
Figure 3 illustrates the OWAMP test packet format, including the UDP Checksum Complement.
图3说明了OWAMP测试数据包格式,包括UDP校验和补码。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Timestamp |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Error Estimate | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| |
. Packet Padding .
. .
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | Checksum Complement |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Timestamp |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Error Estimate | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| |
. Packet Padding .
. .
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | Checksum Complement |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: Checksum Complement in OWAMP Test Packets
图3:OWAMP测试数据包中的校验和补码
Figure 4 illustrates the TWAMP test packet format, including the UDP Checksum Complement. ("TTL" means "Time to Live", and "MBZ" refers to the "MUST be zero" field [IPPMIPsec].)
图4说明了TWAMP测试数据包格式,包括UDP校验和补码。(“TTL”表示“生存时间”,“MBZ”表示“必须为零”字段[IPPMIPsec]。)
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Timestamp |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Error Estimate | MBZ |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Receive Timestamp |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sender Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sender Timestamp |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sender Error Estimate | MBZ |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sender TTL | |
+-+-+-+-+-+-+-+-+ +
| |
. .
. Packet Padding .
. .
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | Checksum Complement |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Timestamp |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Error Estimate | MBZ |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Receive Timestamp |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sender Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sender Timestamp |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sender Error Estimate | MBZ |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sender TTL | |
+-+-+-+-+-+-+-+-+ +
| |
. .
. Packet Padding .
. .
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | Checksum Complement |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4: Checksum Complement in TWAMP Test Packets
图4:TWAMP测试数据包中的校验和补码
The length of the Packet Padding field in test packets is announced during the session initiation through the <Padding Length> field in the Request-Session message [OWAMP] or in the Request-TW-Session message [TWAMP].
测试数据包中数据包填充字段的长度在会话启动期间通过请求会话消息[OWAMP]或请求TW会话消息[TWAMP]中的<Padding length>字段宣布。
When a Checksum Complement is included, the padding length MUST be sufficiently long to include the Checksum Complement:
当包含校验和补码时,填充长度必须足够长,以包含校验和补码:
o In OWAMP, the padding length is at least 2 octets, allowing the sender to incorporate the Checksum Complement in the last 2 octets of the padding.
o 在OWAMP中,填充长度至少为2个八位字节,允许发送方将校验和补码合并到填充的最后2个八位字节中。
o In TWAMP, the padding length is at least 29 octets in unauthenticated mode and at least 58 octets in authenticated mode. The additional padding is required, since the header of reflector test packets is longer than the header of sender test packets. The difference between the sender packet and the reflector packet is 27 octets in unauthenticated mode and 56 octets in authenticated mode. Thus, the padding in reflector test packets is shorter than the padding in sender packets. Using at least 29 octets of padding (58 in authenticated mode) in sender test packets allows both the sender and the reflector to use a 2-octet Checksum Complement. Note: If the minimal length requirement is not met, the reflector cannot use a Checksum Complement in the reflected test packets, but the sender can use a Checksum Complement in the test packets it transmits.
o 在TWAMP中,在未经验证的模式下,填充长度至少为29个八位字节,在经验证的模式下,填充长度至少为58个八位字节。由于反射器测试数据包的报头比发送器测试数据包的报头长,因此需要额外的填充。发送方数据包和反射器数据包之间的差异在未经验证的模式下为27个八位字节,在经验证的模式下为56个八位字节。因此,反射器测试包中的填充比发送器包中的填充短。在发送方测试数据包中使用至少29个八位字节的填充(58个在认证模式下)允许发送方和反射器使用2个八位字节的校验和补码。注:如果未满足最小长度要求,反射器不能在反射的测试数据包中使用校验和补码,但发送器可以在其传输的测试数据包中使用校验和补码。
o Two optional TWAMP features are defined in [TWAMP-Reflect]: octet reflection and symmetrical size. When at least one of these features is enabled, the Request-TW-Session message includes the <Padding Length> field, as well as a <Length of padding to reflect> field. In this case, both fields must be sufficiently long to allow at least 2 octets of padding in both sender test packets and reflector test packets. Specifically, when octet reflection is enabled, the two Length fields must be defined such that the padding expands at least 2 octets beyond the end of the reflected octets.
