Re: [tcpm] [netconf] AD review of draft-ietf-netconf-tcp-client-server-16
Kent Watsen <kent+ietf@watsen.net> Mon, 10 July 2023 15:12 UTC
Return-Path: <01000189405cd264-57a5dfea-44bd-4580-a15b-4f2662957a91-000000@amazonses.watsen.net>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B92BDC15C52D; Mon, 10 Jul 2023 08:12:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.898
X-Spam-Level:
X-Spam-Status: No, score=-6.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h0l9Zb9TSo6F; Mon, 10 Jul 2023 08:12:53 -0700 (PDT)
Received: from a8-88.smtp-out.amazonses.com (a8-88.smtp-out.amazonses.com [54.240.8.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85E71C15C528; Mon, 10 Jul 2023 08:12:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1689001972; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=N6W4YSzlF7qcCtAMCWReCdqTsr/TKjMedmsbimGrpRU=; b=DpKjoruEjiFAxpQ+6bIwG4Pms8hfpbe+qRThTs09iImHl6eHRXpUNzvlARgEysZx OlRCSqyBHQn8YPhaqoXF2AYu3TR+qaxOCOVXoUaVneOrr75qQK8Zz3BRxq/TRltxlfp I8tK9ZneCQ/Csj9ux7hJ8Zis6ApiJVd1uPnt7ONc=
From: Kent Watsen <kent+ietf@watsen.net>
Message-ID: <01000189405cd264-57a5dfea-44bd-4580-a15b-4f2662957a91-000000@email.amazonses.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_4E5B02F4-3FA5-40EF-871E-43CB7FCB1C32"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
Date: Mon, 10 Jul 2023 15:12:52 +0000
In-Reply-To: <5a7fe26fbd324cf78a74e104941f72cd@hs-esslingen.de>
Cc: "netconf@ietf.org" <netconf@ietf.org>, "draft-ietf-netconf-tcp-client-server.all@ietf.org" <draft-ietf-netconf-tcp-client-server.all@ietf.org>, "tcpm@ietf.org Extensions" <tcpm@ietf.org>
To: "Scharf, Michael" <Michael.Scharf@hs-esslingen.de>, "Rob Wilton (rwilton)" <rwilton=40cisco.com@dmarc.ietf.org>
References: <BY5PR11MB419654EA6A355DBE29D739D7B526A@BY5PR11MB4196.namprd11.prod.outlook.com> <0100018926953adf-731925f4-8e95-49de-a1a8-ab346a9da1b8-000000@email.amazonses.com> <5a7fe26fbd324cf78a74e104941f72cd@hs-esslingen.de>
X-Mailer: Apple Mail (2.3731.600.7)
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
X-SES-Outgoing: 2023.07.10-54.240.8.88
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/QAFCG-TZP_rZH4bC7MF7gQDV1xc>
Subject: Re: [tcpm] [netconf] AD review of draft-ietf-netconf-tcp-client-server-16
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jul 2023 15:12:54 -0000
Hi Michael, thanks for jumping in. All, please see my comment below. Hopefully this is the end of the AD-review on this draft... Kent > On Jul 6, 2023, at 5:23 AM, Scharf, Michael <Michael.Scharf@hs-esslingen.de> wrote: > > Hi all, > > Please see inline some comments on the pending issues. I have removed the points that are apparently resolved already. > >>> Moderate level comments: >>> >>> (2) p 7, sec 2.2. Example Usage >>> >>> <tcp-common xmlns="urn:ietf:params:xml:ns:yang:ietf-tcp-common"> >>> <keepalives> >>> <idle-time>15</idle-time> >>> <max-probes>3</max-probes> >>> <probe-interval>30</probe-interval> >>> </keepalives> >>> </tcp-common> >>> >>> I note that your example (and the subsequent ones) uses significantly >> shorter times than those recommended in the prose above. Should the idle >> time be greatly increased in the example? Or further text be included to justify >> or explain this example? >> >> Michael (co-author), I believe that you wrote this text. Can you guide us here? >> >> <snip> >> Given the cost of keep-alives, parameters have to be configured >> carefully: >> >> * The default idle interval (leaf "idle-time") MUST default to no >> less than two hours, i.e., 7200 seconds [RFC1122]. A lower value >> MAY be configured, but keep-alive messages SHOULD NOT be >> transmitted more frequently than once every 15 seconds. Longer >> intervals SHOULD be used when possible. >> </snip> > > Good catch. Out of my head, these values have been used in the draft since day one, i.e., before the reference to RFC 1122 was added. > > It makes sense to use more conservative values in the example. A proposal would be: > > <tcp-common xmlns="urn:ietf:params:xml:ns:yang:ietf-tcp-common"> > <keepalives> > <idle-time>7200</idle-time> > <max-probes>9</max-probes> > <probe-interval>75</probe-interval> > </keepalives> > </tcp-common> > > These are the defaults in the Linux kernel 6.1.0 (tested using Debian 12), i.e., I guess that order of magnitude is somewhat common. Perfect. I updated all of the examples to use these values. This item is considered resolved. > >>> Minor level comments: >>> >>> (8) p 6, sec 2.1.5. Guidelines for Configuring TCP Keep-Alives >>> >>> * The default idle interval (leaf "idle-time") MUST default to no >>> less than two hours, i.e., 7200 seconds [RFC1122]. A lower value >>> MAY be configured, but keep-alive messages SHOULD NOT be >>> transmitted more frequently than once every 15 seconds. Longer >>> intervals SHOULD be used when possible. >>> >>> Why not set the YANG default idle interval to 2 hours? In fact, why not >> assign defaults to all of these parameters? Or is the expectation that when >> these groupings are used, they may be refined with appropriate default values >> for