Re: Fwd: Re: [tcpm] FW: Call for Adoption: TCP Tuning for HTTP
Patrick McManus <mcmanus@ducksong.com> Thu, 03 March 2016 20:49 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D88351B43C8 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 3 Mar 2016 12:49:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.285
X-Spam-Level:
X-Spam-Status: No, score=-6.285 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.006, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fH84vldDi3tC for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 3 Mar 2016 12:49:09 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CB601B43CA for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 3 Mar 2016 12:49:09 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1aba6T-0002Pb-CT for ietf-http-wg-dist@listhub.w3.org; Thu, 03 Mar 2016 20:44:09 +0000
Resent-Date: Thu, 03 Mar 2016 20:44:09 +0000
Resent-Message-Id: <E1aba6T-0002Pb-CT@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <mcmanus@ducksong.com>) id 1aba6N-0002Nk-6W for ietf-http-wg@listhub.w3.org; Thu, 03 Mar 2016 20:44:03 +0000
Received: from www.ducksong.com ([192.155.95.102] helo=linode64.ducksong.com) by lisa.w3.org with esmtp (Exim 4.80) (envelope-from <mcmanus@ducksong.com>) id 1aba6L-0004Y7-HL for ietf-http-wg@w3.org; Thu, 03 Mar 2016 20:44:02 +0000
Received: from mail-vk0-f47.google.com (mail-vk0-f47.google.com [209.85.213.47]) by linode64.ducksong.com (Postfix) with ESMTPSA id 129CC3A01B for <ietf-http-wg@w3.org>; Thu, 3 Mar 2016 15:43:39 -0500 (EST)
Received: by mail-vk0-f47.google.com with SMTP id e6so34191684vkh.2 for <ietf-http-wg@w3.org>; Thu, 03 Mar 2016 12:43:39 -0800 (PST)
X-Gm-Message-State: AD7BkJIlb8tVWRHWM/IZpOYiLVubfSnOCj9Whyik70behuSWh3phxrGrHaHsu7B93ZgI3CGWxfPb29zA/ZVvjA==
MIME-Version: 1.0
X-Received: by 10.31.135.79 with SMTP id j76mr3123484vkd.91.1457037818783; Thu, 03 Mar 2016 12:43:38 -0800 (PST)
Received: by 10.176.64.72 with HTTP; Thu, 3 Mar 2016 12:43:38 -0800 (PST)
In-Reply-To: <20160303184418.GA18774@1wt.eu>
References: <56D74C23.5010705@isi.edu> <56D76A7E.7090507@isi.edu> <20160302232125.GA18275@1wt.eu> <56D77892.2000308@isi.edu> <20160303065545.GA18412@1wt.eu> <56D87BAC.4060204@isi.edu> <20160303184418.GA18774@1wt.eu>
Date: Thu, 03 Mar 2016 15:43:38 -0500
X-Gmail-Original-Message-ID: <CAOdDvNokUDxmfy87VrQNLoQvQknP6L3h6fLbuFeVpOiDN4szAQ@mail.gmail.com>
Message-ID: <CAOdDvNokUDxmfy87VrQNLoQvQknP6L3h6fLbuFeVpOiDN4szAQ@mail.gmail.com>
From: Patrick McManus <mcmanus@ducksong.com>
To: Willy Tarreau <w@1wt.eu>
Cc: Joe Touch <touch@isi.edu>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="001a114592e49d359d052d2b0d4a"
Received-SPF: pass client-ip=192.155.95.102; envelope-from=mcmanus@ducksong.com; helo=linode64.ducksong.com
X-W3C-Hub-Spam-Status: No, score=-5.6
X-W3C-Hub-Spam-Report: AWL=-0.707, BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1aba6L-0004Y7-HL 32f259f86b49007b1daa7cfca2bb225e
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Fwd: Re: [tcpm] FW: Call for Adoption: TCP Tuning for HTTP
Archived-At: <http://www.w3.org/mid/CAOdDvNokUDxmfy87VrQNLoQvQknP6L3h6fLbuFeVpOiDN4szAQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31169
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hi Wily, Joe, This message is a bit of a diversion from the discussion so far. sorry bout that. On Thu, Mar 3, 2016 at 1:44 PM, Willy Tarreau <w@1wt.eu> wrote: > I've seen people > patch their kernels to lower the TIME_WAIT down to 2 seconds to address > such shortcomings! Quite frankly, this workaround *is* causing trouble! > really? That's fascinating to me. Can you provide background or citations on what kind of trouble has been attributed to this and the scenario where it was done? You don't need to go through the theoretical - I know what TW could conceptually catch - but the assertion about the shorter timeout causing field problems is something I'd love to understand better. For TW to be useful protection it also has to be paired with re-transmission and some application states that will be impacted by the screwup which reduces its utility, particularly for HTTP. I read the above statement as saying that TW is indeed useful in the field at the application layer - but maybe it is referencing some side effect I'm not thinking of rather than the vulnerability of not using it. Those kinds of post mortem war stories where it is seen in the field are pretty interesting and help inform the discussion about whether the cure is worse than the disease. My inclination has generally been that TW doesn't help a lot in practice and has some limitations and causes pain (as well documented in this thread.). So it would be interesting to look at the fallout of a situation it could have helped with. This feels a bit like the musing over the subpar utility of the tcp checksum on high bandwidth networks. For that one, the answer at least in the http space is 'use https for integrity and sort out the rare error at the application level'. I'm wondering if that's the right advice in the time_wait space for http as well.. we're really still talking about integrity. Go ahead and turn it off - just make sure you're running a higher level protocol that won't confuse old data with new data. (Fun paper: http://conferences2.sigcomm.org/imc/2015/papers/p303.pdf showed that at the tail of a ping survey, 1 % of replies from 1% of addresses needed >= 145 seconds to arrive. And that's just delay - not retransmission. A truly protective TW is a very large number.)