o [TWAMP Reflect]中定义了两个可选的TWAMP特性:八位组反射和对称大小。当至少启用其中一个功能时,Request TW会话消息包括<Padding Length>字段以及<Length of Padding to reflect>字段。在这种情况下,两个字段必须足够长,以允许发送方测试数据包和反射方测试数据包中至少有2个八位字节的填充。具体地说,当启用八位字节反射时,必须定义两个长度字段,以便填充在反射的八位字节末尾之外扩展至少2个八位字节。
As described in Section 1, the extensions described in this document are implemented by two logical layers -- a protocol layer and a timestamping layer. It is assumed that the two layers are synchronized regarding whether the usage of the Checksum Complement is enabled or not; since both logical layers reside in the same network device, it is assumed that there is no need for a protocol that synchronizes this information between the two layers. When Checksum Complement usage is enabled, the protocol layer must take care to verify that test packets include the necessary padding, thereby avoiding the need for the timestamping layer to verify that en-route test packets include the necessary padding.
如第1节所述,本文档中描述的扩展由两个逻辑层实现——协议层和时间戳层。假设两层在校验和补码的使用是否启用方面是同步的;由于两个逻辑层驻留在同一网络设备中,因此假定不需要在两个层之间同步此信息的协议。当启用校验和补码使用时,协议层必须注意验证测试数据包是否包含必要的填充,从而避免时间戳层需要验证路由测试数据包是否包含必要的填充。
The transmitter of an OWAMP/TWAMP test packet MAY include a Checksum Complement field, incorporated in the last 2 octets of the padding.
OWAMP/TWAMP测试包的发送器可以包括校验和补码字段,该校验和补码字段合并在填充的最后2个八位字节中。
A transmitter that includes a Checksum Complement in its outgoing test packets MUST include a Packet Padding field in these packets, the length of which MUST be sufficient to include the Checksum Complement. The length of the Packet Padding field is negotiated during session initiation, as described in Section 3.2.
在其输出测试数据包中包含校验和补码的发送器必须在这些数据包中包含数据包填充字段,其长度必须足以包含校验和补码。分组填充字段的长度在会话启动期间协商,如第3.2节所述。
An intermediate entity that receives and alters an OWAMP/TWAMP test packet can alter either the UDP Checksum field or the Checksum Complement field in order to maintain the correctness of the UDP Checksum value.
接收和更改OWAMP/TWAMP测试数据包的中间实体可以更改UDP校验和字段或校验和补码字段,以保持UDP校验和值的正确性。
This document does not impose new requirements on the receiving end of an OWAMP/TWAMP test packet.
本文件不对OWAMP/TWAMP测试数据包的接收端提出新要求。
The UDP layer at the receiving end verifies the UDP Checksum of received test packets, and the OWAMP/TWAMP layer should treat the Checksum Complement as part of the padding.
接收端的UDP层验证所接收测试数据包的UDP校验和,OWAMP/TWAMP层应将校验和补码视为填充的一部分。
The behavior defined in this document does not impose new requirements on the reception behavior of OWAMP/TWAMP test packets. The protocol stack of the receiving host performs the conventional UDP Checksum verification; thus, from the perspective of the receiving host, the existence of the Checksum Complement is transparent. Therefore, the functionality described in this document allows interoperability with existing implementations that comply with [OWAMP] or [TWAMP].
本文件中定义的行为不会对OWAMP/TWAMP测试数据包的接收行为提出新的要求。接收主机的协议栈执行常规UDP校验和验证;因此,从接收主机的角度来看,校验和补码的存在是透明的。因此,本文档中描述的功能允许与符合[OWAMP]或[TWAMP]的现有实现进行互操作。
Both OWAMP and TWAMP may use authentication or encryption, as defined in [OWAMP] and [TWAMP].
OWAMP和TWAMP都可以使用[OWAMP]和[TWAMP]中定义的身份验证或加密。
OWAMP and TWAMP test packets can be authenticated using an HMAC (Hashed Message Authentication Code). The HMAC covers some of the fields in the test packet header. The HMAC does not cover the Timestamp field and the Packet Padding field.
