Re: [Idr] TCP & BGP: Some don't send terminate BGP when holdtimer expired, because TCP recv window is 0

John Scudder <jgs@juniper.net> Fri, 18 December 2020 22:32 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F0723A0AB5 for <idr@ietfa.amsl.com>; Fri, 18 Dec 2020 14:32:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=CMb2y4Jz; dkim=pass (1024-bit key) header.d=juniper.net header.b=OOxWQIbh
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uw6Hzt4g_p1n for <idr@ietfa.amsl.com>; Fri, 18 Dec 2020 14:32:57 -0800 (PST)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 757653A0AB4 for <idr@ietf.org>; Fri, 18 Dec 2020 14:32:57 -0800 (PST)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 0BIMUcaq016489; Fri, 18 Dec 2020 14:32:57 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=A3JSSverLZFW4m3DGUkCh9zHJORfj0WDMT+BIlwZUIo=; b=CMb2y4JzkrRVJKqCa3FHu1Kv9rjUeakYQvOWXxaRtaDxzX9I/jUs8I9g6xJHLy1QDSEh ESqB1iXDX+0lemBAH8OSoOqthb5S+FRK2WVuEG9Q64zyKTUtStXoPT6jfq5tAALODO5x eOwWnHmzYOZCA+uExt8cNCcjWy2crsRdJj2LlfT3KlVhDnSc2FAMR8CjSAbjCmkYJ5FZ 8TMcd7TgsOHu6Z+87x27+BikPdTMQygKc+0Y+CNRF1ZdNeOC6DdZuhUl76UZ9+wHTPQ7 5OHwehqffNJTJvgOrlF1ODZQZ8thILoGUrTwUQlsNL16gXwOghkNW3EX2tsx3lSDwc+d /Q==
Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2172.outbound.protection.outlook.com [104.47.56.172]) by mx0a-00273201.pphosted.com with ESMTP id 35f701e2j0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Dec 2020 14:32:54 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fg/B8trFzwPHsTe5r53SCyi+xGdI8JHaLc1U+3gwC3p8elBBwH4NVngXDCN7jL2DmpGBMKrAUgzKEUpLTnVdQQC/ucol4JPeKB54of+N3qYMam5/v7bMC2gw2zln0ylDVqLs/OVNaQrABsT2YMe1JDXVwsm4fYszDlmuauvhCjOhuUrwYpbJcyeg5skEthQbYMKTGVcs8Lb22V+5pgwXadox0ooTZzb0sf3L0cxccZu6U9agr1QYhgkUC8Q42WCgRmee5uWJXTj8FNk7vkjhgNz63nmUmF2tloVl++cqZIBo1nYaVy30vRuWl7GFq4l290PavC0YUqc+hdntufuxBQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A3JSSverLZFW4m3DGUkCh9zHJORfj0WDMT+BIlwZUIo=; b=mBLcSENxNPOUGnab1Il6EZFmm+kong7e8uXai+T3Lbw9+L2nppwq3cklCJIFT2EY8u+UvB+fHJeXZfd2Q24uFddFwWOkJGgYGMh/kR9aKn+tkY1WLsCad4nxauKy4G7UK9zTIHYCgK9dtA87z7uoYYhsYcOg2e6vhwb0RLCQIiI1sd0GSeGwcRWyW3R9hdcHse9KA2H92wx6OjKd66uRYhgw0A4oaT6ncKL0AvKEjP9sTJFliRF7yJQUd3EJi61RAcrP/bkQvB3oQz7GIQ7uzcpeRRb/DJm6s6FLxWEmI/y31fImUan6jjQmPhCI44VXpKiEvtzW3CuSTOaMkOjz7w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A3JSSverLZFW4m3DGUkCh9zHJORfj0WDMT+BIlwZUIo=; b=OOxWQIbhO6YOmNIUhS1wOtgyC1+gf9cwzrcUpEGPGDbNBKU5WZCU2nwn66IgrRFzn4vFFbuvgCabbumhswL9Vzkf/ssEzaDyZpthqoOvDsYCG41EfgGP1j0y+G5KlobaY/E/+n6b2nawwKdNeiooFdz01vMPmzu2dYZlWZDjBOM=
Received: from MN2PR05MB6109.namprd05.prod.outlook.com (2603:10b6:208:c4::20) by MN2PR05MB6109.namprd05.prod.outlook.com (2603:10b6:208:c4::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3676.10; Fri, 18 Dec 2020 22:30:39 +0000
Received: from MN2PR05MB6109.namprd05.prod.outlook.com ([fe80::f91f:55f3:3130:d318]) by MN2PR05MB6109.namprd05.prod.outlook.com ([fe80::f91f:55f3:3130:d318%5]) with mapi id 15.20.3676.018; Fri, 18 Dec 2020 22:30:39 +0000
From: John Scudder <jgs@juniper.net>
To: Enke Chen <enchen@paloaltonetworks.com>
CC: Jeffrey Haas <jhaas@pfrc.org>, "idr@ietf. org" <idr@ietf.org>
Thread-Topic: [Idr] TCP & BGP: Some don't send terminate BGP when holdtimer expired, because TCP recv window is 0
Thread-Index: AQHW1LgEq2e4aEzDVEOmGDFDljACz6n8zaGAgABau4CAAEkFAA==
Date: Fri, 18 Dec 2020 22:30:38 +0000
Message-ID: <722A787A-5B83-4802-A9F4-AB2957BB3305@juniper.net>
References: <CANJ8pZ-WMDotkQvhN-NuP7ivZkPRR-9S2KJSar=6463U0VKkow@mail.gmail.com> <EFC56A31-1276-4DAB-9526-9C2F24814D2C@pfrc.org> <CANJ8pZ_LnDna_jtipcLJq9rrS3MM32rLdxRW8ntC2aEi9VvzMg@mail.gmail.com>
In-Reply-To: <CANJ8pZ_LnDna_jtipcLJq9rrS3MM32rLdxRW8ntC2aEi9VvzMg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.120.23.2.4)
authentication-results: paloaltonetworks.com; dkim=none (message not signed) header.d=none;paloaltonetworks.com; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [163.116.133.119]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: f0f93c22-f301-4e53-c23d-08d8a3a48bff
