IETF Logo Mail Archive

Re: [multipathtcp] Multipath TCP FAST_CLOSE - abrupt closing

<philip.eardley@bt.com> Mon, 23 October 2017 08:47 UTC

Return-Path: <philip.eardley@bt.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E440513F15C for <multipathtcp@ietfa.amsl.com>; Mon, 23 Oct 2017 01:47:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.401
X-Spam-Level:
X-Spam-Status: No, score=-5.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hhWFh4v8uLmp for <multipathtcp@ietfa.amsl.com>; Mon, 23 Oct 2017 01:47:25 -0700 (PDT)
Received: from smtpb1.bt.com (smtpb1.bt.com [62.7.242.136]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25E6813F159 for <multipathtcp@ietf.org>; Mon, 23 Oct 2017 01:47:24 -0700 (PDT)
Received: from EPDAG01D-UKBR.domain1.systemhost.net (193.113.197.205) by EVMED02-UKBR.bt.com (10.216.161.32) with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 23 Oct 2017 09:47:17 +0100
Received: from rew09926dag03c.domain1.systemhost.net (10.55.202.26) by EPDAG01D-UKBR.domain1.systemhost.net (193.113.197.205) with Microsoft SMTP Server (TLS) id 15.0.1293.2; Mon, 23 Oct 2017 09:47:21 +0100
Received: from rew09926dag03b.domain1.systemhost.net (10.55.202.22) by rew09926dag03c.domain1.systemhost.net (10.55.202.26) with Microsoft SMTP Server (TLS) id 15.0.1293.2; Mon, 23 Oct 2017 09:47:21 +0100
Received: from rew09926dag03b.domain1.systemhost.net ([fe80::d514:fe50:560c:401e]) by rew09926dag03b.domain1.systemhost.net ([fe80::d514:fe50:560c:401e%12]) with mapi id 15.00.1293.004; Mon, 23 Oct 2017 09:47:20 +0100
From: philip.eardley@bt.com
To: francois.finfe@tessares.net, multipathtcp@ietf.org
CC: olivier.bonaventure@tessares.net
Thread-Topic: [multipathtcp] Multipath TCP FAST_CLOSE - abrupt closing
Thread-Index: AQHTLJW79yxOIgXwBUCfJbDIHTBKs6LxXclg
Date: Mon, 23 Oct 2017 08:47:20 +0000
Message-ID: <1cef00806c7c4402962c3c6d8180b1f6@rew09926dag03b.domain1.systemhost.net>
References: <b3968dc9-0500-5907-4e13-8aa350d12f11@tessares.net>
In-Reply-To: <b3968dc9-0500-5907-4e13-8aa350d12f11@tessares.net>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.55.202.242]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/CfddhrcwICRIkwEIlhJ0BoQ442s>
Subject: Re: [multipathtcp] Multipath TCP FAST_CLOSE - abrupt closing
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Oct 2017 08:47:28 -0000

Did we reach consensus about this proposed change?
Thanks
phil

-----Original Message-----
From: multipathtcp [mailto:multipathtcp-bounces@ietf.org] On Behalf Of François Finfe
Sent: 13 September 2017 14:39
To: multipathtcp@ietf.org
Cc: Olivier Bonaventure <olivier.bonaventure@tessares.net>
Subject: [multipathtcp] Multipath TCP FAST_CLOSE - abrupt closing

Hi,


RFC6824 and RFC6824bis use the FAST_CLOSE option to abruptly close a Multipath TCP connection. The motivation for the procedure defined in section 3.5 is to enable a host to quickly terminate a Multipath TCP connection without being forced to send DATA_FINs.

The current procedure defined in section 3.5 is that the host that wishes to abruptly terminate a connection must send a RST on all subflows except one where it sends an ACK with the FAST_CLOSE option and waits for a RST before closing the Multipath TCP connection. The FAST_CLOSE option includes the receiver’s key to authenticate the abrupt release of the subflow. This prevents attacks where a remote attacker could send spoofed packets that would terminate the Multipath TCP connection.

Unfortunately, the procedure defined in section 3.5 has a very important drawback. Although the host wants to abruptly close the Multipath TCP connection, it needs to maintain state for this connection until the other host has confirmed (with a RST) the termination of the connection.
This goes against the idea of abruptly closing connections due to lack of ressources for example. We have faced some issues with applications using SO_LINGER set to zero that were expecting the socket to have disappeared after an abrupt release while it did not disappear.

It would make sense to reconsider the abrupt connection termination procedure defined in section 3.5 to enable a host to immediately terminate a Multipath TCP connection and release the associated data structures. One possibility would be to work as follows.

Consider a Multipath TCP connection established between a client and a server. There are two subflows, A and B. The server wants to abruptly close the connection. For this, we propose to continue to use the FAST_CLOSE option, but place it inside the RST packet sent over all subflows. By using a RST instead of an ACK as in section 3.5, the server does not need to maintain any state and can remove the data structures associated with the closed connection immediately. If one of the RST packets reaches the client, it will know that the entire connection has been closed by the server.

The only issue with this new approach is when none of the RST packets sent by the server reach the client. We would be in a situation where the client considers that the Multipath TCP is active while it does not exist anymore on the server. After some time, the client will send a packet to the server over one of the subflows. Since the Multipath TCP connection does not exist anymore on the server, it will reply with a RST packet that will close this subflow. The client will receive the same RST over all the established subflows. When all subflows have been closed, the client should try to establish a new subflow to the server by sending a SYN with MP_JOIN. Upon reception of this SYN, the server will try to match the connection token with the established Multipath TCP connection and will find that there is no matching connection.
According to RFC6824, the server should reply with a RST packet to close the subflow. We could add to this RST packet a new MP_TCPRST option indicating that the server could not match the received token with an existing connection. Upon reception of a RST carrying this option, the client would know that the corresponding connection has been closed by the server and would close it itself.

We believe that this approach is simpler on the server side while still allowing clients to detect closed Multipath TCP connections. The abrupt closing (e.g. socket option SO_LINGER with zero timeout) is also properly implemented. In contrast with the current approach, it places the burden on the client instead of on the server, but we believe this is beneficial for servers that often need to abruptly close connections.


François

-- 

------------------------------
DISCLAIMER.
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. 
If you have received this email in error please notify the system manager. 
This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

_______________________________________________
multipathtcp mailing list
multipathtcp@ietf.org
https://www.ietf.org/mailman/listinfo/multipathtcp

v2.23.0 | Report a Bug | By Email