OWAMP和TWAMP测试数据包可以使用HMAC(哈希消息身份验证码)进行身份验证。HMAC覆盖测试数据包报头中的一些字段。HMAC不包括时间戳字段和数据包填充字段。
A Checksum Complement MAY be used when authentication is enabled. In this case, an intermediate entity can timestamp test packets and update their Checksum Complement field without modifying the HMAC.
启用身份验证时,可以使用校验和补码。在这种情况下,中间实体可以在不修改HMAC的情况下为测试包添加时间戳并更新其校验和补码字段。
When OWAMP and TWAMP are used in encrypted mode, the Timestamp field is encrypted.
在加密模式下使用OWAMP和TWAMP时,时间戳字段将被加密。
A Checksum Complement SHOULD NOT be used in encrypted mode. The Checksum Complement is effective in both unauthenticated mode and authenticated mode, allowing the intermediate entity to perform serial processing of the packet without storing and forwarding it.
校验和补码不应在加密模式下使用。校验和补码在未验证模式和验证模式下都有效,允许中间实体执行数据包的串行处理,而无需存储和转发数据包。
On the other hand, in encrypted mode, an intermediate entity that timestamps a test packet must also re-encrypt the packet accordingly. Re-encryption typically requires the intermediate entity to store the packet, re-encrypt it, and then forward it. Thus, from an implementer's perspective, the Checksum Complement has very little value in encrypted mode, as it does not necessarily simplify the implementation.
另一方面,在加密模式下,给测试数据包加时间戳的中间实体也必须相应地重新加密数据包。重新加密通常需要中间实体存储数据包,重新加密数据包,然后转发数据包。因此,从实现者的角度来看,校验和补码在加密模式下几乎没有价值,因为它不一定会简化实现。
Note: While [OWAMP] and [TWAMP] include an inherent security mechanism, these protocols can be secured by other measures, e.g., [IPPMIPsec]. For reasons similar to those described above, a Checksum Complement SHOULD NOT be used in this case.
注意:虽然[OWAMP]和[TWAMP]包含固有的安全机制,但这些协议可以通过其他措施进行保护,例如[IPPMIPsec]。出于与上述类似的原因,在这种情况下不应使用校验和补码。
This document describes how a Checksum Complement extension can be used for maintaining the correctness of the UDP Checksum.
本文档描述如何使用校验和补码扩展来维护UDP校验和的正确性。
The purpose of this extension is to ease the implementation of accurate timestamping engines, as illustrated in Figure 1. The extension is intended to be used internally in an OWAMP/TWAMP-enabled node, and not intended to be used by intermediate switches and routers that reside between the sender and the receiver/reflector. Any modification of a test packet by intermediate switches or routers should be considered a malicious man-in-the-middle (MITM) attack.
此扩展的目的是简化精确时间戳引擎的实现,如图1所示。该扩展旨在在启用OWAMP/TWAMP的节点内部使用,而不是用于位于发送方和接收方/反射器之间的中间交换机和路由器。中间交换机或路由器对测试数据包的任何修改都应被视为恶意中间人(MITM)攻击。
It is important to emphasize that the scheme described in this document does not increase the protocol's vulnerability to MITM attacks; a MITM attacker who maliciously modifies a packet and its Checksum Complement is logically equivalent to a MITM attacker who modifies a packet and its UDP Checksum field.
需要强调的是,本文件中描述的方案不会增加协议对MITM攻击的脆弱性;恶意修改数据包及其校验和补码的MITM攻击者在逻辑上等同于修改数据包及其UDP校验和字段的MITM攻击者。
The concept described in this document is intended to be used only in unauthenticated mode or authenticated mode. As described in Section 3.4.2, using the Checksum Complement in encrypted mode does not simplify the implementation compared to using the conventional checksum, and therefore the Checksum Complement should not be used.
本文档中描述的概念仅用于未经验证的模式或已验证的模式。如第3.4.2节所述,与使用常规校验和相比,在加密模式下使用校验和补码不会简化实现,因此不应使用校验和补码。
[Checksum] Rijsinghani, A., Ed., "Computation of the Internet Checksum via Incremental Update", RFC 1624, DOI 10.17487/RFC1624, May 1994, <http://www.rfc-editor.org/info/rfc1624>.
