Re: [tcpm] New Version Notification for draft-touch-tcpm-tcp-edo-01.txt
Joe Touch <touch@isi.edu> Fri, 23 May 2014 17:15 UTC
Return-Path: <touch@isi.edu>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F69F1A0783 for <tcpm@ietfa.amsl.com>; Fri, 23 May 2014 10:15:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.251
X-Spam-Level:
X-Spam-Status: No, score=-4.251 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_41=0.6, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bUSa6bOJjYBC for <tcpm@ietfa.amsl.com>; Fri, 23 May 2014 10:15:05 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E3C51A0760 for <tcpm@ietf.org>; Fri, 23 May 2014 10:15:05 -0700 (PDT)
Received: from [128.9.160.166] (abc.isi.edu [128.9.160.166]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id s4NHEgGP017198 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 23 May 2014 10:14:42 -0700 (PDT)
Message-ID: <537F8202.4020907@isi.edu>
Date: Fri, 23 May 2014 10:14:42 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Bob Briscoe <bob.briscoe@bt.com>, David Borman <dab@weston.borman.com>
References: <20140425221257.12559.43206.idtracker@ietfa.amsl.com> <2586_1398464386_535ADF82_2586_915_1_535ADF56.9050106@isi.edu> <CF8D8E25-E435-4199-8FD6-3F7066447292@iki.fi> <5363AF84.8090701@mti-systems.com> <5363B397.8090009@isi.edu> <CAO249yeyr5q21-=e6p5azwULOh1_jUsniZ6YPcDYd69av8MMYw@mail.gmail.com> <DCC98F94-EA74-4AAA-94AE-E399A405AF13@isi.edu> <655C07320163294895BBADA28372AF5D2CFE36@FR712WXCHMBA15.zeu.alcatel-lucent.com> <20140503122950.GM44329@verdi> <655C07320163294895BBADA28372AF5D2D009E@FR712WXCHMBA15.zeu.alcatel-lucent.com> <201405221710.s4MHAY4S002037@bagheera.jungle.bt.co.uk> <537E3ACD.5000308@isi.edu> <1AD79820-22C1-4500-84D1-1383F264D68C@weston.borman.com> <201405231213.s4NCDa5P005525@bagheera.jungle.bt.co.uk>
In-Reply-To: <201405231213.s4NCDa5P005525@bagheera.jungle.bt.co.uk>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpm/HzQjPQ1jnxoX4rCoDt3VsvMm5Jw
Cc: "tcpm@ietf.org" <tcpm@ietf.org>
Subject: Re: [tcpm] New Version Notification for draft-touch-tcpm-tcp-edo-01.txt
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 May 2014 17:15:07 -0000
On 5/23/2014 5:13 AM, Bob Briscoe wrote: > David, > > There is certainly no need for an additional RTT. > > Let me propose a couple of concrete strawmen (concrete men?) to show > this. I'm not claiming these are novel. I know Joe and others think that > we've seen enough of attempts to extend the TCP options on the SYN, but > Joe should know that when he claims something is impossible, he wakes > sleeping dragons in people like me. I slay dragons all the time ;-) ("Defender of the cruciform packet"* is one of my mottos) > 1) Parallel control channel > ___________________________ > Client A sends two SYNs back-to-back to an existing well-known port > (e.g. 80). You can send in whatever order you want; packets will be reordered, lost, and sent along alternate paths. FWIW, do these use the same source port and ISN? - if they do, it'll reset the connection - if they don't, you're now limiting the number of concurrent connections to roughly half: http://www.isi.edu/touch/pubs/infocomm99/infocomm99-web/ > * SYN D, establishes a regular data connection, with sufficient TCP > options to be workable but they still fit within the existing 40B option > limit. > * SYN C establishes another parallel connection to the same well-known > port that looks like regular data from the outside (it could even be an > extension to HTTP to ensure middleboxes will let it pass), but it talks > a new app-layer 'TCP control' protocol inside. What happens when they arrive out of order? What happens when you get D but not yet C? How long do you wait for C? This is the problem with dual-stack approaches - new endpoints penalize legacy endpoints if there's a stall, and undermine new endpoints if they don't. > If there is no support for the new app-layer protocol on port 80 the > control channel just shuts down with a suitable HTTP error, while SYN D > has opened a data connection with sufficient TCP options to be workable. > If the new