Re: [Idr] TCP & BGP: Some don't send terminate BGP when holdtimer expired, because TCP recv window is 0
Enke Chen <enchen@paloaltonetworks.com> Thu, 17 December 2020 19:48 UTC
Return-Path: <enchen@paloaltonetworks.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E93E03A0FCE for <idr@ietfa.amsl.com>; Thu, 17 Dec 2020 11:48:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.986
X-Spam-Level:
X-Spam-Status: No, score=-1.986 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=paloaltonetworks.com header.b=fFIQtNiy; dkim=pass (2048-bit key) header.d=paloaltonetworks-com.20150623.gappssmtp.com header.b=V3Lmkz3m
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RdDKpQNgBUyD for <idr@ietfa.amsl.com>; Thu, 17 Dec 2020 11:48:35 -0800 (PST)
Received: from mx0b-00169c01.pphosted.com (mx0a-00169c01.pphosted.com [67.231.148.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC8813A0F0C for <idr@ietf.org>; Thu, 17 Dec 2020 11:48:35 -0800 (PST)
Received: from pps.filterd (m0045114.ppops.net [127.0.0.1]) by mx0a-00169c01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 0BHJjfaS018758 for <idr@ietf.org>; Thu, 17 Dec 2020 11:48:35 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paloaltonetworks.com; h=mime-version : references : in-reply-to : from : date : message-id : subject : to : cc : content-type; s=PPS12012017; bh=JGsiktBnrA97g3IfqfIj8tOdaAQxAVVTnmK4e5AhZfI=; b=fFIQtNiyzOd+Je6NjbZDw6L7vUZax01nWd5qtqsHFSvJicib9pqpgnauU8mVcO2I+0ZX vT9L1sqg96HEIcGhf035H5hjqC9Q+0LCXlCTo4s9HkHOcsKvCQ70MJjyRLSdWQk3YzsC bP6Mf0OXia7kJ5qjLIoWN+HvdgkqsJR2lT8H28IK5qi3Ysy/o/deYDExM8iTUPHRHJ1O b8QazOOWKH6kR+D5L7KFDaL9oByCSZVfH67WNc15GHYiB1g2xulDNb1aCreYXMNTzK6Y 8i/ODQ95DS9pjdN3UnS8fJF6I3uLO59uFf21jKdfw/QaQGglDmpO79uheuf2GqMGIs6V zQ==
Received: from mail-lf1-f72.google.com (mail-lf1-f72.google.com [209.85.167.72]) by mx0a-00169c01.pphosted.com with ESMTP id 35ctrpp1qh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <idr@ietf.org>; Thu, 17 Dec 2020 11:48:35 -0800
Received: by mail-lf1-f72.google.com with SMTP id m67so13701661lfd.6 for <idr@ietf.org>; Thu, 17 Dec 2020 11:48:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paloaltonetworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JGsiktBnrA97g3IfqfIj8tOdaAQxAVVTnmK4e5AhZfI=; b=V3Lmkz3mzDtnbH3lUV3f/712G6iQ9QibKVqouzx/7k+GijAPThdvvoGy8wEBs0nmhI SJG/MD4szSDR4Bhr27QZz8Qa3uOz0MVye1e8yhqZH03mHPXAgtDXKNcJHNlK7AtcTel2 5pKKYRd8zqBlQYNdoPfObarj1PTQE+lWlZtW+Q2RDnOIRpYWDhiNN5pspAsmfN1b0Ycq CbRhgu+vb/6hPE66lMVKEzNcCT/857AUPu/e+Wr00KBu5aHvP0bbICnAFZVcRJLA0VhY x/qHKmSwJhb8zuHP4G6wlnfsObf/fVBITUMk4pcRQM0F+OmlkDdA7Pfkv5Pm51RxWHsH 0dbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JGsiktBnrA97g3IfqfIj8tOdaAQxAVVTnmK4e5AhZfI=; b=rxjojoJSRjJxN+KIpOIsFCcQVXgdkrdRW+N00Ys+2xNV+pn63crOkSKLr2yHWU+r8+ CmMAGz7ZLOYu9TKmhyreUHX6MPsH3+0g5DdX7Cghd13sx31CUxoDeXV7qCBaoU0h9cc8 NzAhVWWobY3DD9qMrg5strP9Tb9boxUHO1kD4odip/ck0NA7/XKHMh4iF97Nl1IBXkr7 wm+R/llXbcRTwENX9Y+IMLfpJ0MQbfUmkMdA3MhpwqOcwNjjG6US9RRS8pxLyQIWSIZu QvUYoY2GiCbnlS6D5gbItHYJci4BNr8zwIPGATN7fEj93w0maTfEx60E4nnYsRksk/Sq j4Pw==
X-Gm-Message-State: AOAM530u6nlqWb3acOliYzegbKO4x0QE+M6hmCrUfbWijr8rBIgHC3mq dbJTIYHTpGma6al4FD+IwSacTCpeUXTkFzT6I9n10PpLCklKswMQO2aa3xRsZRECnnNoY3JPB0N spVkKrC48lRdf+ZEmkfY=
X-Received: by 2002:a19:2254:: with SMTP id i81mr144092lfi.422.1608234512977; Thu, 17 Dec 2020 11:48:32 -0800 (PST)
X-Google-Smtp-Source: ABdhPJw/4fsbGQVHTRIcwradLoFizkm0xj/OokuJ3PKAlFdYkN5TYtQeUJibPs+/BU+PZH3TUy+5a12uT4HGMYohqPA=
X-Received: by 2002:a19:2254:: with SMTP id i81mr144083lfi.422.1608234512671; Thu, 17 Dec 2020 11:48:32 -0800 (PST)
MIME-Version: 1.0
References: <CANJ8pZ_02njLOJxJPAW4vT3q0EPGB6WY1ZGemQpfiXNMhadb6A@mail.gmail.com> <CAOj+MMHC_uGRDwEmJJO0QCRXahfinbWw5wLzSQJ=C9CYAma-mw@mail.gmail.com>
In-Reply-To: <CAOj+MMHC_uGRDwEmJJO0QCRXahfinbWw5wLzSQJ=C9CYAma-mw@mail.gmail.com>
From: Enke Chen <enchen@paloaltonetworks.com>
Date: Thu, 17 Dec 2020 11:48:21 -0800
Message-ID: <CANJ8pZ-rq7MbFBLi26nb2yGJvsfrEcQZzn1ieq3LgnJM1p4ULA@mail.gmail.com>
To: Robert Raszuk <robert@raszuk.net>
Cc: Job Snijders <job@sobornost.net>, "idr@ietf. org" <idr@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d80c6c05b6ae4600"
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2020-12-17_14:2020-12-17, 2020-12-17 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 adultscore=0 phishscore=0 lowpriorityscore=0 clxscore=1015 impostorscore=0 mlxscore=0 suspectscore=0 malwarescore=0 bulkscore=0 spamscore=0 mlxlogscore=999 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012170132
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/yRsXh4uoAzL3V0qheM3-Lzlw7kY>
Subject: Re: [Idr] TCP & BGP: Some don't send terminate BGP when holdtimer expired, because TCP recv window is 0
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2020 19:48:41 -0000
