Re: [tcpm] About the SYN/ACK-timer
Jakob Heitz <jakob.heitz@ericsson.com> Mon, 31 December 2012 19:24 UTC
Return-Path: <jakob.heitz@ericsson.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BBB121F884D for <tcpm@ietfa.amsl.com>; Mon, 31 Dec 2012 11:24:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.429
X-Spam-Level:
X-Spam-Status: No, score=-6.429 tagged_above=-999 required=5 tests=[AWL=0.170, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ox3FVOS4ejCn for <tcpm@ietfa.amsl.com>; Mon, 31 Dec 2012 11:24:30 -0800 (PST)
Received: from imr3.ericy.com (imr3.ericy.com [198.24.6.13]) by ietfa.amsl.com (Postfix) with ESMTP id 8E05C21F884A for <tcpm@ietf.org>; Mon, 31 Dec 2012 11:24:30 -0800 (PST)
Received: from EUSAAHC004.ericsson.se ([147.117.188.84]) by imr3.ericy.com (8.13.8/8.13.8) with ESMTP id qBVJOTuK023513 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 31 Dec 2012 13:24:29 -0600
Received: from EUSAAMB109.ericsson.se ([147.117.188.126]) by EUSAAHC004.ericsson.se ([147.117.188.84]) with mapi id 14.02.0318.004; Mon, 31 Dec 2012 14:24:28 -0500
From: Jakob Heitz <jakob.heitz@ericsson.com>
To: Michael Welzl <michawe@ifi.uio.no>, "tcpm (tcpm@ietf.org)" <tcpm@ietf.org>
Thread-Topic: [tcpm] About the SYN/ACK-timer
Thread-Index: AQHN5b8Stu8nYED5FE+WsO7zyjvHrZgwFqsMgAFYDACAAHPGAP//xaCNgABbY4CAAACVAP//tpv7gABzqwCAANDSAIAATjzO
Date: Mon, 31 Dec 2012 19:24:28 +0000
Message-ID: <68C68DEB-B178-4980-A581-7909CC3FD947@ericsson.com>
References: <882A42E5-6B54-4334-97B0-C574D8A1D714@ifi.uio.no> <9797BC06-420A-467D-8B0F-A9FDFD30F06D@ericsson.com> <50E00E8E.40204@tlc.polito.it> <50E06FAC.80200@isi.edu> <96C14B42-81DD-49E3-A795-03B21425552F@ericsson.com> <50E08B5D.1000003@isi.edu> <50E08BDA.8030102@isi.edu> <D564379D-BD6B-435E-9B59-B0BAB7CFD961@ericsson.com> <C7526105-B5C0-46B0-9CF9-C46EED28C79A@isi.edu>, <2C87EAC5-4BF7-4A30-BAF5-4A9C113EF9EE@ifi.uio.no>
In-Reply-To: <2C87EAC5-4BF7-4A30-BAF5-4A9C113EF9EE@ifi.uio.no>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [tcpm] About the SYN/ACK-timer
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Dec 2012 19:24:31 -0000
I have an alternative to cookies. Send data with the SYN. When retransmission of the SYN is required, retransmit it without the data. Retransmit the SYN quickly: 100 to 200 mS. It works with Middleboxes. SYN flood protection works as normal, just bias it against SYN with data. Cheers, Jakob. On Dec 31, 2012, at 1:44 AM, "Michael Welzl" <michawe@ifi.uio.no> wrote: > Hi, > > About data-in-the-SYN: I agree with Joe that this has been debated a lot already - see https://tools.ietf.org/html/draft-ietf-tcpm-fastopen-02 and the discussions surrounding it. FWIW this draft is a (IMHO, good) proposal to do what you want, in the right way > > Cheers, > Michael > > > On Dec 30, 2012, at 10:17 PM, Joe Touch <touch@isi.edu> wrote: > >> >> >> On Dec 30, 2012, at 11:23 AM, Jakob Heitz <jakob.heitz@ericsson.com> wrote: >> >>> On Dec 30, 2012, at 10:46 AM, "Joe Touch" <touch@isi.edu> wrote: >>>> >>>> ...if it is to have any real effect. You can send data in the SYN now, but the server can't deliver it to the app layer until the three-way handshake completes. And it also increases the amount of state for pending connections, increasing the impact of DOS attacks. >>>> >>>> Joe >>> >>> It could, with a change to the sockets API. >> >> No, it cannot without a change in CTO semantics, which affects the state diagram and its processing on both ends - which also changes the meaning of an ack and the concept of reliability. >> >> There is a lot required, and for the first connection to a site it won't work to allow the server to act on data before a connection has been established. >> >> This is well- trod ground. >> >> Joe >> >>> Of course, the app will need to participate in SYN flood protection, but that's not impossible given the right architecture. >>> >>> -- >>> Jakob Heitz. >>> >> _______________________________________________ >> tcpm mailing list >> tcpm@ietf.org >> https://www.ietf.org/mailman/listinfo/tcpm >
- [tcpm] About the SYN/ACK-timer Michael Welzl
- Re: [tcpm] About the SYN/ACK-timer Marco Mellia
- Re: [tcpm] About the SYN/ACK-timer Jakob Heitz
- Re: [tcpm] About the SYN/ACK-timer Michael Welzl
- Re: [tcpm] About the SYN/ACK-timer Michael Welzl
- Re: [tcpm] About the SYN/ACK-timer Marco Mellia
- Re: [tcpm] About the SYN/ACK-timer Joe Touch
- Re: [tcpm] About the SYN/ACK-timer Jakob Heitz
- Re: [tcpm] About the SYN/ACK-timer Mikael Abrahamsson
- Re: [tcpm] About the SYN/ACK-timer Joe Touch
- Re: [tcpm] About the SYN/ACK-timer Joe Touch
- Re: [tcpm] About the SYN/ACK-timer Agarwal, Anil
- Re: [tcpm] About the SYN/ACK-timer Jakob Heitz
- Re: [tcpm] About the SYN/ACK-timer Joe Touch
- Re: [tcpm] About the SYN/ACK-timer Mark Allman
- Re: [tcpm] About the SYN/ACK-timer Mikael Abrahamsson
- Re: [tcpm] About the SYN/ACK-timer Michael Welzl
- Re: [tcpm] About the SYN/ACK-timer Agarwal, Anil
- Re: [tcpm] About the SYN/ACK-timer Jakob Heitz
- Re: [tcpm] About the SYN/ACK-timer Scharf, Michael (Michael)
- Re: [tcpm] About the SYN/ACK-timer Jakob Heitz
- Re: [tcpm] About the SYN/ACK-timer Scharf, Michael (Michael)
- Re: [tcpm] About the SYN/ACK-timer Mikael Abrahamsson
- Re: [tcpm] About the SYN/ACK-timer Mark Allman
- Re: [tcpm] About the SYN/ACK-timer Jakob Heitz
- Re: [tcpm] About the SYN/ACK-timer Yoshifumi Nishida
- Re: [tcpm] About the SYN/ACK-timer Michael Welzl
- Re: [tcpm] About the SYN/ACK-timer Jakob Heitz
- Re: [tcpm] About the SYN/ACK-timer Scharf, Michael (Michael)
- Re: [tcpm] About the initial SYN/ACK RTO Marco Mellia
- Re: [tcpm] About the SYN/ACK-timer Jakob Heitz
- Re: [tcpm] About the SYN/ACK-timer Yuchung Cheng
- Re: [tcpm] About the SYN/ACK-timer Jakob Heitz
- Re: [tcpm] About the SYN/ACK-timer David Borman
- Re: [tcpm] About the SYN/ACK-timer Jakob Heitz
- Re: [tcpm] About the SYN/ACK-timer David Borman
- Re: [tcpm] About the SYN/ACK-timer Scharf, Michael (Michael)
- Re: [tcpm] About the SYN/ACK-timer Jakob Heitz