IETF Logo Mail Archive

[tcpm] Asymmetric Middleboxes and Extended Data Offset (EDO)

Bob Briscoe <bob.briscoe@bt.com> Thu, 02 October 2014 11:51 UTC

Return-Path: <bob.briscoe@bt.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DDCA1A1AEB for <tcpm@ietfa.amsl.com>; Thu, 2 Oct 2014 04:51:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.488
X-Spam-Level:
X-Spam-Status: No, score=-1.488 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gpEKGfmxZyGF for <tcpm@ietfa.amsl.com>; Thu, 2 Oct 2014 04:51:04 -0700 (PDT)
Received: from hubrelay-by-03.bt.com (hubrelay-by-03.bt.com [62.7.242.139]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3993C1A1ACE for <tcpm@ietf.org>; Thu, 2 Oct 2014 04:51:03 -0700 (PDT)
Received: from EVMHR01-UKBR.domain1.systemhost.net (193.113.108.40) by EVMHR03-UKBR.bt.com (10.216.161.35) with Microsoft SMTP Server (TLS) id 8.3.348.2; Thu, 2 Oct 2014 12:50:56 +0100
Received: from EPHR01-UKIP.domain1.systemhost.net (147.149.196.177) by EVMHR01-UKBR.domain1.systemhost.net (193.113.108.40) with Microsoft SMTP Server (TLS) id 8.3.348.2; Thu, 2 Oct 2014 12:51:00 +0100
Received: from bagheera.jungle.bt.co.uk (132.146.168.158) by EPHR01-UKIP.domain1.systemhost.net (147.149.196.177) with Microsoft SMTP Server id 14.3.181.6; Thu, 2 Oct 2014 12:50:58 +0100
Received: from BTP075694.jungle.bt.co.uk ([10.215.135.252]) by bagheera.jungle.bt.co.uk (8.13.5/8.12.8) with ESMTP id s92Bov3U014372; Thu, 2 Oct 2014 12:50:58 +0100
Message-ID: <201410021150.s92Bov3U014372@bagheera.jungle.bt.co.uk>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Thu, 02 Oct 2014 12:50:12 +0100
To: Joe Touch <touch@isi.edu>, "Eddy Wesley M. [VZ]" <Wesley.M.Eddy@nasa.gov>
From: Bob Briscoe <bob.briscoe@bt.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Scanned-By: MIMEDefang 2.56 on 132.146.168.158
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpm/YDB3sBAKXErey4v8ze90sfwiNZY
Cc: tcpm IETF list <tcpm@ietf.org>
Subject: [tcpm] Asymmetric Middleboxes and Extended Data Offset (EDO)
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Oct 2014 11:51:06 -0000

Joe, Wes,

It is known that new TCP options are removed on x% of paths.
It is also known that y% of paths are asymmteric
Let's assume z% of the TCP-option-removing middleboxes are on the asymmetric part of a path.

(x y and z are left as an exercise for the experimenter. I'm offline at the mo, but I know there are papers that give good estimates of x and y at least).

Also some middleboxes behave asymmetrically, for instance firewalls have stricter rules for traffic arriving from the public side vs the private side. Such a device might remove unknown TCP options in one direction, but not the other.

==Legend==
C               = TCP client
S               = TCP server
EDO             = EDO delivered
!X-EDO-X!       = Middlebox removes EDO TCP option
Extra-opts      = TCP options beyond the Data Offset (preserved)
???!!!  = confused or crashes

==Scenarios==

1. EDO not removed from SYN, but middlebox removes EDO from SYN/ACK 
1.1 Extra Options on SYN/ACK

   C ->                    EDO   -> S
   C <-   !X-EDO-X!   Extra-opts <- S
   C ???!!!

1.2 Extra Options on subsequent segment from server

   C ->                   EDO    -> S
   C <-   !X-EDO-X!              <- S
     ...
   C <-   !X-EDO-X!   Extra-opts <- S
   C ???!!!

2. EDO not removed from SYN or SYN/ACK
2.1 Middlebox removes EDO from subsequent segment from server

   C ->                   EDO    -> S
   C <-      EDO      Extra-opts <- S
     ...
   C <-   !X-EDO-X!   Extra-opts <- S
   C ???!!!

2.2 Middlebox removes EDO from subsequent segment from client

   C ->                   EDO    -> S
   C <-      EDO      Extra-opts <- S
     ...
   C ->   Extra-opts   !X-EDO-X! -> S
                             ???!!! S


==Commentary==

Case #1:
The passive opener (server) thinks that the connection supports EDO, so it sends a SYN/ACK confirming this. But before it reaches the client, a middlebox removes unknown TCP options, but forwards the payload unchanged, including the extra TCP options.

Without the EDO option, the client believes everything beyond the Data Offset in the SYN/ACK is payload, so it passes both the extra TCP options and the actual payload to the app. 

Outcome in both cases under #1: 
        TCP delivers corrupt user-data to the client.

Case #2:
The 3WHS negotiating EDO completes correctly, so both ends correctly think that the connection supports EDO. But later in the connection, a middlebox starts removing unknown TCP options, but continues to forward the payload unchanged. This is probably much less likely than case 1.1, but might be due to a path change, or the behaviour of a middlbox being different for segments with SYN=0.

Again, without the EDO option, the receiving end believes everything beyond the Data Offset is payload, so it passes both the extra TCP options and the actual payload to the app. 

Outcome in case #2.1: 
        TCP delivers corrupt user-data to the client.
Outcome in case #2.2: 
        TCP delivers corrupt user-data to the server.

==Implications==

I found the above problem when I was working through all the possible problems if I was to integrate EDO with draft-briscoe-tcpm-syn-op-sis (to extend TCP option space on non-SYN packets subsequent to extending space on the SYN).

In the light of the above, I won't be integrating EDO with syn-op-sis. I don't think we should introduce anything to TCP with a known risk of delivering corrupt user-data, even if the risk is low. If there were a middlebox behaviour that 'just' blocked the new feature, it would be another matter. But if asymmetry does cause TCP to deliver corrupt data to certain users, the same users will continually experience bizarre and unreliable behaviour - very expensive for customer support people to diagnose.

I shall be adding a section to the syn-op-sis draft to define how syn-op-sis can be used to extend the TCP option space on any packet as well as the SYN (it's fairly obvious). I believe it will be immune to the above problem. (Joe, I'll also add an Appendix for the alternative protocol structure I mentioned in response to you not liking the trailer-based structure.)

As you know, I was amazed when it was proposed that EDO should go forward for proposed standard. I said in the TCPM meeting that it should be at least experimental, because these days any new TCP options need to be tested against a wide range of middlebox behaviours. With the above problems, I think we should revisit the decision even to adopt EDO.

Sorry guys, EDO looked promising, but our job is to ensure TCP continues to be robust. 


Regards


Bob


________________________________________________________________
Bob Briscoe,                                                  BT

v2.23.0 | Report a Bug | By Email