Hi, Robert: The receiver is broken for not closing the session after the holdtime expires, and that certainly needs attention. However, the rational for trying to do something on the sender seems to be the following: as the session is broken and should have been terminated by the other side, but it's not, the sender would like to have a way that provides an "upper bound" for the session to be terminated deterministically at the transport layer. The TCP_USER_TIMEOUT option seems to be a good fit in this case. Thanks. -- Enke On Thu, Dec 17, 2020 at 2:21 AM Robert Raszuk <robert@raszuk.net> wrote: > Good catch Enke ! > > Also what if TCP rcv takes the BGP messages and passes it to BGP I/O InQ > which drops it for some reason right there ? Looks to me like we are not > going to detect any event like this here. But the problem we are trying to > address will persist. I think in this thread we are focusing too much on > transport vs application level detection. > > And I will repeat the question already stated ... Why rcv would not close > the session in spite of missing KEEPALIVES or UPDATES ? > > Tx, > R. > > PS. Side note: BGP Operational Message addresses this type of > inconsistencies by periodically comparing BGP Adj_RIB_In and _Out counters. > > > On Thu, Dec 17, 2020 at 3:41 AM Enke Chen <enchen@paloaltonetworks.com> > wrote: > >> Hi, Folks: >> >> Regarding the patch for openBGPD pointed out by Job, I do not think it >> would work. When the TCP rcv window from the remote is 0, the BGP keepalive >> can still be queued to the socket buffer. It can take a long time for the >> socket buffer to be filled up by BGP keepalives. >> >> It seems that the TCP_USER_TIMEOUT option can be used for the persistent >> zero-size window issue. The timeout value could be multiples of the >> holdtimer (with min and max adjustments), perhaps somewhere around 5 or 6 >> minutes. >> >> Thanks. -- Enke >> >> ---------- >> >> Job Snijders <job@sobornost.net> Tue, 15 December 2020 21:54 UTC >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__mailarchive.ietf.org_arch_browse_idr_-23&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=FlndUknstuJ9j_Pf40oKOLGgDCHrXNgX1l6gQZsjVxE&s=Gy3ZgD4mwrmy1k7kEyDCeqqUBxyXkv33m4XaHfegXGA&e=> >> >> [snip] >> How to solve this? Claudio Jeker took a look at what it would take in >> OpenBGPD and came up with the (tiny!) following patch, should be >> readable to most: https://marc.info/?l=openbsd-tech&m=160796802508185&w=2 <https://urldefense.proofpoint.com/v2/url?u=https-3A__marc.info_-3Fl-3Dopenbsd-2Dtech-26m-3D160796802508185-26w-3D2&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=FlndUknstuJ9j_Pf40oKOLGgDCHrXNgX1l6gQZsjVxE&s=4Ip2QeM5GZ1ohdD4z1RB3-XR1zvrkGa-gnnnxVzd3Gs&e=> >> >> _______________________________________________ >> Idr mailing list >> Idr@ietf.org >> https://www.ietf.org/mailman/listinfo/idr >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_idr&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=OPLTTSu-451-QhDoSINhI2xYdwiMmfF5A2l8luvN11E&m=FlndUknstuJ9j_Pf40oKOLGgDCHrXNgX1l6gQZsjVxE&s=hBMaxmukXgY-6uXgnTCoi6Zoz2jI0izuMOA06uP1Seg&e=> >> >
- [Idr] TCP & BGP: Some don't send terminate BGP wh… Job Snijders
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Tony Li
- Re: [Idr] TCP & BGP: Some don't send terminate BG… John Scudder
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jeff Tantsura
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Robert Raszuk
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Robert Raszuk
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jakob Heitz (jheitz)
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Job Snijders
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Tony Li
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Keyur Patel
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jeff Tantsura
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Robert Raszuk
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Keyur Patel
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jakob Heitz (jheitz)
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Enke Chen
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jakob Heitz (jheitz)
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Robert Raszuk
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Christoph Loibl
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jakob Heitz (jheitz)
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Christoph Loibl
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jared Mauch
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jared Mauch
- Re: [Idr] TCP & BGP: Some don't send terminate BG… William McCall
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Job Snijders
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jared Mauch
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Enke Chen
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Randy Bush
