IETF Logo Mail Archive

Re: [tcpm] About the SYN/ACK-timer

"Scharf, Michael (Michael)" <michael.scharf@alcatel-lucent.com> Tue, 01 January 2013 16:13 UTC

Return-Path: <michael.scharf@alcatel-lucent.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4437B21E803D for <tcpm@ietfa.amsl.com>; Tue, 1 Jan 2013 08:13:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.085
X-Spam-Level:
X-Spam-Status: No, score=-8.085 tagged_above=-999 required=5 tests=[AWL=-1.836, BAYES_00=-2.599, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dnryvMu6aywJ for <tcpm@ietfa.amsl.com>; Tue, 1 Jan 2013 08:13:29 -0800 (PST)
Received: from smail5.alcatel.fr (smail5.alcatel.fr [62.23.212.27]) by ietfa.amsl.com (Postfix) with ESMTP id 8DF4221E803C for <tcpm@ietf.org>; Tue, 1 Jan 2013 08:13:22 -0800 (PST)
Received: from FRMRSSXCHHUB03.dc-m.alcatel-lucent.com (FRMRSSXCHHUB03.dc-m.alcatel-lucent.com [135.120.45.63]) by smail5.alcatel.fr (8.14.3/8.14.3/ICT) with ESMTP id r01GDKqB032406 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Tue, 1 Jan 2013 17:13:20 +0100
Received: from FRMRSSXCHMBSE3.dc-m.alcatel-lucent.com ([135.120.45.56]) by FRMRSSXCHHUB03.dc-m.alcatel-lucent.com ([135.120.45.63]) with mapi; Tue, 1 Jan 2013 17:13:20 +0100
From: "Scharf, Michael (Michael)" <michael.scharf@alcatel-lucent.com>
To: Jakob Heitz <jakob.heitz@ericsson.com>
Date: Tue, 01 Jan 2013 17:13:19 +0100
Thread-Topic: [tcpm] About the SYN/ACK-timer
Thread-Index: AQHN5b8Stu8nYED5FE+WsO7zyjvHrZgwFqsMgAFYDACAAHPGAP//xaCNgABbY4CAAACVAP//tpv7gABzqwCAANDSAIAATjzOgAFLxfCAAAtsMIAAAH5g
Message-ID: <2A886F9088894347A3BE0CC5B7A85F3E9AA0F0AE4B@FRMRSSXCHMBSE3.dc-m.alcatel-lucent.com>
References: <882A42E5-6B54-4334-97B0-C574D8A1D714@ifi.uio.no> <9797BC06-420A-467D-8B0F-A9FDFD30F06D@ericsson.com> <50E00E8E.40204@tlc.polito.it> <50E06FAC.80200@isi.edu> <96C14B42-81DD-49E3-A795-03B21425552F@ericsson.com> <50E08B5D.1000003@isi.edu> <50E08BDA.8030102@isi.edu> <D564379D-BD6B-435E-9B59-B0BAB7CFD961@ericsson.com> <C7526105-B5C0-46B0-9CF9-C46EED28C79A@isi.edu>, <2C87EAC5-4BF7-4A30-BAF5-4A9C113EF9EE@ifi.uio.no> <68C68DEB-B178-4980-A581-7909CC3FD947@ericsson.com>, <2A886F9088894347A3BE0CC5B7A85F3E9AA0F0AE4A@FRMRSSXCHMBSE3.dc-m.alcatel-lucent.com> <EAC57973-559E-4728-85DD-A5B060031E8C@ericsson.com>
In-Reply-To: <EAC57973-559E-4728-85DD-A5B060031E8C@ericsson.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: de-DE, en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.69 on 155.132.188.13
Cc: "tcpm (tcpm@ietf.org)" <tcpm@ietf.org>, Michael Welzl <michawe@ifi.uio.no>
Subject: Re: [tcpm] About the SYN/ACK-timer
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Jan 2013 16:13:31 -0000

100ms would imply that we send two SYNs for most inter-continental TCP connections. I am still to be convinced that there is a real benefit of that redundancy.

If so, then let's be honest and call it "FEC scheme" - not getting an ACK after 100ms is clearly not a sign of loss in the current Internet.

Also, SYNs are actually not so "cheap", imho. They typically cannot be processed in the "fast path" of a TCP stack (for in-sequence data segments w/o special flags), and middleboxes might care a lot about every single bit in SYNs... And let's not enter the discussion of byte vs. packet-based queues here...

For what it is worth, I guess that one could reduce the initial RTO below one second if an endsystem has chached RTT data to the same IP address. Maybe some stacks do this already these days? It is well-known that some stacks use own optimizations beyond RFC 6298.

