IETF Logo Mail Archive

Re: [Plus] Supporting connection tracking and basic diagnostics: a minimal PLUS

"Christian Huitema" <huitema@huitema.net> Sun, 11 December 2016 16:47 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: plus@ietfa.amsl.com
Delivered-To: plus@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 992D012945D for <plus@ietfa.amsl.com>; Sun, 11 Dec 2016 08:47:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S1aIjPWGOXSp for <plus@ietfa.amsl.com>; Sun, 11 Dec 2016 08:47:15 -0800 (PST)
Received: from mx36-42.antispamcloud.com (mx36-42.antispamcloud.com [209.126.121.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1144129435 for <plus@ietf.org>; Sun, 11 Dec 2016 08:47:15 -0800 (PST)
Received: from xsmtp24.mail2web.com ([168.144.250.190] helo=xsmtp04.mail2web.com) by mx36.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.86) (envelope-from <huitema@huitema.net>) id 1cG7HN-0000fD-V9 for plus@ietf.org; Sun, 11 Dec 2016 17:47:14 +0100
Received: from [10.5.2.52] (helo=xmail12.myhosting.com) by xsmtp04.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1cG7HK-0001kN-G5 for plus@ietf.org; Sun, 11 Dec 2016 11:47:13 -0500
Received: (qmail 16164 invoked from network); 11 Dec 2016 16:47:10 -0000
Received: from unknown (HELO icebox) (Authenticated-user:_huitema@huitema.net@[172.56.39.108]) (envelope-sender <huitema@huitema.net>) by xmail12.myhosting.com (qmail-ldap-1.03) with ESMTPA for <ianswett@google.com>; 11 Dec 2016 16:47:09 -0000
From: Christian Huitema <huitema@huitema.net>
To: 'Ian Swett' <ianswett@google.com>
References: <83EEC537-3486-4864-ACA2-911F570D0C57@trammell.ch> <15261501-1F9C-41CA-87D0-4E8FCD862044@trammell.ch> <CAKcm_gMzw9Z=XnFy9vYfxOOG+eO6XJ2bSNeboQYjxW+MOUwa9g@mail.gmail.com> <E4BB21D8-9747-409C-BCF7-E62029897282@apple.com> <02ec01d25378$83799550$8a6cbff0$@huitema.net> <CAKcm_gPHUQ-EYrC1SHEXj6vpSMdEqmqZufdWLpxJxnVLZ0ZwYg@mail.gmail.com>
In-Reply-To: <CAKcm_gPHUQ-EYrC1SHEXj6vpSMdEqmqZufdWLpxJxnVLZ0ZwYg@mail.gmail.com>
Date: Sun, 11 Dec 2016 08:47:05 -0800
Message-ID: <003801d253ce$35b13520$a1139f60$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQGJFALV+PXWIFNIHBFUeBJpGWH6CgJHaNbDAfmdZJABvOyTrwFvjL+CAeMgNGqhSu2qMA==
Content-Language: en-us
X-Filter-ID: s0sct1PQhAABKnZB5plbIVbU93hg6Kq00BjAzYBqWlUcW8ntawmIBRrYFzUH2lbvx1wTMkEUUoeb KIhkyzl2dIiv9E4wCVrhoZyL4oGkN7E0HbLcIXRK+rCYHS2Pxr4sUvWQm1ERVuodk8O3ETzMDwo/ Uh1jmurWq+/2Ie7U7sqADc7ZY3EztL6tInZj92mvdcmtTcWSOKD5RASVzg27inXh5noZfH+Ue/bn p6ZbxyV5kYwBFjHSX1ySASMY7Q8kB9L5ZtBNVI+9Qx1iUeEDv6vlm5bIS/7+niZp9XBOa3yfIyPa B+nRnOnncyxSbUjNQcVc7DCeSlpKhzvl7ajXRoSu7p0hkXmiYaBEmzJokiIMQOp+UtDOd2Xrp4Ao XsNbEJwIm+oR/p+Hz0PC9yfr2G8fBbNd2aWQ6zxe7udZZr7eNHk15VolAGHS5rCXQKDy7WmLSP+L g+ESZWbM7Yv2tv4nD/5nJ2uhobXclUauFd2nNgqa/CCGIrC+9iFtJySZiR3bHfnMCIEU+nrglojK wD9TAOxA+4LNeua6YnevHxMwo0ageKMXcNstrfyg5gXa7T02ZXdoQxMs//iOE4FlhnMcN6qoXPje nLhIOF1oeRZKVzLoodJpOhZOhElZeeZ68HN1XtUyhw3DgxLaLBwUGYIHhtpcaYbh91FuaKgJHE3L es7Q3TWr9wD5RALyObfQMS+4ayUpOtEhdxekWDmK9g==
X-Report-Abuse-To: spam@quarantine5.antispamcloud.com
X-Originating-IP: 168.144.250.190
X-SpamExperts-Domain: xsmtpout.mail2web.com
X-SpamExperts-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-SpamExperts-Outgoing-Class: unsure
X-SpamExperts-Outgoing-Evidence: Combined (0.17)
X-Classification: unsure/combined
X-Recommended-Action: accept
Archived-At: <https://mailarchive.ietf.org/arch/msg/plus/4u2nDnvX_UB_3D8WyFK68XPabeY>
Cc: 'Brian Trammell' <ietf@trammell.ch>, 'Tommy Pauly' <tpauly@apple.com>, plus@ietf.org
Subject: Re: [Plus] Supporting connection tracking and basic diagnostics: a minimal PLUS
X-BeenThere: plus@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion of a Path Layer UDP Substrate \(PLUS\) protocol for in-band management of in-network state for UDP-encapsulated transport protocols." <plus.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/plus>, <mailto:plus-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/plus/>
List-Post: <mailto:plus@ietf.org>
List-Help: <mailto:plus-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/plus>, <mailto:plus-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Dec 2016 16:47:17 -0000

On Sunday, December 11, 2016 6:51 AM, Ian Swett wrote:
> On Sun, Dec 11, 2016 at 1:33 AM, Christian Huitema <mailto:huitema@huitema.net> wrote:
>> ...OTOH, there is going to be a "feature interaction" between this sequence+echo scheme and 
>> the senders' strategy of skipping some sequence numbers in order to verify that the recipients
>> are not making up ACKS. The intermediate boxes will have no way to distinguish between a 
>> packet number voluntarily skipped by the sender, and a packet loss between the sender and
>> the middlebox. I hope this won't affect the "wireshark diagnostics" too much.
>
> We could specify that if a peer wants to skip packet numbers, it should be by more than 256,
> assuming 256 packet gaps are rare(which they are, though they do happen).    Or some other 
> known approach that is relatively simple to identify.

If you make it easier to identify, then you defeat the purpose of the packet skipping. Suppose a bad receiver, intent on setting a DOS attack. Its strategy is to ACK as quickly as possible, regardless of losses. The sender detects ACK of packets that were not sent, and aborts the connection. But if the skipping is easy to detect by middleboxes, it is also easy to detect by the bad receiver, which will suspend its ACK everything strategy if it detects a test...

-- Christian Huitema

v2.23.0 | Report a Bug | By Email