Re: [iccrg] Disadvantages of TCP connection splitters

Michael Welzl <michawe@ifi.uio.no> Fri, 10 January 2020 21:33 UTC

Return-Path: <michawe@ifi.uio.no>
X-Original-To: iccrg@ietfa.amsl.com
Delivered-To: iccrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DD9F120111 for <iccrg@ietfa.amsl.com>; Fri, 10 Jan 2020 13:33:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CDph-o4Cv2pP for <iccrg@ietfa.amsl.com>; Fri, 10 Jan 2020 13:33:41 -0800 (PST)
Received: from mail-out01.uio.no (mail-out01.uio.no [IPv6:2001:700:100:10::50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A77C912008C for <iccrg@irtf.org>; Fri, 10 Jan 2020 13:33:40 -0800 (PST)
Received: from mail-mx10.uio.no ([129.240.10.27]) by mail-out01.uio.no with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from <michawe@ifi.uio.no>) id 1iq1uR-00025A-LM; Fri, 10 Jan 2020 22:33:35 +0100
Received: from ti0182q160-4250.bb.online.no ([82.164.31.203] helo=[10.0.0.14]) by mail-mx10.uio.no with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) user michawe (Exim 4.92.3) (envelope-from <michawe@ifi.uio.no>) id 1iq1uQ-000Bk6-BX; Fri, 10 Jan 2020 22:33:35 +0100
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Michael Welzl <michawe@ifi.uio.no>
In-Reply-To: <CAK6E8=ewFWYqijoriSfRVsRmwzeh12o3QRfc23JAzKw87kOAxw@mail.gmail.com>
Date: Fri, 10 Jan 2020 22:33:30 +0100
Cc: Keith Winstein <keithw@cs.stanford.edu>, iccrg IRTF list <iccrg@irtf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <3B40E9C6-8442-45EE-A9F6-4FD0BF2E2776@ifi.uio.no>
References: <7FFBC144-5F59-41BD-A47D-D4AFEFA2BE4D@ifi.uio.no> <CAMzhQmN1F_c68bFZoQPhOv_ES0i7CzzSVdUuh5vp6xD_Tzrr1Q@mail.gmail.com> <CAK6E8=ewFWYqijoriSfRVsRmwzeh12o3QRfc23JAzKw87kOAxw@mail.gmail.com>
To: Yuchung Cheng <ycheng@google.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-UiO-SPF-Received: Received-SPF: neutral (mail-mx10.uio.no: 82.164.31.203 is neither permitted nor denied by domain of ifi.uio.no) client-ip=82.164.31.203; envelope-from=michawe@ifi.uio.no; helo=[10.0.0.14];
X-UiO-Spam-info: not spam, SpamAssassin (score=-5.0, required=5.0, autolearn=disabled, UIO_MAIL_IS_INTERNAL=-5, uiobl=NO, uiouri=NO)
X-UiO-Scanned: 970C9E51FD237CD96DED490583216912FE0DB246
Archived-At: <https://mailarchive.ietf.org/arch/msg/iccrg/V9zf-VbblnC4orIKo_A5Vq0CFs0>
Subject: Re: [iccrg] Disadvantages of TCP connection splitters
X-BeenThere: iccrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussions of Internet Congestion Control Research Group \(ICCRG\)" <iccrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/iccrg>, <mailto:iccrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iccrg/>
List-Post: <mailto:iccrg@irtf.org>
List-Help: <mailto:iccrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/iccrg>, <mailto:iccrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jan 2020 21:33:45 -0000

Hi all,

This is all interesting, but it’s not going in the direction that I hoped. I mean, these problems are well known and obvious due to the nature of PEPs.
Imagine that connection-splitting PEPs would be a part of the architecture - known, signaled to, and officially doing what they’re doing, rather than secretly “cheating”.
Think of something more like an application-layer proxy, for example.

Then, some problems would remain, due to the way these devices operate - what they do with buffering, what they do with congestion control. That’s what I was interested in.

I’m getting the impression that problems in the style of those mentioned below are the ONLY types of problems that people have noticed….   is that true?

Cheers,
Michael


> On Jan 10, 2020, at 8:51 PM, Yuchung Cheng <ycheng@google.com> wrote:
> 
> On Fri, Jan 10, 2020 at 11:41 AM Keith Winstein <keithw@cs.stanford.edu> wrote:
>> 
>> In practice, I suspect some of the main downsides to these TCP (transparent) connection splitters are probably the ones cited by Google in their QUIC paper at SIGCOMM 2017: they have led to ossification of the TCP protocol by enforcing various assumptions about transport behavior on traffic that passes through.
>> 
>> See, e.g., "Is it Still Possible to Extend TCP?" (IMC 2011), "Fitting Square Pegs Through Round Pipes" (NSDI 2012), or "How Hard Can It Be? Designing and Implementing a Deployable Multipath TCP" (NSDI 2012).
>> 
>> A whole bunch of interesting TCP behavior seems to be frustrated by a non-negligable percentage of these middleboxes. I've personally experienced several middleboxes (for me, I've seen this on local virus scanners and airplane WiFi services) that will kill a connection as soon as one side sends FIN. This frustrates any application that uses half-open connections in an interesting way. Middleboxes will forget about an idle connection even if the endpoints still have the state. Middleboxes will freak out if there is payload alongside SYN or SYN/ACK. SomemMiddleboxes will freak out if they see TCP options they don't know about (including ENO/tcpcrypt). Middleboxes will freak out if a segment appears unacked to them but never gets retransmitted, or if a segment is acked but they didn't see it on the forward path. And, as you say, the TCP connection splitters frustrate any attempt by the endpoints to deploy newer/better/more path-appropriate congestion-control schemes.
>> 
>> Just the FUD itself about what some lazy middlebox might freak out about probably contributes substantially to the ossification of TCP.
> 
> Similar sentiments here on real practical disadvantages as a TCP
> developer dealing with Internet issues over a decade.
> 
> There are good PEPs. The real disadvantages are the poorly implemented
> ones and the upkeep. In my personal experience I've worked with a
> cellular provider to disable their PEPS that ended up delivering much
> better (YouTube video) performance. They were very happy to get rid of
> those boxes to save both latency and money.
> 
>> 
>> 
>> -Keith
>> 
>> On Fri, Jan 10, 2020 at 12:54 AM Michael Welzl <michawe@ifi.uio.no> wrote:
>>> 
>>> Hi,
>>> 
>>> I’ve been thinking a lot about TCP connection splitters lately ( https://tools.ietf.org/html/rfc3135#section-2.4 ).
>>> 
>>> I’m curious: what are the real practical disadvantages of this type of PEPs that people have seen?
>>> I'll appreciate any kind of feedback, also anecdotes, but pointers to citable papers would be best.
>>> 
>>> BTW, let’s keep multi-path apart from this discussion please. My question is about single path TCP.
>>> 
>>> Cheers,
>>> Michael
>>> 
>>> PS: I’m not trying to indirectly hint that such devices would be *always good*. However, the scenarios where they are not strike me as surprisingly narrow, so I wonder if I’m missing more.
>>> 
>>> _______________________________________________
>>> iccrg mailing list
>>> iccrg@irtf.org
>>> https://www.irtf.org/mailman/listinfo/iccrg
>> 
>> _______________________________________________
>> iccrg mailing list
>> iccrg@irtf.org
>> https://www.irtf.org/mailman/listinfo/iccrg