Re: [tcpm] FW: Review of draft-bagnulo-tcpm-generalized-ecn (David Black)
Bob Briscoe <ietf@bobbriscoe.net> Tue, 18 April 2017 09:40 UTC
Return-Path: <ietf@bobbriscoe.net>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9A16129A91 for <tcpm@ietfa.amsl.com>; Tue, 18 Apr 2017 02:40:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=bobbriscoe.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id raB1Vz7p7fbi for <tcpm@ietfa.amsl.com>; Tue, 18 Apr 2017 02:40:54 -0700 (PDT)
Received: from server.dnsblock1.com (server.dnsblock1.com [85.13.236.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CE54129A9B for <tcpm@ietf.org>; Tue, 18 Apr 2017 02:40:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bobbriscoe.net; s=default; h=Content-Type:In-Reply-To:MIME-Version:Date: Message-ID:From:Cc:References:To:Subject:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=oab7e+t0iJTpcrUZWJO7IL9U7oqqI7IhE8Sdc6ime68=; b=8nkP7YSrgCzZdZdFB3BMXHkZF prM57EgLNREaK4J0HLxQ0T/ofjZN7fLNTYI0/F1urIY0cHUEAvAZFdmhpKaBkn7iOBPNfuxsYQwr6 pMncfDNufrIOBe3pHNzR6RzpwrNrlqBtyAWrV8lJa8BXqoHoCL+RWIBxLjtfda0vUQo3DJW34F+Km WR651qUgRigbZnIAOOkZBfUKQiDJPvyuI8ihKqqwg5kJaK9MlBCm6W51+oFCfLIM71Z9i+aloxQOU U0tENYawCdDU00UorDTVaPK3Wv1ftBTKeMpcgHUSUj3nanp47yYqeIiL8MuK9ch0WDk76LHz8rzPZ oWErMJcQg==;
Received: from 188.6.208.46.dyn.plus.net ([46.208.6.188]:44628 helo=[192.168.0.2]) by server.dnsblock1.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89) (envelope-from <ietf@bobbriscoe.net>) id 1d0Pcx-0006XZ-Dm; Tue, 18 Apr 2017 10:40:51 +0100
To: "Black, David" <David.Black@dell.com>, "tcpm@ietf.org" <tcpm@ietf.org>, Mirja Kuehlewind <mirja.kuehlewind@tik.ee.ethz.ch>
References: <CE03DB3D7B45C245BCA0D243277949362F9B2DB4@MX307CL04.corp.emc.com> <3d53f6a4-697b-0c7a-8c71-524890312beb@bobbriscoe.net> <CE03DB3D7B45C245BCA0D243277949362F9B3960@MX307CL04.corp.emc.com> <5a4e46a0-bde7-8de5-f6a3-354f06fd9058@bobbriscoe.net> <94ff22d6-69b3-164a-8bdb-07149f3e58b3@bobbriscoe.net>
From: Bob Briscoe <ietf@bobbriscoe.net>
Message-ID: <9796d961-292e-e257-a2d8-c0321f61b31a@bobbriscoe.net>
Date: Tue, 18 Apr 2017 10:40:50 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <94ff22d6-69b3-164a-8bdb-07149f3e58b3@bobbriscoe.net>
Content-Type: multipart/alternative; boundary="------------E7B35680930C707647B26088"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server.dnsblock1.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bobbriscoe.net
X-Get-Message-Sender-Via: server.dnsblock1.com: authenticated_id: in@bobbriscoe.net
X-Authenticated-Sender: server.dnsblock1.com: in@bobbriscoe.net
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/1Ghh7ElhBta47jzsKT0qVJWXPvQ>
Subject: Re: [tcpm] FW: Review of draft-bagnulo-tcpm-generalized-ecn (David Black)
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Apr 2017 09:40:57 -0000
David, Mirja, list, Thanks again for your reviews of the -00. I've been busy over the w/e after thinking more deeply about some of your comments and after realizing that RFC3168 contained an assumption that a single pure ACK implies that all other packets in that direction are pure ACKs, which is not true in general. We've produced another rev (draft-bagnulo-tcpm-generalized-ecn-02 <https://tools.ietf.org/html/draft-bagnulo-tcpm-generalized-ecn-02>). This is a general invitation for anyone on the list, including you two, to review this again, so we can ask for an informed adoption call. We need people with the following expertise: * TCP hijacking and DoS/flooding attacks * Specific TCP implementations (Linux, FreeBSD, iOS, Windows, etc). * All the common variants of TCP We have identified clearly where decisions are needed. As well as where more measurements are needed. Main changes: * Moved more discursive text from S.3 (Spec) to S.5 (Arguments against RFCs) * Major changes to Pure ACK sections and the reliability argument, to address Mirja's arguments better, and to separately address cwnd response (required) and ACK-rate response (optional but not required). * Referred to Network Behaviour in ecn-experimentation, rather than repeating it. * Fixed description of window probe. * Recommended RFC 5961, which gives much stronger packet validity checks for retransmissions, RSTs & FINs. Cheers Bob On 14/04/17 02:13, Bob Briscoe wrote: > David, > > I hope you will find that I have