app-layer TCP control protocol is supported on port 80, the > parallel control channel (C) adds unlimited additional control > flexibility to the data channel (D) hardly any added latency. > > Establishing a similar control channel in the opposite direction would > be fairly trivial. > > There are few, if any, middlebox problems with the above approach. > However, there are certainly other problems, but no more insurmountable > than all the problems that have already been discussed with taking the > 'easy' route of EDO: > * A secure binding would have to be added to bind channel C to a secret > known only to the originator of channel D, otherwise it would open up > data channels to spoof control channel attacks. This binding could be > built on a TCP-AO option in channel D. Yes, that's another problem. > * Channel C would need some way to refer to the segments of channel D > that was robust against re-segmentation. Which means it won't work in the current Internet, because resegmentation is also widespread (though evil, IMO). > * The main problem is that the two channels don't share fate;a control > packet can be delayed relative to the point in the data stream at which > it is attempting to exert control, possibly for a RTT if it is lost and > has to be retransmitted. However, this is not insurmountable. The > control protocol could include a mode to "synthesise shared fate", by > making the data channel buffer data until an associated control segment > had arrived. This would duplicate the latency impact of a loss or delay > on either channel, but one can imagine mitigations that would consign > this latency impact to corner cases. > * It's a bit of a mess, but that comes with the territory when trying to > fix legacy protocol problems. > * The internal stack architecture seems to require a trombone back down > into the kernel from user-space, but that is not insurmountable - a shim > within the kernel on port 80 (for example) could redirect control > channel data across to the "TCP control channel module" in the kernel, > while passing non-control channel connections to user-space. > > 2) Build on LOIC > ______________________ > Long option with invalid checksum <draft-yourtchenko-tcp-loic-00> Won't work through current NATs, which won't recalculate the checksum properly. > > At 18:53 22/05/2014, John Leslie wrote: >> That's too big of a change to ask folks to believe it safe. > > When I read an idea, I don't take it as set in stone and just find a > hole and dismiss it. I see it as a potential stepping stone to a > solution and think about how it could be done better. In fact, Andrew > Yourtchenko said that was the intention of his write-up of LOIC. > > I believe that an approach worth further thought would be a mixture of > the control channel idea and the invalid checksum idea. I'm thinking of: > * a pure control SYN (C) sent first, then a base SYN (D) sent > back-to-back, both to the same port. Again, please don't assume back-to-back means anything. > * SYN C would contain something invalid to cause a legacy TCP stack or > legacy app to discard it (and hopefully less probability that a > middlebox would), e.g. a payload that is invalid for the application > protocol on the port. But so will a NAT, etc. > * there would be additional TCP options in the payload of SYN C to be > added to the TCP options that arrived separately on the base SYN > * The control SYN could be bound crytographically to the base SYN (as > already described). > * It could use the shim-like control stack arangement described earlier. > > By focusing solely on extending the SYN, this would avoid the ongoing > shared fate problems that a separate control channel suffers throughout > the connection. There would still be shared fate problems with 2 SYNs > (e.g. the two SYNs get re-ordered), but the protocol would have to be > designed to be robust to that (naively, SYN D could include a new TCP > option that told a new stack to wait a few ticks for a SYN C, but that > would be vulnerable to meddleboxes). Not insurmountable. AFAICT, it is. *with a nod to Raiders 3.
- [tcpm] Fwd: New Version Notification for draft-to… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Pasi Sarolahti
- Re: [tcpm] New Version Notification for draft-tou… Wesley Eddy
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… John Leslie
- Re: [tcpm] New Version Notification for draft-tou… Yoshifumi Nishida
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Scharf, Michael (Michael)
- Re: [tcpm] New Version Notification for draft-tou… John Leslie
- Re: [tcpm] New Version Notification for draft-tou… Olivier Bonaventure
- Re: [tcpm] New Version Notification for draft-tou… Scharf, Michael (Michael)
- Re: [tcpm] New Version Notification for draft-tou… Costin Raiciu
- Re: [tcpm] New Version Notification for draft-tou… John Leslie
- Re: [tcpm] New Version Notification for draft-tou… John Leslie
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Wesley Eddy
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Costin Raiciu
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… John Leslie
- Re: [tcpm] New Version Notification for draft-tou… John Leslie
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Scheffenegger, Richard
- Re: [tcpm] New Version Notification for draft-tou… Bob Briscoe
- Re: [tcpm] New Version Notification for draft-tou… John Leslie
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Wesley Eddy
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… David Borman
- Re: [tcpm] New Version Notification for draft-tou… Bob Briscoe
- Re: [tcpm] New Version Notification for draft-tou… Bob Briscoe
- Re: [tcpm] New Version Notification for draft-tou… David Borman
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- [tcpm] timestamp options (was Re: New Version Not… Eggert, Lars
- Re: [tcpm] timestamp options (was Re: New Version… Brian Trammell
- Re: [tcpm] timestamp options (was Re: New Version… Scharf, Michael (Michael)
- Re: [tcpm] timestamp options (was Re: New Version… Scheffenegger, Richard
- Re: [tcpm] timestamp options (was Re: New Version… Scharf, Michael (Michael)
- Re: [tcpm] timestamp options (was Re: New Version… Scheffenegger, Richard
- Re: [tcpm] timestamp options (was Re: New Version… Scharf, Michael (Michael)
- Re: [tcpm] timestamp options (was Re: New Version… Yoshifumi Nishida
- Re: [tcpm] timestamp options (was Re: New Version… Joe Touch
- Re: [tcpm] timestamp options (was Re: New Version… Yoshifumi Nishida
- Re: [tcpm] timestamp options (was Re: New Version… Scheffenegger, Richard
- Re: [tcpm] New Version Notification for draft-tou… Bob Briscoe
- Re: [tcpm] New Version Notification for draft-tou… Bob Briscoe
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Bob Briscoe
- Re: [tcpm] New Version Notification for draft-tou… John Leslie
- Re: [tcpm] New Version Notification for draft-tou… Christoph Paasch
- Re: [tcpm] New Version Notification for draft-tou… Bob Briscoe
- Re: [tcpm] New Version Notification for draft-tou… Bob Briscoe
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Olivier Bonaventure
- Re: [tcpm] New Version Notification for draft-tou… Olivier Bonaventure
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] timestamp options (was Re: New Version… Joe Touch
- Re: [tcpm] timestamp options (was Re: New Version… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… John Leslie
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Olivier Bonaventure
- Re: [tcpm] New Version Notification for draft-tou… Olivier Bonaventure
- [tcpm] More TCP option space on SYNs Bob Briscoe
- Re: [tcpm] More TCP option space on SYNs Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- [tcpm] SYN extension using ACK=0 data packets Bob Briscoe
- Re: [tcpm] SYN extension using ACK=0 data packets Joe Touch
- Re: [tcpm] More TCP option space on SYNs Bob Briscoe
- Re: [tcpm] SYN extension using ACK=0 data packets Bob Briscoe
- Re: [tcpm] timestamp options (was Re: New Version… Yoshifumi Nishida
- Re: [tcpm] timestamp options (was Re: New Version… Joe Touch
- Re: [tcpm] timestamp options (was Re: New Version… Mark Allman
- Re: [tcpm] timestamp options (was Re: New Version… Mark Allman
- Re: [tcpm] timestamp options (was Re: New Version… Scharf, Michael (Michael)
- Re: [tcpm] timestamp options (was Re: New Version… Joe Touch
- Re: [tcpm] timestamp options (was Re: New Version… Joe Touch
- Re: [tcpm] timestamp options (was Re: New Version… Scharf, Michael (Michael)
- Re: [tcpm] timestamp options (was Re: New Version… Mark Allman
- Re: [tcpm] timestamp options (was Re: New Version… Mark Allman
- Re: [tcpm] timestamp options (was Re: New Version… Joe Touch
- Re: [tcpm] timestamp options (was Re: New Version… Yoshifumi Nishida
- Re: [tcpm] timestamp options (was Re: New Version… Yuchung Cheng
- Re: [tcpm] timestamp options (was Re: New Version… Mark Allman
- Re: [tcpm] timestamp options (was Re: New Version… Yuchung Cheng
- Re: [tcpm] More TCP option space on SYNs Martin Duke
- Re: [tcpm] More TCP option space on SYNs Joe Touch