IETF Logo Mail Archive

Re: [Taps] TAPS Transports and ICMP

Karen Elisabeth Egede Nielsen <karen.nielsen@tieto.com> Thu, 16 July 2015 09:09 UTC

Return-Path: <karen.nielsen@tieto.com>
X-Original-To: taps@ietfa.amsl.com
Delivered-To: taps@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 746861A6EE7 for <taps@ietfa.amsl.com>; Thu, 16 Jul 2015 02:09:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Level:
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o2qZkDogq0YY for <taps@ietfa.amsl.com>; Thu, 16 Jul 2015 02:09:49 -0700 (PDT)
Received: from mail-ig0-x22d.google.com (mail-ig0-x22d.google.com [IPv6:2607:f8b0:4001:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0F501A21BC for <taps@ietf.org>; Thu, 16 Jul 2015 02:09:48 -0700 (PDT)
Received: by igcqs7 with SMTP id qs7so9057202igc.0 for <taps@ietf.org>; Thu, 16 Jul 2015 02:09:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tieto.com; s=google; h=from:references:in-reply-to:mime-version:thread-index:date :message-id:subject:to:cc:content-type; bh=7QL6NUymb5G9LsfHxRA7SHGEm2hnOSTDG/T5MWiN0B8=; b=DPFNWvVuCazx0CO2IBh704UuLlIeCj35hZgnQZZ0GsNG53neuo9xMLp5n49/Kx8Uvu NE4m9WwzxcWEBnehWpq79u+tmsraxJY8Y4qAXHb7Xgzwg5hjchrHESeenASACmxdWzwC RYDXJ95JPY+rcSZUjInnJiquziJn92Cu4IeRI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:references:in-reply-to:mime-version :thread-index:date:message-id:subject:to:cc:content-type; bh=7QL6NUymb5G9LsfHxRA7SHGEm2hnOSTDG/T5MWiN0B8=; b=akS+gto0tFDAptRu8X+k/YgDAvJQcm146x79NBGkrED9A8v23kPrDLiFpvXnNUMJdh zyRuljfkHJAUSJkYOO4dEapMVXQhVr0yylFemZ/BN5V9+6jDNESIKpJ/IWUg7eUWu8Pm M01aQ3cDXStEaANSmb2HSAFc9Dz/B6URx9oF4YP0fVXDbD6S+rx2F83wPA9BHkxOYetx TcRWzR5IwNzLffjqBer2b2AlonayjeUrZFYsXQZ09Gxwc3xh59zNehUrrLlrGyuRq7sv asZfNbjiMAYBfVyJafXO6Uy2rF9yUkwqvJUNEFK3B/H/Jz7gEHCdiRjyd8hXkkjvtD4y cUPg==
X-Gm-Message-State: ALoCoQkeM6VbnARt8f+owYIlVr2cDa0pxZRR7Hwn5T7C474yv9Q11YFgENUlTlEC5KZyRAiyhWJVCgrcAw90lt9PTZk9slB+9CQAiiOhGkrWLaYDkcA3jpQ=
X-Received: by 10.107.167.2 with SMTP id q2mr11426325ioe.109.1437037788374; Thu, 16 Jul 2015 02:09:48 -0700 (PDT)
From: Karen Elisabeth Egede Nielsen <karen.nielsen@tieto.com>
References: <00597CB8-D128-408A-8F35-BA98CDF45A62@cisco.com> <55707211.8010609@isi.edu> <26B9DE0B-4D38-430D-A9A1-921CD0067C70@cisco.com> <5570988A.6040208@isi.edu> <97FD8853-7345-40E9-A523-8AF53FB2303B@lurchi.franken.de> <2b5eb97add78e6c5b3c91b94080479da@mail.gmail.com> <55A6A53C.3010009@isi.edu> <b12ebf1f4f628e0cc38787a035ac0b92@mail.gmail.com> <86015ACB-0C19-41CF-B16E-765DD5DD29A6@lurchi.franken.de>
In-Reply-To: <86015ACB-0C19-41CF-B16E-765DD5DD29A6@lurchi.franken.de>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQE86SdgORCvliHFE703NIXCziGWLQKpHUkGAiiw3coBaHzujgJBSMcpAhGHtOcCr5vwOgHu+g0GAbkLt5OeflP6UA==
Date: Thu, 16 Jul 2015 11:09:47 +0200
Message-ID: <cd67801fe4dc3a5b37e382d58c0ce58d@mail.gmail.com>
To: Michael Tuexen <Michael.Tuexen@lurchi.franken.de>
Content-Type: text/plain; charset="UTF-8"
X-DomainID: tieto.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/taps/i5En1VxDEQ9tpDvCFzfvr_C8tAc>
Cc: "Pal Martinsen (palmarti)" <palmarti@cisco.com>, taps@ietf.org, Joe Touch <touch@isi.edu>
Subject: Re: [Taps] TAPS Transports and ICMP
X-BeenThere: taps@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussions on Transport Services <taps.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/taps>, <mailto:taps-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/taps/>
List-Post: <mailto:taps@ietf.org>
List-Help: <mailto:taps-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/taps>, <mailto:taps-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2015 09:09:51 -0000

HI Michael,

>>> Agreed, however the other ways that SCTP doesn't pass validated ICMPs
>>> to the user seems like a mistake to me.
>>>
>> [Karen ] I agree and we have for our SW recently discussed as to
>> whether we should implement such notification following the UDP and
>> TCP semantics. But at present none of our applications has the need
>> (on why that is, see below).
>Hi Karen,
>
>can you elaborate what ICMP related information you provide for TCP?
>
[Karen ] We provide information about received destination unreachable
ICMPs to users via socket api.
The same we do for (connected) UDP.

