IETF Logo Mail Archive

Re: [multipathtcp] Multipath TCP FAST_CLOSE - abrupt closing

Yoshifumi Nishida <nishida@sfc.wide.ad.jp> Wed, 20 September 2017 07:37 UTC

Return-Path: <nishida@sfc.wide.ad.jp>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79E601323B4 for <multipathtcp@ietfa.amsl.com>; Wed, 20 Sep 2017 00:37:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m1nQjXe9AeMw for <multipathtcp@ietfa.amsl.com>; Wed, 20 Sep 2017 00:37:25 -0700 (PDT)
Received: from mail.sfc.wide.ad.jp (shonan.sfc.wide.ad.jp [IPv6:2001:200:0:8803::53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65F77132025 for <multipathtcp@ietf.org>; Wed, 20 Sep 2017 00:37:24 -0700 (PDT)
Received: from mail-yw0-f169.google.com (mail-yw0-f169.google.com [209.85.161.169]) by mail.sfc.wide.ad.jp (Postfix) with ESMTPSA id 244A3278D5A for <multipathtcp@ietf.org>; Wed, 20 Sep 2017 16:37:22 +0900 (JST)
Received: by mail-yw0-f169.google.com with SMTP id l4so1323450ywa.6 for <multipathtcp@ietf.org>; Wed, 20 Sep 2017 00:37:22 -0700 (PDT)
X-Gm-Message-State: AHPjjUh3KkLGjSrBl5KOHRNZmey9tOZWjMTcmyH7X8bbm1jiqwWHdYCh BuIPXCRyJIFEp6ezjwivRFNL08W6y3L3QRIwLxc=
X-Google-Smtp-Source: AOwi7QCUBJCfph4KMt5Roilk11KO7bn4PChW2Q2I4sMMvoIczXf2xQNPiBPgpOkC8t5VFKmfyrl00Yo5HNfA5bvP3CI=
X-Received: by 10.129.145.214 with SMTP id i205mr3246296ywg.73.1505893040713; Wed, 20 Sep 2017 00:37:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.64.145 with HTTP; Wed, 20 Sep 2017 00:37:20 -0700 (PDT)
In-Reply-To: <804577f3-f2a7-0726-08b3-717abe43f9c8@tessares.net>
References: <b3968dc9-0500-5907-4e13-8aa350d12f11@tessares.net> <CAO249yf90+3eaH-0BR9izrqje38pwfd-ARQLKOwN0q_W5mTWPQ@mail.gmail.com> <804577f3-f2a7-0726-08b3-717abe43f9c8@tessares.net>
From: Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
Date: Wed, 20 Sep 2017 00:37:20 -0700
X-Gmail-Original-Message-ID: <CAO249yf6LfZ1a10FjeP78zX9diaT1K39HObZ6ptiDwYFpUwxmg@mail.gmail.com>
Message-ID: <CAO249yf6LfZ1a10FjeP78zX9diaT1K39HObZ6ptiDwYFpUwxmg@mail.gmail.com>
To: François Finfe <francois.finfe@tessares.net>
Cc: Yoshifumi Nishida <nishida@sfc.wide.ad.jp>, multipathtcp <multipathtcp@ietf.org>, Olivier Bonaventure <olivier.bonaventure@tessares.net>
Content-Type: multipart/alternative; boundary="94eb2c0941c2c2f60205599a0b80"
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/__uja7Oo9ZrROgI0OXLVD8zx7dU>
Subject: Re: [multipathtcp] Multipath TCP FAST_CLOSE - abrupt closing
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Sep 2017 07:37:28 -0000

Hi Oliver, Francois,

Thanks for the comments.
One concern I have is it seems that people are expecting to expose this
feature to apps although this won't be a recommended way to terminate an
MPTCP session.
I think It won't be good if we end up always using it even when there's no
resource limitations.
--
Yoshi

On Mon, Sep 18, 2017 at 4:58 AM, François Finfe <francois.finfe@tessares.net
> wrote:

