IETF Logo Mail Archive

Re: [tcpm] timestamp options (was Re: New Version Notification for draft-touch-tcpm-tcp-edo-01.txt)

Joe Touch <touch@isi.edu> Mon, 02 June 2014 16:35 UTC

Return-Path: <touch@isi.edu>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 135321A0253 for <tcpm@ietfa.amsl.com>; Mon, 2 Jun 2014 09:35:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iCk5bu3Qs7mI for <tcpm@ietfa.amsl.com>; Mon, 2 Jun 2014 09:35:57 -0700 (PDT)
Received: from darkstar.isi.edu (darkstar.isi.edu [128.9.128.127]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D19BF1A023A for <tcpm@ietf.org>; Mon, 2 Jun 2014 09:35:57 -0700 (PDT)
Received: from [192.168.1.93] (pool-71-105-87-112.lsanca.dsl-w.verizon.net [71.105.87.112]) (authenticated bits=0) by darkstar.isi.edu (8.13.8/8.13.8) with ESMTP id s52GZcK9023836 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 2 Jun 2014 09:35:42 -0700 (PDT)
Message-ID: <538CA7DD.9040103@isi.edu>
Date: Mon, 02 Jun 2014 09:35:41 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
References: <20140425221257.12559.43206.idtracker@ietfa.amsl.com> <201405221710.s4MHAY4S002037@bagheera.jungle.bt.co.uk> <537E3ACD.5000308@isi.edu> <537E48CE.8040704@mti-systems.com> <537E66A7.4080907@isi.edu> <201405231003.s4NA3PAB005137@bagheera.jungle.bt.co.uk> <537F7D91.10802@isi.edu> <F4BCB99F-6133-4F3C-BD5E-3369B979EB33@netapp.com> <655C07320163294895BBADA28372AF5D305E00@FR712WXCHMBA15.zeu.alcatel-lucent.com> <012C3117EDDB3C4781FD802A8C27DD4F6F3DD808@SACEXCMBX06-PRD.hq.netapp.com> <655C07320163294895BBADA28372AF5D309C5D@FR712WXCHMBA15.zeu.alcatel-lucent.com> <012C3117EDDB3C4781FD802A8C27DD4F6F3E09CF@SACEXCMBX06-PRD.hq.netapp.com> <655C07320163294895BBADA28372AF5D309CC7@FR712WXCHMBA15.zeu.alcatel-lucent.com> <CAO249ycpc6BzxCQv=zhJzL3BQwmvNH68ec7UGN_5MD7U1_FeUw@mail.gmail.com> <5384EFC3.50803@isi.edu> <CAO249yf6RCBtfOTmAYPt2KM7=pBD=XEDHmLTr+VyLeEOLAmwsQ@mail.gmail.com> <53892921.2040301@isi.edu> <CAO249yd9HQ6SWeNNjQRgRyFs_expbqtUJTqdqGb4QuTnC0j68A@mail.gmail.com>
In-Reply-To: <CAO249yd9HQ6SWeNNjQRgRyFs_expbqtUJTqdqGb4QuTnC0j68A@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpm/c3y6Fm9fkH6lecQNdscQjwIxkbE
Cc: "tcpm@ietf.org" <tcpm@ietf.org>
Subject: Re: [tcpm] timestamp options (was Re: New Version Notification for draft-touch-tcpm-tcp-edo-01.txt)
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jun 2014 16:35:59 -0000


On 6/2/2014 1:55 AM, Yoshifumi Nishida wrote:
> Hi Joe,
>
> On Fri, May 30, 2014 at 5:58 PM, Joe Touch <touch@isi.edu
> <mailto:touch@isi.edu>> wrote:
...
>     I.e., you'd need to implement a new TWHS per option that changes
>     state. That's a mess. And I don't even want to think about what
>     happens when you have multiple options that change state at the same
>     time.
>
> With regard to A-PAWS draft, you don't need tight synchronization
> between sender and receiver necessarily.
> It is the receiver to send a signal that "BTW, I support A-PAWS, so you
> don't have to send TS in every segments"
> Then, the sender can omit TS segments from time to time, or it can just
> ignore the signal.

First, you definitely need to negotiate TS-support during SYN exchange IMO.

Second, if you decide to turn on TS use in mid-stream, you have to 
decide what to do with non-TS packets - do you just always accept them? 
Let's say you declare all non-TS packets that come before TS-use to be 
"before" all TS-use packets (the non-TS to TS-use transition provides a 
a distributed systems "consistent cut") - we'll look at the other case 
below.

In that case - which, AFAICT is the best you can do - you still have:

	- no PAWS protection within the non-TS set within a connection

	- no PAWS protection between different streams (that reuse
	the port-pair) during non-TS use

The most dangerous time is when a connection starts - that's when you 
really need to avoid having things leak from previous connections that 
could have persisted beyond the expected MSL. So that's when you'd want 
to start using TS, but then you have no gain because (again, AFAICT) 
once you start using TS you should never turn it off.

--------------

In the case where you CAN continue to flip back and forth between TS-use 
and non-TS, then *very non-TS packet* becomes a time-bomb for both this 
connection and future connections.

That's what PAWS was supposed to avoid, but you're stepping right into it.

-----

My conclusion is that if you turn on TS you have to do it at the 
beginning of a connection, or you might as well not use TS at all.

Joe

v2.23.0 | Report a Bug | By Email