Re: [tcpm] About the SYN/ACK-timer
Yuchung Cheng <ycheng@google.com> Wed, 02 January 2013 19:46 UTC
Return-Path: <ycheng@google.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D133021F85E8 for <tcpm@ietfa.amsl.com>; Wed, 2 Jan 2013 11:46:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.769
X-Spam-Level:
X-Spam-Status: No, score=-102.769 tagged_above=-999 required=5 tests=[AWL=0.208, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id odYOdbNwM7Om for <tcpm@ietfa.amsl.com>; Wed, 2 Jan 2013 11:46:08 -0800 (PST)
Received: from mail-oa0-f45.google.com (mail-oa0-f45.google.com [209.85.219.45]) by ietfa.amsl.com (Postfix) with ESMTP id C1F9921F879E for <tcpm@ietf.org>; Wed, 2 Jan 2013 11:46:08 -0800 (PST)
Received: by mail-oa0-f45.google.com with SMTP id i18so13517739oag.32 for <tcpm@ietf.org>; Wed, 02 Jan 2013 11:46:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=CRYsORV9e6XL1XZhhAnRk6DRHaCgRfSdLCDkzypdJcA=; b=TEiNh9Vpk4t2KpuKVJO5kgJND3Kf/YcDGOPLDCrRk1qaAhn4yBl19AwnYqhfsFQZg/ oaO3mNXOLk+mUm+D+nfjFXPcjHf7Vdy9rCXVZaqRTBvZ/0si324qpMxUz1nyyo4tDlnJ 0JDxfzg1tlRcOnrZeQmihEZDrOcGAhYcxarZaTGUp83cEw7+2ZFS38nBWmc1Wg8zMvK2 YDKm8k3M6OSxnBYpR7giENKAl+DuoujqJuUbes/vAp/GUA35X30dVUCvYvGKflS9Z94g 7kA4qo1z1CDgYfr1xAVOpArKPbkmmPYB5mH9eoXFSju1srRWdXxejoL4VP2AnPxIv1Ye 7TQw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=CRYsORV9e6XL1XZhhAnRk6DRHaCgRfSdLCDkzypdJcA=; b=IEROVBoDrztJ2fTw82+xfdA+lKHAEa0tEWQNHdlgBjJlvt4MvQyK24LWqqKNOP3UWx bCX20rzoQTfdAUE76zGNIyZtQU6gIVsnP4CRHSYfYna6oBthohalAD/xnXgR6QqIGytT knkGwrQWFQu7KzN2CmY4iJyGxXM6bDOG/niFf/V1nM/dcvKqSuyszPJ2Rja/JgQFXj6h 0EurRuecuhUTeWMTuZKTj8WsgRBu5dwnoozuBFJeS+2DPVWhLJfpSiZfp/42chWqasbj arTBy4HY+lPz6aCZPbFp26aziMN9dYyegi9doWir3dAHieEGBPIkA/XA2x+Aj3VofRzY 3AZg==
Received: by 10.60.169.140 with SMTP id ae12mr25854255oec.52.1357155967951; Wed, 02 Jan 2013 11:46:07 -0800 (PST)
MIME-Version: 1.0
Received: by 10.76.82.39 with HTTP; Wed, 2 Jan 2013 11:45:46 -0800 (PST)
In-Reply-To: <2F3EBB88EC3A454AAB08915FBF0B8C7E14A253@eusaamb109.ericsson.se>
References: <1D1BEDF8-28D1-41CD-999C-5627E81D0537@ifi.uio.no> <20130102025350.AF22755A074@lawyers.icir.org> <2F3EBB88EC3A454AAB08915FBF0B8C7E148E68@eusaamb109.ericsson.se> <CAO249ycPs-PqzbjqChzemCgHCr+NbJZuWQrxVR4aE4j-DFbKzQ@mail.gmail.com> <9DF82729-E83B-4515-8BCD-D33E4EBC3E39@ericsson.com> <2A886F9088894347A3BE0CC5B7A85F3E9AA0F0AE4F@FRMRSSXCHMBSE3.dc-m.alcatel-lucent.com> <2F3EBB88EC3A454AAB08915FBF0B8C7E14A253@eusaamb109.ericsson.se>
From: Yuchung Cheng <ycheng@google.com>
Date: Wed, 02 Jan 2013 11:45:46 -0800
Message-ID: <CAK6E8=cuowB2XX+C7YBnDXC5rP8HaR=Huefq7w=9KskjYzQNVg@mail.gmail.com>
To: Jakob Heitz <jakob.heitz@ericsson.com>
Content-Type: text/plain; charset="ISO-8859-1"
X-Gm-Message-State: ALoCoQmaP/cEwdHp66WaJokY3X2rNHvJFcy01+Yc0LZWKwSO7NpydErGFg36Ly9LdR0+HZYEe19BSi6J7tajSHDa9iuY+R8p3g/InV0TKy9/J4zJ7Omn2ep1dWqV6ThncGgjPxRa4a1FExYF8gcPwNiMzS0CQ5yzQ0Ol2g9xOGPHtk4dMu1uhSrRVxCleBgks8PqAjq7DrEd
Cc: "tcpm (tcpm@ietf.org)" <tcpm@ietf.org>, Michael Welzl <michawe@ifi.uio.no>, Joe Touch <touch@isi.edu>, "mallman@icir.org" <mallman@icir.org>, Marco Mellia <mellia@tlc.polito.it>
Subject: Re: [tcpm] About the SYN/ACK-timer
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jan 2013 19:46:09 -0000
