Re: [hybi] Last Call: <draft-ietf-hybi-thewebsocketprotocol-10.txt>

Mark Andrews <marka@isc.org> Thu, 28 July 2011 02:02 UTC

Return-Path: <marka@isc.org>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 608D611E809F; Wed, 27 Jul 2011 19:02:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.56
X-Spam-Level:
X-Spam-Status: No, score=-2.56 tagged_above=-999 required=5 tests=[AWL=0.039, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yx9PBQWwDkqi; Wed, 27 Jul 2011 19:02:06 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) by ietfa.amsl.com (Postfix) with ESMTP id 71DB511E808E; Wed, 27 Jul 2011 19:02:06 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "bikeshed.isc.org", Issuer "ISC CA" (verified OK)) by mx.ams1.isc.org (Postfix) with ESMTPS id 54AFA5F98F1; Thu, 28 Jul 2011 02:01:53 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (unknown [IPv6:2001:470:1f00:820:6233:4bff:fe01:7585]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id 0E9F5216C80; Thu, 28 Jul 2011 02:01:21 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (Postfix) with ESMTP id 647E1123AED8; Thu, 28 Jul 2011 12:01:18 +1000 (EST)
To: mrex@sap.com
From: Mark Andrews <marka@isc.org>
References: <201107272350.p6RNodKa019978@fs4113.wdf.sap.corp>
In-reply-to: Your message of "Thu, 28 Jul 2011 01:50:39 +0200." <201107272350.p6RNodKa019978@fs4113.wdf.sap.corp>
Date: Thu, 28 Jul 2011 12:01:18 +1000
Message-Id: <20110728020118.647E1123AED8@drugs.dv.isc.org>
Cc: hybi@ietf.org, ietf@ietf.org
Subject: Re: [hybi] Last Call: <draft-ietf-hybi-thewebsocketprotocol-10.txt>
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jul 2011 02:02:07 -0000

In message <201107272350.p6RNodKa019978@fs4113.wdf.sap.corp>, Martin Rex writes
:
> Mark Andrews wrote:
> > 
> > Dave Cridland writes:
> > > 
> > > Happy eyeballs - try everything as soon as you can, in parallel. Drop  
> > > everything else when one does.
> > 
> > More correctly it is try the first address and if that doesn't
> > connect in a short period (150...250ms) start a second connection
> > to the next address while continuing with the first.  If you have
> > more that 2 address you do something similar for the next one (I
> > use 1/2 the original timeout, but that is a implementation detail).
> > You continue to use the address that works for that session.  You
> > drop any other connections to other addresses that complete.
> 
> Happy eyeballs means that a clients reaction to congestion is
> to perform an DoS attack, flood the network with additional
> connection requests and hammer the server with many additional
> half-open connections that will never actually get used.

It is not a DoS attack.  The client is almost certainly going to
make those connection attempts anyway if the path is congested
enough to cause the first connection attempt to fail.  The only
difference is the application gives up in 30 seconds rather than
60 or 90 seconds by doing the attempts serially.

> While this might currently "improve" the end user experience
> of clients, it simultaneously adds a deterrant to server operators
> to announce IPv6 addresses (even multiple IP addresses -- they're
> better of with IPv4 NAT if they have multiple servers at a single
> location).
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org