> Hi Yoshi,
>
> On 2017-09-15 00:33, Yoshifumi Nishida wrote:
> > Hi Francois,
> >
> > This is an interesting proposal for the bis draft. But, I guess the
> > receiver of FAST_CLOSE (will be clients in most cases) may need to
> > wait longer time in some cases.
> >
> > I am thinking that the main motivation of SO_LINGER with zero timeout
> > approach is to avoid going into time_wait.
> > I think MPTCP's FAST_CLOSE already takes care of this point to some
> > extent and senders don't go into M_TIMEWAIT, although it requires at
> > least 1 RTT.
> > So, I am still not very sure if we should save this 1 RTT or should
> > avoid unfortunate cases for long waiting.
> Yes, in most likely cases, it will last 1 RTT. In worst case, with 3
> retransmissions and exp. backoff enabled, it will linger 8 RTO's.
>
> 1 RTT is relatively very high compared to the time to send an
> MP_FASTCLOSE. On the current linux MPTCP implementation and on my
> computer, the time required to fast close a MPTCP connection (send
> MP_FASTCLOSE and RST's, without taking account the retransmissions or
> waiting for RST from the other peer) is 1 ms.
>
> This time depends of a lot of factor but it is quite small compared to
> typical values of RTT for DSL/LTE.
>
> In the case of the SO_LINGER with zero timeout, the user space will
> expect that "all queued messages for the socket have been successfully
> sent or the linger timeout has been reached" and nothing is done on
> background. By waiting for a RST in response to a MP_FASTCLOSE, it is
> not possible to match the timing requirement, or it must be done it in
> the background.
>
> Abrupt connection closing can be explicitly set by the user space
> software explicitly.
>
> But, it can be tacitly set as well:
> - on GNU/Linux, if a process is killed, all the established connection
>   will be abruptly closed.
> - Other scenarii are when the system is under pressure.
>
> In these cases, quickly close a connection  is important.
> >
> >
> > BTW, I happened to find that the state transition diagram in the draft
> > doesn't contain M_FASTCLOSE state, although it is mentioned in Section
> > 3.5.
> I don't know why it's not mentioned. Maybe, it is omitted for the sake
> of clarity, because you can switch from a lot of state (not only
> established) to closed via fast close. On most TCP state transition
> diagram, this transition (via a RST instead of a fast close) is not
> mentioned either.
>
> François
>
> > Is this OK?
> >
> > Thanks,
> > --
> > Yoshi
> >
> >
> > On Wed, Sep 13, 2017 at 6:39 AM, François Finfe
> > <francois.finfe@tessares.net> wrote:
> >> Hi,
> >>
> >>
> >> RFC6824 and RFC6824bis use the FAST_CLOSE option to abruptly close a
> >> Multipath TCP connection. The motivation for the procedure defined in
> >> section 3.5 is to enable a host to quickly terminate a Multipath TCP
> >> connection without being forced to send DATA_FINs.
> >>
> >> The current procedure defined in section 3.5 is that the host that
> >> wishes to abruptly terminate a connection must send a RST on all
> >> subflows except one where it sends an ACK with the FAST_CLOSE option and
> >> waits for a RST before closing the Multipath TCP connection. The
> >> FAST_CLOSE option includes the receiver’s key to authenticate the abrupt
> >> release of the subflow. This prevents attacks where a remote attacker
> >> could send spoofed packets that would terminate the Multipath TCP
> >> connection.
> >>
> >> Unfortunately, the procedure defined in section 3.5 has a very important
> >> drawback. Although the host wants to abruptly close the Multipath TCP
> >> connection, it needs to maintain state for this connection until the
> >> other host has confirmed (with a RST) the termination of the connection.
> >> This goes against the idea of abruptly closing connections due to lack
> >> of ressources for example. We have faced some issues with applications
> >> using SO_LINGER set to zero that were expecting the socket to have
> >> disappeared after an abrupt release while it did not disappear.
> >>
> >> It would make sense to reconsider the abrupt connection termination
> >> procedure defined in section 3.5 to enable a host to immediately
> >> terminate a Multipath TCP connection and release the associated data
> >> structures. One possibility would be to work as follows.
> >>
> >> Consider a Multipath TCP connection established between a client and a
> >> server. There are two subflows, A and B. The server wants to abruptly
> >> close the connection. For this, we propose to continue to use the
> >> FAST_CLOSE option, but place it inside the RST packet sent over all
> >> subflows. By using a RST instead of an ACK as in section 3.5, the server
> >> does not need to maintain any state and can remove the data structures
> >> associated with the closed connection immediately. If one of the RST
> >> packets reaches the client, it will know that the entire connection has
> >> been closed by the server.
> >>
> >> The only issue with this new approach is when none of the RST packets
> >> sent by the server reach the client. We would be in a situation where
> >> the client considers that the Multipath TCP is active while it does not
> >> exist anymore on the server. After some time, the client will send a
> >> packet to the server over one of the subflows. Since the Multipath TCP
> >> connection does not exist anymore on the server, it will reply with a
> >> RST packet that will close this subflow. The client will receive the
> >> same RST over all the established subflows. When all subflows have been
> >> closed, the client should try to establish a new subflow to the server
> >> by sending a SYN with MP_JOIN. Upon reception of this SYN, the server
> >> will try to match the connection token with the established Multipath
> >> TCP connection and will find that there is no matching connection.
> >> According to RFC6824, the server should reply with a RST packet to close
> >> the subflow. We could add to this RST packet a new MP_TCPRST option
> >> indicating that the server could not match the received token with an
> >> existing connection. Upon reception of a RST carrying this option, the
> >> client would know that the corresponding connection has been closed by
> >> the server and would close it itself.
> >>
> >> We believe that this approach is simpler on the server side while still
> >> allowing clients to detect closed Multipath TCP connections. The abrupt
> >> closing (e.g. socket option SO_LINGER with zero timeout) is also
> >> properly implemented. In contrast with the current approach, it places
> >> the burden on the client instead of on the server, but we believe this
> >> is beneficial for servers that often need to abruptly close connections.
> >>
> >>
> >> François
> >>
> >> --
> >>
> >> ------------------------------
> >> DISCLAIMER.
> >> This email and any files transmitted with it are confidential and
> intended
> >> solely for the use of the individual or entity to whom they are
> addressed.
> >> If you have received this email in error please notify the system
> manager.
> >> This message contains confidential information and is intended only for
> the
> >> individual named. If you are not the named addressee you should not
> >> disseminate, distribute or copy this e-mail. Please notify the sender
> >> immediately by e-mail if you have received this e-mail by mistake and
> >> delete this e-mail from your system. If you are not the intended
> recipient
> >> you are notified that disclosing, copying, distributing or taking any
> >> action in reliance on the contents of this information is strictly
> >> prohibited.
> >>
> >> _______________________________________________
> >> multipathtcp mailing list
> >> multipathtcp@ietf.org
> >> https://www.ietf.org/mailman/listinfo/multipathtcp
>
> --
>
> ------------------------------
> DISCLAIMER.
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and
> delete this e-mail from your system. If you are not the intended recipient
> you are notified that disclosing, copying, distributing or taking any
> action in reliance on the contents of this information is strictly
> prohibited.
>

v2.23.0 | Report a Bug | By Email