IETF Logo Mail Archive

Re: draft-asveren-dispatch-http-overload

Martin Thomson <martin.thomson@gmail.com> Mon, 30 April 2018 23:55 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 446DC12D7EC for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 30 Apr 2018 16:55:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.761
X-Spam-Level:
X-Spam-Status: No, score=-7.761 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mV4w32liNIqb for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 30 Apr 2018 16:55:04 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCC4E12D7E2 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 30 Apr 2018 16:55:03 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1fDIU3-00030x-O6 for ietf-http-wg-dist@listhub.w3.org; Mon, 30 Apr 2018 23:45:27 +0000
Resent-Date: Mon, 30 Apr 2018 23:45:27 +0000
Resent-Message-Id: <E1fDIU3-00030x-O6@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <martin.thomson@gmail.com>) id 1fDITr-0000lg-AF for ietf-http-wg@listhub.w3.org; Mon, 30 Apr 2018 23:45:15 +0000
Received: from mail-oi0-f54.google.com ([209.85.218.54]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <martin.thomson@gmail.com>) id 1fDITp-0003Sm-74 for ietf-http-wg@w3.org; Mon, 30 Apr 2018 23:45:14 +0000
Received: by mail-oi0-f54.google.com with SMTP id p62-v6so8925828oie.10 for <ietf-http-wg@w3.org>; Mon, 30 Apr 2018 16:44:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=3WCBeZxj0GQx0KDs9kmCRS9m/JwuCKGYqHviKK7RhDQ=; b=gMHxb64pONcpx3eZfW+zjd9ZugaBGMquBudTaP+/bBl94cACRu1oUUTne+XLaFQhsK rSmPcoD+WnNlu0N3F+mI5wyzRPZF2c7jko7PkdRXg9i26h+jRzX1j/5/XmifqIzzvURO lIgNhJI552bLUf8OZGMMuqraW2ArVwk4A1WwJAUXiVSSe9cM4O48JoHhupmBUCJlCsCJ zV0bNQe4SRJyOr/UWSs51+oAcEoJN4ujKa9ycYN7MjVtD5ZndxDRY3G52kWYS9CDSeI3 q7OpQTuxzUomWb7hqfiNvd+Y5UbYZ82YU2XSX7tgMY0gZyVtXg+RI8i+KwCb7ldenxTL mPxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=3WCBeZxj0GQx0KDs9kmCRS9m/JwuCKGYqHviKK7RhDQ=; b=cKwZptFEcqv4TcTcexE9i6F5p9T7+0MnNamJWBFRigvv8xCFU+4PgR9u6U4wbgtLPg 1S4o7v28+Sn9DicsyNPy/kBGjZyWc1M1dRwdiHDHpcRxq/O42a4XB0ACOECXjKt/hYYy Q87k/34fHUOdi9NL/9DWv1bRAhEf1UHC6yICOlINiAKrDkdPgVQ0kfj7ZPELg8yYOMnC YcbPopHoLOCIumMm0Eh0sXvMw2lf/8Xo4lugvHgIFoowcgZuXhKE/TaOb5gboSGGLuNs 79T3DBbHWpXB0PIJgNs9J/wQ0vwywRMFpbvyl5cj8fDyUXfE3KTHfih/q/MYSVDnIyqH b3mw==
X-Gm-Message-State: ALQs6tB5fx15oHrPqIokIf05viQ0kr74/obYHvu7pp5iP9W+VOPfFx1k QG5nNRdaFrRcJroLuap/u4x46DqXjofATimrgimtqA==
X-Google-Smtp-Source: AB8JxZr0hMT7gDRQkqzulUaKDlu7SGDHLNgGQes5MGR2MOnOew1MPCh/jh+BNeRgYP9MoVDb6N65C+Wc2Jj9T1YjI5E=
X-Received: by 2002:aca:5bc5:: with SMTP id p188-v6mr7491848oib.295.1525131887983; Mon, 30 Apr 2018 16:44:47 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a9d:29ce:0:0:0:0:0 with HTTP; Mon, 30 Apr 2018 16:44:47 -0700 (PDT)
In-Reply-To: <CY4PR03MB3160E802F1BA342798820FC6A5820@CY4PR03MB3160.namprd03.prod.outlook.com>
References: <CY4PR03MB31607A155630036128CD091FA5830@CY4PR03MB3160.namprd03.prod.outlook.com> <CABkgnnVZcfzpCOsCmpC8rYEugOz2TjxnerkQgZaKJ52nqT7bFA@mail.gmail.com> <CY4PR03MB3160E802F1BA342798820FC6A5820@CY4PR03MB3160.namprd03.prod.outlook.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 01 May 2018 09:44:47 +1000
Message-ID: <CABkgnnV0tQyKeV8x1wDXN=U3NJ0gd5jy+d6O47-Ct9O55N5ZcA@mail.gmail.com>
To: "Asveren, Tolga" <tasveren@rbbn.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-W3C-Hub-Spam-Status: No, score=-6.0
X-W3C-Hub-Spam-Report: AWL=0.068, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1fDITp-0003Sm-74 cefbd2648fc0ddaf10174b44b17c4d40
X-Original-To: ietf-http-wg@w3.org
Subject: Re: draft-asveren-dispatch-http-overload
Archived-At: <https://www.w3.org/mid/CABkgnnV0tQyKeV8x1wDXN=U3NJ0gd5jy+d6O47-Ct9O55N5ZcA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/35320
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Thanks for the responses.  It would be really helpful if the draft
explained this.