This we could also do for SCTP, but as said we don't do it (yet).

>My understanding is that if you follow
>https://tools.ietf.org/html/rfc1122#section-4.2.3.9
>and ignore Source Quench as specified in
>https://tools.ietf.org/html/rfc6633
>you end up honouring Destination Unreachable (protocol unreachable, port
>unreachable or fragmentation needed and DF set). I guess you can handle
this
>similar to an TCP RST in the API.
>Note: Not sure why "fragmentation needed and DF" SHOULD result in an
>abort. I would just use the information or PMTUD...
>I'm not sure how you expose Net unreachable, host unreachable or source
>route failed in the API. I think the sockets API doesn't do this.
>
>For SCTP, the port unreachable is ignored and for the protocol
unreachable it
>is a MUST abort. For the Net unreachable, host unreachable you might use
>this to indicate some soft error.

[Karen ] This might (the MAY) results in  hard trouble if the association
is closed due to entering of dormant state.
That's why we believe that this MAY reaction should be coupled with robust
dormant state handling.

However, the user is provided with the
>information, if requested, either about an association or path state
change.
[Karen ] Yes, but the user is not provided with the information that the
association was closed due to the receipt ICMPs.
[Karen ] Yes, but even if the information is provided, then closing the
association does not constitute a soft reaction.

BR, Karen
>
>Best regards
>Michael
>>
>>> In particular, destination unreachables can cause the SCTP connection
>>> to
>> go
>> [Karen ] MAY force. And this MAY of the RFC I  (and we) believe is
>> questionable.  We believe that for an implementation to support this
>> MAY the implementation MUST implement dormant state handling as
>> described (right now) in the SCTP Failover draft = SCTP continues to
>> transmit data also when the destinations are considered unreachable.
>> (and our SCTP implementations do this). Further we think that the
>> appropriate soft reaction to ICMP destination unreachable is to
>> increment the path error counter, NOT to mark the destination as
>> INACTIVE.
>> Hopefully we will see these things be clarified in future SCTP drafts
>> or ideally in the eventual RFC4960 revision.
>>
>>> into a dead state (mark the dest unreachable or increment the path
>>> error
>>> counter) without indicating anything to the user.
>>>
>> [Karen ] The state is not dead if "appropriate" dormant state handling
>> is implemented.
>>
>>> This seems incorrect to me, given the number of other ways in which
>>> SCTP
>> can
>>> shut down a connection (heartbeat failure, retransmission failre) and
>>> is supposed to pass that info to the user.
>>>
>> [Karen ] I agree that  when the association is closed as a direct
>> result of receipt of ICMPs then this should be communicated to the
Users.
>> The envisaged approach (from our side) is to define a new error code
>> for the sac_error of the SCTP_ASSOC_CHANGE (the notification of
>comm_LOST):
>>
>>   sac_error:  If the state was reached due to an error condition (e.g.,
>>      SCTP_COMM_LOST), any relevant error information is available in
>>      this field.  This corresponds to the protocol error codes defined
>>      in [RFC4960].
>>
>> Right now we have the possibility to use proprietary error codes here,
>> but we would like to go beyond that of course.
>>
>> For the destination error counter the information goes into the
>> spc_error of the SCTP_PEER_ADDR_CHANGE (the notification of
>> destination address unreachability).
>>
>> PLEASE allow me to explain the abstract API in terms of a concrete
>> one. I do understand the difference.
>> The new thing is that the abstract transport API, which if nothing
>> else exists in our heads and in our overall modeling, now with TAPS,
>> may be defined as a concrete one.
>> And I agree with everybody else that this is a good exercise and that
>> it is doomed to (correct and) improve things substantially.
>>
>>> So, IMO, this is a great example of why studying these APIs as
>> abstractions is
>>> important and would have prevented this (IMO) oversight.
>> [Karen ] We have studied this. But is only bringing this to the IETF
now.
>> Possibly to be addressed for RFC4960 revision.
>>>
>>> Or can someone in the SCTP team explain why shutting connections down
>>> due to other reasons is a user signal but validated ICMP signals are
not?
>> [Karen ] NA.
>>>
>>> Joe
>>>
>>> _______________________________________________
>>> Taps mailing list
>>> Taps@ietf.org
>>> https://www.ietf.org/mailman/listinfo/taps
>>

v2.23.0 | Report a Bug | By Email