IETF Logo Mail Archive

Re: [tcpm] [tsvwg] Review of draft-bagnulo-tsvwg-generalized-ecn-01

"Black, David" <David.Black@dell.com> Sat, 10 December 2016 02:36 UTC

Return-Path: <David.Black@dell.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D06381295C9; Fri, 9 Dec 2016 18:36:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.702
X-Spam-Level:
X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=fail (1024-bit key) reason="fail (message has been altered)" header.from=David.Black@dell.com header.d=dell.com; dkim=pass (1024-bit key) header.d=dell.com header.b=gYgQfZon; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=emc.com header.b=UU/UlDIe
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qtzz3h0cdLRk; Fri, 9 Dec 2016 18:36:32 -0800 (PST)
Received: from esa1.dell-outbound.iphmx.com (esa1.dell-outbound.iphmx.com [68.232.153.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9CF9128BA2; Fri, 9 Dec 2016 18:36:32 -0800 (PST)
DomainKey-Signature: s=smtpout; d=dell.com; c=simple; q=dns; h=Received:From:Received:Received:X-DKIM:DKIM-Signature: X-DKIM:Received:Received:Received:To:Subject:Thread-Topic: Thread-Index:Date:Message-ID:References:In-Reply-To: Accept-Language:Content-Language:X-MS-Has-Attach: X-MS-TNEF-Correlator:x-originating-ip:Content-Type: Content-Transfer-Encoding:MIME-Version: X-Sentrion-Hostname:X-RSA-Classifications; b=sIQWK4DOQn5+cKv8j58iCkjpBlXUmxid+lcQqy5VJq7DwFTCSEgE3+Dv 7CG3PtSAnr+quzyq1hSt5ggbfIIFW0yYFFJImP/ri+nMNLm0cY0+PQgoQ 92ZKFMcH1jAmiJYCZ4U9u4pUsG1DdTnOsnV0YihlDSW9IU0pJL5difieJ o=;
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dell.com; i=@dell.com; q=dns/txt; s=smtpout; t=1481337392; x=1512873392; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=dd11OOoDZiRCnVGHQHT8CoUVieVrfTGIjuUtJzfnu5U=; b=gYgQfZone5rv1IukHabIWauxxZMCstlz0Cukfr+vUn1YPBEQmspKF1JS 2bLYqcgu1RVfluKEcx3PqTsnyfOl+H73dOyA/+sWWGwrRj3balGg3lffY QauC0YfK2ddYWQ4XNR45XsIFw0zRRQ9TlCtJK3QoGLTX8zScuKfkNCOex s=;
Received: from esa5.dell-outbound2.iphmx.com ([68.232.153.203]) by esa1.dell-outbound.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 09 Dec 2016 20:36:32 -0600
From: "Black, David" <David.Black@dell.com>
Received: from mailuogwdur.emc.com ([128.221.224.79]) by esa5.dell-outbound2.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Dec 2016 08:36:31 +0600
Received: from maildlpprd56.lss.emc.com (maildlpprd56.lss.emc.com [10.106.48.160]) by mailuogwprd51.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id uBA2aTm7004418 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 9 Dec 2016 21:36:30 -0500
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd51.lss.emc.com uBA2aTm7004418
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1481337391; bh=TXHSqUgQ9VakDjlavdO3AULZ/Uo=; h=From:To:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=UU/UlDIe3rbPqdTQnVoEoxucgYWZoG091aX06wMqRgv5HvcLCEeua2tS+quaTTbu3 K2ewdU9ojQnxiKB/UDoocvDjiXFcvD/2z8UdpFuNZWZi+XFsuuGUeWfQcnJVbpnI/7 tOGtceAyGoEuOoFXZm+r5CiwVlmwpG7ybHNJzb64=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd51.lss.emc.com uBA2aTm7004418
Received: from mailusrhubprd51.lss.emc.com (mailusrhubprd51.lss.emc.com [10.106.48.24]) by maildlpprd56.lss.emc.com (RSA Interceptor); Fri, 9 Dec 2016 21:36:11 -0500
Received: from MXHUB306.corp.emc.com (MXHUB306.corp.emc.com [10.146.3.32]) by mailusrhubprd51.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id uBA2a9J2021720 (version=TLSv1.2 cipher=AES128-SHA256 bits=128 verify=FAIL); Fri, 9 Dec 2016 21:36:11 -0500
Received: from MX307CL04.corp.emc.com ([fe80::849f:5da2:11b:4385]) by MXHUB306.corp.emc.com ([10.146.3.32]) with mapi id 14.03.0266.001; Fri, 9 Dec 2016 21:36:10 -0500
To: Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>, "tsvwg@ietf.org" <tsvwg@ietf.org>, marcelo bagnulo braun <marcelo@it.uc3m.es>, Bob Briscoe <ietf@bobbriscoe.net>, "tcpm@ietf.org" <tcpm@ietf.org>
Thread-Topic: [tsvwg] Review of draft-bagnulo-tsvwg-generalized-ecn-01
Thread-Index: AQHSUj0tiIbTpq4p30CWtzhFnVxA2KEAduuA
Date: Sat, 10 Dec 2016 02:36:09 +0000
Message-ID: <CE03DB3D7B45C245BCA0D243277949362F78A4FF@MX307CL04.corp.emc.com>
References: <ebffac4d-ab63-c89d-f5e1-6fa48a059930@tik.ee.ethz.ch>
In-Reply-To: <ebffac4d-ab63-c89d-f5e1-6fa48a059930@tik.ee.ethz.ch>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.105.8.135]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd51.lss.emc.com
X-RSA-Classifications: public
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/RJfbpNgsWvBPcK8Ch4izth_ObbM>
Subject: Re: [tcpm] [tsvwg] Review of draft-bagnulo-tsvwg-generalized-ecn-01
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Dec 2016 02:36:35 -0000

Hi Mirja
[+tcpm WG]

The datatracker records draft-bagnulo-tsvwg-generalized-ecn as replaced
by draft-bagnulo-tcpm-generalized-ecn - the latter draft is expected to move
this work forward in the tcpm WG.

