IETF Logo Mail Archive

RE: Gen-ART review of draft-ietf-tcpm-tcp-soft-errors-08.txt

Black_David@emc.com Fri, 21 November 2008 17:26 UTC

Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B273228C0F5; Fri, 21 Nov 2008 09:26:17 -0800 (PST)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9DED23A6840; Thu, 20 Nov 2008 19:55:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.3
X-Spam-Level:
X-Spam-Status: No, score=-5.3 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ELDI0vtaW3A9; Thu, 20 Nov 2008 19:55:29 -0800 (PST)
Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by core3.amsl.com (Postfix) with ESMTP id 612173A635F; Thu, 20 Nov 2008 19:55:29 -0800 (PST)
Received: from hop04-l1d11-si01.isus.emc.com (HOP04-L1D11-SI01.isus.emc.com [10.254.111.54]) by mexforward.lss.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id mAL3tFIm022844 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 20 Nov 2008 22:55:15 -0500 (EST)
Received: from mailhub.lss.emc.com (nirah.lss.emc.com [10.254.144.13]) by hop04-l1d11-si01.isus.emc.com (Tablus Interceptor); Thu, 20 Nov 2008 22:42:09 -0500
Received: from corpussmtp3.corp.emc.com (corpussmtp3.corp.emc.com [10.254.64.53]) by mailhub.lss.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id mAL3swSW006298; Thu, 20 Nov 2008 22:54:59 -0500 (EST)
From: Black_David@emc.com
Received: from CORPUSMX80A.corp.emc.com ([10.254.89.202]) by corpussmtp3.corp.emc.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 20 Nov 2008 22:54:58 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: Gen-ART review of draft-ietf-tcpm-tcp-soft-errors-08.txt
Date: Thu, 20 Nov 2008 22:54:11 -0500
Message-ID: <9FA859626025B64FBC2AF149D97C944A010748D4@CORPUSMX80A.corp.emc.com>
In-Reply-To: <200811121548.mACFmKLY007025@venus.xmundo.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Gen-ART review of draft-ietf-tcpm-tcp-soft-errors-08.txt
Thread-Index: AclE3ieLYG4OG5cNRdOYTizNmAOYgAGq8yOw
References: <9FA859626025B64FBC2AF149D97C944A3C6EEA@CORPUSMX80A.corp.emc.com> <200811121548.mACFmKLY007025@venus.xmundo.net>
To: fernando@gont.com.ar, gen-art@ietf.org
X-OriginalArrivalTime: 21 Nov 2008 03:54:58.0813 (UTC) FILETIME=[EC43A2D0:01C94B8C]
X-RSA-Inspected: yes
X-RSA-Classifications:
X-RSA-Action: allow
X-Mailman-Approved-At: Fri, 21 Nov 2008 09:26:14 -0800
Cc: magnus.westerlund@ericsson.com, tcpm@ietf.org, david.borman@windriver.com, ietf@ietf.org, weddy@grc.nasa.gov, Black_David@emc.com
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

Fernando,

> >(1) The I-D Tracker says that the v6ops-v6onbydefault draft is Dead.
> >Relevant portions of that draft should be reproduced or otherwise
> >explained in Section 3.2.
> 
> The reference to this I-D has been updated to the corresponding RFC.

Thanks - please send the reference to the secretariat, because the
I-D Tracker doesn't record the fact that this draft was published as
an RFC.

> >As part of doing this, please state
> >whether trying v6 and v4 connections in parallel is a good idea or
> >not and why.
> 
> The document does not discuss alternative approaches, at it just 
> documents this alternative reaction to soft errors, as implemented in 
> a number of stacks.
> 
> (FYI, the draft originally aimed at Std. Track, and discussed other 
> alternative  approaches for dealing with the problem of long delays 
> between connection establishment attempts. Then we changed the draft 
> category to "Informational", to simply document this behavior. At 
> that point, the discussion of parallel connections and other 
> approaches was dropped).

I don't think just ignoring this problem is acceptable, but a reference
to a discussion of what can be done about it in that RFC or some other
document should suffice.

