Re: [tcpm] Comments on Soft Errors I-D: draft-ietf-tcpm-tcp-soft-errors-06
Joe Touch <touch@ISI.EDU> Tue, 03 July 2007 13:32 UTC
Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I5iUO-00065w-4N; Tue, 03 Jul 2007 09:32:20 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I5iUN-00062Z-4H for tcpm@ietf.org; Tue, 03 Jul 2007 09:32:19 -0400
Received: from vapor.isi.edu ([128.9.64.64]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I5iTj-0002hr-SJ for tcpm@ietf.org; Tue, 03 Jul 2007 09:32:19 -0400
Received: from [192.168.1.45] (pool-72-81-85-53.phlapa.east.verizon.net [72.81.85.53]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id l63DVKnb007362; Tue, 3 Jul 2007 06:31:21 -0700 (PDT)
Message-ID: <468A4FA6.7050809@isi.edu>
Date: Tue, 03 Jul 2007 06:31:18 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.4 (Windows/20070604)
MIME-Version: 1.0
To: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Subject: Re: [tcpm] Comments on Soft Errors I-D: draft-ietf-tcpm-tcp-soft-errors-06
References: <C2AFCD14.74BD%gorry@erg.abdn.ac.uk>
In-Reply-To: <C2AFCD14.74BD%gorry@erg.abdn.ac.uk>
X-Enigmail-Version: 0.95.1
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 27ec2ff0f5c3b18b49c722f4f1748838
Cc: tcpm@ietf.org, Fernando Gont <fernando@gont.com.ar>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0143070529=="
Errors-To: tcpm-bounces@ietf.org
Gorry Fairhurst wrote: > My observation was only that if a host repeatedly opens several TCP sessions > to search for a valid IP address (e.g. Attempting to try all IP addresses > that correspond to abc.com), then it *could* consume much more network & > host resources, than a host that opens a session to each address in turn, > with a backoff between each request. That's true, but there aren't rules for either parallel or serial. I.e., a host that opens 2 each (v4, v6) in parallel (then sequences through v4 and v6) consumes less resources than one that opens 8 in serial. It's a matter of rules governing how to try the sequence. I.e., either one could swamp things, depending on how the application works. Joe > > Gorry > > > On 2/7/07 22:13, "Joe Touch" <touch@ISI.EDU> wrote: > >> >> Gorry Fairhurst wrote: >>> The document looks in good shape, and seemed easy to read to me. >>> >>> Here are a few comments on the latest draft, really relating to >>> congestion-control and increased state. >>> >>> Best wishes, >>> >>> Gorry >>> >>> In Section 3.2 (Problems that may arise with Dual Stack IPv6 on by Default): >>> There may also be drawbacks in this approach --- e.g. this creates >>> additional host state, and could also establish additional context state for >>> other devices along the network path (NAT. Firewall, link compressors, >>> encryption devices, etc). >>> >>> Similarly, section 5 does not speak of the effects of a non-standard >>> approach on the network. One question I have relates to the behaviour of a >>> parallel and/or successive strategy to exploit multiple IP bindings. If I >>> understand, this opens a (potentially) large number of connections, to see >>> which succeeds. This seems to me to be injecting extra SYN packets into the >>> network, and therefore can potentially waste network resources. >>> >>> If these connections are in series, each is opened one after another, after >>> a "fixed" time (i.e. not exponentially backed-off)... which generates more >>> state or more packets/rtt than using the standard algorithm. >>> >>> When connections are opened in parallel, this is even more noted. In an >>> extreme case, this could look like a syn-attack or lead to congestion-based >>> loss. Are these concerns valid? Is this only used for a single IPv4 and an >>> equivalent IPv6 address? Are there limitations that would mitigate these >>> effects if I had many candidate addresses? >> RFC1122 discusses the technique of trying multiple addresses, and it is >> issue only when a DNS name resolves to multiple addresses. It would be >> unusual for a large number of addresses to refer to the same host; in >> many cases, there are only a small number for one host (typically for >> IPv4 and IPv6), and the larger number is used for DNS rotation to >> distribute load to a number of servers. There are exceptions, such as >> where multiple IP addresses are used for shared web service -- though >> that has fallen out of use as newer HTTP protocols determine the host in >> the request (sending GET and the DNS name, in addition to the filename) >> rather than only by the IP address (which was the only way compatible >> with HTTP 1.0, e.g.). >> >> Whether in serial or in parallel, methods to moderate the number of >> outstanding SYNs are probably useful. But this isn't the focus of this >> document anyway. >> >> Joe >> >>> ---- >>> >>> The remaining comments are editorial, for the author to consider in their >>> next rev: >>> >>> INTRODUCTION, paragraph 14: >>> - Could consider to tighten English a little. >>> >>> CURRENT: >>> This document describes a non-standard, but widely implemented, >>> modification to TCP's handling of ICMP soft error