Re: [tcpm] New Version Notification for draft-touch-tcpm-tcp-edo-01.txt
Bob Briscoe <bob.briscoe@bt.com> Fri, 23 May 2014 12:13 UTC
Return-Path: <bob.briscoe@bt.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AB751A0177 for <tcpm@ietfa.amsl.com>; Fri, 23 May 2014 05:13:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.552
X-Spam-Level:
X-Spam-Status: No, score=-2.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qcD8o5MGr2JA for <tcpm@ietfa.amsl.com>; Fri, 23 May 2014 05:13:44 -0700 (PDT)
Received: from hubrelay-rd.bt.com (hubrelay-rd.bt.com [62.239.224.98]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 276A11A0181 for <tcpm@ietf.org>; Fri, 23 May 2014 05:13:44 -0700 (PDT)
Received: from EVMHR01-UKBR.domain1.systemhost.net (193.113.108.40) by EVMHR66-UKRD.bt.com (10.187.101.21) with Microsoft SMTP Server (TLS) id 14.3.181.6; Fri, 23 May 2014 13:13:40 +0100
Received: from EPHR02-UKIP.domain1.systemhost.net (147.149.100.81) by EVMHR01-UKBR.domain1.systemhost.net (193.113.108.40) with Microsoft SMTP Server (TLS) id 8.3.348.2; Fri, 23 May 2014 13:13:39 +0100
Received: from bagheera.jungle.bt.co.uk (132.146.168.158) by EPHR02-UKIP.domain1.systemhost.net (147.149.100.81) with Microsoft SMTP Server id 14.3.181.6; Fri, 23 May 2014 13:13:39 +0100
Received: from BTP075694.jungle.bt.co.uk ([10.111.232.89]) by bagheera.jungle.bt.co.uk (8.13.5/8.12.8) with ESMTP id s4NCDa5P005525; Fri, 23 May 2014 13:13:37 +0100
Message-ID: <201405231213.s4NCDa5P005525@bagheera.jungle.bt.co.uk>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Fri, 23 May 2014 13:13:36 +0100
To: David Borman <dab@weston.borman.com>, Joe Touch <touch@isi.edu>
From: Bob Briscoe <bob.briscoe@bt.com>
In-Reply-To: <1AD79820-22C1-4500-84D1-1383F264D68C@weston.borman.com>
References: <20140425221257.12559.43206.idtracker@ietfa.amsl.com> <2586_1398464386_535ADF82_2586_915_1_535ADF56.9050106@isi.edu> <CF8D8E25-E435-4199-8FD6-3F7066447292@iki.fi> <5363AF84.8090701@mti-systems.com> <5363B397.8090009@isi.edu> <CAO249yeyr5q21-=e6p5azwULOh1_jUsniZ6YPcDYd69av8MMYw@mail.gmail.com> <DCC98F94-EA74-4AAA-94AE-E399A405AF13@isi.edu> <655C07320163294895BBADA28372AF5D2CFE36@FR712WXCHMBA15.zeu.alcatel-lucent.com> <20140503122950.GM44329@verdi> <655C07320163294895BBADA28372AF5D2D009E@FR712WXCHMBA15.zeu.alcatel-lucent.com> <201405221710.s4MHAY4S002037@bagheera.jungle.bt.co.uk> <537E3ACD.5000308@isi.edu> <1AD79820-22C1-4500-84D1-1383F264D68C@weston.borman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Scanned-By: MIMEDefang 2.56 on 132.146.168.158
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpm/YKmsL2GD60IHGjdJ3fKYrRcuJt8
Cc: "tcpm@ietf.org" <tcpm@ietf.org>
Subject: Re: [tcpm] New Version Notification for draft-touch-tcpm-tcp-edo-01.txt
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 May 2014 12:13:47 -0000
David, There is certainly no need for an additional RTT. Let me propose a couple of concrete strawmen (concrete men?) to show this. I'm not claiming these are novel. I know Joe and others think that we've seen enough of attempts to extend the TCP options on the SYN, but Joe should know that when he claims something is impossible, he wakes sleeping dragons in people like me. 1) Parallel control channel ___________________________ Client A sends two SYNs back-to-back to an existing well-known port (e.g. 80). * SYN D, establishes a regular data connection, with sufficient TCP options to be workable but they still fit within the existing 40B option limit. * SYN C establishes another parallel connection to the same well-known port that looks like regular data from the outside (it could even be an extension to HTTP to ensure middleboxes will let it pass), but it talks a new app-layer 'TCP control' protocol inside. If there is no support for the new app-layer protocol on port 80 the control channel just shuts down with a suitable HTTP error, while SYN D has opened a data connection with sufficient TCP options to be workable. If the new app-layer TCP control protocol is supported on port 80, the parallel control channel (C) adds unlimited additional control flexibility to the data channel (D) hardly any added latency. Establishing a similar control channel in the opposite direction would be fairly trivial. There are few, if any, middlebox problems with the above approach. However, there are certainly other problems, but no more insurmountable than all the problems that have already been discussed with taking the 'easy' route of EDO: * A secure binding would have to be added to bind channel C to a secret known only to the originator of channel D, otherwise it would open up data channels to spoof control channel attacks. This binding could be built on a TCP-AO option in channel D. * Channel C would need some way to refer to the segments