Re: [Idr] TCP & BGP: Some don't send terminate BGP when holdtimer expired, because TCP recv window is 0

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Fri, 18 December 2020 19:21 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED4FE3A100E for <idr@ietfa.amsl.com>; Fri, 18 Dec 2020 11:21:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=UDe2ylVq; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=BzdoLNs4
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BW8HTrrGuxxc for <idr@ietfa.amsl.com>; Fri, 18 Dec 2020 11:21:14 -0800 (PST)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C33683A0ABD for <idr@ietf.org>; Fri, 18 Dec 2020 11:21:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2813; q=dns/txt; s=iport; t=1608319274; x=1609528874; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=r5DNn4DivqfaMqI70EqQV6T3c/cmTYr4FrpZVNgYFz0=; b=UDe2ylVqaj79t5L+kYYeSiZszQ/jlYUWapYzV+06ABIMD4YsMCrI7EUD FCwuRbQHgdon3BZ2XUAu3DEzis8mYGtnI6LQowIyfzMYkYpgDBMLsGi9g nFTgwu2weEFkLNvytCLNRaxCNiM5lNT+lbmY6OVXlVdKz19xhIBwLl8eF U=;
IronPort-PHdr: =?us-ascii?q?9a23=3A9+g5sRd+WtZceYBXypQaMHZ9lGMj4e+mNxMJ6p?= =?us-ascii?q?chl7NFe7ii+JKnJkHE+PFxlwaQB9fD5ehPze3MvPOoVW8B5MOHt3YPONxJWg?= =?us-ascii?q?QegMob1wonHIaeCEL9IfKrCk5yHMlLWFJ/uX3uN09TFZXmaUfZ5Hqo4m1aFh?= =?us-ascii?q?D2LwEgIOPzF8bbhNi20Obn/ZrVbk1IiTOxbKk0Ig+xqFDat9Idhs1pLaNixw?= =?us-ascii?q?=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CxAAB/AN1f/5NdJa1iGgEBAQEBAQE?= =?us-ascii?q?BAQEDAQEBARIBAQEBAgIBAQEBQIFPgVJRB3VbLy6IBwONUgOKGo5yglMDVAs?= =?us-ascii?q?BAQENAQEYCwoCBAEBhEoCgXQCJTgTAgMBAQsBAQUBAQECAQYEcYVhDIVyAQE?= =?us-ascii?q?BBAEBECgGAQEsCwELBAIBCA4DBAEBAR4FCyEGCx0IAgQBDQUIGoMFglUDLgE?= =?us-ascii?q?Oom4CgTyIaXSBNIMEAQEFhSgNC4IQAwaBOIJ1ijAmG4FBP4FUglY+ghtCAQG?= =?us-ascii?q?BYYNIgiyCQQiBHRAIWjUHRFQINwKPJY4SiHyQKThXCoJ0li+FPqJDlAmOBY5?= =?us-ascii?q?XgWOCbQIEAgQFAg4BAQWBbSOBV3AVO4JpUBcCDY4hN4M6hRSFQwF0AjUCBgo?= =?us-ascii?q?BAQMJfIpyXwEB?=
X-IronPort-AV: E=Sophos;i="5.78,431,1599523200"; d="scan'208";a="832804885"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 Dec 2020 19:21:12 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by rcdn-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id 0BIJLDEw017620 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 18 Dec 2020 19:21:13 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 18 Dec 2020 13:21:12 -0600
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 18 Dec 2020 14:21:11 -0500
