IETF Logo Mail Archive

RE: draft-asveren-dispatch-http-overload

"Asveren, Tolga" <tasveren@rbbn.com> Mon, 30 April 2018 15:35 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E16B51241F5 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 30 Apr 2018 08:35:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.54
X-Spam-Level:
X-Spam-Status: No, score=-7.54 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=sonusnetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VK-HLSY4-mnV for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 30 Apr 2018 08:35:28 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 412D4120713 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 30 Apr 2018 08:35:28 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1fDAhA-0005WI-TU for ietf-http-wg-dist@listhub.w3.org; Mon, 30 Apr 2018 15:26:28 +0000
Resent-Date: Mon, 30 Apr 2018 15:26:28 +0000
Resent-Message-Id: <E1fDAhA-0005WI-TU@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <tasveren@rbbn.com>) id 1fDAgz-0005VV-JQ for ietf-http-wg@listhub.w3.org; Mon, 30 Apr 2018 15:26:17 +0000
Received: from us-smtp-delivery-181.mimecast.com ([216.205.24.181]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.89) (envelope-from <tasveren@rbbn.com>) id 1fDAgs-0004m0-Aq for ietf-http-wg@w3.org; Mon, 30 Apr 2018 15:26:17 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=SonusNetworks.onmicrosoft.com; s=selector1-rbbn-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=zatP4S+TJMUdvKFePccIb+pEseH7DE2lK6eetYqqdNU=; b=QJ84rldu/I7jlurX5P2BihXcYqUV0xFHmgCkA2j7tOn7fk1nIbuqUJT8o840q1pa68+A7fCpD/eQhcoUqAeD6e96ct87OFEXZy/qVx8tWKmw2q/wDP4Q90NuNzluGh9YWn4wF1E1g9JElh20+QAIH6vcFw+17mIJ5ZsjQfZl2TE=
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03lp0022.outbound.protection.outlook.com [207.46.163.22]) (Using TLS) by us-smtp-1.mimecast.com with ESMTP id us-mta-23-wjWUyxD7NyCclxAD08Djhg-1; Mon, 30 Apr 2018 11:25:47 -0400
Received: from CY4PR03MB3160.namprd03.prod.outlook.com (10.171.245.165) by CY4PR03MB2885.namprd03.prod.outlook.com (10.175.116.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.696.15; Mon, 30 Apr 2018 15:25:45 +0000
Received: from CY4PR03MB3160.namprd03.prod.outlook.com ([fe80::1ce6:570f:804d:b113]) by CY4PR03MB3160.namprd03.prod.outlook.com ([fe80::1ce6:570f:804d:b113%13]) with mapi id 15.20.0715.018; Mon, 30 Apr 2018 15:25:45 +0000
From: "Asveren, Tolga" <tasveren@rbbn.com>
To: Martin Thomson <martin.thomson@gmail.com>
CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Thread-Topic: draft-asveren-dispatch-http-overload
Thread-Index: AdPf4c+HEp9qsJLbQF61cswM2hjf3AAZeUAAAA6NQtA=
Date: Mon, 30 Apr 2018 15:25:44 +0000
Message-ID: <CY4PR03MB3160E802F1BA342798820FC6A5820@CY4PR03MB3160.namprd03.prod.outlook.com>
References: <CY4PR03MB31607A155630036128CD091FA5830@CY4PR03MB3160.namprd03.prod.outlook.com> <CABkgnnVZcfzpCOsCmpC8rYEugOz2TjxnerkQgZaKJ52nqT7bFA@mail.gmail.com>
In-Reply-To: <CABkgnnVZcfzpCOsCmpC8rYEugOz2TjxnerkQgZaKJ52nqT7bFA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [73.29.251.142]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR03MB2885; 7:1/qaipshwfAKCkkzouU8XpKoau3yaGL533Tnx00TCZRuOHlItA1Xb+uLEfv07wKkmJWZqt5Nwop+ZzunOD/0z1n0TjONi0aKRJp1/mKvzWZI7/G6ZF1FbHBEt4AjtbIfsNwMrUWvNQt0LQvuJPbxTEe1JtMr9imJEmG1PYRFdHwDgV4LkNtXw0LOLAHHoO800Dl1Y1fOBovrzI3wVgXqSobItxz4bdkD35+q6R+EziSDhSj7lBenCaDI16vcwNvI; 20:y9JKj47nIg12qsIN8wlcnht3ELVrsS4IzRpmplCgZmgMcScDJScziBgNhAdtfBk9HHVZgm2LlZjFOGqfaBhs7DzZGyU1ZQ7Ek49a/MALwIWicjyOnEhF/PvHIjI5bsjjVtlKqNTgQlis23N6ioYmuxAy9rg+Ig5DArPbfrXeoCM=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:CY4PR03MB2885;
x-ms-traffictypediagnostic: CY4PR03MB2885:
x-microsoft-antispam-prvs: <CY4PR03MB2885990626A36BF865440A89A5820@CY4PR03MB2885.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(278428928389397)(85827821059158)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(3231254)(944501410)(52105095)(6041310)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123558120)(6072148)(201708071742011); SRVR:CY4PR03MB2885; BCL:0; PCL:0; RULEID:; SRVR:CY4PR03MB2885;
x-forefront-prvs: 0658BAF71F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(39380400002)(396003)(376002)(366004)(39850400004)(51914003)(199004)(189003)(8936002)(19609705001)(86362001)(486006)(6436002)(74316002)(11346002)(3660700001)(478600001)(790700001)(102836004)(229853002)(7736002)(6506007)(26005)(3280700002)(476003)(446003)(966005)(3846002)(105586002)(606006)(8676002)(7696005)(81166006)(316002)(81156014)(53546011)(6116002)(14454004)(99286004)(97736004)(76176011)(5660300001)(5250100002)(6246003)(25786009)(68736007)(33656002)(6916009)(59450400001)(55016002)(2900100001)(236005)(39060400002)(106356001)(2906002)(186003)(6306002)(4326008)(54896002)(53936002)(66066001)(9686003); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR03MB2885; H:CY4PR03MB3160.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
x-microsoft-antispam-message-info: fIG0YcIQolvrVbm97ZsulT3LqhleIo9OKHNIsVeeLKlz1y2u3z0mcP+gF0VRmriEUJtYjc1BlFrn8o9x/qpIJPHnUl/QC1Lj0ef563PG1sKX/8Y8EdXvFjvyoJ3k9Div/77z39Z4nU/+r8iG6jiy6Lum/MoVly1hYBodm0MEJvmFheBqbxblZ/8TyGuSo7ww
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 7fd66b0d-d4df-496a-34e1-08d5aeaea48d
X-OriginatorOrg: rbbn.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7fd66b0d-d4df-496a-34e1-08d5aeaea48d
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Apr 2018 15:25:45.0115 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 29a671dc-ed7e-4a54-b1e5-8da1eb495dc3
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB2885
X-MC-Unique: wjWUyxD7NyCclxAD08Djhg-1
Content-Type: multipart/alternative; boundary="_000_CY4PR03MB3160E802F1BA342798820FC6A5820CY4PR03MB3160namp_"
X-W3C-Hub-Spam-Status: No, score=-4.5
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1fDAgs-0004m0-Aq c4b9184fad0f1bb4d39f850f953acc9c
X-Original-To: ietf-http-wg@w3.org
Subject: RE: draft-asveren-dispatch-http-overload
Archived-At: <https://www.w3.org/mid/CY4PR03MB3160E802F1BA342798820FC6A5820@CY4PR03MB3160.namprd03.prod.outlook.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/35319
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Martin,