of channel D that was robust against re-segmentation. * The main problem is that the two channels don't share fate; a control packet can be delayed relative to the point in the data stream at which it is attempting to exert control, possibly for a RTT if it is lost and has to be retransmitted. However, this is not insurmountable. The control protocol could include a mode to "synthesise shared fate", by making the data channel buffer data until an associated control segment had arrived. This would duplicate the latency impact of a loss or delay on either channel, but one can imagine mitigations that would consign this latency impact to corner cases. * It's a bit of a mess, but that comes with the territory when trying to fix legacy protocol problems. * The internal stack architecture seems to require a trombone back down into the kernel from user-space, but that is not insurmountable - a shim within the kernel on port 80 (for example) could redirect control channel data across to the "TCP control channel module" in the kernel, while passing non-control channel connections to user-space. 2) Build on LOIC ______________________ Long option with invalid checksum <draft-yourtchenko-tcp-loic-00> At 18:53 22/05/2014, John Leslie wrote: > That's too big of a change to ask folks to believe it safe. When I read an idea, I don't take it as set in stone and just find a hole and dismiss it. I see it as a potential stepping stone to a solution and think about how it could be done better. In fact, Andrew Yourtchenko said that was the intention of his write-up of LOIC. I believe that an approach worth further thought would be a mixture of the control channel idea and the invalid checksum idea. I'm thinking of: * a pure control SYN (C) sent first, then a base SYN (D) sent back-to-back, both to the same port. * SYN C would contain something invalid to cause a legacy TCP stack or legacy app to discard it (and hopefully less probability that a middlebox would), e.g. a payload that is invalid for the application protocol on the port. * there would be additional TCP options in the payload of SYN C to be added to the TCP options that arrived separately on the base SYN * The control SYN could be bound crytographically to the base SYN (as already described). * It could use the shim-like control stack arangement described earlier. By focusing solely on extending the SYN, this would avoid the ongoing shared fate problems that a separate control channel suffers throughout the connection. There would still be shared fate problems with 2 SYNs (e.g. the two SYNs get re-ordered), but the protocol would have to be designed to be robust to that (naively, SYN D could include a new TCP option that told a new stack to wait a few ticks for a SYN C, but that would be vulnerable to meddleboxes). Not insurmountable. Bob At 22:12 22/05/2014, David Borman wrote: >On May 22, 2014, at 12:58 PM, Joe Touch <touch@isi.edu> wrote: > > >> 2) However, I think the main problem is that many important cases will > >> need as large or larger TCP option space on the SYN as on non-SYNs. > > > > Oh, I certainly agree with this. The point of this proposal is twofold: > > > > a) (primary) to put to bed the notion that 'there is a way' > > to extend SYN option space without contaminating connections to > > legacy hosts > >Add to that "without adding any additional packet >exchanges." That's really the issue. This can be done, within the >existing TCP processing, but at the cost of an additional RTT, which >everyone tries to avoid. The receiver could respond to the initial >SYN with another SYN, which *can* take advantage of an extended >option space because it now knows that the other side supports >EDO. The originator incurs an additional RTT before it can send >data (2 vs 1 RTT), the receiver has no delay for when it can send >data (1.5 RTT). > >Besides the additional RTT for the originator, the biggest problem >with this would be all those blasted firewalls that would drop the >returning SYN-only responses. The other way to do this is that when >the SYN/ACK comes back indicating that the other side supports EDO, >then the originator sends another SYN with the expanded option >space. That has a cost of a full RTT in both directions. > > >But the issue still remains the same: for that initial SYN packet, >with no a priori knowledge, there is no way to extend the option >space and maintain 100% backwards compatibility. > > -David Borman ________________________________________________________________ Bob Briscoe, BT
- [tcpm] Fwd: New Version Notification for draft-to… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Pasi Sarolahti
- Re: [tcpm] New Version Notification for draft-tou… Wesley Eddy
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… John Leslie