[校验和]Rijsinghani,A.,Ed.,“通过增量更新计算互联网校验和”,RFC 1624,DOI 10.17487/RFC1624,1994年5月<http://www.rfc-editor.org/info/rfc1624>.
[IPv6] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, December 1998, <http://www.rfc-editor.org/info/rfc2460>.
[IPv6]Deering,S.和R.Hinden,“互联网协议,第6版(IPv6)规范”,RFC 2460,DOI 10.17487/RFC2460,1998年12月<http://www.rfc-editor.org/info/rfc2460>.
[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>.
[关键词]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<http://www.rfc-editor.org/info/rfc2119>.
[OWAMP] Shalunov, S., Teitelbaum, B., Karp, A., Boote, J., and M. Zekauskas, "A One-way Active Measurement Protocol (OWAMP)", RFC 4656, DOI 10.17487/RFC4656, September 2006, <http://www.rfc-editor.org/info/rfc4656>.
[OWAMP]Shalunov,S.,Teitelbaum,B.,Karp,A.,Boote,J.,和M.Zekauskas,“单向主动测量协议(OWAMP)”,RFC 4656,DOI 10.17487/RFC4656,2006年9月<http://www.rfc-editor.org/info/rfc4656>.
[TWAMP] Hedayat, K., Krzanowski, R., Morton, A., Yum, K., and J. Babiarz, "A Two-Way Active Measurement Protocol (TWAMP)", RFC 5357, DOI 10.17487/RFC5357, October 2008, <http://www.rfc-editor.org/info/rfc5357>.
[TWAMP]Hedayat,K.,Krzanowski,R.,Morton,A.,Yum,K.,和J.Babiarz,“双向主动测量协议(TWAMP)”,RFC 5357,DOI 10.17487/RFC5357,2008年10月<http://www.rfc-editor.org/info/rfc5357>.
[TWAMP-Reflect] Morton, A. and L. Ciavattone, "Two-Way Active Measurement Protocol (TWAMP) Reflect Octets and Symmetrical Size Features", RFC 6038, DOI 10.17487/RFC6038, October 2010, <http://www.rfc-editor.org/info/rfc6038>.
[TWAMP Reflect]Morton,A.和L.Ciavattone,“双向主动测量协议(TWAMP)反映八位组和对称尺寸特征”,RFC 6038,DOI 10.17487/RFC6038,2010年10月<http://www.rfc-editor.org/info/rfc6038>.
[UDP] Postel, J., "User Datagram Protocol", STD 6, RFC 768, DOI 10.17487/RFC768, August 1980, <http://www.rfc-editor.org/info/rfc768>.
[UDP]Postel,J.,“用户数据报协议”,STD 6,RFC 768,DOI 10.17487/RFC768,1980年8月<http://www.rfc-editor.org/info/rfc768>.
[IEEE1588] IEEE, "IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems", IEEE Std 1588-2008, DOI 10.1109/IEEESTD.2008.4579760, July 2008.
[IEEE1588]IEEE,“网络测量和控制系统精密时钟同步协议的IEEE标准”,IEEE标准1588-2008,DOI 10.1109/IEEESTD.2008.4579760,2008年7月。
[IPPMIPsec] Pentikousis, K., Ed., Zhang, E., and Y. Cui, "IKEv2-Derived Shared Secret Key for the One-Way Active Measurement Protocol (OWAMP) and Two-Way Active Measurement Protocol (TWAMP)", RFC 7717, DOI 10.17487/RFC7717, December 2015, <http://www.rfc-editor.org/info/rfc7717>.
[IPPMIPsec]Pentikousis,K.,Ed.,Zhang,E.,和Y.Cui,“单向主动测量协议(OWAMP)和双向主动测量协议(TWAMP)的IKEv2衍生共享密钥”,RFC 7717,DOI 10.17487/RFC77172015年12月<http://www.rfc-editor.org/info/rfc7717>.
[RFC7821] Mizrahi, T., "UDP Checksum Complement in the Network Time Protocol (NTP)", RFC 7821, DOI 10.17487/RFC7821, March 2016, <http://www.rfc-editor.org/info/rfc7821>.
