Re: [DNSOP] [Tsv-art] Tsvart last call review of draft-ietf-dnsop-dns-tcp-requirements-12
Mirja Kuehlewind <ietf@kuehlewind.net> Sat, 28 August 2021 09:07 UTC
Return-Path: <ietf@kuehlewind.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 896893A1623; Sat, 28 Aug 2021 02:07:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JoIoC08rg-5I; Sat, 28 Aug 2021 02:07:19 -0700 (PDT)
Received: from wp513.webpack.hosteurope.de (wp513.webpack.hosteurope.de [IPv6:2a01:488:42:1000:50ed:8223::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A32E3A1622; Sat, 28 Aug 2021 02:07:19 -0700 (PDT)
Received: from p200300dee734c3003833c952f0b00caa.dip0.t-ipconnect.de ([2003:de:e734:c300:3833:c952:f0b0:caa]); authenticated by wp513.webpack.hosteurope.de running ExIM with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) id 1mJuIz-00053A-Nh; Sat, 28 Aug 2021 11:07:13 +0200
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Mirja Kuehlewind <ietf@kuehlewind.net>
In-Reply-To: <F8DB3441-2D81-4F29-AAB3-D74E24D95453@verisign.com>
Date: Sat, 28 Aug 2021 11:07:12 +0200
Cc: "tsv-art@ietf.org" <tsv-art@ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>, "draft-ietf-dnsop-dns-tcp-requirements.all@ietf.org" <draft-ietf-dnsop-dns-tcp-requirements.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <0F11994D-BFBC-4178-82A1-38B40FCF78E6@kuehlewind.net>
References: <162990671395.10583.8870779506155492851@ietfa.amsl.com> <F8DB3441-2D81-4F29-AAB3-D74E24D95453@verisign.com>
To: "Wessels, Duane" <dwessels=40verisign.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-bounce-key: webpack.hosteurope.de;ietf@kuehlewind.net;1630141639;3f97d0d5;
X-HE-SMSGID: 1mJuIz-00053A-Nh
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/fRBbkC5AZ6PT_AyS-fEo0GGLE_c>
Subject: Re: [DNSOP] [Tsv-art] Tsvart last call review of draft-ietf-dnsop-dns-tcp-requirements-12
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Aug 2021 09:07:25 -0000
Hi Duane! See inline. > On 28. Aug 2021, at 00:44, Wessels, Duane <dwessels=40verisign.com@dmarc.ietf.org> wrote: > > > >> On Aug 25, 2021, at 8:51 AM, Mirja Kühlewind via Datatracker <noreply@ietf.org> wrote: >> >> Caution: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. >> >> Reviewer: Mirja Kühlewind >> Review result: Ready with Issues > > Hello Mirja, > > Thanks for the review. I haven't had a chance yet to discuss with my > coauthor, John, so these are just my own thoughts at this point. > > >> >> >> First a minor comment here: >> "TCP connection timeout, which is often around 60-120 seconds." >> I guess this value relates to an RTO of 1s and 6 SYN retries which is the >> default in Linux. Maybe say that...? I also recommend to add a link to RFC6298. > > Yes suppose it does relate to RTO and SYN retry values, although I'm not > too sure how much those details matter to the intended audience of this > document (DNS software operators). It says "60-120 seconds" just based > on general experience of how long connection timeouts usually take, without > understanding the inner workings of TCP. The point is these values are roughly right at the moment but behaviour can change, so explaining where this comes from is more future-safe. > > I searched a little for something we could cite to support the 60-120 seconds > statement, but didn't really find anything. If you think we should use RFC 6298 > and the values from Linux to support that, then I guess its fine. Yes, sounds good. > >> >> And a more general comment on section 4.2: this section takes about various >> limits but doesn't recommend any values. I understand that there is not a >> one-fits-all solution here but not knowing how to set these values correctly >> might scared people aways from supporting TCP. So I think having a discussion >> either of default values or how to derives these values based on a certain >> configuration would be a very valuable contribution in this document. > > Do you think it would suffice to provide a range of recommended values? > I think we'd have to go back to the working group to get consensus. > > Alternatively, are you suggesting to document what defaults are in current > implementations? Both is fine. As you said recommending values probably needs more discussion and maybe also more input from TCP experts. I guess you could also reach out to the tcpm mailing list. > > >> >> Similarly section 4.3 talks about tuning net.ipv4.tcp_fin_timeout, however, it >> doesn't provide any guidance on how to tune it; Linux recommend a value of >> 15-30 seconds. Also setting net.ipv4.tcp_fin_timeout to a too low value and >> net.ipv4.tcp_tw_reuse to 1 can cause trouble and should not be done for the >> general case. So I don't think that guidance is appropriate without further >> discussion of the risks. Please reconsider this part of the document! > > > I see your concern. Would it be okay if we say here that these are for > experts only? e.g. the sysctl values should only be changed by someone > that has detailed understanding of how TCP works and really understands > the consequences of tweaking them? You really need detailed knowledge about TCP and the application as well. I would maybe even be more careful and discuss that these configurations exists and explain a bit more what they do but by default don’t recommend to change, expcet it’s checked that the application will benefit. Mirja > > >> >> On section 4.4, maybe mention TCP fast open here again as well? >> > > Ack, will do. > > DW > > > _______________________________________________ > Tsv-art mailing list > Tsv-art@ietf.org > https://www.ietf.org/mailman/listinfo/tsv-art
- [DNSOP] Tsvart last call review of draft-ietf-dns… Mirja Kühlewind via Datatracker
- Re: [DNSOP] Tsvart last call review of draft-ietf… Wessels, Duane
- Re: [DNSOP] [Tsv-art] Tsvart last call review of … Mirja Kuehlewind
- Re: [DNSOP] Tsvart last call review of draft-ietf… Wessels, Duane
- Re: [DNSOP] Tsvart last call review of draft-ietf… Mirja Kuehlewind
- Re: [DNSOP] Tsvart last call review of draft-ietf… Wessels, Duane
- Re: [DNSOP] Tsvart last call review of draft-ietf… Qin Wu