addressed all your concerns - so at > least you will be able to understand it now. > The draft is now unexpired. > > I have also addressed all the points in Mirja's review (some > intersecting with your points). > > You will see that it's actually turned into quite a major re-write. > The diff is nearly total, mainly cos I was turning Spanglish into > English as I went (Marcelo, it was quite understandable, but just not > quite how a native English speaker would say it). > > However, I have changed technical points in a few places too - the > more one thinks about this, the more depth one finds. > > I just noticed I missed one of your nits (shortening the definition of > Retransmission), which I have already fixed in my local copy of the > xml for the next rev. > > > > Bob > > > On 08/04/17 01:11, Bob Briscoe wrote: >> David, >> >> On 2) I intend to replace the whole of "3.1 Network behaviour" with >> the following, which calls out the cases explicitly: >> >> Previously RFC3168 required the sender to set not-ECT on certain TCP >> control packets. Some readers might have erroneously interpreted this >> aspect of RFC3168 as a requirement for firewalls, intrusion detection >> systems, etc. to check and enforce this behaviour. Now that the >> present experimental specification allows TCP senders to set ECT on >> all TCP packets (control and data), it needs to be clear that a >> firewall (or any network node) SHOULD NOT treat any ECT packet >> differently dependent on what type of TCP packet it is. >> >> One potential exception is envisaged, otherwise the previous sentence >> could have said "MUST NOT" rather than "SHOULD NOT". The exception >> allows a security function that has detected an ongoing attack to >> drop more ECT marked SYNs than not-ECT marked SYNs. Such a policy >> SHOULD NOT be applied routinely. It SHOULD only be applied if an >> attack is detected, and then only if it is determined that the ECT >> capability is intensifying the attack. >> >> >> Bob >> >> On 07/04/17 23:33, Black, David wrote: >>> Bob, >>> >>> Two comments: >>> >>> 1) I'll wait for new text before commenting further on Accurate ECN >>> vs. vanilla RFC 3168 ECN. The current text left me somewhat >>> confused, and the summary of changes from RFC 3168 will almost >>> certainly help. >>> >>> 2) On network node treatment of ECT, RFC 3168 is brief, e.g. >>> (Section 5, top of p.7): >>> >>> The CE codepoint '11' is set by a router to indicate congestion to >>> the end nodes. >>> >>> One wants to avoid text that could be read as modifying that >>> sentence by adding possible exceptions for TCP control packets >>> and/or retransmissions. >>> >>>> [BB] Unfortunately, RFC3168 does not specify anything about network >>>> node >>>> forwarding behaviour wrt ECT. So some firewall policies could have >>>> decided to block any TCP control packets that contravene RFC3168. >>>> That's >>>> why we wrote this section. >>> If "firewalls" is what was meant, use that word ;-) ... or as you >>> write ... >>> >>>> However I admit that, by not explaining that DPI was the problem we >>>> were >>>> trying to solve, rather than removing any ambiguity that might have >>>> been >>>> interpreted as a need for DPI. We'll fix this. >>> In doing so, please keep in mind that in this draft, discussion of >>> forwarding and dropping behavior is implicitly about router queue >>> management, not middlebox access control (e.g., based on DPI), so >>> access control has to be called out explicitly when that is what is >>> meant. >>> >>> Thanks, --David >>> >> >> > -- ________________________________________________________________ Bob Briscoe http://bobbriscoe.net/
- Re: [tcpm] FW: Review of draft-bagnulo-tcpm-gener… Bob Briscoe
- Re: [tcpm] FW: Review of draft-bagnulo-tcpm-gener… Black, David
- Re: [tcpm] FW: Review of draft-bagnulo-tcpm-gener… Bob Briscoe
- Re: [tcpm] FW: Review of draft-bagnulo-tcpm-gener… Bob Briscoe
- Re: [tcpm] FW: Review of draft-bagnulo-tcpm-gener… Mirja Kühlewind
- Re: [tcpm] FW: Review of draft-bagnulo-tcpm-gener… Bob Briscoe
- Re: [tcpm] Review of draft-bagnulo-tcpm-generaliz… Mirja Kühlewind
- Re: [tcpm] FW: Review of draft-bagnulo-tcpm-gener… Bob Briscoe
- Re: [tcpm] Review of draft-bagnulo-tcpm-generaliz… Bob Briscoe
- [tcpm] FW: Review of draft-bagnulo-tcpm-generaliz… Black, David