IETF Logo Mail Archive

Re: [DNSOP] Spencer Dawkins' Discuss on draft-ietf-dnsop-session-signal-12: (with DISCUSS and COMMENT)

Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Thu, 02 August 2018 13:39 UTC

Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0EA8128BAC; Thu, 2 Aug 2018 06:39:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y0mBouSG9T5H; Thu, 2 Aug 2018 06:39:37 -0700 (PDT)
Received: from mail-yb0-x22a.google.com (mail-yb0-x22a.google.com [IPv6:2607:f8b0:4002:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 844E1126BED; Thu, 2 Aug 2018 06:39:37 -0700 (PDT)
Received: by mail-yb0-x22a.google.com with SMTP id h127-v6so847691ybg.12; Thu, 02 Aug 2018 06:39:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1Ui43EJ9kXEVD8sWnRE1w8F1nms8pwhO3VLVrYHMy6I=; b=t2iVTr48syh6eQIb2j6mIso8xPKX+PoYVaeIE0hIdysHJ1ZHOeOGzK1xFiiQszInrb L0UBkiy+NU3FaZJ0T8S/sTgk3pXOGfvfjDEBo5o86h6CJXtVefZi4BHoCpCroPDBSsds sQx5hx9eg/ShWI7dUtacMbbbRc3tgetstoMEugtx7hyJABKUnrILFoDibyDqxVlOpMlE vJWbV9s6+qftEnnXr0tMtyD6YOffaAVFgVVUugvok2PW3JvS86L403sMCb+TXqkMv5C8 wwvENYgdeXXKbKpqdv7m+S3fxkWXGl861/H7Awv1QyVH4zBIBKfRzMYVEq41TY2LOye1 PoAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1Ui43EJ9kXEVD8sWnRE1w8F1nms8pwhO3VLVrYHMy6I=; b=sGMcL4v6BdWN/fczRPSpf1G4519g5/a5SqiMyBvv0LyzWJBACjLjbbHCdjI+s33uMR soaNERfAjFBO2OSy3dJO519j6TqG3iX0hemvD1xBdhKOtNMCU9wRjst2Uf0SWVmyiIdy joElaSHRjId/BwKC6FRYm+jnoQJGe3Ybfteyk0X6RgokqnezK9F2qCIcPhLvo3/ShyTr JbD91qOtAGeMq+v0hfwrjIofolOFhObs4Z2H3z2MFBHajw4iSuzq05LIajLakXAmHq5t P+C9CpXNjQeTD1Dp9UjObmZnpH5Z6oxEcWHa7Nztxm0IlBMt9DijfsvpzEdoPBg3mG+5 1vnA==
X-Gm-Message-State: AOUpUlF1pn6fVXtddqJN8TO3JPx1Mg27RAlvZSrMlWeSdrl8M/DewwAq yqNiTrsRQoYfD4G4/jWnXT9toFPh11V/Octm32PtwQ==
X-Google-Smtp-Source: AAOMgpcFLNrMz7J2ifcCVwH5jxiFTDNPjYrQyKgMNPOz1IrEXkdA1xAmpDQX5E0+5eLxdJii9znDgJGOGqop3K9z+nc=
X-Received: by 2002:a25:504a:: with SMTP id e71-v6mr1425738ybb.44.1533217176537; Thu, 02 Aug 2018 06:39:36 -0700 (PDT)
MIME-Version: 1.0
References: <153266600019.24802.9316144897968330271.idtracker@ietfa.amsl.com> <F1CE7C6A-DE44-45F4-8CF4-E49766CFCEA5@fugue.com>
In-Reply-To: <F1CE7C6A-DE44-45F4-8CF4-E49766CFCEA5@fugue.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Thu, 02 Aug 2018 08:39:24 -0500
Message-ID: <CAKKJt-d+4TiO3f8YQrb4m1c_+a7ChJKmeQrwsxtbv1NrYucWMA@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Cc: IESG <iesg@ietf.org>, draft-ietf-dnsop-session-signal@ietf.org, Tim Wicinski <tjw.ietf@gmail.com>, dnsop-chairs <dnsop-chairs@ietf.org>, "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002bd245057273f18f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/MR0Jqoc8q26hkaAbJ7wlIqsIqMg>
Subject: Re: [DNSOP] Spencer Dawkins' Discuss on draft-ietf-dnsop-session-signal-12: (with DISCUSS and COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Aug 2018 13:39:40 -0000

Hi, Ted,

Chopping down to clearing my Discuss, and one wording suggestion for new
text ...