Thanks for the feedback/questions.

i- Why Retry-After is inadequate
Not that I am lazy but I think https://tools.ietf.org/html/rfc5390 (5.3.  The Off/On Retry-After Problem is probably the most relevant part for your question) already explains this better than I could do. It is for SIP but the same arguments would apply for any real-time application where response times matter.

BTW, the issues listed in RFC5390 and the mechanism defined in RFC7339 to deal with it are tested/observed/verified by a group consisting of multiple vendors while preparing these specifications.

ii- The goal of this mechanism is not to provide a solution against malicious attacks. It is meant to be used between well-behaving entities. Nonetheless I don’t think it makes DoS more likely nor does it leak information which significantly can increase efficiency of DoS. It is true that it conveys information about load status of a server but I think this can be deducted by an attacker anyhow (at least to some reasonable extent) by sending requests and checking the response times. So, a server should do whatever it does today when it suspects DoS activity. No changes are defined/assumed on that front.

iii- “The table” is specific for the application type. It has multiple values as most -if not all- real-time applications have the notion of regular/priority/emergency request types. The drop percentage for each could be different depending on server and current overload conditions.

Thanks,
Tolga

From: Martin Thomson <martin.thomson@gmail.com>
Sent: Monday, April 30, 2018 1:55 AM
To: Asveren, Tolga <tasveren@rbbn.com>
Cc: ietf-http-wg@w3.org
Subject: Re: draft-asveren-dispatch-http-overload

________________________________
NOTICE: This email was received from an EXTERNAL sender
________________________________

This is the right working group, for sure. However, I don't find the
introduction convincing. Maybe I'm missing something. How is
Retry-After inadequate?

As for the mechanism described, how does it not expose information
about the server configuration such that DOS could be more precisely
targetted? What is the scope of the table? What is the point of
multiple values?


On Mon, Apr 30, 2018 at 3:50 AM, Asveren, Tolga <tasveren@rbbn.com<mailto:tasveren@rbbn.com>> wrote:
> I submitted draft-asveren-dispatch-http-overload-control to DISPATCH WG a
> while ago. It aims to specify a generic overload control mechanism for
> HTTP/HTTPS applications.
>
>
>
> https://www.ietf.org/id/draft-asveren-dispatch-http-overload-control-00.txt
>
>
>
>
>
> I thought it could be a good idea to herald it here as well as some folks
> may not be following DISPATCH WG.
>
>
>
> I would appreciate any feedback about overall idea/need/alternatives/in
> general.
>
>
>
> Thanks,
>
> Tolga
>
>

v2.23.0 | Report a Bug | By Email