> >(2) Section 4.1 describes a mechanism from RFC 3168 that retransmits
a
> >modified SYN when an RST is received in response to an ECN-setup SYN,
> >and suggests that this mechanism is applicable to ICMP errors
received
> >in response to an ECN-setup SYN.  This mechanism was specified in
> >RFC 3168 because there were known deployed middleboxes with this
> >problem-causing RST behavior, and the mechanism was necessary to deal
> >with them.  Are there any known middleboxes that send an ICMP error
> >in response to a SYN that signals ECN capability?
> >- If yes, state the specific ICMP error(s) that is(are) used and
limit
> >         the recommendation to the actual error(s).
> >- If no, remove this entire RFC 3168 discussion as speculative, or
> >         describe it as a possible response should this problem
scenario
> >         ever arise in practice.
> 
> I am particularly referring to firewalls, that can be configured to 
> reject incoming connections with either RST segment, ICMP error 
> messages, or silently.
> 
> Would your comment be addressed if I incorporate a small paragraph to 
> clarify this? The resulting text would read:
> --- cut here ----
>     [RFC3168] states that a host that receives a RST in response to
the
>     transmission of an ECN-setup SYN packet MAY resend a SYN with CWR
and
>     ECE cleared.  This is meant to deal with faulty middle-boxes that
>     reject connections when a SYN segment has the ECE and CWR bits
set.
>     Given that this section describes a modification that processes
ICMP
>     error messages as hard errors when they are received for a
connection
>     in any of the non-synchronized states, systems implementing this
>     behavior could resend the SYN segment with the ECE and CWR bits
>     cleared when an ICMP error message is received in response to a
SYN
>     segment that had these bits set.
> 
> This would address those scenarios in which a middle-box such as a 
> firewall rejects incoming connection requests with an ICMP soft error 
> simply because the ECE and CWR bits were set in the incoming 
> SYN segment.
> ---- cut here ----
> 
> (Only the last paragraph was added).

I see two problems:
- I want to see the offending ICMP soft errors named as opposed
	to a general allowance being made for all soft errors.
- I believe the concept in that last paragraph belongs before the
	"Given that ..." sentence.

Try the following two paragraphs:

     [RFC3168] states that a host that receives a RST in response to the
     transmission of an ECN-setup SYN packet MAY resend a SYN with CWR
and
     ECE cleared.  This is meant to deal with faulty middle-boxes that
     reject connections when a SYN segment has the ECE and CWR bits set.

    Some faulty middle-boxes (e.g., firewalls) may reject connections
    with an ICMP soft error of <XXX> instead of an RST.  Therefore a
    system that processes ICMP error messages as hard errors when they
    are received for a connection in any of the non-synchronized states,
    MAY respond to an <XXX> ICMP error message received in response to a
    SYN segment with the ECE and CWR bits set by retransmitting that SYN
    segment with those bits cleared instead of abandoning the
connection.

The actual ICMP error or errors need to be filled in to replace <XXX>
above.

> >(3) Section 5.3 describes a NAT behavior that causes a host TCP
problem
> >and then suggests changing the NAT to fix it.  While that's a good
idea
> >in an ideal world (and needs to be stated in the draft), in practice,
> >deployed NATs have to be dealt with as-is.  In addition to
recommending
> >fixing the NAT, please discuss what could be done when the NAT cannot
> >be fixed.
> 
> There's not much that could be done. However, this would just break 
> TCP simultaneous opens, that are unlikely. (As a matter of fact, 
> there are even end-system implementations of TCP that do not support 
> simultaneous opens)

Please add text stating that (only thing broken is TCP simultaneous
opens,
which is tolerable in many situations)..
 
> >Nits:
> >
> >Section 1 - reduce generality of this text.
> >OLD:
> >    This document analyzes the fault recovery strategy of TCP
[RFC0793],
> >    and the problems that may arise due to TCP's reaction to ICMP
soft
> >    errors.
> >NEW:
> >    This document analyzes problems that may arise due to TCP
[RFC0793]
> >    fault recovery reactions to ICMP soft errors.
> 
> I have not incorporated this change. But please let me know if you 
> feel strongly about it.

I think the old wording seriously overstates the scope of the draft, but
this is an editorial problem, not a technical one.  I would still prefer
to see this changed.

> >It would be good to provide the text expansion of the codes in
> >Figure 1, as was done in the text before the figure.
> 
> I guess this would mess up the table, which is suppose to provide a 
> quick reference for extrapolating the ICMPv4 soft errors to their 
> ICMPv6 counter-parts. Therefore I have not incorporated this 
> suggested change. However, please let me know if you feel 
> strongly about it.

Ok.

Thanks,
--David
----------------------------------------------------
David L. Black, Distinguished Engineer
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
black_david@emc.com        Mobile: +1 (978) 394-7754
----------------------------------------------------
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email