On Wed, Jan 2, 2013 at 10:57 AM, Jakob Heitz <jakob.heitz@ericsson.com> wrote: > On Wednesday, January 02, 2013 1:36 AM, Scharf, Michael (Michael) <> wrote: > >>> -----Original Message----- >>> From: tcpm-bounces@ietf.org [mailto:tcpm-bounces@ietf.org] On Behalf >>> Of Jakob Heitz Sent: Wednesday, January 02, 2013 9:53 AM >>> To: Yoshifumi Nishida >>> Cc: Joe Touch; tcpm (tcpm@ietf.org); Marco Mellia; Michael Welzl; >>> mallman@icir.org Subject: Re: [tcpm] About the SYN/ACK-timer >>> >>> The reason for the accelerated first retransmission: >>> The SYN with data may get dropped for 2 reasons. >>> 1. Middleboxes that consider it abnormal. >> >> If there is such a middlebox, the best solution is to try to >> learn that and cache it, on order to avoid the use of SYN >> data at all. > > Of course it is, but there is no need to standardize that. > >> This is mostly orthogonal to the retransmission >> timer. Except for one detail: The smaller the gap between the >> two transmissions, the higher is the risk of reordering, i. >> e., that such heuristics break because the RTO is *too* >> small. Thus, accelerated first retranmission can indeed have >> drawbacks with middleboxes... > > no. > It will pass the lone SYN (misordered, arrives first) > Then it will drop the SYN with data. > No harm done. > >> And, with an initial RTO of 1s, >> the only penalty is the 1s timeout for the first connection. >> After that, the sender would hopefully not use SYN data any more. >> >> So, what remains is the 1s RTO for the first connection to >> that destination. An initial timeout below one second to an >> unknown destination comes along with quite some risk of >> spuriour retransmission on narrow-band links. It might not be >> a too good idea because of that. >> >>> 2. SYN flood protection at the server. >> >> I might miss something fundamental, but if a server is in SYN >> flood protection mode, would it not be a good idea if the >> client backs off a bit? > > During SYN flood protection, I'm assuming the server will > aggressively drop SYN with data, but accept SYN without data > more readily. When syn-cookie is activated in Linux, upon receiving SYN-data the server sends SYN-ACK acking only the initial/SYN sequence (i.e., it drops the data part only). Upon receiving the SYN-ACK, the client will retransmit the data in the final ACK of the handshake. The proposed shorter SYN-retransmit w/o data in TFO does not help assuming no network drops. HTH > Therefore, retransmit the SYN without data, then back off > as normal. > >> Using a 100ms timer is quite the >> opposite of that. >> >> In summary, it is not clear to me what actual problem we discuss here. >> >> For what it is worth, as already mentioned multiple times: >> There is a TCPM working group item draft-ietf-tcpm-fastopen, >> which has quite some related text, including the initial RTO. > > I'm aware of it. > I don't like the cookie idea. > It was a great initial idea, but got complicated > and incomplete in a hurry. > > I am not proposing an initial RTO of 100mS. > I am proposing a single retransmission of the SYN without data > at 100mS. There is a difference. > >> >> Michael >> >> >>> I expect SYN flood protection to be much more aggressive >>> towards SYN packets with data. >>> In the majority of cases, the SYN with data should get >>> through just fine. When it doesn't, the accelerated >>> retransmission without the data will recover. >>> >>> Cheers, >>> Jakob. >>> >>> On Jan 1, 2013, at 11:32 PM, "Yoshifumi Nishida" >>> <nishida@sfc.wide.ad.jp> wrote: >>> >>> >>> >>> Hi Jakob, >>> >>> >>> On Tue, Jan 1, 2013 at 9:25 PM, Jakob Heitz >>> <jakob.heitz@ericsson.com> wrote: >>> >>> >>> On Tuesday, January 01, 2013 6:54 PM, >>> mallman@icir.org <mailto:mallman@icir.org> >>> <mailto:mallman@icir.org> wrote: >>> >>> > I am confused. >>> > >>> >> Not sure about everyone else, but the way I >>> interpreted (and meant) >>> >> the 1s bit was to say "a new value, such as >>> 1s, as opposed to a >>> >> complex adaptive mechanism". It wasn't about >>> the exact value of 1s >>> >> per se. >>> > >>> > You say "a new value, such as 1s". My point >>> is 1s is NOT a new value. >>> > It is the standardized value. Before >>> proposing some new >>> > value, it'd at >>> > least be handy if folks understood the current value. > >>> >> About lowering the initial RTO further: I, >>> for one, hadn't thought of >>> >> that, and am not fully aware of all the >>> pro's and con's. But yeah, it >>> >> might be worth considering? >>> > >>> > Well, if you're not suggesting lowering the >>> initial RTO then what are >>> > you suggesting? I have no idea what you are >>> saying here. The initial >>> > RTO is the RTO that is used before an RTT >>> sample is taken. So, just >>> > what are you suggesting here? >>> > >>> > allman >>> >>> >>> I am suggesting: >>> 1st SYN contains data. >>> Retransmit that SYN without data after 100mS. >>> Make the next retransmit timer 1 second with >>> the normal power of 2 backoff after that. All SYN retransmits >>> without data. Do the same for the SYN/ACK. >>> No cookies. >>> The initial 100mS SYN retransmit timer MAY be >>> lengthened by application knowledge of conditions. For >>> example, satellite or wireless. >>> >>> >>> I think you consider 1 second SYN RTO is fine. But, you >>> want to accelerate the first retransmission. >>> This seems to be a bit inconsistent design to me. >>> Well, it might be useful if the SYNs are discarded >>> because of accidental packet drops or because of data payload. >>> But, I'm still wondering how practical these situations are. >>> >>> Thanks, >>> -- >>> Yoshifumi > > > > -- > Jakob Heitz. x25475. 510-566-2901 > _______________________________________________ > tcpm mailing list > tcpm@ietf.org > https://www.ietf.org/mailman/listinfo/tcpm
- [tcpm] About the SYN/ACK-timer Michael Welzl
- Re: [tcpm] About the SYN/ACK-timer Marco Mellia
- Re: [tcpm] About the SYN/ACK-timer Jakob Heitz
- Re: [tcpm] About the SYN/ACK-timer Michael Welzl
- Re: [tcpm] About the SYN/ACK-timer Michael Welzl
- Re: [tcpm] About the SYN/ACK-timer Marco Mellia
- Re: [tcpm] About the SYN/ACK-timer Joe Touch
- Re: [tcpm] About the SYN/ACK-timer Jakob Heitz
- Re: [tcpm] About the SYN/ACK-timer Mikael Abrahamsson
- Re: [tcpm] About the SYN/ACK-timer Joe Touch
- Re: [tcpm] About the SYN/ACK-timer Joe Touch
- Re: [tcpm] About the SYN/ACK-timer Agarwal, Anil
- Re: [tcpm] About the SYN/ACK-timer Jakob Heitz
- Re: [tcpm] About the SYN/ACK-timer Joe Touch
- Re: [tcpm] About the SYN/ACK-timer Mark Allman
- Re: [tcpm] About the SYN/ACK-timer Mikael Abrahamsson
- Re: [tcpm] About the SYN/ACK-timer Michael Welzl
- Re: [tcpm] About the SYN/ACK-timer Agarwal, Anil
- Re: [tcpm] About the SYN/ACK-timer Jakob Heitz
- Re: [tcpm] About the SYN/ACK-timer Scharf, Michael (Michael)
- Re: [tcpm] About the SYN/ACK-timer Jakob Heitz
- Re: [tcpm] About the SYN/ACK-timer Scharf, Michael (Michael)
- Re: [tcpm] About the SYN/ACK-timer Mikael Abrahamsson
- Re: [tcpm] About the SYN/ACK-timer Mark Allman
- Re: [tcpm] About the SYN/ACK-timer Jakob Heitz
- Re: [tcpm] About the SYN/ACK-timer Yoshifumi Nishida
- Re: [tcpm] About the SYN/ACK-timer Michael Welzl
- Re: [tcpm] About the SYN/ACK-timer Jakob Heitz
- Re: [tcpm] About the SYN/ACK-timer Scharf, Michael (Michael)
- Re: [tcpm] About the initial SYN/ACK RTO Marco Mellia
- Re: [tcpm] About the SYN/ACK-timer Jakob Heitz
- Re: [tcpm] About the SYN/ACK-timer Yuchung Cheng
- Re: [tcpm] About the SYN/ACK-timer Jakob Heitz
- Re: [tcpm] About the SYN/ACK-timer David Borman
- Re: [tcpm] About the SYN/ACK-timer Jakob Heitz
- Re: [tcpm] About the SYN/ACK-timer David Borman
- Re: [tcpm] About the SYN/ACK-timer Scharf, Michael (Michael)
- Re: [tcpm] About the SYN/ACK-timer Jakob Heitz