Re: [tcpm] Further comments on draft-ietf-tcpm-accurate-ecn

"Scharf, Michael (Nokia - DE/Stuttgart)" <michael.scharf@nokia.com> Tue, 17 July 2018 05:04 UTC

Return-Path: <michael.scharf@nokia.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBCDB130F35; Mon, 16 Jul 2018 22:04:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y9cTYN7c0Nq2; Mon, 16 Jul 2018 22:03:59 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50116.outbound.protection.outlook.com [40.107.5.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5519413126F; Mon, 16 Jul 2018 22:03:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Cw2fSUlpezO9UQq5tCQOPTy3xrxLRXfTFITIFHrODLY=; b=hOZntYjBwczfhd9/GlO9128Dbsftgl95L3TNDttfn5h+4gTpW+GGTT41XXVDo9o5yo6fx7hiLJnBbRl32RqQrzYjimFN6QiUiMihXpVbkfNHGbn0DJryupU61q3lmI5lIcmQgwnwsnsPBoKsTKwSD5BDFzMR/fa/8qhbC9vZzGE=
Received: from VI1PR07MB0880.eurprd07.prod.outlook.com (10.161.108.22) by VI1PR07MB4111.eurprd07.prod.outlook.com (52.134.21.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.973.14; Tue, 17 Jul 2018 05:03:55 +0000
Received: from VI1PR07MB0880.eurprd07.prod.outlook.com ([fe80::3c69:da1e:3095:ab25]) by VI1PR07MB0880.eurprd07.prod.outlook.com ([fe80::3c69:da1e:3095:ab25%11]) with mapi id 15.20.0973.013; Tue, 17 Jul 2018 05:03:55 +0000
From: "Scharf, Michael (Nokia - DE/Stuttgart)" <michael.scharf@nokia.com>
To: Bob Briscoe <in@bobbriscoe.net>, "Scheffenegger, Richard" <rs.ietf@gmx.at>, "draft-ietf-tcpm-accurate-ecn@ietf.org" <draft-ietf-tcpm-accurate-ecn@ietf.org>, "tcpm@ietf.org" <tcpm@ietf.org>
Thread-Topic: [tcpm] Further comments on draft-ietf-tcpm-accurate-ecn
Thread-Index: AdQceOJERSLj2vrfRDK99tsOpJm3vgAbKySAABFOwRAAC+6MAAALpqVw
Date: Tue, 17 Jul 2018 05:03:55 +0000
Message-ID: <VI1PR07MB0880117F1E022DB8B7A6C987935C0@VI1PR07MB0880.eurprd07.prod.outlook.com>
References: <AM2PR07MB086725AB3E0DFF2CFFAAE07A935E0@AM2PR07MB0867.eurprd07.prod.outlook.com> <25ea555d-8eea-57f1-8652-8dd234441010@gmx.at> <VI1PR07MB08800A9BA1D2195D62A1FE32935D0@VI1PR07MB0880.eurprd07.prod.outlook.com> <6da3bc63-7720-2d5a-7cf4-dc79c791e9c7@bobbriscoe.net>
In-Reply-To: <6da3bc63-7720-2d5a-7cf4-dc79c791e9c7@bobbriscoe.net>
Accept-Language: en-US, de-DE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [92.203.174.125]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR07MB4111; 6:alxaxvTQUnP+wN1hRvuWWyafUMpdMKCXV+AnBYdHVWyFc5TbZ0RwC3ZFUlbsgxgZFp9QdRP7/rY+DmwTDdJwoIQQ+ZMJ8DTkWLVsaNk+zBpRtdzxtN2aTBSrgpZTygpmVR9DXg7g20v0IZTNVDFHVHxeLbS1vvMunP/jkr3FGLmFyfacmSDc9vurcgGPws8RdLEyBJIt+qr1Y7VShpI4VblRhPGfczldnO21CyR2s8Jchu8m7hB9In17mXs7G7ExW0Q01AWYSKX/eJta5Tc/tlxoPbblu0w/nmprUuxiaxGYGWIPLX+fgT8g5ikVyaxVjPxD4sdnD18uzoDPE05/Vj0MrKS7/yf0a3n9I81SJSpCvvj5Qdpjvm8TseVjKviXCpt1xe3mMLcYWfIiAH6ZC1G8hmyvAoW5tSI20K7CSimrCePCjlnfOCYbXRNHaxr14DKZz/Yco6rpveOmw7pKDw==; 5:378pD7lpzVuEIvgOBI9DxSgd59JL9ejGqme4pPMH0gN9u1UXb/xWaJv3otwsfjea1TOWqQQcJwm+VhO05lFQDRDVImPOYkZFN2DspeulPjujdm7u2cjT99LewcYA1UmFlwDfYr09YWgDZ0LhuXTrDy+zJ37iinNPv+Db1SOTLDY=; 7:itWYSeqFoWeAriZdho/Sul5Kr5PUPJiYY2NRcnFb7WhDD4U6ZfJyhdO+ZkweMFj77Ke5yOq8GpNacfFm1fF8nJV7K6TplLKk1saPF7t2JsLEDpUxRe3EGLdEXNQehEAkD0gaZon8FtYyAldPoxT3lKpxHE6vhpQWUmigaDpzSdWKRiYYMO5fBcn3NoUn8VLU1NlMCn2ynT1FJt+VVzjuXpjD7ZKjfqNEEnrKJUiw4PerDcReHwd48inrN5znibGe
