[tcpm] RE: draft-moncaster-tcpm-rcv-cheat-02 probabilistic test

<toby.moncaster@bt.com> Fri, 16 November 2007 10:51 UTC

Return-path: <tcpm-bounces@ietf.org>
Received: from [] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Isyn9-0002Dp-HY; Fri, 16 Nov 2007 05:51:19 -0500
Received: from tcpm by megatron.ietf.org with local (Exim 4.43) id 1Isyn8-00029m-6g for tcpm-confirm+ok@megatron.ietf.org; Fri, 16 Nov 2007 05:51:18 -0500
Received: from [] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Isyn7-00028g-RL for tcpm@ietf.org; Fri, 16 Nov 2007 05:51:17 -0500
Received: from smtp4.smtp.bt.com ([]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1Isyn7-0006bw-76 for tcpm@ietf.org; Fri, 16 Nov 2007 05:51:17 -0500
Received: from E03MVZ4-UKDY.domain1.systemhost.net ([]) by smtp4.smtp.bt.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 16 Nov 2007 10:51:16 +0000
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 16 Nov 2007 10:51:27 -0000
Message-ID: <BAB4DC0CD5148948A86BD047A85CE2A7043BF0FB@E03MVZ4-UKDY.domain1.systemhost.net>
In-Reply-To: <473B28E0.6040602@psc.edu>
Thread-Topic: draft-moncaster-tcpm-rcv-cheat-02 probabilistic test
Thread-Index: Acgm32OvxSNQW4BgSjCRjs0WhfCv8ABXI84w
From: <toby.moncaster@bt.com>
To: <jheffner@psc.edu>, <tcpm@ietf.org>
X-OriginalArrivalTime: 16 Nov 2007 10:51:16.0108 (UTC) FILETIME=[9CA324C0:01C8283E]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 3002fc2e661cd7f114cb6bae92fe88f1
Cc: bob.briscoe@bt.com
Subject: [tcpm] RE: draft-moncaster-tcpm-rcv-cheat-02 probabilistic test
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org

Hi John,

When we originally wrote the test we did think that the increase in RTT
estimate might act as a strong enough disincentive to those receivers
that were actively seeking to misbehave. However we realised this
probably wasn't the case, especially given the relatively coarse
granularity of most TCP timers. We obviously need to update the draft to
reflect this. Our current view is that the main protection afforded by
this test is as follows:

* Those receivers seeking to use optimistic acknowledgement are forced
to not use it as they may unwittingly optimistically acknowledge a
segment that was delayed. In turn they can't try and defeat the test in
the manner you suggest as this relies on them waiting for the data to
arrive before acknowledging (rather than acknowledging before it

* Those receivers that are seeking to conceal congestion losses must
have decided they don't need the missing data. This suggests either they
are streaming media off the sender or they are collaborating with the
sender. In the first instance I am not convinced it would be appropriate
for the sender to be performing the test as that may disrupt the
streaming (though more thought is needed here). In the second case the
sender and receiver are cooperating and so the sender would be unlikely
to want to challenge the conformance of the receiver. (Aside: There is a
subsidiary possibility which is that the receiver may be able to get the
missing data from some other source such as a parity file set on a
different server. This test can't overcome that possibility. The only
feasible defence then is to use cumulative nonces as described by Savage
et al in "TCP Congestion Control with a Misbehaving Receiver"

Further to this the test also allows for occasional delays larger than
6. If a receiver is actively seeking to defeat the test as above then it
will never be able to tell when a test is happening or when it is
natural re-ordering. In this case the receiver will get trapped into
sending a stream of duplicate acknowledgements to defeat the test when
in fact there was a genuine reordered segment. Thus it is not the actual
test that catches the receiver out but the natural behaviour that
underlies the test. The very existence of the test means a misbehaving
receiver is forced to assume any reordering is in fact a result of the
test (in order to defeat the test) and thus it is forced to respond to
all reordering as if it were a test thus making it compliant. 

Hope this answers your questions?


Toby Moncaster, <toby.moncaster@bt.com> Networks Research Centre, BT
Research B54/70 Adastral Park, Martlesham Heath, Ipswich, IP53RE, UK.
+44 1473 648734 

-----Original Message-----
From: John Heffner [mailto:jheffner@psc.edu] 
Sent: 14 November 2007 16:57
To: Moncaster,T,Toby,CXR9 R; tcpm
Subject: draft-moncaster-tcpm-rcv-cheat-02 probabilistic test


I'm not sure I completely understand some of the claims in Section
6.2.2, particularly: "That is to say, a receiver can either honestly
report the missing packets or it can suffer a reduced throughput by
delaying segments and increasing the RTT," and "Equally, a receiver that
delays transmission of the duplicate acknowledgements until it is sure
it is being tested will leave an obvious pattern of acknowledgements
that the sender can identify."

If I were designing a receiver to try to defeat this test, I would delay
response by six segments, or a short timeout, whichever is less.  If I
observe reordered segments, I would send the ACK/SACK that the sender
would expect.  Additionally, I would ACK any lost segments, and any
received segments as normal, only delayed by the time to receive the
following six segments.

You seem to have thought about this strategy, but I'm not sure I see how
the claims in section 6.2.2 apply.  I don't think this strategy will
increase the RTT so much that it will cause significant performance
reduction.  And I'm not sure how delaying the ACKs will leave an obvious
pattern that the sender can identify.  Am I missing something?


tcpm mailing list