IETF Logo Mail Archive

Re: [Spud] Return routability and feedback (was: Questions based on draft-trammell-spud-req-00)

Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch> Tue, 11 August 2015 09:38 UTC

Return-Path: <mirja.kuehlewind@tik.ee.ethz.ch>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFE8A1A6ED9 for <spud@ietfa.amsl.com>; Tue, 11 Aug 2015 02:38:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.91
X-Spam-Level:
X-Spam-Status: No, score=-3.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s2KGjo0JFY0L for <spud@ietfa.amsl.com>; Tue, 11 Aug 2015 02:38:26 -0700 (PDT)
Received: from smtp.ee.ethz.ch (smtp.ee.ethz.ch [129.132.2.219]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C5581A3BA7 for <spud@ietf.org>; Tue, 11 Aug 2015 02:38:26 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp.ee.ethz.ch (Postfix) with ESMTP id C7EA8D930B; Tue, 11 Aug 2015 11:38:24 +0200 (MEST)
X-Virus-Scanned: by amavisd-new on smtp.ee.ethz.ch
Received: from smtp.ee.ethz.ch ([127.0.0.1]) by localhost (.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id k-utzM9sX06z; Tue, 11 Aug 2015 11:38:24 +0200 (MEST)
Received: from [192.168.178.33] (x4d02d192.dyn.telefonica.de [77.2.209.146]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: mirjak) by smtp.ee.ethz.ch (Postfix) with ESMTPSA id 32FEBD9303; Tue, 11 Aug 2015 11:38:24 +0200 (MEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\))
From: =?utf-8?Q?Mirja_K=C3=BChlewind?= <mirja.kuehlewind@tik.ee.ethz.ch>
In-Reply-To: <55C9A2D5.9060304@kit.edu>
Date: Tue, 11 Aug 2015 11:38:22 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <0F26B0A9-8042-472D-92B0-9D2822B5D1A3@tik.ee.ethz.ch>
References: <1AFABFF2-B841-4B0D-867C-709683BEDC8D@tik.ee.ethz.ch> <55C9A2D5.9060304@kit.edu>
To: Roland Bless <roland.bless@kit.edu>
X-Mailer: Apple Mail (2.2102)
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/FMduWOMU9rp_JYQP2dAMCJEMCW4>
Cc: spud@ietf.org
Subject: Re: [Spud] Return routability and feedback (was: Questions based on draft-trammell-spud-req-00)
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2015 09:38:27 -0000

Hi Roland,

see below.

> Am 11.08.2015 um 09:23 schrieb Roland Bless <roland.bless@kit.edu>du>:
> 
> Hi,
> 
> Am 08.08.2015 um 11:16 schrieb Mirja Kühlewind:
>> 4) Return routability and feedback —-
>> 
>> a) 2WHS vs. 3WHS? —> SPUD should/must (?) provide a 2WHS, that means
>> an ACK in response to the initial packet should be generated by SPUD
>> even if the overlying protocol does not support this semantic. Note
>> this mean the ACK may only have a SPUD header but no overlying
>> protocol data.  This would make all SPUD flows/tubes bidirectional.
> 
> But potentially hitting different middleboxes along asymmetric paths,
> i.e., the ACK is routed back along a different path than the initial
> packet. A 2WHS is also vulnerable against state exhaustion attacks.
> 
>> Further SPUD should also provided the semantics for an 3WHS but may
>> only send a third packet if the overlying protocol implements it or
>> there is another reason for the application to explicitly request a
>> SPUD-only 3WHS.
> 
>> From a security perspective, a 3WHS with a DoS protection cookie would
> be the most reasonable option.
> 
>> b) Does the semantics of the SPUD protocol need to provide an
>> explicit start signal as well as start/ack signal? -> Yes, start is
>> needed to distinguish start and middle of a tube; ack is needed to
>> finally set up state. However, not clear yet if all SPUD tubes MUST
>> send a start signal or only SHOULD. If a start was received, however,
>> a ACK must be sent…?
> 
> See above. On the one hand an ACK is maybe not enough to set up state. A
> SYN Flood would otherwise also set up state in the SPUD box. On the
> other hand, SPUD boxes must be prepared to react to flows/tubes that
> neither have Start, ACK, or Close due to temporary re-routing events.
> 
>> c) Should it be possible to send multiple START signal on the same
>> tube (e.g to re-initiate state)? -> Not clear if this is really
>> needed
> 
> I don't think that it is needed, see previous point.
> 
>> c) Is a stop flag needed/useful? —> Yes (faster state tear-down), but
>> the overlying protocol must be resilient to it not being sent, not
>> being received.​
> 
> I don't understand this, is that different from a close?

No, it’s close. The question is do we need an explicate signal for close (and maybe even close/ack) or is it sufficient to just let the state time out because middleboxes anyway need a timer as they can never rely on seeing a close.

Mirja

> 
> Regards,
> Roland
> 
> _______________________________________________
> Spud mailing list
> Spud@ietf.org
> https://www.ietf.org/mailman/listinfo/spud

v2.8.7 | Report a Bug | By Email