x-ms-traffictypediagnostic: MN2PR05MB6109:
x-microsoft-antispam-prvs: <MN2PR05MB6109FF77D16A76602E66A354AAC30@MN2PR05MB6109.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0K6KuYVaQ4AaE5BbGZPevp3k4t8FuuzBy/ZkOYGuiIqugYEVCp9DEILSr3RvStm1dBeNGR16zDPSFwegqvrH8vvujIq7D/1p/mXQ8yEQUUXeQuwzvsk8etMeY7ajLTsCf+8QcKBuq0qas2Ou7bUNjieu2UrHzaqByHTmo1CZvmwA8C/LZzacDD+V9s9Y44KMqU0Nksgk4Pdz9UG+ucszb6W98+/SjFrt4ln5q5MtMH6UE24k0JNItuxTECgBpGLC+opXUKDoiybIvs6cgtC7w2gJxbUuwpqMfa20sqTWAjGk+oI3NQmpjvs+0nOXP5sP+rCszMm8sHZafLHB76+r07JfcI6mu5ooNW3CDrhrf/K4ppfHWYDgdmB1zaIowfJAWbudvETLcyvO5Uy/jkO3LBQxPJlfCJaxAA0dsMaJF1vI6zMvh0Yt0Sluir5Xovcq
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR05MB6109.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(346002)(39860400002)(376002)(136003)(366004)(36756003)(8936002)(2616005)(26005)(76116006)(66946007)(53546011)(6486002)(4326008)(6506007)(71200400001)(91956017)(478600001)(186003)(316002)(8676002)(6512007)(33656002)(83380400001)(54906003)(86362001)(6916009)(66556008)(66446008)(2906002)(5660300002)(64756008)(66476007)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?utf-8?B?NFJna1ozMHlFK0JmM0lCZEw3dGpxc24zMkVWZmpKK2VuQjAzN0ZEblFiYnda?= =?utf-8?B?Z2NQcXZvN1M5RGdONVJBSzJ2ZWQ3WlBHYWRVRjRPZUxDcTBhem5kMDZpNWdG?= =?utf-8?B?UE0yQXRTcThEVkY3eE1rNzQxUlBqNHVmeXp0cUJVSEdwV25kcXJtd3FXVjNL?= =?utf-8?B?QSszdDJiNXV3Rk4zVG54TTdXTlNoRTFVQ1ZQMnptbFUxMmFoTXRYMFNkb0Rj?= =?utf-8?B?UHptbk5pTTc5OGVUREYvdkxNN0VNM1FFR3loQWhmS1lKd1ZsNFh3eThLbkE2?= =?utf-8?B?WHplNlFWOC9tV20wU0ZYQ09kZzllb1h3bU1ZUFkvM0dSVkRWUFlnbEZRQ25y?= =?utf-8?B?SG5jQWQzVXcyUWtLZUJrOFFHVXNDd00xWm5icFI3NHVNL3RUSUdvTXQwbldB?= =?utf-8?B?cmJ3MGpQejhXdWprd0hKMTZ4bzVqNkRBaWgra3lVMkRuYkpEbXYyUWVPT0hq?= =?utf-8?B?R3Y4SGNkRERYdkQ1aW1mZk5lY2hKTmw4OUFJaW9yQ1VYNE1DZ3R4a0JjNHFC?= =?utf-8?B?ZUZXRDFjL21aQS9WbjJvbEhTMTBWRzRoMjlPb005ZXlUOTNXQ0owSFk5Y0lK?= =?utf-8?B?M0Vyc082ZXlvQkpZYWRYamtQcmhoUkVhRWUwRU4vOXlQWEo1bEp2d2FnTS80?= =?utf-8?B?N2VzeCs0alNKRWhQMllNUzRycHNrWFpjLzVlOWhwRTNSYzdTanRueEZXdXFY?= =?utf-8?B?L2UxUlNEcnJ3WjVkeWV4N085YWROcFY4dWJRVmIydHJGRjVyOGpVbDJBOWY5?= =?utf-8?B?QkxMY3lhSEpCdmcyZlZERzlVcWpqK3liR0Q3VEk1ZDBDZHljSWJZeGsxYjY4?= =?utf-8?B?eGgzaWErU1FKWW96cHRzYURYSWRRUGk3a3lrbXBDMFNsTm1UbGkvLzg1b3NW?= =?utf-8?B?OWlHOElPZHdNcVpMdzVrTEp0Y21wdXBDalBvWjNDMDZHcUNXWW1hV1Z1cEJB?= =?utf-8?B?a2VFMVp4dWtBQUdQb3NheXdYM2pTRm81bVhCeFptMnZhSkw0SVBuc2p3aHow?= =?utf-8?B?eGFvc1NDY1FKWHFCWXhTaENSU1BEbHI4cEpaRWMzRkZiR2grbWxrMitmS1FI?= =?utf-8?B?TThJQXp3M01qdkxJWkhQRzRVd3NlSXg4UGdqemF3Tlo3SDROeCtoQ1gvb1Zp?= =?utf-8?B?dUgyM25MU3VaL2owQkFKczBQc3ZmaWRtbnV3WGpxYjNOYWVQT0gyc2xLRVVx?= =?utf-8?B?clBmMjJOa2MzOTJmalQyTDFLQTVlVDE2RUpsaEtTaDN6NktmVkwyOVlidWJS?= =?utf-8?B?MFFqWGcrMFRwYVRBZExFd1hFN1lhNldIa2Z0c0hOL3J0RnUrTDNlNEU5dnRn?= =?utf-8?Q?TYI7MjZtQMEKFW6CPFyOicpBY8MPZ4dLik?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <744E9CEA8708954DA97FF49B319D8B2B@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR05MB6109.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f0f93c22-f301-4e53-c23d-08d8a3a48bff
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Dec 2020 22:30:38.9544 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: WKtSpGZfnlgAT3uRWBJ2VCQaKzDJD5++BlCLvibenC5V1/Ian/Ap6/VeUjOThMhu
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR05MB6109
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2020-12-18_14:2020-12-18, 2020-12-18 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 lowpriorityscore=0 adultscore=0 malwarescore=0 suspectscore=0 clxscore=1011 mlxlogscore=999 spamscore=0 bulkscore=0 phishscore=0 priorityscore=1501 mlxscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012180152
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/VE6AKh8BeTppmmSiZP6kwf3iALo>
Subject: Re: [Idr] TCP & BGP: Some don't send terminate BGP when holdtimer expired, because TCP recv window is 0
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Dec 2020 22:32:59 -0000

