Re: [tcpm] TCP-Rehash draft
Bruno Mongazon-Cazavet <bruno.mongazon-cazavet@alcatel-lucent.com> Fri, 25 February 2011 08:51 UTC
Return-Path: <bruno.mongazon-cazavet@alcatel-lucent.com>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C63D43A693B for <tcpm@core3.amsl.com>; Fri, 25 Feb 2011 00:51:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.947
X-Spam-Level:
X-Spam-Status: No, score=-5.947 tagged_above=-999 required=5 tests=[AWL=0.302, BAYES_00=-2.599, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wm0ylYlGlG6H for <tcpm@core3.amsl.com>; Fri, 25 Feb 2011 00:51:28 -0800 (PST)
Received: from smail5.alcatel.fr (smail5.alcatel.fr [64.208.49.27]) by core3.amsl.com (Postfix) with ESMTP id B1F433A681C for <tcpm@ietf.org>; Fri, 25 Feb 2011 00:51:27 -0800 (PST)
Received: from FRMRSSXCHHUB03.dc-m.alcatel-lucent.com (FRMRSSXCHHUB03.dc-m.alcatel-lucent.com [135.120.45.63]) by smail5.alcatel.fr (8.14.3/8.14.3/ICT) with ESMTP id p1P8qI2u027669 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Fri, 25 Feb 2011 09:52:18 +0100
Received: from [172.27.205.168] (135.120.57.7) by FRMRSSXCHHUB03.dc-m.alcatel-lucent.com (135.120.45.63) with Microsoft SMTP Server (TLS) id 8.3.106.1; Fri, 25 Feb 2011 09:52:18 +0100
Message-ID: <4D676DC2.5000805@alcatel-lucent.com>
Date: Fri, 25 Feb 2011 09:52:18 +0100
From: Bruno Mongazon-Cazavet <bruno.mongazon-cazavet@alcatel-lucent.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.9) Gecko/20100915 Lightning/1.0b2 Thunderbird/3.1.4
MIME-Version: 1.0
To: "Scheffenegger, Richard" <rs@netapp.com>
References: <4D628D53.4050001@alcatel-lucent.com> <4D64702A.9070304@isi.edu> <4D64D48B.4010308@alcatel-lucent.com> <5FDC413D5FA246468C200652D63E627A0D12CDA7@LDCMVEXC1-PRD.hq.netapp.com>
In-Reply-To: <5FDC413D5FA246468C200652D63E627A0D12CDA7@LDCMVEXC1-PRD.hq.netapp.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.64 on 155.132.188.13
Cc: "tcpm@ietf.org" <tcpm@ietf.org>, Joe Touch <touch@isi.edu>
Subject: Re: [tcpm] TCP-Rehash draft
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Feb 2011 08:51:30 -0000
Le 24/02/2011 11:21, Scheffenegger, Richard a écrit : > Bruno, > > > >>> - the option includes stateful exchanges of options >>> TCP options are stateless w.r.t. the TCP state machine, >>> and must be able to be processed out of order and >>> assume losses (they aren't running inside the TCP >>> data stream); that appears to challenge the design >>> of this mechanism (it seems to be addressed in part, >>> but corner cases aren't considered) >> There are couples of RFC that use TCP options in a stateful way (i.e. >> RFC1323 with timestamp echo). >> Basically MPTCP options also work the same. > > Last time I checked, MPTCP negotiates all options that require state changes; and RFC1323 was designed specifically to aid stateless tracking of RTT (instead of what appears to have become endemic, keeping state and tracking each individual sent segment, and matching the ACKs to the proper segment, for "timestamp-less", fine-granularity RTT tracking purposes... [BM] This is a good point of MPTCP. > Perhaps using Linux as basis is not the base departure point to argue about IETF compliant behavior (Linux deviates in so many ways from a IETF-adhering stack, that it's hard to delineate all the interactions; this is not intended as a judgmental statement). [BM] I use what i have ! I test specifications through implementation as IETF requires. I could also have done it on FreeBSD, just lack of time. Regards, Bruno. > Best regards, > Richard > > > -----Original Message----- > From: Bruno Mongazon-Cazavet [mailto:bruno.mongazon-cazavet@alcatel-lucent.com] > Sent: Mittwoch, 23. Februar 2011 10:34 > To: Joe Touch > Cc: tcpm@ietf.org Extensions > Subject: Re: [tcpm] TCP-Rehash draft > > > Le 23/02/2011 03:25, Joe Touch a écrit : >> Hi, all, >> >> FWIW, there was a discussion of whether this proposal was a subset of >> the features of multipathTCP on the multipathTCP list back in Nov. > Yes i saw this. > Having also some knowledge and experience with MPTCP, i would argue that > features are somewhat different. > TCP-Rehash and MPTCP looks more complementary than competing. > >> Some other points: >> - rehash is a bad term to use; it implies a security hash, rather than >> altering the addresses of a TCP connection > "rehash" term is used in reference to the "hash" mechanism performed by > TCP/IP Linux stack to find a TCP control block giving a 5-Tuple. > When choosing this name, no security matter was considered. Just the > capability to recompute the hash value of a