Re: [btns] Q: How to deal with connection latch breaks?

"Mike Eisler" <mre-ietf@eisler.com> Thu, 02 July 2009 00:36 UTC

Return-Path: <mre-ietf@eisler.com>
X-Original-To: btns@core3.amsl.com
Delivered-To: btns@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C48CD28C0D8 for <btns@core3.amsl.com>; Wed, 1 Jul 2009 17:36:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wPme4bb-TMWE for <btns@core3.amsl.com>; Wed, 1 Jul 2009 17:36:47 -0700 (PDT)
Received: from webmail5.dreamhost.com (caiajhbihbdd.dreamhost.com [208.97.187.133]) by core3.amsl.com (Postfix) with ESMTP id 9A7993A6811 for <btns@ietf.org>; Wed, 1 Jul 2009 17:36:47 -0700 (PDT)
Received: from webmail.eisler.com (localhost [127.0.0.1]) by webmail5.dreamhost.com (Postfix) with ESMTP id F38655B70B; Wed, 1 Jul 2009 17:37:09 -0700 (PDT)
Received: from 75.70.132.213 (proxying for 75.70.132.213) (SquirrelMail authenticated user mre-ietf@eisler.com) by webmail.eisler.com with HTTP; Wed, 1 Jul 2009 17:37:10 -0700
Message-ID: <e2cf27e98757db0c8561baadfb3ca335.squirrel@webmail.eisler.com>
Date: Wed, 1 Jul 2009 17:37:10 -0700
From: "Mike Eisler" <mre-ietf@eisler.com>
To: btns@ietf.org, lars.eggert@nokia.com
User-Agent: SquirrelMail/1.4.19
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Subject: Re: [btns] Q: How to deal with connection latch breaks?
X-BeenThere: btns@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Better-Than-Nothing-Security Working Group discussion list <btns.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/btns>, <mailto:btns-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/btns>
List-Post: <mailto:btns@ietf.org>
List-Help: <mailto:btns-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/btns>, <mailto:btns-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jul 2009 00:36:48 -0000

Note: This is my first email to this list. The catalyst for this
email was that several documents that I'm authoring indirectly depend
on draft-ietf-btns-connection-latching moving forward ...

> The last DISCUSS on draft-ietf-btns-connection-latching-10
> concerns what the WG thinks is the best way for ULPs to
> handle connection latch transitions to the BROKEN state in
> the _absence_ of connection latching APIs for applications
> (or when apps are not aware of such APIs).

Isn't this DISCUSS specific to SCTP? Russ writes in the DISCUSS:

I am unsure that the SCTP section defines behavior which is consistent with
application expectations.  The last paragraph of 5.4 implies that the whole
connection terminates if one of the latches breaks.  This has an impact on
the
semantics of the application socket API.  While connection latching is
transparent when everything is working, there are new failures that ripple to
the application.  That is, the application will observe different behavior
on a
connection with and without latching.

My conclusion is that the API ought to provide information for the
application
about the connection latching, and it just does not seem to be there.  If you
can point me to a discussion of this topic on the WG mail list, then I'll
clear.  I'm not trying to alter consensus, but I do want to make sure that
this
topic was considered.

======================

The laat paragraph of section 5.4 says:

"When a connection latch transitions to the BROKEN state and the
   application requested (or system policy dictates it) that the
   connection be broken, then SCTP should inform the application, if
   there is a way to do so, or else it should wait, allowing SCTP path/
   endpoint failure detection (and/or application-layer keepalive
   strategy) to timeout the connection.  When a connection latch is
   administratively transitioned to the CLOSED state then SCTP should
   act as though an ABORT chunk has been received."

Note the inconsistency between what Russ wrote in his DISCUSS:

"The last paragraph of 5.4 implies that the whole
connection terminates if one of the latches breaks."

and this excerpt from the last paragraph of section 5.4:

"When a connection latch transitions to the BROKEN state and the
   application requested (or system policy dictates it) that the
   connection be broken,"

So actually the last paragraph is unequivocal: the connection
does terminate if two conditions are met:
- the latch goes to BROKEN
- the app or policy has previously dictated that a latch break produces
  a connection break.

Earlier in Section 5.4, two alternatives to mapping latches to multi-homed
SCTP connections:

"We can represent the multiplicity of SCTP association end-point
   addresses as a multiplicity of 5-tuples, each of which with its own a
   connection latch.  Alternatively we can extend the connection latch
   object to support a multiplicity of addresses for each end-point.
   The first approach is used throughout this document, therefore we
   will assume that representation."

Perhaps the second approach is what should be used for SCTP. However, as
the last sentence above notes, the first approach is used in the rest
of the document. I gather what Russ is saying is that approach might
not be appropriate for SCTP and he wants to know if the WG thoroughly
considered it.

In the event the WG did not thoroughly consider the implications
of multi-homed SCTP connections and latching, here is a pragmatic
suggestion:

- remove the SCTP discussion from the I-D. Most this means removing
  section 5.4, but there are a couple sentences that mention SCTP that
  would also need to be removed.

- if there is sufficient interest in SCTP and connection latching,
  channel binding, etc., then start a new work item to deal with
  the issue of connection latching with multi-homed connection-oriented
  transports.


-------------------------------------------------------

Nico wrote:

    * From: Nicolas Williams <Nicolas.Williams at sun.com>
    * To: btns at ietf.org
    * Date: Wed, 24 Jun 2009 15:17:07 -0500

The last DISCUSS on draft-ietf-btns-connection-latching-10 concerns what
the WG thinks is the best way for ULPs to handle connection latch
transitions to the BROKEN state in the _absence_ of connection latching
APIs for applications (or when apps are not aware of such APIs).

The two options are:

a) The ULP MAY/SHOULD/MUST pretend that the equivalent of a TCP reset
   occurred and the connection latch is transition to the CLOSED state
   (and destroyed/cleaned up);

b) The ULP MAY/SHOULD/MUST act as though bits aren't moving and let ULP
   and/or application-layer timeout processing decide if and when to
   close the connection (and underlying connection latch).

(b) means potentially hanging forever, but that's generally true now
with existing ULPs.

The I-D says (b), with "SHOULD".

I'd be just as happy with (a), SHOULD, (b) MAY.  I would not be happy
with (a), MUST, nor with (b), MUST.

Comments?

Nico
-- 


-- 
Mike Eisler, Senior Technical Director, NetApp, 719 599 9026,
http://blogs.netapp.com/eislers_nfs_blog/




-- 
Mike Eisler, Senior Technical Director, NetApp, 719 599 9026,
http://blogs.netapp.com/eislers_nfs_blog/