Re: [Spud] Return routability and feedback (was: Questions based on draft-trammell-spud-req-00)
Roland Bless <roland.bless@kit.edu> Tue, 11 August 2015 07:23 UTC
Return-Path: <roland.bless@kit.edu>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 5041A1A1ABF
for <spud@ietfa.amsl.com>; Tue, 11 Aug 2015 00:23:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.951
X-Spam-Level:
X-Spam-Status: No, score=-1.951 tagged_above=-999 required=5
tests=[BAYES_40=-0.001, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-2.3]
autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id zzhtOiSNG14X for <spud@ietfa.amsl.com>;
Tue, 11 Aug 2015 00:23:04 -0700 (PDT)
Received: from iramx2.ira.uni-karlsruhe.de (iramx2.ira.uni-karlsruhe.de
[141.3.10.81])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 4FD151A1ABB
for <spud@ietf.org>; Tue, 11 Aug 2015 00:23:03 -0700 (PDT)
Received: from i72vorta.tm.uni-karlsruhe.de ([141.3.71.26]
helo=i72vorta.tm.kit.edu)
by iramx2.ira.uni-karlsruhe.de with esmtp port 25
iface 141.3.10.81 id 1ZP3tl-0006FU-Mq
for <spud@ietf.org>; Tue, 11 Aug 2015 09:23:01 +0200
Received: from [IPv6:::1] (localhost [127.0.0.1])
by i72vorta.tm.kit.edu (Postfix) with ESMTPS id 933F1B00505
for <spud@ietf.org>; Tue, 11 Aug 2015 09:23:01 +0200 (CEST)
Message-ID: <55C9A2D5.9060304@kit.edu>
Date: Tue, 11 Aug 2015 09:23:01 +0200
From: Roland Bless <roland.bless@kit.edu>
Organization: Institute of Telematics, Karlsruhe Institute of Technology (KIT)
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.8.0.1) Gecko/20060111 Thunderbird/1.5 Mnenhy/0.7.3.0
MIME-Version: 1.0
To: spud@ietf.org
References: <1AFABFF2-B841-4B0D-867C-709683BEDC8D@tik.ee.ethz.ch>
In-Reply-To: <1AFABFF2-B841-4B0D-867C-709683BEDC8D@tik.ee.ethz.ch>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-ATIS-AV: ClamAV (iramx2.ira.uni-karlsruhe.de)
X-ATIS-Timestamp: iramx2.ira.uni-karlsruhe.de 1439277781.
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/5V37IvzrodWoudbOu1uvGZrs8Uc>
Subject: Re: [Spud] Return routability and feedback (was: Questions based on
draft-trammell-spud-req-00)
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>,
<mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>,
<mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2015 07:23:06 -0000
Hi, Am 08.08.2015 um 11:16 schrieb Mirja Kühlewind: > 4) Return routability and feedback —- > > a) 2WHS vs. 3WHS? —> SPUD should/must (?) provide a 2WHS, that means > an ACK in response to the initial packet should be generated by SPUD > even if the overlying protocol does not support this semantic. Note > this mean the ACK may only have a SPUD header but no overlying > protocol data. This would make all SPUD flows/tubes bidirectional. But potentially hitting different middleboxes along asymmetric paths, i.e., the ACK is routed back along a different path than the initial packet. A 2WHS is also vulnerable against state exhaustion attacks. > Further SPUD should also provided the semantics for an 3WHS but may > only send a third packet if the overlying protocol implements it or > there is another reason for the application to explicitly request a > SPUD-only 3WHS. >From a security perspective, a 3WHS with a DoS protection cookie would be the most reasonable option. > b) Does the semantics of the SPUD protocol need to provide an > explicit start signal as well as start/ack signal? -> Yes, start is > needed to distinguish start and middle of a tube; ack is needed to > finally set up state. However, not clear yet if all SPUD tubes MUST > send a start signal or only SHOULD. If a start was received, however, > a ACK must be sent…? See above. On the one hand an ACK is maybe not enough to set up state. A SYN Flood would otherwise also set up state in the SPUD box. On the other hand, SPUD boxes must be prepared to react to flows/tubes that neither have Start, ACK, or Close due to temporary re-routing events. > c) Should it be possible to send multiple START signal on the same > tube (e.g to re-initiate state)? -> Not clear if this is really > needed I don't think that it is needed, see previous point. > c) Is a stop flag needed/useful? —> Yes (faster state tear-down), but > the overlying protocol must be resilient to it not being sent, not > being received. I don't understand this, is that different from a close? Regards, Roland
- [Spud] Questions based on draft-trammell-spud-req… Mirja Kühlewind
- Re: [Spud] Questions based on draft-trammell-spud… Toerless Eckert
- Re: [Spud] Return routability and feedback (was: … Roland Bless
- Re: [Spud] Return routability and feedback (was: … Mirja Kühlewind
- Re: [Spud] Return routability and feedback Bless, Roland (TM)
- Re: [Spud] Questions based on draft-trammell-spud… Tom Herbert
- [Spud] Authentication and packet reflection [was:… Mirja Kühlewind
- Re: [Spud] Return routability and feedback (was: … Jana Iyengar
- Re: [Spud] Return routability and feedback (was: … Ted Hardie
- Re: [Spud] Authentication and packet reflection [… Tom Herbert
- Re: [Spud] Return routability and feedback Joe Touch