On Tue, Jul 31, 2018 at 1:41 PM Ted Lemon <mellon@fugue.com> wrote:

> On Jul 27, 2018, at 12:33 AM, Spencer Dawkins <
> spencerdawkins.ietf@gmail.com> wrote:
>
> I really like this document, and think it's headed the right direction. Of
> course I have four pages of comments, because reasons, but the only part
> I'm
> really confused about is this one ...
>
> I would have thought that if you end up with a different endpoint because
> your
> anycast address now resolves differently, the new endpoint would have to
> have
> shared a lot of state with the previous endpoint, for this to work:
>
>  When an anycast service is configured on a particular IP address and
>   port, it must be the case that although there is more than one
>   physical server responding on that IP address, each such server can
>   be treated as equivalent.  If a change in network topology causes
>   packets in a particular TCP connection to be sent to an anycast
>   server instance that does not know about the connection, the normal
>   keepalive and TCP connection timeout process will allow for recovery.
>
> What I would have expected to happen, is that the new endpoint sees a
> packet
> arrive that's not on a synchronized TCP connection, and immediately
> responds
> with a RST (reset), rather than the normal keepalive and TCP connection
> timeout
> process happening. That's also the way I'm reading
> https://tools.ietf.org/html/rfc7828#section-3.6. Is that not the way it's
> working for anycast these days?
>
>
> I believe this is correct—thanks for pointing it out.   I think the fix is
> straightforward:
>
>   When an anycast service is configured on a particular IP address and
>   port, it must be the case that although there is more than one
>   physical server responding on that IP address, each such server can
>   be treated as equivalent.  If a change in network topology causes
>   packets in a particular TCP connection to be sent to an anycast
>   server instance that does not know about the connection, the new
>   server will automatically terminate the connection with a TCP reset,
>   since it will have no record of the connection, and then the client can
>   reconnect or stop using the connection, as appropriate.
>
> Does that sound good?
>

I'll clear based on this text, but you might want to consider being a bit
more precise about what you're thinking of, when you say "each such server
can be treated as equivalent", which, IIRC, was what started my journey
into the weeds on this paragraph.

ISTM that there are two ways people could be using anycast
(overgeneralizing wildly) -

   - I have nine servers that are geographically close enough to maintain
   TCP state across the set of servers and I'm using anycast for
   loadbalancing, or
   - I have nine servers that are geographically diverse, and I'm using
   anycast to provide more robust service, and they're not close enough to
   maintain TCP state across the set of servers.

I think your point is that the first case is fine (a change in network
topology means that the server now being used either knows or can figure
out quickly that to do with the incoming packet), and the second case is
not (a change in network topology means that the server being used has no
idea what to do with the incoming packet, and has no way to figure that
out).

If I got that right (at a 50,000 foot level), you might think about how to
say it more correctly, but I'm clearing now, so do the right thing.


The text in 6.1.  DSO Session Initiation seems rough to me, for a couple of
> reasons.
>
>   The client may perform as many DNS operations as it wishes using the
>   newly created DSO Session.  Operations SHOULD be pipelined (i.e., the
>
> I don't understand why this would be a SHOULD. At least from the client's
> perspective, it's not needed for interoperation.
>
>   client doesn't need wait for a response before sending the next
>   message).  The server MUST act on messages in the order they are
>   transmitted, but responses to those messages SHOULD be sent out of
>   order when appropriate.
>
> Is it correct to say that "responses to those messages SHOULD be sent when
> they
> become available, even if the responses are sent out of order"? If not, I'm
> probably missing what "when appropriate" means.
>
>
> Good points.   I've made the following change:
>
>  The client may perform as many DNS operations as it wishes using the
> -newly created DSO Session. Operations SHOULD be pipelined (i.e., the
> -client doesn't need wait for a response before sending the next message).
> +newly created DSO Session. When the
> +client has multiple messages to send, it SHOULD NOT wait for each
> response before sending the next message.
> +This prevents TCP's delayed acknowledgement algorithm from forcing the
> +client into a slow lock-step.
>  The server MUST act on messages in the order they are transmitted, but
> -responses to those messages SHOULD be sent out of order when appropriate.
> +when responses to those messages become available out of order, the server
> +SHOULD NOT delay sending available responses in order to respond in order.
>
>
"in order to respond in order" is kind of clunky. Perhaps "SHOULD NOT delay
sending responses so that they can be returned in the order the
corresponding requests were received"?

But do the right thing, of course.

I'll clear now.

Spencer

v2.23.0 | Report a Bug | By Email