- Re: [tcpm] New Version Notification for draft-tou… Yoshifumi Nishida
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Scharf, Michael (Michael)
- Re: [tcpm] New Version Notification for draft-tou… John Leslie
- Re: [tcpm] New Version Notification for draft-tou… Olivier Bonaventure
- Re: [tcpm] New Version Notification for draft-tou… Scharf, Michael (Michael)
- Re: [tcpm] New Version Notification for draft-tou… Costin Raiciu
- Re: [tcpm] New Version Notification for draft-tou… John Leslie
- Re: [tcpm] New Version Notification for draft-tou… John Leslie
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Wesley Eddy
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Costin Raiciu
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… John Leslie
- Re: [tcpm] New Version Notification for draft-tou… John Leslie
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Scheffenegger, Richard
- Re: [tcpm] New Version Notification for draft-tou… Bob Briscoe
- Re: [tcpm] New Version Notification for draft-tou… John Leslie
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Wesley Eddy
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… David Borman
- Re: [tcpm] New Version Notification for draft-tou… Bob Briscoe
- Re: [tcpm] New Version Notification for draft-tou… Bob Briscoe
- Re: [tcpm] New Version Notification for draft-tou… David Borman
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- [tcpm] timestamp options (was Re: New Version Not… Eggert, Lars
- Re: [tcpm] timestamp options (was Re: New Version… Brian Trammell
- Re: [tcpm] timestamp options (was Re: New Version… Scharf, Michael (Michael)
- Re: [tcpm] timestamp options (was Re: New Version… Scheffenegger, Richard
- Re: [tcpm] timestamp options (was Re: New Version… Scharf, Michael (Michael)
- Re: [tcpm] timestamp options (was Re: New Version… Scheffenegger, Richard
- Re: [tcpm] timestamp options (was Re: New Version… Scharf, Michael (Michael)
- Re: [tcpm] timestamp options (was Re: New Version… Yoshifumi Nishida
- Re: [tcpm] timestamp options (was Re: New Version… Joe Touch
- Re: [tcpm] timestamp options (was Re: New Version… Yoshifumi Nishida
- Re: [tcpm] timestamp options (was Re: New Version… Scheffenegger, Richard
- Re: [tcpm] New Version Notification for draft-tou… Bob Briscoe
- Re: [tcpm] New Version Notification for draft-tou… Bob Briscoe
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Bob Briscoe
- Re: [tcpm] New Version Notification for draft-tou… John Leslie
- Re: [tcpm] New Version Notification for draft-tou… Christoph Paasch
- Re: [tcpm] New Version Notification for draft-tou… Bob Briscoe
- Re: [tcpm] New Version Notification for draft-tou… Bob Briscoe
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Olivier Bonaventure
- Re: [tcpm] New Version Notification for draft-tou… Olivier Bonaventure
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] timestamp options (was Re: New Version… Joe Touch
- Re: [tcpm] timestamp options (was Re: New Version… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… John Leslie
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Olivier Bonaventure
- Re: [tcpm] New Version Notification for draft-tou… Olivier Bonaventure
- [tcpm] More TCP option space on SYNs Bob Briscoe
- Re: [tcpm] More TCP option space on SYNs Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- Re: [tcpm] New Version Notification for draft-tou… Joe Touch
- [tcpm] SYN extension using ACK=0 data packets Bob Briscoe
- Re: [tcpm] SYN extension using ACK=0 data packets Joe Touch
- Re: [tcpm] More TCP option space on SYNs Bob Briscoe
- Re: [tcpm] SYN extension using ACK=0 data packets Bob Briscoe
- Re: [tcpm] timestamp options (was Re: New Version… Yoshifumi Nishida
- Re: [tcpm] timestamp options (was Re: New Version… Joe Touch
- Re: [tcpm] timestamp options (was Re: New Version… Mark Allman
- Re: [tcpm] timestamp options (was Re: New Version… Mark Allman
- Re: [tcpm] timestamp options (was Re: New Version… Scharf, Michael (Michael)
- Re: [tcpm] timestamp options (was Re: New Version… Joe Touch
- Re: [tcpm] timestamp options (was Re: New Version… Joe Touch
- Re: [tcpm] timestamp options (was Re: New Version… Scharf, Michael (Michael)
- Re: [tcpm] timestamp options (was Re: New Version… Mark Allman
- Re: [tcpm] timestamp options (was Re: New Version… Mark Allman
- Re: [tcpm] timestamp options (was Re: New Version… Joe Touch
- Re: [tcpm] timestamp options (was Re: New Version… Yoshifumi Nishida
- Re: [tcpm] timestamp options (was Re: New Version… Yuchung Cheng
- Re: [tcpm] timestamp options (was Re: New Version… Mark Allman
- Re: [tcpm] timestamp options (was Re: New Version… Yuchung Cheng
- Re: [tcpm] More TCP option space on SYNs Martin Duke
- Re: [tcpm] More TCP option space on SYNs Joe Touch