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jared Mauch
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Tony Li
- Re: [Idr] TCP & BGP: Some don't send terminate BG… John Scudder
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Christoph Loibl
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jakob Heitz (jheitz)
- Re: [Idr] TCP & BGP: Some don't send terminate BG… John Scudder
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Job Snijders
- Re: [Idr] TCP & BGP: Some don't send terminate BG… John Scudder
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Robert Raszuk
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jakob Heitz (jheitz)
- Re: [Idr] TCP & BGP: Some don't send terminate BG… john heasley
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Keyur Patel
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Keyur Patel
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Brian Dickson
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Claudio Jeker
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Claudio Jeker
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jakob Heitz (jheitz)
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Job Snijders
- Re: [Idr] TCP & BGP: Some don't send terminate BG… John Heasley
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jakob Heitz (jheitz)
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Claudio Jeker
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jakob Heitz (jheitz)
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Brian Dickson
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jakob Heitz (jheitz)
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Job Snijders
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jakob Heitz (jheitz)
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Robert Raszuk
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Job Snijders
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Job Snijders
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Brian Dickson
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jeffrey Haas
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jeffrey Haas
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jeffrey Haas
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jeffrey Haas
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Brian Dickson
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Enke Chen
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Robert Raszuk
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Gert Doering
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Claudio Jeker
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jeffrey Haas
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jeffrey Haas
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Enke Chen
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Robert Raszuk
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Brian Dickson
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jakob Heitz (jheitz)
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Enke Chen
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jeffrey Haas
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Enke Chen
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Brian Dickson
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jeffrey Haas
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jakob Heitz (jheitz)
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Gyan Mishra
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jeffrey Haas
- Re: [Idr] TCP & BGP: Some don't send terminate BG… John Scudder
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Gyan Mishra
- Re: [Idr] TCP & BGP: Some don't send terminate BG… William McCall
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Gyan Mishra
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Robert Raszuk
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Gyan Mishra
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Gyan Mishra
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Robert Raszuk
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Jeffrey Haas
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Gyan Mishra
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Robert Raszuk
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Gyan Mishra
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Gyan Mishra
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Enke Chen
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Enke Chen
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Enke Chen
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Enke Chen
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Enke Chen
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Job Snijders
- Re: [Idr] TCP & BGP: Some don't send terminate BG… Enke Chen