IETF Logo Mail Archive

Re: [multipathtcp] Multipath TCP FAST_CLOSE - abrupt closing

Christoph Paasch <cpaasch@apple.com> Thu, 14 September 2017 04:16 UTC

Return-Path: <cpaasch@apple.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03ABC1330A5 for <multipathtcp@ietfa.amsl.com>; Wed, 13 Sep 2017 21:16:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1p-x4SJYtnC9 for <multipathtcp@ietfa.amsl.com>; Wed, 13 Sep 2017 21:16:16 -0700 (PDT)
Received: from mail-in24.apple.com (mail-out24.apple.com [17.171.2.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D245132D89 for <multipathtcp@ietf.org>; Wed, 13 Sep 2017 21:16:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1505362575; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-transfer-encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=4GTJXRtaHTnXp+lWgeYQiB0HW+7Fz6tqHbhX/LGCv8E=; b=YPUsEmvtdRk0VENbdSbWvkfrRjEjXS8iNGo+ZhdCYMcqjeQydmgq0/f3OkhUVdu+ G9P5PB8GB7RNFvJ1Axe381k4JaFcBRNulQO+JchKJXZxn6Le8mQFlwMYDvO4tl4i t48KvxI2dI0gr/glJdN5GrRW2Bnk4Nez+QuAypi3YFwduTJi4ETeMCeJMfbwu6ZZ r/oUMTTSnyXpXxuv7le526JwrwcfPIp78v4NE2nFWpws8sHhpVo9eYnEleMcU5F6 fTsh3FABiM85kyH32RNDgzSDvGxrO6SynjeC9u3bvixPcy70rx9asAULrANBDIiC x+yCpwK1CHHSnCG5X1x2ZQ==;
Received: from relay4.apple.com (relay4.apple.com [17.128.113.87]) (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail-in24.apple.com (Apple Secure Mail Relay) with SMTP id 5F.47.25405.F820AB95; Wed, 13 Sep 2017 21:16:15 -0700 (PDT)
X-AuditID: 11ab0218-27bff7000000633d-ba-59ba028f02f0
Received: from nwk-mmpp-sz11.apple.com (nwk-mmpp-sz11.apple.com [17.128.115.155]) by relay4.apple.com (Apple SCV relay) with SMTP id 0B.46.06992.E820AB95; Wed, 13 Sep 2017 21:16:14 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 8bit
Content-disposition: inline
Content-type: text/plain; charset="utf-8"
Received: from localhost ([17.150.209.193]) by nwk-mmpp-sz11.apple.com (Oracle Communications Messaging Server 8.0.1.3.20170825 64bit (built Aug 25 2017)) with ESMTPSA id <0OW9000V5572PU20@nwk-mmpp-sz11.apple.com>; Wed, 13 Sep 2017 21:16:14 -0700 (PDT)
Sender: cpaasch@apple.com
Date: Wed, 13 Sep 2017 21:16:14 -0700
From: Christoph Paasch <cpaasch@apple.com>
To: François Finfe <francois.finfe@tessares.net>
Cc: multipathtcp@ietf.org, Olivier Bonaventure <olivier.bonaventure@tessares.net>
Message-id: <20170914041614.GK4453@Chimay.local>
References: <b3968dc9-0500-5907-4e13-8aa350d12f11@tessares.net>
In-reply-to: <b3968dc9-0500-5907-4e13-8aa350d12f11@tessares.net>
User-Agent: Mutt/1.8.3 (2017-05-23)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrOLMWRmVeSWpSXmKPExsUi2FAYrtvPtCvS4OozfYutEzYxWXxefZ3N YnbjcRYHZo8lS34yedxpms4cwBTFZZOSmpNZllqkb5fAlfF27Ur2gs1KFbdff2RrYLwl3cXI ySEhYCLxqG0vaxcjF4eQwBomiYeXtzLBJFo2HIJKHGKUaHv4kxkkwSsgKPFj8j2WLkYODmYB eYkjl7JBwswC0hKP/s5ghwirS0yZkgvR2sQkseftOhaQGmEBSYnuO3fAxrAIqEq8XN7LCmKz CWhJvL3dDmaLCDhLrFn8nhViZrDE5F07oXpdJR53/GCHOMFA4vqd92BxIQF7iX1L7oLZnAIO Envvn2EEsUUFlCXm7VvFBnKEhMAMNolNW7+yTWAUmYXkhVkIL8xC8sIshBcWMLKsYhTOTczM 0c3MMzLRSywoyEnVS87P3cQIionVTBI7GL+8NjzEKMDBqMTDa2GzM1KINbGsuDL3EKM0B4uS OO/y2UAhgfTEktTs1NSC1KL4otKc1OJDjEwcnFINjFkpChk7zzTx/AvVe3/O0e3Qv9/dJyb8 /qC468w0GY8HAY2vg6vYDx1M/h+T+E3q2DtD3yATISdZvzrblHsr63g01P/mRp8+yHHAPIZj Zc79qYddWs935vp3ys8tW3Pw+VFJr6oDt9jOnljzakP92TgT+d+F5YdYXqtebUvaLhjVXJ37 gdEyU4mlOCPRUIu5qDgRAJq2ZjpqAgAA
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrJLMWRmVeSWpSXmKPExsUi2FA8W7ePaVekwazDphZbJ2xisvi8+jqb xezG4ywOzB5Llvxk8rjTNJ05gCmKyyYlNSezLLVI3y6BK+Pt2pXsBZuVKm6//sjWwHhLuouR k0NCwESiZcMh1i5GLg4hgUOMEm0PfzKDJHgFBCV+TL7H0sXIwcEsIC9x5FI2SJhZQFri0d8Z 7BBhdYkpU3IhWpuYJPa8XccCUiMsICnRfecO2BgWAVWJl8t7WUFsNgEtibe328FsEQFniTWL 37NCzAyWmLxrJ1Svq8Tjjh/sECcYSFy/8x4sLiRgL7FvyV0wm1PAQWLv/TOMILaogLLEvH2r 2CYwCs5CcvUshKtnIbl6FsLVCxhZVjEKFKXmJFaa6CUWFOSk6iXn525iBAdwYfgOxn/LrA4x CnAwKvHwPrDcGSnEmlhWXJkLDCEOZiUR3vA3QCHelMTKqtSi/Pii0pzU4kOM0hwsSuK8xU+A UgLpiSWp2ampBalFMFkmDk6pBsY7V6+y6+0O0wm6d2LCn7b1TvUcmwOijQvWMUaErYy6mrVT 83Dj50ftsXclb70Lkm3bx70peI208+p3XprHrnXeMbTs5k1fMstZVfzQdPliQ8P4eJf/Lo+v d2x8v/CNt//tlm3sAuGL7t/QueCgVJg/keWbbN6TeKtTp45uVijnLLc5rD2dabISS3FGoqEW c1FxIgBSu7gAXAIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/multipathtcp/y549lCgmQ7rIjobCqhSyhR3JFw0>
Subject: Re: [multipathtcp] Multipath TCP FAST_CLOSE - abrupt closing
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/multipathtcp/>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Sep 2017 04:16:18 -0000