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 5ad796ca-0090-4a63-eca4-08d5eba2b267
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:(109105607167333); BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(48565401081)(2017052603328)(7193020); SRVR:VI1PR07MB4111;
x-ms-traffictypediagnostic: VI1PR07MB4111:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=michael.scharf@nokia.com;
x-microsoft-antispam-prvs: <VI1PR07MB41119EC663959B208E3922BB935C0@VI1PR07MB4111.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(72170088055959)(192374486261705)(82608151540597)(109105607167333)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3002001)(3231311)(11241501184)(806099)(944501410)(52105095)(93006095)(93001095)(10201501046)(6055026)(149027)(150027)(6041310)(20161123558120)(20161123564045)(20161123560045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011)(7699016); SRVR:VI1PR07MB4111; BCL:0; PCL:0; RULEID:; SRVR:VI1PR07MB4111;
x-forefront-prvs: 073631BD3D
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(376002)(346002)(366004)(39860400002)(396003)(13464003)(189003)(199004)(7736002)(110136005)(11346002)(2501003)(476003)(486006)(74316002)(446003)(99286004)(2201001)(2900100001)(14454004)(966005)(5250100002)(6116002)(5660300001)(3846002)(86362001)(478600001)(93886005)(2906002)(316002)(790700001)(105586002)(8676002)(106356001)(97736004)(7696005)(26005)(6436002)(81156014)(81166006)(229853002)(8936002)(76176011)(606006)(256004)(68736007)(53936002)(25786009)(14444005)(6506007)(53546011)(102836004)(66066001)(9686003)(236005)(186003)(33656002)(53376002)(6246003)(55016002)(54896002)(6306002); DIR:OUT; SFP:1102; SCL:1; SRVR:VI1PR07MB4111; H:VI1PR07MB0880.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: ayYq+pIb61QBeMErZ6j5SSByo57BR4ZXwyGKVc9M104cWeuD72sxyFjfyHlnkoalhxunJ+jNgNf3tXrXndXACLtz8TnP8BaGr7DdElOlhm0W2tPVHcxxLSa9yzQeDZV/de1+ylr7N1DEJUnW0A9CNC0jcuqHi9RXmQOlEDzPhqqqARcHruBiaf6ZlQ2pwRES49RYjB/G2BBu787nUZxZF+zOa3WS890qvm5KC3u2Pj22ZfntvicTR053WvHFjbMNNWjMJdQUbWyeRRrf/8tdKYPkQL53pcYoqEDzzgU7PXaGkAqQGF2Mprh7jyczPWAWv4r14rkt3DxHkaY8KMl33abHTPnq3GDnAJegjZb+uJxYeAojbN99lYpM1YEb6LYrQ4ZNF2KuyXsAEaE1dwheMQ==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_VI1PR07MB0880117F1E022DB8B7A6C987935C0VI1PR07MB0880eurp_"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5ad796ca-0090-4a63-eca4-08d5eba2b267
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jul 2018 05:03:55.1966 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB4111
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/8sxW4lootnN0SQboK-wrZ1MhGbY>
Subject: Re: [tcpm] Further comments on draft-ietf-tcpm-accurate-ecn
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jul 2018 05:04:12 -0000