Thanks, --David

> -----Original Message-----
> From: tsvwg [mailto:tsvwg-bounces@ietf.org] On Behalf Of Mirja Kühlewind
> Sent: Friday, December 09, 2016 11:56 AM
> To: tsvwg@ietf.org; marcelo bagnulo braun; Bob Briscoe
> Subject: [tsvwg] Review of draft-bagnulo-tsvwg-generalized-ecn-01
> 
> Hi all,
> 
> find below review comments for draft-bagnulo-tsvwg-generalized-ecn-01 as an
> individual contributor (classified in different categories):
> 
> Comments on Argumentation:
> Please note that I do support the document and marking of control packets
> given the otherwise negative impact on performance especially if we would aim
> for an all-ECN Internet in future. These additional arguments are provided to
> be added for discussion in the doc for completeness.
> 
> Section 2 (the reliability argument)
> -----
> Even though this is not spelled out like this in RFC3168, I would like to
> extend the argument here a little:
> 
> 1) I'm okay to say that if loss is not detected reliably for this kind of
> packet, you may as well not require to detect CE marks. However, receiving a
> CE mark, detecting it, and just no reacting to it, is a different thing. I
> clearly see the trade-off here for TCP but I don't want this to be a
> statement where other protocols say it's okay to not react to CE because TCP
> is doing this as well for ACKs. Note sure yet how to solve this problem and
> I'm not comfortable with recommending to mark control packets whiteout at the
> same time defining standard mechanisms for TCP how to react to it.
> 
> 2) If a packet is dropped, it's gone and cannot further congest the link.
> This is the mechanism of the network to protect itself. However, if you mark
> a packet as ECN capable, it keeps sitting in the queue and another non-ECT
> packet might be dropped instead. This is a well-known general problem of ECN,
> however, if the ECT-marked is then also unresponsive to CE marking, this
> might make the situation worse.
> 
> Section 3 (TCP SYNs): Argument 3 (DoS attacks)
> ---
> Having ECT marked attack traffic makes it worse because this might leads to a
> even higher loss rate for non-ECT traffic while ECT packets keep sitting in
> the queue.
> 
> Section 4 (Pure ACKs): second argument
> ---
> The difference it that an CE marking on a ACK can be detected by the receiver
> (even though it not fully clear how to react to it or just ignore
> it...hopefully not) but you can't detect ACK loss because you don't know how
> many ACKs have been send initially. I don't think this is an issue but you say:
> "If the pure ACK carrying the
>     ECT and the CE bits set is later dropped by the network, it will be
>     essentially falling back to the use of drop as congestion signal."
> which seems wrong.
> 
> However, this is on the other had a pro argument because while loss cannot be
> detected at all, there is at least a chance to detect CE marked ACKs.
> 
> 
> Comments on the more editorial side:
> 1) One more argument to make in the intro, especially as you mention l4s, is
> that in this case, having the packets not marked as ECT could even lead to
> differential network treatment, which might influence performance even more.
> 2) I would recommend to move the discussion on data centers in section 3 to a
> separate section at the end of the doc because that's the only time you talk
> about data centers.
> 3) In section 3 regarding [ecn-pam], you are assuming that the packets were
> dropped the the endpoint/receiver, however, there could also be middleboxes
> doing this. I don't think we looked at RST but that would be interesting.
> 3) section 3 "The responder may drop the SYN (either silently or by sending a
> RST) or may reply with a non ECT marked SYN/ACK.  If it is the latter,
>     then this is a non-issue" -> I wouldn't call it a non-issue because at
> least the congestion signal got lost.
> 4) I think you need security considerations.
> 
> Nit:
> section 3, 1. sentence: s/We next describe he arguments exhibited/We next
> describe the arguments exhibited/
> 
> And the important bit at the end:
> 
> One high-level comment:
> This document is a good read, however, it is not clear what an implementor
> should actually do if he/she want to enable ECN on control packets. Instead
> of only have an informational discussion, I would rather see an experiment
> where you proposed concrete things/machanims that should/must be done
> when
> ECN is used on control packets.
> 
> Further, at the end of section 3, you not only discuss potential
> fallbacks/safety guards on how to use ECN on control packets but you actually
> propose changes to the ECN protocol as specified in RFC3168. This part really
> doesn't seem to be appropriate for an informational doc and also would need
> further discussion as an experiment. As you have to rely for these mechanism
> on changes on both the sender and receiver side, I would simply just use
> AccECN instead. This would mean there should maybe be a recommendation that
> if the initiator wants to set ECT on control packets incl. the SYN it
> should/must also try to negotiate AccECN in the handshake (which anyway as an
> implict fallback to calssic ECN if AccECN is not supported by the receiver).
> 
> Thanks for writing the doc. I think this is a very good starting point!
> 
> Mirja

v2.23.0 | Report a Bug | By Email