[RFC7821]Mizrahi,T.,“网络时间协议(NTP)中的UDP校验和补码”,RFC 7821,DOI 10.17487/RFC7821,2016年3月<http://www.rfc-editor.org/info/rfc7821>.
[ZeroChecksum] Fairhurst, G. and M. Westerlund, "Applicability Statement for the Use of IPv6 UDP Datagrams with Zero Checksums", RFC 6936, DOI 10.17487/RFC6936, April 2013, <http://www.rfc-editor.org/info/rfc6936>.
[ZeroChecksum]Fairhurst,G.和M.Westerlund,“使用具有零校验和的IPv6 UDP数据报的适用性声明”,RFC 6936,DOI 10.17487/RFC6936,2013年4月<http://www.rfc-editor.org/info/rfc6936>.
Consider a session between an OWAMP sender and an OWAMP receiver, in which the sender transmits test packets to the receiver.
考虑OWAMP发送器和OWAMP接收机之间的会话,其中发送方向接收方发送测试分组。
The sender's software layer generates an OWAMP test packet with a timestamp T and a UDP Checksum value U. The value of U is the checksum of the UDP header, UDP payload, and pseudo-header. Thus, U is equal to:
发送方的软件层生成一个带有时间戳T和UDP校验和值U的OWAMP测试数据包。U的值是UDP报头、UDP有效负载和伪报头的校验和。因此,U等于:
U = Const + checksum(T) (1)
U = Const + checksum(T) (1)
Where "Const" is the checksum of all the fields that are covered by the checksum, except the timestamp T.
其中“Const”是校验和覆盖的所有字段的校验和,时间戳T除外。
Recall that the sender's software emits the test packet with a Checksum Complement field, which is simply the last 2 octets of the padding. In this example, it is assumed that the sender initially assigns zero to these 2 octets.
回想一下,发送方的软件发出带有校验和补码字段的测试数据包,该字段只是填充的最后2个八位字节。在本例中,假设发送方最初为这两个八位字节分配零。
The sender's timestamping engine updates the Timestamp field to the accurate time, changing its value from T to T'. The sender also updates the Checksum Complement field from zero to a new value C, such that:
发送方的时间戳引擎将时间戳字段更新为准确时间,将其值从T更改为T'。发送方还将校验和补码字段从零更新为新值C,以便:
checksum(C) = checksum(T) - checksum(T') (2)
checksum(C) = checksum(T) - checksum(T') (2)
When the test packet is transmitted by the sender's timestamping engine, the value of the checksum remains U as before:
当测试数据包由发送方的时间戳引擎发送时,校验和的值与之前一样保持U:
U = Const + checksum(T) = Const + checksum(T) + checksum(T') -
checksum(T') = Const + checksum(T') + checksum(C) (3)
U = Const + checksum(T) = Const + checksum(T) + checksum(T') -
checksum(T') = Const + checksum(T') + checksum(C) (3)
Thus, after the timestamping engine has updated the timestamp, U remains the correct checksum of the packet.
因此,在时间戳引擎更新了时间戳之后,U保持分组的正确校验和。
When the test packet reaches the receiver, the receiver performs a conventional UDP Checksum computation, and the computed value is U. Since the Checksum Complement is part of the padding, the value of checksum(C) is transparently included in the computation, as per Equation (3), without requiring special treatment by the receiver.
当测试数据包到达接收器时,接收器执行常规UDP校验和计算,计算值为U。由于校验和补码是填充的一部分,校验和(C)的值根据等式(3)透明地包括在计算中,而无需接收器进行特殊处理。
Acknowledgments
致谢
The author gratefully acknowledges Al Morton, Greg Mirsky, Steve Baillargeon, Brian Haberman, and Spencer Dawkins for their helpful comments.
作者感谢Al Morton、Greg Mirsky、Steve Baillargeon、Brian Haberman和Spencer Dawkins的有益评论。
Author's Address
作者地址
Tal Mizrahi Marvell 6 Hamada St. Yokneam, 20692 Israel
Tal Mizrahi Marvell 6 Hamada St.Yokneam,20692以色列
Email: talmi@marvell.com
Email: talmi@marvell.com