Capwap Mailing List: Re: CAPWAP transport for IPv6

[Abhijit Choudhury (achoudhu) (achoudhu]

I am okay with Rohit's suggestion of keeping UDP-Lite as

the mandatory transport over IPv6 for the data channel

and adding the ability to negotiate UDP for the datapath

in case middle-boxes are present.  For this to work, we

would need UDP to be mandatory for the control channel.

 

 

This seems like a fine compromise to me.  This retains the

performance benefits of UDP-Lite for most deployments, and

allows us to handle deployment scenarios where NATs, firewalls, and V4-V6

translators.

 

In summary, we will have UDP as mandatory for the control channel

for both IPv4 and IPv6. UDP will be mandatory for the data channel

for IPv4, and for IPv6, UDP-Lite will be mandatory, and UDP optional.

 

Thanks,

Abhijit

 

 

 

---

From: Rohit Suri (rsuri)
Sent: Monday, August 20, 2007 5:55 PM
To: Puneet Agarwal; Abhijit Choudhury (achoudhu); capwap
Subject: RE: [Capwap] CAPWAP transport for IPv6

I agree with Puneet. Abhijit correctly pointed out,

"The choice of UDP-Lite as the transport for IPv6 was based on

performance reasons.  Most ACs today do the 802.3-to-802.11

conversion and encapsulation in hardware, and in our discussions

the consensus was that requiring checksum computation in hardware

would be expensive.However, it seems that the CAPWAP protocol

has serious issues related to traversal of NATs,V4-V6 gateways and firewalls

when using IPv6 since such boxes don't typically support UDP-Lite"

 

I think it does not make sense to sacrifice performance just to handle the

scenario where there may be V4-V6 gateways deployed in the future.

Instead, in such network configurations, we should allow the

protocol to negotiate the use of UDP  data transport in IPv6 networks.

The default should remain UDP-Lite as that will give most performance

for common network deployments.

 

In order to have support for both UDP and UDP-Lite, CAPWAP control 
should always use UDP and for CAPWAP data UDP/UDP-Lite should be

negotiated. This negotiation can be easily completed as part of CAPWAP

config request/response.

 

This solution ensures that performance is not compromised

for the majority of deployments where there is no need to

run CAPWAP over NAT, firewalls or V4-V6 gateways by running CAPWAP data

over UDP-Lite.  At the same time, it incorporates the flexibility

to negotiate UDP for the data path, if NATs, firewalls and V4-V6 translators

are present.

 

Regards

Rohit

---

From: Puneet Agarwal [mailto:pagarwal [at] broadcom.com]
Sent: Monday, August 20, 2007 5:46 PM
To: Abhijit Choudhury (achoudhu); capwap
Subject: Re: [Capwap] CAPWAP transport for IPv6

Hi Abhijit,

 

UDPLite for IPv6 is a fine compromise (especially when there are no firewalls between WTP and AC) for functionality without the checksum computation expense.

Hence I am not OK with making UDP for IPv6 mandatory.

 

Thanks.

 

-Puneet

---

From: Abhijit Choudhury (achoudhu) [mailto:achoudhu [at] cisco.com]
Sent: Tuesday, August 07, 2007 1:59 PM
To: capwap
Subject: [Capwap] CAPWAP transport for IPv6

At the last IETF, the transport A-Ds raised some interesting

issues related to the use of UDP-Lite for IPv6.  Specifically, the

issues related to traversal of NAT, V4-V6 gateways, and firewalls

need some serious consideration.

 

The choice of UDP-Lite as the transport for IPv6 was based on

performance reasons.  Most ACs today do the 802.3-to-802.11

conversion and encapsulation in hardware, and in our discussions

the consensus was that requiring checksum computation in hardware

would be expensive. However, it seems that the CAPWAP protocol

has serious issues related to traversal of NATs and firewalls

when using IPv6 since such boxes don't typically support UDP-Lite.

 

This means that we should make UDP the mandatory transport for

IPv6.  We could still allow for UDP-Lite when there are translation

gateways and firewalls present.

 

Thoughts/comments ?

 

Abhijit

 

p.s. Proposed text for updating Section 3 is provided below.

Other minor changes will be needed to remove mention of UDP-Lite in the

document.

 

 

----------------------  PROPOSED TEXT ----------------------------------

3.  CAPWAP Transport

 

   Communication between a WTP and an AC is established according to the
   standard UDP client/server model.  The CAPWAP protocol uses UDP as the

   transport protocol for both IPv4 and IPv6.  This section describes how

   the CAPWAP protocol is carried over IP and UDP protocols.

 

3.1.  UDP Transport

 

   One of the CAPWAP protocol requirements is to allow a WTP to reside
   behind a firewall and/or Network Address Translation (NAT) device.
   Since a CAPWAP session is initiated by the WTP (client) to the well-
   known UDP port of the AC (server), the use of UDP is a logical
   choice.  For IPv4, the UDP checksum field in CAPWAP packets MUST be

   set to zero.

 

   CAPWAP protocol control packets sent from the WTP to the AC use the
   CAPWAP control channel, as defined in Section 1.4.  The CAPWAP
   control port at the AC is the well known UDP port [to be IANA
   assigned].  The CAPWAP control port at the WTP can be any port
   selected by the WTP.

 

   CAPWAP protocol data packets sent from the WTP to the AC use the
   CAPWAP data channel, as defined in Section 1.4.  The CAPWAP data port
   at the AC is the well known UDP port [to be IANA assigned].  The
   CAPWAP data port at the WTP can be any port selected by the WTP.

<DELETE Section 3.2>