On Dec 18, 2020, at 1:09 PM, Enke Chen <enchen@paloaltonetworks.com> wrote:
> 
> No, I am not assuming that packets are getting somewhere. The TCP_USER_TIMEOUT would work as long as there is "pending data" (either unacked, or locally queued). The data can be from the local BGP Keepalives or the TCP_KEEPALIVE.

Apart from the other objections to relying on TCP_USER_TIMEOUT, which I think are sufficient, it’s not clear to me that implementations will provide the desired semantics. RFC 793 seems like it specifies the right semantics (“get this data to the peer within N seconds or close”):

        The timeout, if present, permits the caller to set up a timeout
        for all data submitted to TCP.  If data is not successfully
        delivered to the destination within the timeout period, the TCP
        will abort the connection.  The present global default is five
        minutes.

However the Linux man page documents different semantics:

       TCP_USER_TIMEOUT (since Linux 2.6.37)
              This option takes an unsigned int as an argument.  When the
              value is greater than 0, it specifies the maximum amount of
              time in milliseconds that transmitted data may remain
              unacknowledged before TCP will forcibly close the
              corresponding connection and return ETIMEDOUT to the
              application.  If the option value is specified as 0, TCP will
              use the system default.

The important difference being that whereas 793 implies data written to the socket, the Linux man page says “transmitted” data, which seems like it must mean data TCP has written to the network. These are two very different things! If Linux (or another stack) implements what the man page seems to say, it’s not useful for our purposes.

—John