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Fri, 18 Dec 2020 13:21:11 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=imz4mxCO7KLWm3HU1NfR4mvfPRW6QToaVqI6bG7grux4sIz9DRbWqCmxlxfSUgw21jme6l4EY4SpsxwhJ+6x80J6ngUgi2m3jai/ogP6yn+x8r+9nQQbBaC7ArJ8v9w7r9DfOBLex4ItFkhu8sf2GaNZvMffG/kbNByK4IC0JVcyGqyRPsWpxYTmasRiMLCq7XHVlnbc05mdY7eQqyWqhB20bUbfA3Kczs0RgrNk57m9AyZ0OdWnjtUk5OYjQ3gx0jp2FBhYvqkF/g8NEDmAeEixnrseBkcqhBtQCDhML4l5NPaWCHmXGJasW5Jf+Da7yiK6fOrRNiNwIkyxErxYxQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iGt506KKnZ9JzOVHdQIjDY4/qowUdKp92yFCY/jLInk=; b=McNy6EfgpBFNnKlnY7+hGpz8JqOcxL5T65CgqNPKn3c4avOCCits20tzdGau8ovaa5Ky/h10c2dHWIAbyYbuq9BKwxI738aDSkzoWIAnF6ZlaGltMXPVN/7KNvmOxnhpG1U2shSaOUoXkpOGaw64ksE35ypePb7dDkxwwdzn9x8Scosdsp8eiAiDpZq203X71H8dF8ggKCZaINXaY14mDV22N7jU68mMZMXFLXaXNTquq/LGbpk3dzcLJcWBlOni/8kTAKc6rjKK4z4VJ0EUyH+HHj1oxy7hGkn+wzxv9utYygVnlSG1DHsV+AGEJ7fFR8MsL8eSl9SFD0OF722VTw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iGt506KKnZ9JzOVHdQIjDY4/qowUdKp92yFCY/jLInk=; b=BzdoLNs4bJHPOE6uoBtyfwCuXLmqLoPO1vUe6V+ubGPz6kZSU6qexlILNi1QN+Jzo5tjgyrUuzuDw2yf3x1SqzEtHSro3lUuf7Ke7elVQcg2B7oI5L3krEzn6nXnhrjuXw8Yx7K7aEci8hPqlmfXGTyE9ngA+pTMDdz8XOWaiio=
Received: from BYAPR11MB3207.namprd11.prod.outlook.com (2603:10b6:a03:7c::14) by SJ0PR11MB5119.namprd11.prod.outlook.com (2603:10b6:a03:2d6::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.17; Fri, 18 Dec 2020 19:21:10 +0000
Received: from BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::2581:444d:50af:1701]) by BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::2581:444d:50af:1701%4]) with mapi id 15.20.3654.025; Fri, 18 Dec 2020 19:21:10 +0000
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: Jeffrey Haas <jhaas@pfrc.org>, Brian Dickson <brian.peter.dickson@gmail.com>
CC: "idr@ietf. org" <idr@ietf.org>, Enke Chen <enchen@paloaltonetworks.com>
Thread-Topic: [Idr] TCP & BGP: Some don't send terminate BGP when holdtimer expired, because TCP recv window is 0
Thread-Index: AQHW1LfzCeblIoe1Xk+kepEh3Me1Ean8zaGAgABau4CAAAV0AIAADmqA////U1A=
Date: Fri, 18 Dec 2020 19:21:10 +0000
Message-ID: <BYAPR11MB32074CDAAF802990B35E51F8C0C30@BYAPR11MB3207.namprd11.prod.outlook.com>
References: <CANJ8pZ-WMDotkQvhN-NuP7ivZkPRR-9S2KJSar=6463U0VKkow@mail.gmail.com> <EFC56A31-1276-4DAB-9526-9C2F24814D2C@pfrc.org> <CANJ8pZ_LnDna_jtipcLJq9rrS3MM32rLdxRW8ntC2aEi9VvzMg@mail.gmail.com> <CAH1iCio_3MCk8fVL4DiZD=qMsFCe+C-DSsTCgNOBnRYOjGUiMQ@mail.gmail.com> <20201218192023.GA23143@pfrc.org>
In-Reply-To: <20201218192023.GA23143@pfrc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: pfrc.org; dkim=none (message not signed) header.d=none;pfrc.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2601:647:5701:46e0:e82d:ab03:2132:19e4]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f08accec-edf7-41d7-5edc-08d8a38a13ed
x-ms-traffictypediagnostic: SJ0PR11MB5119:
x-microsoft-antispam-prvs: <SJ0PR11MB51191BE8E7A2E7EF267BCC10C0C30@SJ0PR11MB5119.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 8iwWyYas/ULL/GxLD0tO78IrKo5t9wxcL3IlNsvBI+d6BVO42xV4+mt/M042l23cbP3QqKV4JVY3Qnb6i/89GCI99RwNIR9NAvw75kBYzgUml8V1cCYUdTeZE/7K03rk81Q+Xcssbo40Xuel44bpt5bfjcSAm+GgIA4coPwtNyZq22/KdVdcoYZFWbPFRrHkXcQEosDBOkWN6HIAC+l4cWfcK30rDGchdLHxfV8LQP/L87J3NXcZjmRQYhO9dSGWQB+glNHkT70Xn2U7hjXh29VL54NnRf5CuSa8rvMKa6NCNjFfZFZ6ktIMW2rvi6mOQUVrjTtJby8l/grAfCz83Pq5vo9h+elYpu9FEePZsPtYheaX80hAlBh2eG72WW/M9l/koz+3wtibFFbA1BzsEg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB3207.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(376002)(366004)(396003)(39860400002)(346002)(66476007)(55016002)(64756008)(52536014)(54906003)(33656002)(71200400001)(76116006)(53546011)(478600001)(83380400001)(5660300002)(316002)(86362001)(8936002)(966005)(110136005)(8676002)(66446008)(7696005)(9686003)(66946007)(66556008)(186003)(6506007)(2906002)(4326008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?KciRFB3yby+J1JEuHntzryFmBb3U7fPH0s9cj+NYxyPY/RYxoqEmgHeXyr+5?= =?us-ascii?Q?H39EOsjk+efARFDpvxrptTckBixz1mYyeT213k5Xm+FaWveQmdPe2ChCnuK0?= =?us-ascii?Q?+xKP054Sh4VV5r7R8T7xD0v9wdl5nvBu/N5WqnFl8nD21vrccH6QMsKHgZ+H?= =?us-ascii?Q?jHn33NBHe7IVt425wcPeDsbu76w0qvvr2CGDEPUFs063SXJW1PDfweD2wdTF?= =?us-ascii?Q?R8ZO3EA0bZTC7BAqjxfoYUcaY07C+BBLzstnV/uSRt4K0be+qQzYrwiYM8GB?= =?us-ascii?Q?AMu/5TMlzupLzKXFfCJENoh49EpXR7foMwJgbatq6WQKM6BYsVcEruacxfep?= =?us-ascii?Q?m3OmYWn5qY5WYhNGmqi3ouz97tIWK5bRAGuNsge+rXGb2lr3T8ScDYR9s6od?= =?us-ascii?Q?W56k/xl4Q1A1tkyzhwJqNYaUcaPJ3pQXS5bnP/QWQtuuH9O6sYYamcchnihq?= =?us-ascii?Q?wF7BuwJLNQWeKufiK0Bg6ShMslXY5EuwRGlkD6EoyscJsRDW5zhDUH0i+khD?= =?us-ascii?Q?u+Ap9t4zfyISKkUnRVszYqXQnxgA6xf+3dGdBFhefUYVH9iSI1YhDFGtY0ej?= =?us-ascii?Q?2apsHr0UGWQ8zk6kctHhWniN4Ry9eI9LGz0ApL/+MkM4JIpYQG4QG9qk3ZHW?= =?us-ascii?Q?QivBa+mUYvm6lj+d5Q+bh7uuSCpiGQ042EVgk7wQ93c7hjqiTyilL+mO3FGv?= =?us-ascii?Q?hsktMXpeGc3FCCrL5adiQRoPnGcb1+M8FzwkuN9K6LGhxvK2eFqCn0Xbvx2K?= =?us-ascii?Q?0IN4wJXge4eSyNzBKO91sce60MqHwxat45k+84qE07lDr5U3uKXqXqWWpThL?= =?us-ascii?Q?XOpf9bWR9bd0ePqOxS+t/8zltaOcZfxK+cHZktjVJRASY0DXL/lsQ2yGFjas?= =?us-ascii?Q?iLPaKT0+eNxN2P62/YJh7uqCWvJ+tCkSjiKtHqZ+WOwG7TjzKBCgr+ZPDOTF?= =?us-ascii?Q?gBpLZ31QP0LGfivHR9lgoJGmpPLObRDO7UK5VQO157m/r2wmC25PdGGNcfYj?= =?us-ascii?Q?Lcn2iXfmFs5A1rxmQrTfzX4EEhwOA6J3PzafMNVsS0nUv3Q=3D?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3207.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f08accec-edf7-41d7-5edc-08d8a38a13ed
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Dec 2020 19:21:10.6653 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1uEEVt99l/dnriwln0B2G84dp5JJMqXLqWk/rxCnF63kor0Jf00PPYAvMGUvRXDNmLYw2A8hLZP2TK8RNUmqmg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB5119
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.11, xch-rcd-001.cisco.com
X-Outbound-Node: rcdn-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/9ac5-ng9kKtQBsmAevnRA2Xa77o>
Subject: Re: [Idr] TCP & BGP: Some don't send terminate BGP when holdtimer expired, because TCP recv window is 0
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Dec 2020 19:21:17 -0000

My point was a question.

Does TCP_USER_TIMEOUT work when TCP is in persist state?
It seems like it should work, but it helps to be sure.

Regards,
Jakob.

-----Original Message-----
From: Idr <idr-bounces@ietf.org> On Behalf Of Jeffrey Haas
Sent: Friday, December 18, 2020 11:20 AM
To: Brian Dickson <brian.peter.dickson@gmail.com>
Cc: idr@ietf. org <idr@ietf.org>rg>; Enke Chen <enchen@paloaltonetworks.com>
Subject: Re: [Idr] TCP & BGP: Some don't send terminate BGP when holdtimer expired, because TCP recv window is 0

On Fri, Dec 18, 2020 at 10:28:48AM -0800, Brian Dickson wrote:
> On Fri, Dec 18, 2020 at 10:09 AM Enke Chen <enchen@paloaltonetworks.com> wrote:
> > No, I am not assuming that packets are getting somewhere. The
> > TCP_USER_TIMEOUT would work as long as there is "pending data" (either
> > unacked, or locally queued). The data can be from the local BGP Keepalives
> > or the TCP_KEEPALIVE.
>
> Actually, my point was not only about packets getting somewhere, but also
> that the LOCAL implementation of the TCP stack should not be assumed to be
> bug-free (in relevant ways).
> 
> Your response is still assuming that those mechanisms actually work 100%
> reliably 100% of the time.
> 
> Yes, if the implementation works correctly, TCP_USER_TIMEOUT would work.
> However, I'm saying the BGP code should not assume that is the case, and
> put some guard-rails around the behavior.
> The overhead of some small amount of checking, regardless of how it is
> done, is likely quite low.

What's also important is that using this option removes the ability for the
BGP implementation to make its own decisions.

In the presence of some level of packet drop, the window may not be able to
advance because the ACK covering the head end isn't getting through.  So,
even if some data is getting through and helping open space in the buffer,
this feature may cause us to close the session.

Jakob also makes the point that zero window in the send direction isn't
really helped here.

> (If packets are flowing, as viewed by updates and/or keepalives being seen
> from the peer, for example, it might not be necessary to invoke those
> checks? Or the check might only need to be done every $INTERVAL, like every
> minute or two.)

My experience is that using the TCP information in an advisory fashion is
helpful, but hard to make work consistently or portably.  Features that tie
into the stack to try to assess liveness or close sluggish sessions are
helpful if you don't care about the impact.  BGP implementations tend to
care about being resilient, especially for ISP circumstances.

-- Jeff

_______________________________________________
Idr mailing list
Idr@ietf.org
https://www.ietf.org/mailman/listinfo/idr