TCP-cb for a given 5-tuple > (old address) with a new 5-tuple (new address). That's why i called it > "rehash". > > I must agree that the term might not be the best but i wanted to avoid > terms like "migrate" or alike. > >> - the option includes stateful exchanges of options >> TCP options are stateless w.r.t. the TCP state machine, >> and must be able to be processed out of order and >> assume losses (they aren't running inside the TCP >> data stream); that appears to challenge the design >> of this mechanism (it seems to be addressed in part, >> but corner cases aren't considered) > There are couples of RFC that use TCP options in a stateful way (i.e. > RFC1323 with timestamp echo). > Basically MPTCP options also work the same. > I don't see any restriction in IETF in using TCP options to maintain > state information. > > I agree about "out of order" and "losses" issues and it is true it > challenged a bit the design. > I came up with the following invariants: > > (a) the first packet out with the new address must carry the REHASH-ADDR > option if the connection is "rehash" capable > (b) if REHASH-ADDR has been sent, and some packets are still received > with the old address, the receiver did not yet "rehash" and the sender > drops old packets and provides again the REHASH-ADDR option until a > maximum number of retry is reached. > > Could you provide some details on the corner cases that are not covered ? > >> - the option seems to be twice as long as necessary >> it seems like you already have the current or old IP >> address in the TCP pseudoheader (IP header); why >> do you need to send both? > I need both because if there is a NAT in between, the IP header source > address will differ. > Although TCP-Rehash is currently described as not-NAT capable, provision > in the TCP option would allow to do this later. > >> you clearly need room for flags somewhere, but can >> accomplish that with 1 byte (or 2 if padded), rather >> than 4 > Provision for flags is in bytes 0-1. > >> - the option appears to deal only with the address changing >> however, the ports are also specific to the endpoints >> as well; it should not be assumed that a connection >> can be moved with its ports intact > Right, the ports are currently missing in the option and could be added > in further revision of the draft. > Please consider that this is draft-0 and thus claims it might lack of > some features. > >> Finally, I don't see how requiring IPsec to use this mechanism makes it >> simpler than MPTCP (which doesn't require IPsec). > Just saying that if your network is insecure and because TCP-Rehash > security is low, you can use IPsec. > >> There are many other issues which are not addressed, notably how >> applications assume that successive or concurrent connections to the >> same IP address go to the same endpoint (e.g., for FTP, or web >> transactions); similar concerns are raised in the Intarea "address >> sharing" doc, and should be discussed here. > Fine, can you provide pointer to this document, please. > > Best regards, > Bruno. > >> Joe >> >> On 2/21/2011 8:05 AM, Bruno Mongazon-Cazavet wrote: >>> Dear working group members, >>> >>> I wonder if you have any chance to look at the TCP-Rehash draft: >>> http://tools.ietf.org/html/draft-mongazon-tcpm-tcp-rehash-00 >>> >>> i posted a few months ago. >>> >>> Did you read it and would consider any interest and follow-up in the >>> working group context ? >>> On my side, i have a pretty serious running implementation of the draft >>> in Linux 2.6.27 and Linux 2.6.34. >>> I am ready to discuss and present both the draft and implementation in >>> next IETF meeting. >>> Would you be interested in this ? >>> >>> Thanks for your time and consideration. >>> Bruno Mongazon. >>> >>> _______________________________________________ >>> tcpm mailing list >>> tcpm@ietf.org >>> https://www.ietf.org/mailman/listinfo/tcpm > _______________________________________________ > tcpm mailing list > tcpm@ietf.org > https://www.ietf.org/mailman/listinfo/tcpm >
- [tcpm] TCP-Rehash draft Bruno Mongazon-Cazavet
- Re: [tcpm] TCP-Rehash draft Smith, Donald
- Re: [tcpm] TCP-Rehash draft Joe Touch
- Re: [tcpm] TCP-Rehash draft Bruno Mongazon-Cazavet
- Re: [tcpm] TCP-Rehash draft Lars Eggert
- Re: [tcpm] TCP-Rehash draft Bruno Mongazon-Cazavet
- Re: [tcpm] TCP-Rehash draft Joe Touch
- Re: [tcpm] TCP-Rehash draft Bruno Mongazon-Cazavet
- Re: [tcpm] TCP-Rehash draft Bruno Mongazon-Cazavet
- Re: [tcpm] TCP-Rehash draft Joe Touch
- Re: [tcpm] TCP-Rehash draft Bruno Mongazon-Cazavet