FWIW, I didn't interpret Retry-After in the way that 5390 does.  I
understood it to apply to the request, not the entire server.  But you
will observe that this off/on problem only causes the bursty traffic
pattern described there if there are relatively few clients.  Larger
numbers of clients will result in better distribution of retries.
That happens less often in HTTP than in SIP.

For the working group: Is the assumption that 503+Retry-After means
that the client should withhold all requests to the same server (I
assume that server ~=> origin in this case), the identified resource,
or is it just a single request?  Worth an http-core issue?

On Tue, May 1, 2018 at 1:25 AM, Asveren, Tolga <tasveren@rbbn.com> wrote:
> Martin,
>
>
>
> Thanks for the feedback/questions.
>
>
>
> i- Why Retry-After is inadequate
>
> Not that I am lazy but I think https://tools.ietf.org/html/rfc5390 (5.3.
> The Off/On Retry-After Problem is probably the most relevant part for your
> question) already explains this better than I could do. It is for SIP but
> the same arguments would apply for any real-time application where response
> times matter.
>
>
>
> BTW, the issues listed in RFC5390 and the mechanism defined in RFC7339 to
> deal with it are tested/observed/verified by a group consisting of multiple
> vendors while preparing these specifications.
>
>
>
> ii- The goal of this mechanism is not to provide a solution against
> malicious attacks. It is meant to be used between well-behaving entities.
> Nonetheless I don’t think it makes DoS more likely nor does it leak
> information which significantly can increase efficiency of DoS. It is true
> that it conveys information about load status of a server but I think this
> can be deducted by an attacker anyhow (at least to some reasonable extent)
> by sending requests and checking the response times. So, a server should do
> whatever it does today when it suspects DoS activity. No changes are
> defined/assumed on that front.
>
>
>
> iii- “The table” is specific for the application type. It has multiple
> values as most -if not all- real-time applications have the notion of
> regular/priority/emergency request types. The drop percentage for each could
> be different depending on server and current overload conditions.
>
>
>
> Thanks,
>
> Tolga
>
>
>
> From: Martin Thomson <martin.thomson@gmail.com>
> Sent: Monday, April 30, 2018 1:55 AM
> To: Asveren, Tolga <tasveren@rbbn.com>
> Cc: ietf-http-wg@w3.org
> Subject: Re: draft-asveren-dispatch-http-overload
>
>
>
> ________________________________
>
> NOTICE: This email was received from an EXTERNAL sender
>
> ________________________________
>
>
> This is the right working group, for sure. However, I don't find the
> introduction convincing. Maybe I'm missing something. How is
> Retry-After inadequate?
>
> As for the mechanism described, how does it not expose information
> about the server configuration such that DOS could be more precisely
> targetted? What is the scope of the table? What is the point of
> multiple values?
>
>
> On Mon, Apr 30, 2018 at 3:50 AM, Asveren, Tolga <tasveren@rbbn.com> wrote:
>> I submitted draft-asveren-dispatch-http-overload-control to DISPATCH WG a
>> while ago. It aims to specify a generic overload control mechanism for
>> HTTP/HTTPS applications.
>>
>>
>>
>>
>> https://www.ietf.org/id/draft-asveren-dispatch-http-overload-control-00.txt
>>
>>
>>
>>
>>
>> I thought it could be a good idea to herald it here as well as some folks
>> may not be following DISPATCH WG.
>>
>>
>>
>> I would appreciate any feedback about overall idea/need/alternatives/in
>> general.
>>
>>
>>
>> Thanks,
>>
>> Tolga
>>
>>

v2.23.0 | Report a Bug | By Email