- Call for Adoption: TCP Tuning for HTTP Mark Nottingham
- Re: Call for Adoption: TCP Tuning for HTTP Willy Tarreau
- Re: Call for Adoption: TCP Tuning for HTTP Tim Wicinski
- Re: Call for Adoption: TCP Tuning for HTTP Cory Benfield
- Re: Call for Adoption: TCP Tuning for HTTP Thomas Mangin
- Re: Fwd: Re: [tcpm] FW: Call for Adoption: TCP Tu… Willy Tarreau
- Re: Call for Adoption: TCP Tuning for HTTP Scharf, Michael (Nokia - DE)
- Fwd: Re: [tcpm] FW: Call for Adoption: TCP Tuning… Joe Touch
- Re: Fwd: Re: [tcpm] FW: Call for Adoption: TCP Tu… Joe Touch
- Re: Fwd: Re: [tcpm] FW: Call for Adoption: TCP Tu… Willy Tarreau
- Re: Fwd: Re: [tcpm] FW: Call for Adoption: TCP Tu… Joe Touch
- Re: Fwd: Re: [tcpm] FW: Call for Adoption: TCP Tu… Willy Tarreau
- Re: Fwd: Re: [tcpm] FW: Call for Adoption: TCP Tu… Joe Touch
- Re: Fwd: Re: [tcpm] FW: Call for Adoption: TCP Tu… Joe Touch
- Re: Fwd: Re: [tcpm] FW: Call for Adoption: TCP Tu… Patrick McManus
- Re: Fwd: Re: [tcpm] FW: Call for Adoption: TCP Tu… Willy Tarreau
- Re: Fwd: Re: [tcpm] FW: Call for Adoption: TCP Tu… Willy Tarreau
- Re: Fwd: Re: [tcpm] FW: Call for Adoption: TCP Tu… Joe Touch
- Re: Fwd: Re: [tcpm] FW: Call for Adoption: TCP Tu… Willy Tarreau
- Re: Fwd: Re: [tcpm] FW: Call for Adoption: TCP Tu… Joe Touch
- Re: Fwd: Re: [tcpm] FW: Call for Adoption: TCP Tu… Patrick McManus
- Re: Fwd: Re: [tcpm] FW: Call for Adoption: TCP Tu… Willy Tarreau
- Re: [tcpm] Call for Adoption: TCP Tuning for HTTP Mark Nottingham
- Re: [tcpm] Call for Adoption: TCP Tuning for HTTP Tim Wicinski
- Re: [tcpm] Call for Adoption: TCP Tuning for HTTP Willy Tarreau
- [Reposted to list] Re: Fwd: Re: [tcpm] FW: Call f… Kari Hurtta
- Re: [tcpm] Call for Adoption: TCP Tuning for HTTP Ben Niven-Jenkins
- Re: Fwd: Re: [tcpm] FW: Call for Adoption: TCP Tu… Yoshifumi Nishida
- Re: [tcpm] Call for Adoption: TCP Tuning for HTTP Willy Tarreau
- Re: Fwd: Re: [tcpm] FW: Call for Adoption: TCP Tu… Willy Tarreau
- Re: Fwd: Re: [tcpm] FW: Call for Adoption: TCP Tu… Yoshifumi Nishida
- RE: Call for Adoption: TCP Tuning for HTTP Salvatore Loreto
- RE: Call for Adoption: TCP Tuning for HTTP Daniel Stenberg
- Re: Call for Adoption: TCP Tuning for HTTP Leif Hedstrom
- Re: Call for Adoption: TCP Tuning for HTTP Amos Jeffries
- Re: Fwd: Re: [tcpm] FW: Call for Adoption: TCP Tu… Willy Tarreau
- Re: Call for Adoption: TCP Tuning for HTTP Leif Hedstrom
- Re: Call for Adoption: TCP Tuning for HTTP Joe Touch
- Re: Call for Adoption: TCP Tuning for HTTP Matthew Kerwin
- RE: Call for Adoption: TCP Tuning for HTTP Daniel Stenberg
- RE: Call for Adoption: TCP Tuning for HTTP Daniel Stenberg