Re: [tcpm] TCP zero window timeout?

Joe Touch <touch@ISI.EDU> Tue, 29 August 2006 23:49 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GIDL9-0004zE-6C; Tue, 29 Aug 2006 19:49:55 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GIDL8-0004z4-Ms for tcpm@ietf.org; Tue, 29 Aug 2006 19:49:54 -0400
Received: from vapor.isi.edu ([128.9.64.64]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GIDL5-0007CD-BW for tcpm@ietf.org; Tue, 29 Aug 2006 19:49:54 -0400
Received: from [128.9.176.224] (c2-vpn07.isi.edu [128.9.176.224]) by vapor.isi.edu (8.13.8/8.13.6) with ESMTP id k7TNn69s022397; Tue, 29 Aug 2006 16:49:06 -0700 (PDT)
Message-ID: <44F4D271.4090500@isi.edu>
Date: Tue, 29 Aug 2006 16:49:05 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 1.5.0.5 (Windows/20060719)
MIME-Version: 1.0
To: MURALI BASHYAM <murali_bashyam@yahoo.com>
Subject: Re: [tcpm] TCP zero window timeout?
References: <20060829181314.50826.qmail@web31715.mail.mud.yahoo.com>
In-Reply-To: <20060829181314.50826.qmail@web31715.mail.mud.yahoo.com>
X-Enigmail-Version: 0.94.0.0
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: c1c65599517f9ac32519d043c37c5336
Cc: "Mahdavi, Jamshid" <jamshid.mahdavi@bluecoat.com>, "Anantha Ramaiah \(ananth\)" <ananth@cisco.com>, tcpm@ietf.org, Ted Faber <faber@ISI.EDU>, Fernando Gont <fernando@gont.com.ar>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1274056917=="
Errors-To: tcpm-bounces@ietf.org


MURALI BASHYAM wrote:
> It's
> possible that the authors did not have the potential
> of a DOS attack when they created this mechanism.

TCP does not itself defend from DOS attacks. If you want to prevent
that, run connections over IPsec.

...
> The resources in question are connections and buffers.
> Here we are talking potentially huge numbers of them
> (100000 connections and even if each connection holds
> 1 buffer, that's a lot of buffer memory). A mechanism
> to reclaim these resources  would have to take into
> account the duration of the persist state of the
> connections, it can't be done blindly.

TCP isn't there to clean up state. If old connection state is
interfering with new connections, and the connection isn't making
progress, the application layer (the layer that runs the buffers) can
tell. That's an application-layer timeout.

Joe

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm