IETF Logo Mail Archive

Re: [tcpm] ECN++ on Pure ACKs if SACK stripped

Bob Briscoe <ietf@bobbriscoe.net> Sat, 25 November 2023 11:45 UTC

Return-Path: <ietf@bobbriscoe.net>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDD6CC15C289 for <tcpm@ietfa.amsl.com>; Sat, 25 Nov 2023 03:45:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=bobbriscoe.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HUoEGnT5Lhp0 for <tcpm@ietfa.amsl.com>; Sat, 25 Nov 2023 03:45:41 -0800 (PST)
Received: from mail-ssdrsserver2.hostinginterface.eu (mail-ssdrsserver2.hostinginterface.eu [185.185.85.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11F22C1519B6 for <tcpm@ietf.org>; Sat, 25 Nov 2023 03:45:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bobbriscoe.net; s=default; h=In-Reply-To:From:References:Cc:To:Subject: MIME-Version:Date:Message-ID:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=CtW1T3shHC55N7OTrKNulsnKRejEst9Fucb565D5sqI=; b=8Xq2dQJ4+SeUuhmPFuHvqnKXva AV1LA/PIE0BinnQbPeyu2rzxRNlytvnwDAIh3XmN+8V2vQEJVwgDz+uYEYDnHumZVBwK+OVciq/ip +ilDEMQLyQ4Xy5RgPLEB701eQgJxJuwLopr1/F4LxvbOfTWLEECzyKWyqk1jheV2PrDHcEUe41PuO znL2fXiBOkvnatCsFCaivh4sKB6DFlJGhs9zVR7ESdXHX8h/Y3pBhRTWT/HarfDV4VwvvnloE6fE7 x9kLARdsJkWuQCpFLqcC04Dgt2TkiwLRnkILknVEnHHuGElM1x3IGfPTATvP8DqCD26WNgA4CkP3m vB5MEp0Q==;
Received: from 67.153.238.178.in-addr.arpa ([178.238.153.67]:44888 helo=[192.168.1.29]) by ssdrsserver2.hostinginterface.eu with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96.2) (envelope-from <ietf@bobbriscoe.net>) id 1r6r6V-000476-0Q; Sat, 25 Nov 2023 11:45:33 +0000
Content-Type: multipart/alternative; boundary="------------s2rB26QLtJ86dNCyEf0TUKX3"
Message-ID: <641c7e29-5371-482d-846c-97246e992e06@bobbriscoe.net>
Date: Sat, 25 Nov 2023 11:45:31 +0000
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-GB
To: Neal Cardwell <ncardwell=40google.com@dmarc.ietf.org>
Cc: rs.ietf@gmx.at, Markku Kojo <kojo@cs.helsinki.fi>, tcpm IETF list <tcpm@ietf.org>, tuexen@fh-muenster.de
References: <084E4782-C220-4474-A39E-2617224FD1CD@fh-muenster.de> <ea82f083-9f01-470b-98c1-68489b706169@gmx.at> <CAAK044SLamjWht+5PTVu7E=_qzhkhYCEueShQpScTEu_PueAOQ@mail.gmail.com> <7b36150f-50a9-41c5-a71f-b68a84965773@bobbriscoe.net> <fb27a6f4-7cb6-43bf-bd62-8e6bb1a8700e@gmx.at> <41312b57-9ed3-46fa-946f-f3f625c5c5e9@bobbriscoe.net> <477633fd-784c-43fb-b2a0-02b673c94fea@gmx.at> <9aac7a8f-692d-4294-b81e-528a7f790f58@bobbriscoe.net> <ef624bd8-600a-4b2b-ac56-2d2b1deaf245@gmx.at> <2ed3f94b-a56b-48e1-83f0-997ff7ea0670@bobbriscoe.net> <e4484f82-f339-f487-9bfd-256abe97ab86@cs.helsinki.fi> <9bcc5dc1-00ad-4dbe-be1f-587cd64a2773@gmx.at> <e8656fc-9d6c-28e8-9d48-80473e398ad7@cs.helsinki.fi> <f44e3616-ec85-4b9e-986d-11b2943c138d@gmx.at> <9d8de289-6486-440c-8537-ec80e33b0bb2@bobbriscoe.net> <5808772a-f54c-4c09-9610-dc6bb7b63557@gmx.at> <a0fdfc63-9992-41d2-b416-832d52541331@bobbriscoe.net> <CADVnQy=FezUfRfkCW-LedSP7e0ravBOW2z71qLbm2_m9Fo4xPw@mail.gmail.com>
From: Bob Briscoe <ietf@bobbriscoe.net>
In-Reply-To: <CADVnQy=FezUfRfkCW-LedSP7e0ravBOW2z71qLbm2_m9Fo4xPw@mail.gmail.com>
X-MagicSpam-TUUID: 39e73154-9fe5-432c-b521-41ad8a82d1c0
X-MagicSpam-SUUID: fed112c3-a507-4065-9783-bf8d4b5f0ce8
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - ssdrsserver2.hostinginterface.eu
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bobbriscoe.net
X-Get-Message-Sender-Via: ssdrsserver2.hostinginterface.eu: authenticated_id: in@bobbriscoe.net
X-Authenticated-Sender: ssdrsserver2.hostinginterface.eu: in@bobbriscoe.net
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/9bdArrHKuzaIHM9b6t1y-Y0XZ-Y>
Subject: Re: [tcpm] ECN++ on Pure ACKs if SACK stripped
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Nov 2023 11:45:45 -0000

Neal,

I've brought your last comment to the beginning, as the rest depends on it.

On 25/11/2023 00:06, Neal Cardwell wrote:
> AFAICT a third viable strategy is: when SACK has been negotiated, only 
> consider an ACK a dupack if it includes SACK blocks. This is the 
> approach taken by the Linux TCP stack.
>
> AFAICT if that strategy is used, then the TCP endpoint doesn't need to 
> try to guess if SACK blocks are being stripped, if it is willing to 
> pay the performance penalty if this does happen.

[BB2] This is where we started from in July (the nice simple additional 
DupACK test to distinguish DupACKs from ACKs of ACKs that is in the 
current draft - and black rather than green below - HTML email reader 
required).

But since March, just before each draft submission, Markku has been 
promising to explain his concern, which he finally did the day after the 
recent tcpm meeting. First it was that SACK-negotiated doesn't 
necessarily imply that D-SACK is implemented. We addressed that by 
requiring D-SACK if SACK is negotiated for AccECN. Then the argument 
switched to the possibility that SACK might be stripped, which the 
latest text addresses (in green below - for the ECN++ draft). That might 
not sound much, but it took 8 months and approaching 100 emails to get 
to the consensus we have reached (TBC). Nonetheless, if an implementer 
like you is prepared to take the performance penalty, the added (green) 
text is a 'SHOULD' not a 'MUST'.

On your detailed points - see more [BB2]...
I'll also send another email after this with new proposed text, 'cos 
while making your proposed edits, I noticed a number of ways to make my 
original less wordy.

