IETF Logo Mail Archive

Re: [hybi] Flow control quota

"Arman Djusupov" <arman@noemax.com> Fri, 01 June 2012 14:16 UTC

Return-Path: <arman@noemax.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DAE121F897E for <hybi@ietfa.amsl.com>; Fri, 1 Jun 2012 07:16:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.198
X-Spam-Level:
X-Spam-Status: No, score=-2.198 tagged_above=-999 required=5 tests=[AWL=0.400, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CQUTlCpvPwIR for <hybi@ietfa.amsl.com>; Fri, 1 Jun 2012 07:16:20 -0700 (PDT)
Received: from mail.noemax.com (mail.noemax.com [64.34.201.8]) by ietfa.amsl.com (Postfix) with ESMTP id D476521F897B for <hybi@ietf.org>; Fri, 1 Jun 2012 07:16:19 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; t=1338560177; x=1339164977; s=m1024; d=noemax.com; c=relaxed/relaxed; v=1; bh=qG9/RoFLb7VOtPD7ELaX3bCjXOs=; h=From:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:In-Reply-To:References; b=B9JzpAYCNooFIUVWTVGx9WKL47UjXu7Dy8xDzD/3+94xPXfsCUTD3ZGNm8wLl6HGhULBrfv89ySt7fnJqL4H69240VffqaR0OnkRQBsYMBvZTaC2evckvDjAO0qPM2myq0jpmzXcjeVTtvSgR2cZ0cjgDQfFrLEMzzs0C7JfCzE=
Received: from mail.noemax.com by mail.noemax.com (IceWarp 10.4.0) with ASMTP (SSL) id LUR96815; Fri, 01 Jun 2012 17:16:15 +0300
From: Arman Djusupov <arman@noemax.com>
To: 'Takeshi Yoshino' <tyoshino@google.com>, 'Martin Sustrik' <sustrik@250bpm.com>
References: <001a01cd3e69$4a221c10$de665430$@noemax.com> <4FC732DC.3000308@250bpm.com> <000e01cd3f1c$af15ad40$0d4107c0$@noemax.com> <4FC880A7.9070007@250bpm.com> <CAH9hSJaWrUX6gFNLT4xkXLYKHSUH5+Y7AvqN9cD_CwekvsNu3A@mail.gmail.com>
In-Reply-To: <CAH9hSJaWrUX6gFNLT4xkXLYKHSUH5+Y7AvqN9cD_CwekvsNu3A@mail.gmail.com>
Date: Fri, 01 Jun 2012 17:15:19 +0300
Message-ID: <001001cd4000$fe2c82c0$fa858840$@noemax.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0011_01CD401A.237BB690"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQDnHEYxNcL9Xb2UVJoRm1lbL/BkAQFoH3KRAV1ppa8CZ6BgXAIpbgj4mHcUAXA=
Content-Language: en-us
Cc: hybi@ietf.org
Subject: Re: [hybi] Flow control quota
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jun 2012 14:16:23 -0000

Unfortunately making extensions mutually aware of each other at the
implementation level does not prevent problems from being encountered by a
mux intermediary that receives a frame with an RSV bit set. An intermediary
is not permitted to fragment a frame with an RSV bit set especially when the
extension is unknown. If such a frame is larger than the available quota
then the intermediary would have to wait until the quota becomes larger than
the frame size before it can send it. This will result in the frame never
being sent if its size is larger than the flow control window.

 

A practical example of this problem is that a mux intermediary might end up
being unable to forward compressed frames larger than the flow control
window, unless it first decompresses them and refragments them.

 

I am trying to figure out a general purpose solution that would allow us to
deal with non-fragmentable frames, even if the extension that is applied to
them is unknown. So far I have two ideas:

 

1.

 

Allow the sender to send a frame with an RSV bit set even if it is bigger
that the available quota. In such a case the quota becomes negative and from
that moment on the sending side MUST wait until the quota becomes positive
before sending the subsequent frame. This way the flow control would work
and the sender would be able to send a frame that is larger than the
available quota but cannot be fragmented.

 

Flow control is not intended to limit the maximum frame size, but rather to
prevent a logical channel from exclusively using a physical connection. This
solution would satisfy this requirement. A logical channel would wait as
long as necessary until the quota becomes positive. This would let other
channels use the physical connection. However, this solution would not
prevent a sender from forcing the receiver to buffer an amount of bytes that
is a larger than the amount it had agreed to buffer. But the amount of extra
buffering required would not exceed the size of a single frame so a mux
intermediary would at least be able to forward frames of reasonable size. 

 

 

2.

 

An alternative solution is to introduce a WebSocket fragmentation extension.
Using this extension, multiplexing intermediaries would advertise the
maximum frame size limit for non-mux clients. Non-mux clients that want
their connections to be multiplexed by an intermediary would have to stick
to the frame size limits required by that intermediary. By supporting this
extension WebSocket client/browser vendors will be able to make their
clients mux-intermediary-friendly. This would help not only in
non-mux-client-to-mux-intermediary scenarios (and flow control in general)
but would also permit us to advertise a frame size limit in any scenario
where such limits are present. This was discussed by the WG but didn't made
it into RFC 6455, the idea at that time was that it could go in a separate
extension. So currently we have section 10.4 that requires implementations
to protect themselves against exceeding frame size limits. A fragmentation
extension would enable us to advertise these limits.

 

 

10.4.  Implementation-Specific Limits

 

   Implementations that have implementation- and/or platform-specific

   limitations regarding the frame size or total message size after

   reassembly from multiple frames MUST protect themselves against

   exceeding those limits.  (For example, a malicious endpoint can try

   to exhaust its peer's memory or mount a denial-of-service attack by

   sending either a single big frame (e.g., of size 2**60) or by sending

   a long stream of small frames that are a part of a fragmented

   message.)  Such an implementation SHOULD impose a limit on frame

   sizes and the total message size after reassembly from multiple

   frames.

 

 

With best regards,

Arman

 

 

From: Takeshi Yoshino [mailto:tyoshino@google.com] 
Sent: Friday, June 01, 2012 3:33 PM
To: Martin Sustrik
Cc: Arman Djusupov; hybi@ietf.org
Subject: Re: [hybi] Flow control quota

 

On Fri, Jun 1, 2012 at 5:43 PM, Martin Sustrik <sustrik@250bpm.com> wrote:

That seems to suggest there's some kind of mis-layering happening here.
Frames are used for flow control. Does it make sense to use them for
compression as well? Shouldn't the compression rather happen on top of
mutliplexing layer?


The situation is similar to compressing the payload in TCP packets. It is
feasible, but in corner cases it can clash with MTU limits, cause
re-fragmentation etc. The clean solution would be to layer compression on
top of TCP layer.

 

Mux want to control fragmentation while per-frame compression locks down
fragmentation. Yes, it's not healthy to use of per-frame compression before
mux.

 

Shall we discourage this layering (preframe-compress then mux)?

v2.23.0 | Report a Bug | By Email