Hello,

On 13/09/17 - 15:39:20, François Finfe wrote:
> Hi,
> 
> 
> RFC6824 and RFC6824bis use the FAST_CLOSE option to abruptly close a
> Multipath TCP connection. The motivation for the procedure defined in
> section 3.5 is to enable a host to quickly terminate a Multipath TCP
> connection without being forced to send DATA_FINs.
> 
> The current procedure defined in section 3.5 is that the host that
> wishes to abruptly terminate a connection must send a RST on all
> subflows except one where it sends an ACK with the FAST_CLOSE option and
> waits for a RST before closing the Multipath TCP connection. The
> FAST_CLOSE option includes the receiver’s key to authenticate the abrupt
> release of the subflow. This prevents attacks where a remote attacker
> could send spoofed packets that would terminate the Multipath TCP
> connection.
> 
> Unfortunately, the procedure defined in section 3.5 has a very important
> drawback. Although the host wants to abruptly close the Multipath TCP
> connection, it needs to maintain state for this connection until the
> other host has confirmed (with a RST) the termination of the connection.
> This goes against the idea of abruptly closing connections due to lack
> of ressources for example. We have faced some issues with applications
> using SO_LINGER set to zero that were expecting the socket to have
> disappeared after an abrupt release while it did not disappear.
> 
> It would make sense to reconsider the abrupt connection termination
> procedure defined in section 3.5 to enable a host to immediately
> terminate a Multipath TCP connection and release the associated data
> structures. One possibility would be to work as follows.
> 
> Consider a Multipath TCP connection established between a client and a
> server. There are two subflows, A and B. The server wants to abruptly
> close the connection. For this, we propose to continue to use the
> FAST_CLOSE option, but place it inside the RST packet sent over all
> subflows. By using a RST instead of an ACK as in section 3.5, the server
> does not need to maintain any state and can remove the data structures
> associated with the closed connection immediately. If one of the RST
> packets reaches the client, it will know that the entire connection has
> been closed by the server.
> 
> The only issue with this new approach is when none of the RST packets
> sent by the server reach the client. We would be in a situation where
> the client considers that the Multipath TCP is active while it does not
> exist anymore on the server. After some time, the client will send a
> packet to the server over one of the subflows. Since the Multipath TCP
> connection does not exist anymore on the server, it will reply with a
> RST packet that will close this subflow. The client will receive the
> same RST over all the established subflows. When all subflows have been
> closed, the client should try to establish a new subflow to the server
> by sending a SYN with MP_JOIN. Upon reception of this SYN, the server
> will try to match the connection token with the established Multipath
> TCP connection and will find that there is no matching connection.
> According to RFC6824, the server should reply with a RST packet to close
> the subflow. We could add to this RST packet a new MP_TCPRST option
> indicating that the server could not match the received token with an
> existing connection. Upon reception of a RST carrying this option, the
> client would know that the corresponding connection has been closed by
> the server and would close it itself.
> 
> We believe that this approach is simpler on the server side while still
> allowing clients to detect closed Multipath TCP connections. The abrupt
> closing (e.g. socket option SO_LINGER with zero timeout) is also
> properly implemented. In contrast with the current approach, it places
> the burden on the client instead of on the server, but we believe this
> is beneficial for servers that often need to abruptly close connections.

I strongly support this proposal.

Whenever the stack decides to force-fully close a connection due to
resource-limitations, it is important for the scalability of the system to
get rid of the state as quickly as possible. Otherwise, servers accumulate
huge numbers of these lingering connections.


Christoph

v2.23.0 | Report a Bug | By Email