Re: [tcpm] More TCP option space in a SYN: draft-briscoe-tcpm-syn-op-sis-02
John Leslie <john@jlc.net> Fri, 26 September 2014 19:53 UTC
Return-Path: <john@jlc.net>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7805D1A0242 for <tcpm@ietfa.amsl.com>; Fri, 26 Sep 2014 12:53:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.986
X-Spam-Level:
X-Spam-Status: No, score=-4.986 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.786] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BjvkhmYRi2VD for <tcpm@ietfa.amsl.com>; Fri, 26 Sep 2014 12:53:47 -0700 (PDT)
Received: from mailhost.jlc.net (mailhost.jlc.net [199.201.159.4]) by ietfa.amsl.com (Postfix) with ESMTP id B7C0F1A0092 for <tcpm@ietf.org>; Fri, 26 Sep 2014 12:53:46 -0700 (PDT)
Received: by mailhost.jlc.net (Postfix, from userid 104) id B44D2C94BE; Fri, 26 Sep 2014 15:53:38 -0400 (EDT)
Date: Fri, 26 Sep 2014 15:53:38 -0400
From: John Leslie <john@jlc.net>
To: Bob Briscoe <bob.briscoe@bt.com>
Message-ID: <20140926195338.GH83009@verdi>
References: <201409222045.s8MKjZdD002071@bagheera.jungle.bt.co.uk> <542344DA.9020905@isi.edu> <201409250956.s8P9uae9013452@bagheera.jungle.bt.co.uk> <alpine.OSX.2.00.1409251716260.69041@ayourtch-mac> <201409251842.s8PIgUdQ015414@bagheera.jungle.bt.co.uk> <alpine.OSX.2.00.1409260049040.69041@ayourtch-mac> <201409260957.s8Q9vmEd018560@bagheera.jungle.bt.co.uk> <20140926145037.GA82183@verdi> <201409261716.s8QHGC7I020142@bagheera.jungle.bt.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <201409261716.s8QHGC7I020142@bagheera.jungle.bt.co.uk>
User-Agent: Mutt/1.4.1i
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpm/c1jhnEiPkUFL1G4PM3COHVVO-5U
Cc: tcpm IETF list <tcpm@ietf.org>
Subject: Re: [tcpm] More TCP option space in a SYN: draft-briscoe-tcpm-syn-op-sis-02
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Sep 2014 19:53:50 -0000
Bob Briscoe <bob.briscoe@bt.com> wrote: > At 15:50 26/09/2014, John Leslie wrote: >>Bob Briscoe <bob.briscoe@bt.com> wrote: >... >> I'd like to remind folks of two other drafts: >> >>- draft-ietf-tcpm-fastopen "allows data to be carried in the SYN" packet. >> Something like this is inevitable; and _will_ put application-layer >> data in the inital SYN (to reduce experienced latency). > > This is referenced from both drafts. Yes. I felt a need to emphasize it... > You have to be careful using fast open as well as putting TCP options > in the payload. I've written the following into > draft-briscoe-syn-op-sis, and a similar rule will be needed in > draft-touch-tcpm-tcp-syn-ext-opt: > >" If an upgraded TCP client includes the TCP Fast Open option >" [I-D.ietf-tcpm-fastopen] in the SYN, it MUST be placed with the extra >" TCP options after the end of the payload. Indeed, that is a good way to ensure that the SYN receiver is aware of the sender's intent to place something _after_ the data intended to be passed to the application. >" An upgraded TCP client MUST NOT place any TCP option in the TCP header >" of a SYN that might cause a TCP server to pass user-data directly to >" the application before the 3-way handshake completes. This is correct, if a bit hard for the reader to grok... >>- draft-nishida-tcpm-apaws "can provide protection against old duplicates" >> without using timestamps. (Timestamps will eat up ten bytes in _every_ >> packet.) This should reduce the demand for option space in the SYN. > > Most certainly agree. See quoted text under the next point... >... >> Hopefully I don't need to draw attention to draft-touch-tcpm-edo. >> This seems to be moving towards consensus on how to increase the option >> space on every packet _after_ the initial SYN. >> >> Thus, in most cases, for today's traffic there is little need to >> worry about extending the option space in the initial SYN. There seems >> to be plenty of time to experiment... > > Not sure I'm so relaxed. Quoting > <http://tools.ietf.org/html/draft-briscoe-tcpm-syn-op-sis-02#section-1.1> > >" 1.1. Motivation for Adoption (to be removed before publication) (I think the point deserves to be made in the published RFC.) >" It is recognised that there could be potential for compressing >" together multiple options in order to mitigate the option space >" problem. However, it seems inevitable that ultimately more option >" space will be needed, particularly