Re: [Idr] TCP & BGP: Some don't send terminate BGP when holdtimer expired, because TCP recv window is 0

Enke Chen <enchen@paloaltonetworks.com> Sat, 12 December 2020 06:15 UTC

Return-Path: <enchen@paloaltonetworks.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 781EE3A0EFF for <idr@ietfa.amsl.com>; Fri, 11 Dec 2020 22:15:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=paloaltonetworks.com header.b=XVZSTJmB; dkim=pass (2048-bit key) header.d=paloaltonetworks-com.20150623.gappssmtp.com header.b=uj/kDmLG
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JuJ7wj4H_DUZ for <idr@ietfa.amsl.com>; Fri, 11 Dec 2020 22:15:23 -0800 (PST)
Received: from mx0b-00169c01.pphosted.com (mx0b-00169c01.pphosted.com [67.231.156.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FEE23A0EFA for <idr@ietf.org>; Fri, 11 Dec 2020 22:15:23 -0800 (PST)
Received: from pps.filterd (m0048189.ppops.net [127.0.0.1]) by mx0b-00169c01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 0BC68rSw025888 for <idr@ietf.org>; Fri, 11 Dec 2020 22:15:22 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paloaltonetworks.com; h=mime-version : from : date : message-id : subject : to : cc : content-type; s=PPS12012017; bh=n83WkABgesNULPLjQmJDAxIVebuIT9KOUgUg8uhru5s=; b=XVZSTJmBebcyM8TROAVhd77jNlne/Hh7wv63VcpFF39x2quqQwyhO8QQ+voJ1JTntiTM zE+T1UiyWahbKzPrKP1L736tJeI6Z3CUBXdm82WVcRO95UH9uFgWdxum4GBKWYqNmtVx PJYtYSwkjXcdjFUtAD8aAlXG9BARwCu1nagfOSkVk5Z2OzLIaVojwXBH0D0kevJYNN9h obBDjwY2v9Q8NBTspI+eKuoOkn1FBFgVo1Rv+hcyBldbtyS/QBKi8Z894htG3d6P6LH/ tVdYIZnu7ZecM3/UDoJkKODHNtVkoYqrQ3qt8hhdgIFc6GdE31A1XEbRU65J4Oa3qLfd XA==
Received: from mail-lf1-f69.google.com (mail-lf1-f69.google.com [209.85.167.69]) by mx0b-00169c01.pphosted.com with ESMTP id 35cq0tr7p6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <idr@ietf.org>; Fri, 11 Dec 2020 22:15:22 -0800
Received: by mail-lf1-f69.google.com with SMTP id h64so3685576lfd.18 for <idr@ietf.org>; Fri, 11 Dec 2020 22:15:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paloaltonetworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to:cc; bh=n83WkABgesNULPLjQmJDAxIVebuIT9KOUgUg8uhru5s=; b=uj/kDmLGX04v8a9Hdl5tM+1bLIhKRZAjTsl6sqyRV9/mjrhNLl7CDwt5m6qH/feW8f 1iH9ikJ8MS3FFWPQpQ4ideYYO1tYQaq1SuSBFdsiRpV0PCrbu8Sca/C8E10w2J9Yng84 crd3sKLSje8thfik1SB4bhbEav8OapnHENZ8aCuW4CBwtYth84kdCKOtzeWJkGz051IN Zw4IHiAAUlhqhU9+0mZfvlm+L8/GB8aef4Usq3VredHzFT5CHD0zdh2BnQxq0D12Ryy9 2H+MDxrsufPjKY75tyfEYgDhWYeVR9kjEieatg8xUFpB3xo7SZmJmTw8Mjo5t5ZhZHGL 3ScA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=n83WkABgesNULPLjQmJDAxIVebuIT9KOUgUg8uhru5s=; b=RBzXQru4fJPsV2ZvYWZCaytYrKC0Ci3eBdSpOigUqF7jul3YAWe65N+nkNNglEhj9n o58bt8feLV5y7Etp6vzM6YO5XRxowcbxsHYPvSK7251PFVS7aB0F84kzep3JcK2EZ1Mg kGwiiK9bU/SjkgYWMI3wcjSnEC/C3W2QPCQxxyzDOsqST+4bioRPz9K/0LAO2y52/H5v TrdNAnJHUUXPkZg/CWhnpse7LrZmuwZfp50Uedq8TYfpgVw9W0QLgyH6cRY9TVHa/czA tN+uP4GkR06xWnSnBTyC47xwXhu/UGHbUPLFD2VmiJ9colE8ei8yueRW7RTCs0wPPiK6 hfnA==
X-Gm-Message-State: AOAM5328S3viAo9p6nrwcD8rwUQLJD4D0h+URicxzNEd2ce1ojlGKXz5 uIXw6NSFcpL3NDzAO60mLf2gZedgTjVpcOyUa2jVpSx3IX5BBqF2S1VZN3l/nSkMkA9Yh461eT8 O43uSaVSLe14Yfy71CX4=
X-Received: by 2002:a2e:9151:: with SMTP id q17mr6682674ljg.475.1607753720026; Fri, 11 Dec 2020 22:15:20 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwcFT19SMI/JNxDbRhfMJNPuoGAkaQYvEKEADaZ/3HfWGUsbVC0HD6PeuQzZiE3F2Ja3f0NU9LSayQOgzGTaK0=
X-Received: by 2002:a2e:9151:: with SMTP id q17mr6682667ljg.475.1607753719755; Fri, 11 Dec 2020 22:15:19 -0800 (PST)
MIME-Version: 1.0
From: Enke Chen <enchen@paloaltonetworks.com>
Date: Fri, 11 Dec 2020 22:15:08 -0800
Message-ID: <CANJ8pZ_4OasVWQ+Z7UddOXF85RgMOQGbZni9Zpivy-wa0AXj3Q@mail.gmail.com>
To: idr@ietf.org
Cc: Enke Chen <enchen@paloaltonetworks.com>
Content-Type: multipart/alternative; boundary="0000000000005a532005b63e5598"
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2020-12-12_01:2020-12-11, 2020-12-12 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 suspectscore=0 spamscore=0 priorityscore=1501 impostorscore=0 mlxscore=0 lowpriorityscore=0 phishscore=0 malwarescore=0 bulkscore=0 clxscore=1011 mlxlogscore=903 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012120048
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/RNgPeW1oTY_fXL65PxOWkP8u5CE>
Subject: Re: [Idr] TCP & BGP: Some don't send terminate BGP when holdtimer expired, because TCP recv window is 0
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Dec 2020 06:15:26 -0000

Hi, Folks:

There is an interesting article titled "When TCP Sockets Refuse to Die":

      https://blog.cloudflare.com/when-tcp-sockets-refuse-to-die/

which recommends using the TCP keepalive option and the TCP_USER_TIMEOUT
option together to deal with several TCP "stuck" scenarios.

To strike a balance between maintaining routing stability and working
around these corner cases, how about we recommend using these two TCP
options with a timeout value larger than the BGP per-session holdtimer
(e.g.,  2 * bgp_holdtimer) ?

Thanks.   -- Enke
------
Re: [Idr] TCP & BGP: Some don't send terminate BGP when holdtimer expired,
because TCP recv window is 0

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Sat, 12 December 2020 03:29 UTCShow
header <https://mailarchive.ietf.org/arch/browse/idr/#>

Good point Keyur.

A receiver may be overwhelmed for a long time and not open its TCP
window to avoid
silly window syndrome or some other reason. The receiver may still be functional
and able to clear its backlog, albeit in a long time. Resetting such a session
will only make the situation worse. Telling the difference between this case
and a receiver stuck in a bug is difficult.

Regards,
Jakob.