>
> On Fri, Nov 24, 2023 at 6:20 PM Bob Briscoe 
> <ietf=40bobbriscoe.net@dmarc.ietf.org> wrote:
>
>     Richard,
>
>     I think you are now agreeing with Markku, so we are close to
>     closure! See [BB]...
>
>     On 24/11/2023 17:52, rs.ietf@gmx.at wrote:
>>
>>
>>     Am 24.11.2023 um 16:55 schrieb Bob Briscoe:
>>>             1) Detecting that SACK blocks are being stripped
>>>
>>>     Assuming AccECN & SACK are both negotiated, is Markku's proposed
>>>     test on
>>>     an incoming pure ACK acceptable to everyone?:
>>>          if (no SACK && Δ(ACE)<3)
>>
>>
>>     I believe you want to detect DupACKs? So the generally accepted
>>     test if
>>     this ACK is a DupAck (does not advance snd.una, while there is
>>     outstanding data snd.max != snd.una) would come first?
>
>     [BB] Yes, that's taken as a given, because this test is
>     /additional/ to wherever DupACKs are tested for.
>
>>
>>     And as long as no retransmission (fast or RTO or PTO) has happened,
>>     *every* DupACK is supposed to contain a SACK block; DSACK blocks
>>     are -
>>     with the current wording - also expected on spurious retransmitted
>>     segments - and only them.
>>
>>     (the network pathology of duplicating packets on-path should elicit
>>     DSACK for packets that were never retransmitted).
>>
>>>
>>>     As I said, ACE might have wrapped, but let's treat this as an
>>>     experiment, to see whether that is a significant problem.
>>
>>     The reason why we picked 3 as a very strong suggestion is, that
>>     typical
>>     AoA  would lead to a particular stream of ACEs (e.g. 5, 0, 3, 6,
>>     1, 4,
>>     7, 2, 5) - with two consecutive AoAs need to be lost before a
>>     wrap-around becomes indistiguishable (any other pattern would
>>     need some
>>     data exchange).
>
>     [BB] I think you're agreeing, but please answer, yes or no: is the
>     test proposed above for Detecting that SACK blocks are being
>     stripped acceptable to you?
>
>>
>>
>>     But doing one step back:
>>
>>     While AccECN defines a specific receiver side reaction, which the
>>     other
>>     side can rely upon, and ECN++ specifies that pure ACKs could be
>>     ECT-enabled, as an Implementer, rather than dealing with these
>>     increasingly improbable special cases, I would refrain from
>>     sending the
>>     optional ECT-enabled ACKs in the first place. Only when subsequent
>>     mechanisms are found to be needed (e.g. TARR, NewCWV,
>>     Careful-Resume,
>>     ...) where retaining up-to-date CC state in the reverse direction is
>>     becoming more interesting, it would become interesting to send out
>>     ECT-enabled ACKs.
>
>     [BB] So, I take it from this that you agree that, if SACK
>     stripping has been detected, the spec has to allow both. That is:
>     * either disable ECN-capable pure ACKs,
>     * or replace the test for absence of SACK with a heuristic.
>
>     Here's proposed text for the ECN++ spec. I'm afraid I'm asking you
>     to fill in text for the timestamp test in the final bullet. I
>     can't easily work out what to say that generalizes for any case,
>     not just the TLP case. Pls (anyone) also suggest edits if you
>     disagree with anything else...
>
>
>     3.3.3.1.  Additional DupACK Check
>
>        A TCP implementation that is sending ECN-capable pure ACKs MUST add
>        the following check to all its algorithms that use duplicate
>        detection on incoming pure ACKs:
>
>        *  If there is no SACK option on an incoming pure ACK
>     (ECN-capable or
>           not) despite SACK having been negotiated, it is not counted as a
>           duplicate ACK.
>
>     SACK blocks are known to be stripped on some paths through the public
>        Internet, or some implementations are known to negotiate SACK but
>        never send SACK blocks.  Therefore, if a TCP implementation is
>        sending ECN-capable pure ACKs, it SHOULD check for these
>     pathologies
>        (unless it is intended solely for an environment clear of these
>        pathologies), as follows:
>
>        *  If an incoming pure ACK appears to be a duplicate (it does not
>           advance the cumulative acknowledgement while there is
>     outstanding
>           data), but:
>
>
> That parenthetical definition of a duplicate ACK is incomplete. To 
> avoid bugs, I would suggest referring the reader to the full 
> definition in RFC 5681, Section 2.

[BB2] Thanks for this ref. I'll refer to that definition right from the 
start, and delete the parenthesis.

>
>           -  it does not carry any SACK blocks (despite SACK having been
>              negotiated)
>
>           -  and AccECN [I-D.ietf-tcpm-accurate-ecn] has been
>     negotiated but
>              the ACE field has increased by less than 3 (after
>     allowing for
>              wrap)
>
>
>           then it can be assumed that SACK blocks are being stripped.  In
>           this case the implementation SHOULD take one of the
>     following two
>           actions:
>
>
> Rather than "it can be assumed that SACK blocks are being stripped" I 
> would suggest "then the implementation can estimate that SACK blocks 
> are being stripped".

[BB2] Better. But 'estimate' isn't quite right - it's used more for 
numerical output, so I'll use 'deem' if that's OK.

Thanks



Bob

>
>           -  either disable the sending of ECN-capable pure ACKs;
>
>           -  or in all algorithms that use duplicate detection on incoming
>              pure ACKs, replace the above additional DupACK check with an
>              heuristic such as the following:
>
>              o  If the ACE field [I-D.ietf-tcpm-accurate-ecn] has
>                 incremented by at least 3, an incoming ACK SHOULD NOT be
>                 counted as a Duplicate ACK;
>
>              o  if the echoed timestamp (TSecr) [RFC7323] {ToDo: complete
>                 the bullet}, an incoming ACK SHOULD NOT be counted as a
>                 Duplicate ACK.
>
>
>
>
> best regards,
> neal
>
>
>     Thank you
>
>
>     Bob
>
>
>>
>>     Richard
>
>     -- 
>     ________________________________________________________________
>     Bob Briscoehttp://bobbriscoe.net/
>
>     _______________________________________________
>     tcpm mailing list
>     tcpm@ietf.org
>     https://www.ietf.org/mailman/listinfo/tcpm
>

-- 
________________________________________________________________
Bob Briscoehttp://bobbriscoe.net/

v2.23.0 | Report a Bug | By Email