messages, that >>> rejects pending connection-requests when those error messages are >>> received. This behavior reduces the likelihood of long delays >>> between connection establishment attempts that may arise in a number >>> of scenarios, including one in which dual stack nodes that have IPv6 >>> enabled by default are deployed in IPv4 or mixed IPv4 and IPv6 >>> environments. >>> SUGGESTION: >>> This document describes a non-standard, but widely implemented, >>> modification to TCP's handling of ICMP soft error messages, which >>> rejects pending connection-requests when these error messages are >>> received. This behavior reduces the likelihood of long delays >>> between connection establishment attempts that may arise in a number >>> of scenarios, including one in which dual stack nodes that have IPv6 >>> enabled by default are deployed in IPv4, or mixed IPv4 and IPv6 >>> environments. >>> >>> Section 1., paragraph 2: >>> In the Internet architecture, the Internet Control Message Protocol >>> (ICMP) [RFC0792] is one fault isolation technique to report network >>> error conditions to the hosts sending datagrams over the network. >>> >>> - Add the IPv6 ICMP reference too here? >>> >>> >>> Section 3.2., paragraph 1: >>> - Language could perhaps be improved. >>> CURRENT: >>> A particular scenario in which the above sketched type of problem may >>> occur regularly is that where dual stack nodes that have IPv6 enabled >>> by default are deployed in IPv4 or mixed IPv4 and IPv6 environments, >>> and the IPv6 connectivity is non-existent >>> [I-D.ietf-v6ops-v6onbydefault]. >>> >>> SUGGESTION: >>> >>> A particular scenario in which the problems outlined above >>> can occur regularly arises where dual stack nodes (with IPv6 enabled >>> by default) are deployed in IPv4 or mixed IPv4 and IPv6 environments, >>> and the IPv6 connectivity is non-existent. >>> [I-D.ietf-v6ops-v6onbydefault]. >>> >>> Section 4.1., paragraph 0: >>> Could Add: Section 5 discusses drawbacks to changing this behaviour. >>> >>> >>> Section 4.2., paragraph 1: >>> - Language could perhaps be improved. >>> OLD: >>> A more conservative approach than simply treating soft errors as hard >>> errors as described above would be to abort a connection in the SYN- >>> SENT or SYN-RECEIVED states only after an ICMP Destination >>> Unreachable has been received a specified number of times, and the >>> SYN segment has been retransmitted more than some specified number of >>> times. >>> >>> SUGGESTION: >>> An approach that is more conservative than simply treating soft errors >>> as hard >>> errors, as described above, would be to abort a connection in the SYN- >>> SENT or SYN-RECEIVED states only after an ICMP Destination >>> Unreachable has been received a specified number of times, and the >>> SYN segment has been retransmitted more than some specified number of >>> times. >>> >>> Section 5, paragraph 1: >>> - Capital E? >>> CURRENT: >>> +----------------------------------+--------------------------------+ >>> | Time Exceeded (codes 0 and 1) | Time exceeded (codes 0 and 1) | >>> ^ >>> >>> Section 5.3., paragraph 1: >>> CURRENT: >>> Some NATs respond to an unsolicited inbound SYN segment with an ICMP >>> soft error message. If the system sending the unsolicited SYN >>> segment implements the workaround described in this document, it will >>> abort the connection upon receipt of the ICMP error message, thus >>> probably preventing TCP's simultaneous open through the NAT from >>> succeeding. However, it must be stressed that those NATs described >>> in this section are not BEHAVE-compliant, and therefore should >>> implement REQ-4 of [I-D.ietf-behave-tcp] instead. >>> >>> SUGGESTION: >>> Some NATs respond to an unsolicited inbound SYN segment with an ICMP >>> soft error message. If the system sending the unsolicited SYN >>> segment implements the workaround described in this document, it will >>> abort the connection upon receipt of the ICMP error message, thus >>> probably preventing TCP's simultaneous open through the NAT from >>> succeeding. However, it must be stressed that the NATs described >>> in this section are not BEHAVE-compliant, and therefore should >>> implement REQ-4 of [I-D.ietf-behave-tcp] instead. >>> >>> >>> >>> _______________________________________________ >>> tcpm mailing list >>> tcpm@ietf.org >>> https://www1.ietf.org/mailman/listinfo/tcpm > -- ---------------------------------------- Joe Touch Sr. Network Engineer, USAF TSAT Space Segment
_______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] Comments on Soft Errors I-D: draft-ietf-tc… Gorry Fairhurst
- Re: [tcpm] Comments on Soft Errors I-D: draft-iet… Joe Touch
- Re: [tcpm] Comments on Soft Errors I-D: draft-iet… Lloyd Wood
- Re: [tcpm] Comments on Soft Errors I-D: draft-iet… Joe Touch
- Re: [tcpm] Comments on Soft Errors I-D: draft-iet… Gorry Fairhurst
- Re: [tcpm] Comments on Soft Errors I-D: draft-iet… Joe Touch
- Re: [tcpm] Comments on Soft Errors I-D: draft-iet… Lloyd Wood
- Re: [tcpm] Comments on Soft Errors I-D: draft-iet… Gorry Fairhurst