given that many of the TCP options >" introduced recently consume large numbers of bits in order to provide >" sufficient information entropy, which is not amenable to compression. I agree on the ultimate need. But it will necessarily be postponed until we finish Experimental status and move to Proposed Standard. >" Extension of TCP option space on a SYN requires support from both >" ends. This means it will take many years before the facility is >" functional for most pairs of end-points. Therefore, given the >" problem is already becoming pressing, a solution needs to start being >" deployed now. (No objection to that text.) >> For any Experimental-status document, I recommend: >> >> - that the various on-the-wire formats be kept as similar as possible; >> >> - that any acknowledgment of extra option space in an initial SYN >> include a checksum or hash of the extra options to ensure that both >> ends have the same view of what options have been signaled; > > Not convinced on this one. Each TCP option has its own way for the > 'server' to confirm whether it supports an option requested by the > client. And this one should also have its own way. I see so many things that could get in the way that I _strongly_ recommend some checksum/hash. > And support for the option to extend the option space is confirmed by > the server. One bit of information (support-yes-or-no) just isn't sufficient, IMHO. > So it seems redundant for the server to feedback yet another > confirmation via a checksum of all the extra options requested. Redundancy is your friend when complexity multiplies. >> IMHO, Bob's SYN-U cases are best condensed into a single format >> where the SYN sender explicitly notes the position in the payload to be >> occupied by additional TCP options, and guarantees that no application- >> layer data will follow these. > > Good point about the guarantee. > >> The receiving endpoint would search for the extra options whether or >> not it found the SYN-U option in the initial SYN, (Did I write that?? I was thinking MAY...) > This won't work. This would require every server to hold a list of > valid TCP options and their valid length fields. This list is large, > and the list of future options yet to be defined is even larger (and > obviously unknown). But that's exactly what you solve in you "non-deterministic" version. >... >> and reply including a checksum/hash of the options it found. (The >> receiving endpoint MUST find some confirmation that these options >> were intended, or _it_ bears the responsibility to reverse any >> action on the extended options and pass the payload where it >> otherwise would have gone.) > > No need for all this - see above and see drafts. Your non-deterministic version does this with a magic-number. That is an obvious weakness. I intended to draw attention to the issue -- not propose a particular solution. But obviously: if the SYN sender sends a SYN-U which the receiver doesn't get because a meddlebox removed it, the sender can learn of the problem when a returned checksum fails -- but the receiver won't know of the problem until the sender aborts. The receiver might choose to delay sending fastopen data in every case where no SYN-U was received -- or there are other possibilities. Pick your poison... >> I'm not sure this entire middlebox-transit idea is worth the trouble; >> but it probably deserves to be an optional part of the experiment. > > The reason I came up with syn-op-sis is to be able to be near-certain > that it will get through current middleboxes. I think the group will > find such near-certainty to be liberating, compared to the minefield > we currently have to tip-toe through. But it does add complexity. I won't pre-judge what balance of complexity the WG may chooose. > The only case I can think of where there could be a blockage is where > a split TCP connection holds back any payload on the SYN until the > 3WHS completes. ... which _will_ happen... :^( >> The SYN-U sender MUST deal with the danger of its additional options >> being passed to the application as data. For legacy receivers it can do >> this by aborting before the end of the three-way handshake. But there >> must be coordination with tcpm-fastopen to protect against such data >> being passed to the application before