On 13 July 2017 at 19:29, JORDI PALET MARTINEZ
Strange. I can access it, however I'm downstream of it. A few of those
"is it up" websites are showing it is reachable.

I'll email you a copy off list.
Repository closed for submissions leading up to IETF99, opens again on
the 16th and I got a little impatient because I finished it :-)

Regards,
Mark.

On Thu, Jul 13, 2017 at 11:29 AM, JORDI PALET MARTINEZ
The problem might be that the server is not reachable over IPv6

Kind regards,

Job

Hi Tom,

Thanks very much for having a look and providing feedback.
I don't think they need to be, as the TCP or UDP checksum isn't
evaluated by any device while the inner packet is being carried over
the Skinny IPv6-in-IPv6 tunnel.

When the reconstructed inner packet arrives at the final destination
where the TCP or UDP checksum is evaluated, it will be post Skinny
IPv6-in-IPv6 decapsulation, and therefore any Skinny IPv6-in-IPv6
related addressing changes that would have caused the TCP or UDP
checksum to be invalid should have been completely reversed.
I think that same risk exists with vanilla IPv6 packets, since there
is no IPv6 Header Checksum, as there was in IPv4.
Protocol" book (really good for lots of the reasons why IPv6 is the
way it is), that it was decided the risks of delivery to the wrong
node were worth it compared to the performance gains of not evaluating
a per-hop IPv6 header checksum. Protection against corruption over a
link is provided by a link-layer checksum, and as this was the reason
why the UDP checksum became mandatory, end-to-end TCP, UDP etc.
checksums protect against corruption inside devices like routers.

So delivery to the wrong node is possible, however that node will
ignore it because TCP, UDP etc. checksum will fail.

Skinny IPv6-in-IPv6 is using IPv6 as a virtual link-layer, so it could
be argued this should have a link-layer checksum, however there will
be real link-layers underneath with checksums, so a checksum in Skinny
IPv6-in-IPv6 is probably not necessary.

I'm not against including a checksum if useful and know that GRE does
have that option. I'm not sure how often the GRE checksum option is
used, although I haven't heard of it being used and I'm around people
who might. A search for "GRE checksum" only finds one link on the
first page of the search results that is related to operationally
enabling it, and the person answering the question also says in their
experience it isn't commonly used.


I'll look to include some of the above comments in the draft as they
sound like they could be common queries.

Thanks again for having a look.

Regards,
Mark.

Hi Tom,
I've just realised that you might have been talking about middleboxes
validating the TCP or UDP checksum while the inner packet is Skinny
IPv6-in-IPv6 encapsulated. Yes, that would fail.

My expectation of the common use case for Skinny IPv6-in-IPv6 is
limited to within middle box free closed networks e.g., the SPRING
situation rather than over the Internet where middle boxes might be
encountered.

EHs seem to be being commonly dropped on the Internet anyway, so a new
one like a Skinny IPv6-in-IPv6 EH is unlikely to be very usable over
the Internet. I'll put some text in about that limitation and propose
the use of am optional UDP header in front of the Skinny IPv6-in-IPv6
EH to trick middle boxes into letting it through.

Shame to do that because of the additional UDP overhead. At least the
inner packet IID entropy in the outer packet SA and DA would still be
a benefit in that case where existing IPv6 routers don't use Flow
Labels for load balancing.

Thanks,
Mark.