Re: [Spud] SPUD's open/close are unconvincing
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 08 April 2015 22:21 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 8C32B1A9062
for <spud@ietfa.amsl.com>; Wed, 8 Apr 2015 15:21:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.3
X-Spam-Level:
X-Spam-Status: No, score=-1.3 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, J_CHICKENPOX_72=0.6] autolearn=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id nJU0jUsoqTkQ for <spud@ietfa.amsl.com>;
Wed, 8 Apr 2015 15:21:24 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])
by ietfa.amsl.com (Postfix) with ESMTP id A43081A9059
for <spud@ietf.org>; Wed, 8 Apr 2015 15:21:24 -0700 (PDT)
Received: from fifthhorseman.net (unknown [38.109.115.130])
by che.mayfirst.org (Postfix) with ESMTPSA id 87189F984;
Wed, 8 Apr 2015 18:21:22 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000)
id 4953C20191; Wed, 8 Apr 2015 17:21:21 -0500 (CDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Toerless Eckert <eckert@cisco.com>
In-Reply-To: <20150408193920.GD24286@cisco.com>
References: <87iod631nv.fsf@alice.fifthhorseman.net>
<DM2PR0301MB06555C7D7F32A69214405D44A8FC0@DM2PR0301MB0655.namprd03.prod.outlook.com>
<20150408193920.GD24286@cisco.com>
User-Agent: Notmuch/0.18.2 (http://notmuchmail.org) Emacs/24.4.1
(x86_64-pc-linux-gnu)
Date: Wed, 08 Apr 2015 18:21:21 -0400
Message-ID: <871tju2rdq.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/220tPzdV8D32bGfi8u7KfJNQALs>
Cc: spud@ietf.org
Subject: Re: [Spud] SPUD's open/close are unconvincing
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>,
<mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>,
<mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Apr 2015 22:21:25 -0000
Hi Toerless--
On Wed 2015-04-08 15:39:21 -0400, Toerless Eckert wrote:
> a) I think one hope of SPUDs design is to make UDP look enough like
> TCP to persuade FWs (and similar middleboxes) to police / permit it
> as well as TCP flows are policed/permitted.
>
> b) If you don't like how it works, let me generalize the question,
> would like to hear your (and others) answers:
>
> What is the best possible design we can do to make UDP flows
> be equal or better permissible across WELL BEHAVED FW and similar
> middleboxes ? Please define "WELL BEHAVED"as part of your answer.
As i wrote to Joe, i'm not convinced that this is an answerable question
considering that no one has provided a technical argument yet for why
the enterprise firewall operators can't already do what we're talking
about here.
> c) If i read it correctly, SPUD can
>
> a) set up potentially multiple independent pipes across the same 5-tuple.
> b) A single pipe can go across different 5-tuples (multipath/mobility).
>
> These two features should explain why tracking 5-tuple as you
> suggest alone would not be sufficient.
>
> Btw: I am a fan of b), i don't think a) should be encouraged given
> experience with RTCweb. In that sense, the total number of
> pipes would even be equal or smaller than the number of 5 tuples.
This is an interesting point, thanks. I'd be curious to hear more
details about the RTCweb experience that have convinced you that (a)
should not be encouraged.
The trouble with (b), of course, is that in the multipath or mobility
case, the tube will continue its flow over different network segments,
which violates the goals people have described for open and close.
As i move to a new path, i'm deliberately not sending a Close message
(because i want to keep the tube open, right?) -- so what do the
middleboxes do?
And after i've moved to a new network and want to continue the same
tube, surely i won't indicate that the flow is opening (it's already
open). As a result, the equipment on the new path won't see the Open
message -- should they discard it now?
These arrangements seem in conflict to me.
Regards,
--dkg
> P.S.: Cool domain name. Is that indicative of the role you're planning
> to take in the discussion ? ;-))) (sorry, i can never resists these questions).
:)
- Re: [Spud] SPUD's open/close are unconvincing Joe Hildebrand (jhildebr)
- Re: [Spud] SPUD's open/close are unconvincing Toerless Eckert
- Re: [Spud] SPUD's open/close are unconvincing Christian Huitema
- [Spud] SPUD's open/close are unconvincing Daniel Kahn Gillmor
- Re: [Spud] SPUD's open/close are unconvincing Daniel Kahn Gillmor
- Re: [Spud] SPUD's open/close are unconvincing Christian Huitema
- Re: [Spud] SPUD's open/close are unconvincing Brian Trammell
- Re: [Spud] SPUD's open/close are unconvincing Caitlin Bestler
- Re: [Spud] SPUD's open/close are unconvincing Jana Iyengar
- Re: [Spud] SPUD's open/close are unconvincing Eliot Lear
- Re: [Spud] SPUD's open/close are unconvincing Tom Herbert
- Re: [Spud] SPUD's open/close are unconvincing Toerless Eckert
- Re: [Spud] SPUD's open/close are unconvincing Tom Herbert
- Re: [Spud] SPUD's open/close are unconvincing Toerless Eckert (eckert)
- Re: [Spud] SPUD's open/close are unconvincing Toerless Eckert
- Re: [Spud] SPUD's open/close are unconvincing Roland Bless
- Re: [Spud] SPUD's open/close are unconvincing Phillip Hallam-Baker
- Re: [Spud] SPUD's open/close are unconvincing Phillip Hallam-Baker
- Re: [Spud] SPUD's open/close are unconvincing Toerless Eckert
- Re: [Spud] SPUD's open/close are unconvincing Eliot Lear
- Re: [Spud] SPUD's open/close are unconvincing Brian Trammell
- Re: [Spud] SPUD's open/close are unconvincing Toerless Eckert
- Re: [Spud] SPUD's open/close are unconvincing Toerless Eckert
- Re: [Spud] SPUD's open/close are unconvincing Tom Herbert
- Re: [Spud] SPUD's open/close are unconvincing Toerless Eckert
- Re: [Spud] SPUD's open/close are unconvincing Eliot Lear
- Re: [Spud] SPUD's open/close are unconvincing Toerless Eckert
- Re: [Spud] SPUD's open/close are unconvincing Tom Herbert
- Re: [Spud] SPUD's open/close are unconvincing Caitlin Bestler
- Re: [Spud] SPUD's open/close are unconvincing Toerless Eckert
- Re: [Spud] SPUD's open/close are unconvincing Tom Herbert
- Re: [Spud] SPUD's open/close are unconvincing Yoav Nir
- Re: [Spud] SPUD's open/close are unconvincing Jana Iyengar
- Re: [Spud] SPUD's open/close are unconvincing Jana Iyengar
- Re: [Spud] SPUD's open/close are unconvincing Daniel Kahn Gillmor
- Re: [Spud] SPUD's open/close are unconvincing Eliot Lear