the SYN-U sender can abort. >> (This is not a trivial consideration!) > > Altho certainly not a trivial consideration, it is trivial to be safe > against this - see the rule already in the syn-op-sis draft, quoted > above, which is careful to be specific about TFO, as well as > generalising to anything in the future that might be like TFO (e.g. > tcpcrypt uses the TCP payload for control messages). I expect fastopen to see widespread use -- and I expect it to be programmed by different folks that program syn-op-sis. Our warning label (IMHO) needs to be rather prominent... >> The question of separating payload data to go to the application >> from extended TCP options clearly requires action by the SYN receiver. >> This is fairly simple if the SYN sender can ensure that _none_ of the >> payload data should go to the application (and thus not use fastopen >> at all): of course the connection must still be aborted if the SYN >> receiver doesn't acknowledge separating out the extended options. >> >> IMHO, the SYN sender should never use SYN-U unless extra option >> space in the SYN is needed; and it's probably better to never use >> SYN-U for connections where latency of setup is the over-riding factor. >> But YMMV. I wonder whether such overlap is worth the trouble to try >> to design into the protocol. > > In the syn-op-sis spec there is a choice between two variants of the > protocol (I recommend the choice can be made by implementers, not the > IETF). Hmm... This is a dangerous idea. Experimental results get hopelessly cloudy when implementations are _fundamentally_ different... > The choice I've recommended removes any risk of extra latency > on the upgraded connection. I've included a discussion of the > tradeoff between them in Appendix B.1: > <http://tools.ietf.org/html/draft-briscoe-tcpm-syn-op-sis-02#appendix-B.1> > > BTW, I spend most of my time these days working on a project to > remove latency from protocols. :^) (Can you spell ECN?) -- John Leslie <john@jlc.net>
- [tcpm] More TCP option space in a SYN: draft-bris… Bob Briscoe
- Re: [tcpm] draft-briscoe-tcpm-syn-op-sis-02 John Leslie
- Re: [tcpm] More TCP option space in a SYN: draft-… Joe Touch
- Re: [tcpm] More TCP option space in a SYN: draft-… Bob Briscoe
- Re: [tcpm] More TCP option space in a SYN: draft-… Joe Touch
- Re: [tcpm] More TCP option space in a SYN: draft-… Zimmermann, Alexander
- Re: [tcpm] More TCP option space in a SYN: draft-… Bob Briscoe
- Re: [tcpm] More TCP option space in a SYN: draft-… Andrew Yourtchenko
- Re: [tcpm] More TCP option space in a SYN: draft-… Joe Touch
- Re: [tcpm] More TCP option space in a SYN: draft-… Bob Briscoe
- Re: [tcpm] More TCP option space in a SYN: draft-… Bob Briscoe
- Re: [tcpm] More TCP option space in a SYN: draft-… Andrew Yourtchenko
- Re: [tcpm] More TCP option space in a SYN: draft-… Joe Touch
- Re: [tcpm] More TCP option space in a SYN: draft-… Andrew Yourtchenko
- Re: [tcpm] More TCP option space in a SYN: draft-… Joe Touch
- Re: [tcpm] More TCP option space in a SYN: draft-… Andrew Yourtchenko
- Re: [tcpm] More TCP option space in a SYN: draft-… Bob Briscoe
- Re: [tcpm] More TCP option space in a SYN: draft-… Andrew Yourtchenko
- Re: [tcpm] More TCP option space in a SYN: draft-… John Leslie
- Re: [tcpm] More TCP option space in a SYN: draft-… Joe Touch
- Re: [tcpm] More TCP option space in a SYN: draft-… Bob Briscoe
- Re: [tcpm] More TCP option space in a SYN: draft-… John Leslie
- Re: [tcpm] More TCP option space in a SYN: draft-… Joe Touch
- Re: [tcpm] More TCP option space in a SYN: draft-… John Leslie
- Re: [tcpm] More TCP option space in a SYN: draft-… Joe Touch
- Re: [tcpm] More TCP option space in a SYN: draft-… Joe Touch
- Re: [tcpm] More TCP option space in a SYN: draft-… John Leslie
- Re: [tcpm] More TCP option space in a SYN: draft-… Joe Touch
- Re: [tcpm] More TCP option space in a SYN: draft-… Bob Briscoe
- Re: [tcpm] More TCP option space in a SYN: draft-… Joe Touch
- Re: [tcpm] More TCP option space in a SYN: draft-… Bob Briscoe
- Re: [tcpm] More TCP option space in a SYN: draft-… Bob Briscoe
- Re: [tcpm] More TCP option space in a SYN: draft-… Scharf, Michael (Michael)
- Re: [tcpm] More TCP option space in a SYN: draft-… John Leslie
- Re: [tcpm] More TCP option space in a SYN: draft-… Bob Briscoe