Re: [tcpm] New I-D

MURALI BASHYAM <> Tue, 20 February 2007 20:16 UTC

Received: from [] ( by with esmtp (Exim 4.43) id 1HJbPw-00025Q-SA; Tue, 20 Feb 2007 15:16:52 -0500
Received: from [] ( by with esmtp (Exim 4.43) id 1HJbPv-00025J-6V for; Tue, 20 Feb 2007 15:16:51 -0500
Received: from ([]) by with smtp (Exim 4.43) id 1HJbPr-0002vo-LM for; Tue, 20 Feb 2007 15:16:51 -0500
Received: (qmail 16573 invoked by uid 60001); 20 Feb 2007 20:16:47 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024;; h=X-YMail-OSG:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=OiMW1vc3XngxikJOviX8+sgIE6EXbwTsf4gxT6RE+ejrRUq5hw/mazoafFaZOyboQX/IlufrGFWJDBWFydC5lrdgQ1qiGfrGcWMsLcqXq4s6UlAgorWwPTPjIy6D5ma8BnN29Wz6XSGqkg62zqvnexlB+evFy0vWBiGrENZcujg=;
X-YMail-OSG: bdyeIiIVM1mzzgzUorsoY5Wh_HhesXg8Q8CARYsiIS24pwlj.k3gdJYmkq7rIrZLs5sbLzC66zGtBmfXjrsvMX0EW2vspn.edOKsvkhxunT1FHzwVAtOdgi4c8c_3.nXAA6aQHh9hiuYiEg-
Received: from [] by via HTTP; Tue, 20 Feb 2007 12:16:46 PST
Date: Tue, 20 Feb 2007 12:16:46 -0800 (PST)
Subject: Re: [tcpm] New I-D
In-Reply-To: <>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b2809b6f39decc6de467dcf252f42af1
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <>
List-Unsubscribe: <>, <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>

--- Mark Allman <> wrote:

> Regarding:
> Wes:
> > [...] but it looks to me like this is more of an
> OS mechanism to
> > manage resources rather than a protocol-based
> mechanism.  Is this
> > correct? 
> I'm with Wes here.
> I just took a spin through the draft and am left
> with three thoughts ...
>   + You say apps don't have a good role to play even
> after citing apps
>     that 'pause' as the culprit.  I can't make these
> things agree in my
>     head.  Even in the absence of TCP-specific
> information it seems that
>     these apps could time themselves out if no
> progress is being made
>     (i.e. data getting exchanged).

Well behaved applications usually SHOULD do this, i
agree, can't be guaranteed though. Leaving the problem
to be addressed by the app, does not ensure timeliness
from the point of view that TCP resources such as
buffers and connections are scarce and by how much
etc. The scheme lacks robustness if left to the
application, and for it to be beneficial, ALL
applications running on a system should be doing it,
otherwise there is the weakest link.

>     (Further, things like HTTP sends after which the
> app goes away and
>     then getting wedged into persist don't worry me
> much.  That sounds
>     like a once in a blue moon sort of situation to
> me.)
>   + This seems fundamentally like an operating
> system resource issue to
>     me and not something for a networking standards
> body.  OSes deal
>     with all sorts of resource contention issues
> without standards.  Why
>     does this problem need to be solved the same way
> by each OS?

At first glance, it does seem like an OS resource
issue, but TCP connections can have data backlogged in
their send queues for a variety of reasons and for
variable amounts of time, i am not sure how a protocol
unaware OS based solution can make the distinction
between the network causing the backlog transiently,
and a legitimate vs rogue receiver causing the backlog
etc, i feel that making it TCP protocol specific
(something designed only for persist state) allows for
well controlled, granular solution(s) and heuristics
to detect specifically misbehaving receivers in this

>   + In particular, I think you have solved the
> problem wrong.  Don't get
>     me wrong ... maybe it is perfectly OK for your
> purposes and it is
>     fine with me if you want to use it.  However, I
> would want something
>     a little smarter to really avoid the mythical
> attacks you describe.
>     All you did was to cap the length of
> connections.  So, conceivably a
>     periodic attack could still keep all your
> resources busy.  It seems
>     to me that you'd want to use some sort of scheme
> that actually took
>     into account contention and resource exhaustion.
>  E.g., some sort of
>     LRU what-has-been-in-persist longest when you
> need new resources and
>     they are not available sort of culling scheme? 
> Or, when you have
>     exhausted X% of your resources to keep some in
> reserve.  That might
>     be wrong and busted itself (it is quickly off
> the top of my head),
>     but it at least takes into account the resource
> contention unlike a
>     naive timeout.

The LRU scheme can be overlaid on top of the timeout
scheme to ensure a flexible and adaptive solution
quite easily, i agree. It still calls for tracking
connections bottlenecked specifically by the infinite
persistence problem.


> Just my two bits ...
> allman
> > _______________________________________________
> tcpm mailing list

The fish are biting. 
Get more visitors on your site using Yahoo! Search Marketing.

tcpm mailing list