the application? >> >> Good questions for Michael (my co-author), who worked on this section of >> the draft. > > Well, to be honest, I don't recall why we have not assigned default values. When the draft was discussed in TCPM, there has been some pushback regarding use of keep-alive messages in general. Also, different applications may have different timing requirements. One key requirement in RFC 1122 is that keep-alives should be off by default. No assigning default values is somewhat consistent with that. > > Yet, the reality is that TCP stacks have default values. As long as the guidance in RFC 1122 is taken into account, I don't believe adding a default value to the YANG model would be harmful, e.g. the ones used by Linux (see above). > > To be on the safe side, I have added the TCPM list in CC, given past TCPM discussions. Rob, I also see no harm in specifying default values. Applications can still refine the groupings with app-specific defaults. This being the case, I’ve now set Michael’s values for the defaults, and removed the “mandatory true”, as well as removed the “presence” statement on the parent container. Regarding “pushback” on TCP-keepalives, it is notable that keepalive may alternatively (and likely preferably) be configured at the SSH and TLS layers. That said, keepalives are a real thing at the TCP-layer, and thus it seems proper to allow them to be configured. Also, note that the TCP-layer may be used outside of a SSH/TLS context. This item is considered resolved. >>> (9) p 7, sec 2.1.5. Guidelines for Configuring TCP Keep-Alives >>> >>> * The maximum number of sequential keep-alive probes that can fail >>> (leaf "max-probes") trades off responsiveness and robustness >>> against packet loss. ACK segments that contain no data are not >>> reliably transmitted by TCP. Consequently, if a keep-alive >>> mechanism is implemented it MUST NOT interpret failure to respond >>> to any specific probe as a dead connection [RFC1122]. Typically, >>> a single-digit number should suffice. >>> >>> Some of this guidance might be better in the description in the YANG model, >> or alternatively having a reference back to this section. >> >> Michael, can you look at the “description” statement in the "ietf-tcp-common" >> YANG module too? > > The "description" statement already summarizes the most important constraints from Section 2.1.5, albeit in very few words and without much background. > > I don't know if the whole text from 2.1.5 needs to be added to the description in the YANG model. > > In my point of view, in the YANG model a reference to section 2.1.5 would be sufficient, e.g., along the lines of: > > "Further guidance can be found in Section 2.1.5 of RFC DDDD." > > This is my personal view. As the normative guidance in Section 2.1.5 was discussed in TCPM, it makes sense to have TCPM in the loop. Added "Further guidance can be found in Section 2.1.5 of RFC DDDD.” to the description statement. This item is considered resolved. >>> (13) p 13, sec 3.2. Example Usage >>> >>> <tcp-client xmlns="urn:ietf:params:xml:ns:yang:ietf-tcp-client"> >>> <remote-address>www.example.com</remote-address> >>> <remote-port>443</remote-port> >>> <local-address>0.0.0.0</local-address> >>> <local-port>0</local-port> >>> <proxy-server> >>> <socks5-parameters> >>> <remote-address>proxy.example.com</remote-address> >>> <remote-port>1080</remote-port> >>> <authentication-parameters> >>> <username-password> >>> <username>foobar</username> >>> <cleartext-password>secret</cleartext-password> >>> </username-password> >>> </authentication-parameters> >>> </socks5-parameters> >>> </proxy-server> >>> <keepalives> >>> <idle-time>15</idle-time> >>> <max-probes>3</max-probes> >>> <probe-interval>30</probe-interval> >>> </keepalives> >>> </tcp-client> >>> >>> Possibly for this example, it could elide the remote-port, local-address and >> local-port values to illustrate that they are not strictly requried to be >> populated. >> >> Generally, I want examples to populate every field, so to they’re visible to >> readers. But you’re right that configuring the defaults is lame. I changed the >> examples (both this one and the w/o proxy example) to configure non default >> values: >> >> <remote-port>8443</remote-port> >> <local-address>192.0.2.2</local-address> >> <local-port>12345</local-port> >> >> This item is considered resolved. > > Just to add: The keepalive example values in this example should probably be updated, too. Good catch, I did that too. > Michael Kent
- Re: [tcpm] [netconf] AD review of draft-ietf-netc… Scharf, Michael
- Re: [tcpm] [netconf] AD review of draft-ietf-netc… Kent Watsen
- Re: [tcpm] [netconf] AD review of draft-ietf-netc… Rob Wilton (rwilton)
- Re: [tcpm] [netconf] AD review of draft-ietf-netc… Kent Watsen
- Re: [tcpm] [netconf] AD review of draft-ietf-netc… Scharf, Michael
- Re: [tcpm] [netconf] AD review of draft-ietf-netc… Rob Wilton (rwilton)
- Re: [tcpm] [netconf] AD review of draft-ietf-netc… Rob Wilton (rwilton)
- Re: [tcpm] [netconf] AD review of draft-ietf-netc… Kent Watsen