Re: [Spud] Return routability and feedback (was: Questions based on draft-trammell-spud-req-00)
Ted Hardie <ted.ietf@gmail.com> Tue, 11 August 2015 20:28 UTC
Return-Path: <ted.ietf@gmail.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 8D95A1AD23D
for <spud@ietfa.amsl.com>; Tue, 11 Aug 2015 13:28:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id O3zsayJC-Nds for <spud@ietfa.amsl.com>;
Tue, 11 Aug 2015 13:28:57 -0700 (PDT)
Received: from mail-wi0-x236.google.com (mail-wi0-x236.google.com
[IPv6:2a00:1450:400c:c05::236])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 75B6D1AC3E6
for <spud@ietf.org>; Tue, 11 Aug 2015 13:28:56 -0700 (PDT)
Received: by wicne3 with SMTP id ne3so75704264wic.0
for <spud@ietf.org>; Tue, 11 Aug 2015 13:28:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:cc:content-type;
bh=5L7Fc+qv6i/OYC7BIFPgw8qgYCxgZUpzO7bg29cb9eU=;
b=skABQy+rp49JIwW6lLtNghKJCAkn6IzAyNjozMZbbJlcDbcE96MNSscsyoMUqP9DuT
N/Kf8Ff8J3tplGPV8gIFZ5DVQQPygWijoPwkcNycrKRJlepFLPCvZ20Nn2vgil9AsULQ
/etKseu9LDQsecWaH8P7Lru29g7KyDeIoAxsAojxTDRiO3iyyn5m2CfN53BjDdukBfSE
Sts9vGjzvTRBSncHsirFNNzOIIZizRcES5bmrgpa/PYwFxCi0dmChNzxAuqNruztILrT
6h4xyzbZLeHtE6lZhjZmMLBRw2dGUKUY3pY8KOuNXvRZXjk/lU6KWONNSkZxdgQqgK0/
odLg==
MIME-Version: 1.0
X-Received: by 10.194.122.97 with SMTP id lr1mr59624106wjb.26.1439324935049;
Tue, 11 Aug 2015 13:28:55 -0700 (PDT)
Received: by 10.194.17.68 with HTTP; Tue, 11 Aug 2015 13:28:54 -0700 (PDT)
In-Reply-To: <CAGD1bZbQu4GrmZSfgYiGhTMxQLoQmhMG+MiLASvqPFZT0s2FGQ@mail.gmail.com>
References: <1AFABFF2-B841-4B0D-867C-709683BEDC8D@tik.ee.ethz.ch>
<55C9A2D5.9060304@kit.edu>
<0F26B0A9-8042-472D-92B0-9D2822B5D1A3@tik.ee.ethz.ch>
<CAGD1bZbQu4GrmZSfgYiGhTMxQLoQmhMG+MiLASvqPFZT0s2FGQ@mail.gmail.com>
Date: Tue, 11 Aug 2015 13:28:54 -0700
Message-ID: <CA+9kkMABHNENtU8VrMBhAxp2U7C0hWQJmfApEYDYRTEH=F0uLg@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: Jana Iyengar <jri@google.com>
Content-Type: multipart/alternative; boundary=089e01228c70785979051d0ef31a
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/eQPG98DCyB9kjE7gYUu1fCec1kI>
Cc: Roland Bless <roland.bless@kit.edu>,
=?UTF-8?Q?Mirja_K=C3=BChlewind?= <mirja.kuehlewind@tik.ee.ethz.ch>,
"spud@ietf.org" <spud@ietf.org>
Subject: Re: [Spud] Return routability and feedback (was: Questions based on
draft-trammell-spud-req-00)
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>,
<mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>,
<mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2015 20:28:59 -0000
On Tue, Aug 11, 2015 at 10:59 AM, Jana Iyengar <jri@google.com> wrote: > A quick thought on explicit close, FWIW. Sending an explicit close packet > often involves a client or a server sending a packet, usually after some > amount of quiescence. When on a cellular device, this requires the device > to pull up the radio and spend energy on sending/receiving a packet that > basically contains little to no information. This design is generally being > eschewed in favor of a connection timeout at the ends, especially when the > endpoints can negotiate on a timeout period. > > So, the problem with this approach is that the negotiation of the timeout period doesn't involve just the endpoints; it involves the network elements that are maintain state and allocations. To keep them at their task, lots of systems send heartbeat packets at regular intervals when no other traffic is present. Those also wake the radio and consume battery. So, whether the trade-off with an explicit close is worth may depend on the traffic pattern of the application and the state being held in the network. In some cases, the close message would go with the last packet, and so be "free" from a radio perspective. I'd guess that it would generally be worth it in any system containing a SPUD-compliant NAT or STUN server, but there are cases (DNS over SPUD) where even then it might not be a win for the client. But the client itself is the best judge of this, which is why I favor including the functionality, but making it optional. All the systems have to be redundant to that packet being lost anyway. > One way for a middlebox to learn about connection close would be to have > an explicit negotiation in SPUD that is visible