I disagree. I believe it would be possible to design a protocol spec that is more backward compatible with standardized ECN on the wire, which would not cause issue to (potentially) deployed passive monitoring systems that use packet sampling. Such passive monitoring systems could e.g. make wrong traffic engineering decisions because the TCP connection is not compliant to the ECN standards. Anomaly detection could also be triggered as the TCP header of packets deviates from the IETF standards. Due to the limited deployment of ECN, it is possible that this is not an important problem.

Yet, it is a design choice of the protocol that within a sampled packet stream standardized ECN cannot be distinguished from the proposed experiment, and that the experimental TCP header encoding on the wire is not backward compatible to the existing standards.

I believe a discussion on potential operational impact on potentially deployed systems belong into the document, e.g., along the lines of the text of Richard has written.

Michael


From: Bob Briscoe [mailto:in@bobbriscoe.net]
Sent: Tuesday, July 17, 2018 1:13 AM
To: Scharf, Michael (Nokia - DE/Stuttgart) <michael.scharf@nokia.com>om>; Scheffenegger, Richard <rs.ietf@gmx.at>at>; draft-ietf-tcpm-accurate-ecn@ietf.org; tcpm@ietf.org
Subject: Re: [tcpm] Further comments on draft-ietf-tcpm-accurate-ecn

Michael,



-----Original Message-----

From: Scheffenegger, Richard [mailto:rs.ietf@gmx.at]

Sent: Monday, July 16, 2018 11:16 AM

To: Scharf, Michael (Nokia - DE/Stuttgart) <michael.scharf@nokia.com><mailto:michael.scharf@nokia.com>;

draft-ietf-tcpm-accurate-ecn@ietf.org<mailto:draft-ietf-tcpm-accurate-ecn@ietf.org>; tcpm@ietf.org<mailto:tcpm@ietf.org>

Subject: Re: [tcpm] Further comments on draft-ietf-tcpm-accurate-ecn



Hi Michael,
On 16/07/18 13:48, Scharf, Michael (Nokia - DE/Stuttgart) wrote:

Section 7.  Security Considerations



[ms] I wonder about the security implications of "confusing" classic ECN

and AccECN feedback in (passive) network monitoring solutions,


[snip]

[RS] As to the passive monitoring - Mirja and Brian will certainly expand on this,

but sampling ever so often should expose ACE field codepoints with high

probability, which are unlikely or not possible with RFC3168 ECN (e.g. CWR +

ECE is very unlikely - pure ACKs are not ECT marked in RFC3168, and

bidirectional data exchange without stretches of pure acks is not common),

anything with the former "NS" bit set has never been observed on the public

internet to my knowledge. To summarize random sampling has at least a

5/8th chance to detect AccECN. However, as r.cep (section 3.2) is initialized to

a value of 5 (101b), and many (short) flows probably rarely encounter a CE

mark, the chance to detect, by random sampling, the presence of AccECN

passively is even higher than this.  Short flow with up to 2 CE marks are

immediately detectable, as the former "NS" bit remains set.

[ms] To me, this sort of discussion belongs into the document.


[BB] Although it's interesting to consider whether passive monitoring would be able to detect a difference between one version of a protocol and another, I think any discussion of that belongs in a draft about passive monitoring, or in mailing list discussion (as here). Not in a protocol spec.

We can't be expected to have to ensure that new protocols can be distinguished from old protocols by monitoring systems that haven't been properly programmed to look for the protocol negotiation during the handshake. If such a monitoring system is controlling something critical and it's not monitoring correctly, that is surely a safety issue with the monitoring system, not with the new protocol.

Having just been talking to a colleague who set up the monitoring systems for a mobile operator, the first and most obvious thing they do is look for the flow starts.




Bob




--

________________________________________________________________

Bob Briscoe                               http://bobbriscoe.net/