to the network... but I > don't think that relying on connection close packets for signaling a > connection's termination is going to be adequate. > > From a coding perspective, that seems to be really painful. When some Harry Potter app uses 17 second timeouts in homage to the Galleon, it's going to need custom timers. Ted > On Tue, Aug 11, 2015 at 2:38 AM, Mirja Kühlewind < > mirja.kuehlewind@tik.ee.ethz.ch> wrote: > >> Hi Roland, >> >> see below. >> >> > Am 11.08.2015 um 09:23 schrieb Roland Bless <roland.bless@kit.edu>du>: >> > >> > Hi, >> > >> > Am 08.08.2015 um 11:16 schrieb Mirja Kühlewind: >> >> 4) Return routability and feedback —- >> >> >> >> a) 2WHS vs. 3WHS? —> SPUD should/must (?) provide a 2WHS, that means >> >> an ACK in response to the initial packet should be generated by SPUD >> >> even if the overlying protocol does not support this semantic. Note >> >> this mean the ACK may only have a SPUD header but no overlying >> >> protocol data. This would make all SPUD flows/tubes bidirectional. >> > >> > But potentially hitting different middleboxes along asymmetric paths, >> > i.e., the ACK is routed back along a different path than the initial >> > packet. A 2WHS is also vulnerable against state exhaustion attacks. >> > >> >> Further SPUD should also provided the semantics for an 3WHS but may >> >> only send a third packet if the overlying protocol implements it or >> >> there is another reason for the application to explicitly request a >> >> SPUD-only 3WHS. >> > >> >> From a security perspective, a 3WHS with a DoS protection cookie would >> > be the most reasonable option. >> > >> >> b) Does the semantics of the SPUD protocol need to provide an >> >> explicit start signal as well as start/ack signal? -> Yes, start is >> >> needed to distinguish start and middle of a tube; ack is needed to >> >> finally set up state. However, not clear yet if all SPUD tubes MUST >> >> send a start signal or only SHOULD. If a start was received, however, >> >> a ACK must be sent…? >> > >> > See above. On the one hand an ACK is maybe not enough to set up state. A >> > SYN Flood would otherwise also set up state in the SPUD box. On the >> > other hand, SPUD boxes must be prepared to react to flows/tubes that >> > neither have Start, ACK, or Close due to temporary re-routing events. >> > >> >> c) Should it be possible to send multiple START signal on the same >> >> tube (e.g to re-initiate state)? -> Not clear if this is really >> >> needed >> > >> > I don't think that it is needed, see previous point. >> > >> >> c) Is a stop flag needed/useful? —> Yes (faster state tear-down), but >> >> the overlying protocol must be resilient to it not being sent, not >> >> being received. >> > >> > I don't understand this, is that different from a close? >> >> No, it’s close. The question is do we need an explicate signal for close >> (and maybe even close/ack) or is it sufficient to just let the state time >> out because middleboxes anyway need a timer as they can never rely on >> seeing a close. >> >> Mirja >> >> > >> > Regards, >> > Roland >> > >> > _______________________________________________ >> > Spud mailing list >> > Spud@ietf.org >> > https://www.ietf.org/mailman/listinfo/spud >> >> _______________________________________________ >> Spud mailing list >> Spud@ietf.org >> https://www.ietf.org/mailman/listinfo/spud >> > > > _______________________________________________ > Spud mailing list > Spud@ietf.org > https://www.ietf.org/mailman/listinfo/spud > >
- [Spud] Questions based on draft-trammell-spud-req… Mirja Kühlewind
- Re: [Spud] Questions based on draft-trammell-spud… Toerless Eckert
- Re: [Spud] Return routability and feedback (was: … Roland Bless
- Re: [Spud] Return routability and feedback (was: … Mirja Kühlewind
- Re: [Spud] Return routability and feedback Bless, Roland (TM)
- Re: [Spud] Questions based on draft-trammell-spud… Tom Herbert
- [Spud] Authentication and packet reflection [was:… Mirja Kühlewind
- Re: [Spud] Return routability and feedback (was: … Jana Iyengar
- Re: [Spud] Return routability and feedback (was: … Ted Hardie
- Re: [Spud] Authentication and packet reflection [… Tom Herbert
- Re: [Spud] Return routability and feedback Joe Touch