Michael


> -----Original Message-----
> From: Jakob Heitz [mailto:jakob.heitz@ericsson.com] 
> Sent: Tuesday, January 01, 2013 4:53 PM
> To: Scharf, Michael (Michael)
> Cc: Michael Welzl; tcpm (tcpm@ietf.org)
> Subject: Re: [tcpm] About the SYN/ACK-timer
> 
> It's only a SYN. There aren't lots of those. And they're really small.
> How about make the first SYN retransmission at 100mS and the 
> next one at 1.1 second?
> 
> Cheers,
> Jakob.
> 
> On Jan 1, 2013, at 7:33 AM, "Scharf, Michael (Michael)" 
> <michael.scharf@alcatel-lucent.com> wrote:
> 
> > I might miss something here, but to me there are some 
> orthogonal issues in this discussion.
> > 
> > Retransmission of the SYN without data is already 
> recommended in Section 4.2.2. of draft-ietf-tcpm-fastopen-02. 
> Also, draft-ietf-tcpm-fastopen-02 refers to RFC6298, i.e., 
> the 1s minimum RTO.
> > 
> > Thus, the novelty in this thread seems to be the suggestion 
> to use much smaller minimum or initial RTOs (100ms or 200ms), right?
> > 
> > I really wonder how this would work for over-buffered links 
> ("bufferbloat"), or, e.g., satellite links? IMHO, with a SYN 
> (or SYN/ACK) RTO of 200ms, we would send every SYN (or 
> SYN/ACK) three times, if we happen to run over a path with an 
> RTT of one second... On a narrowband link, this could be a 
> lot of overhead.
> > 
> > Michael
> > 
> > 
> > 
> >> -----Original Message-----
> >> From: tcpm-bounces@ietf.org [mailto:tcpm-bounces@ietf.org] 
> On Behalf 
> >> Of Jakob Heitz
> >> Sent: Monday, December 31, 2012 8:24 PM
> >> To: Michael Welzl; tcpm (tcpm@ietf.org)
> >> Subject: Re: [tcpm] About the SYN/ACK-timer
> >> 
> >> I have an alternative to cookies.
> >> 
> >> Send data with the SYN.
> >> When retransmission of the SYN is required, retransmit it 
> without the 
> >> data.
> >> Retransmit the SYN quickly: 100 to 200 mS.
> >> 
> >> It works with Middleboxes.
> >> SYN flood protection works as normal, just bias it against 
> SYN with 
> >> data.
> >> 
> >> Cheers,
> >> Jakob.
> >> 
> >> On Dec 31, 2012, at 1:44 AM, "Michael Welzl" 
> >> <michawe@ifi.uio.no> wrote:
> >> 
> >>> Hi,
> >>> 
> >>> About data-in-the-SYN: I agree with Joe that this has been
> >> debated a
> >>> lot already - see
> >>> https://tools.ietf.org/html/draft-ietf-tcpm-fastopen-02 and the 
> >>> discussions surrounding it. FWIW this draft is a (IMHO,
> >> good) proposal
> >>> to do what you want, in the right way
> >>> 
> >>> Cheers,
> >>> Michael
> >>> 
> >>> 
> >>> On Dec 30, 2012, at 10:17 PM, Joe Touch <touch@isi.edu> wrote:
> >>> 
> >>>> 
> >>>> 
> >>>> On Dec 30, 2012, at 11:23 AM, Jakob Heitz
> >> <jakob.heitz@ericsson.com> wrote:
> >>>> 
> >>>>> On Dec 30, 2012, at 10:46 AM, "Joe Touch" <touch@isi.edu> wrote:
> >>>>>> 
> >>>>>> ...if it is to have any real effect. You can send data
> >> in the SYN now, but the server can't deliver it to the app layer 
> >> until the three-way handshake completes. And it also increases the 
> >> amount of state for pending connections, increasing the 
> impact of DOS 
> >> attacks.
> >>>>>> 
> >>>>>> Joe
> >>>>> 
> >>>>> It could, with a change to the sockets API.
> >>>> 
> >>>> No, it cannot without a change in CTO semantics, which
> >> affects the state diagram and its processing on both ends - which 
> >> also changes the meaning of an ack and the concept of reliability.
> >>>> 
> >>>> There is a lot required, and for the first connection to a
> >> site it won't work to allow the server to act on data before a 
> >> connection has been established.
> >>>> 
> >>>> This is well- trod ground. 
> >>>> 
> >>>> Joe
> >>>> 
> >>>>> Of course, the app will need to participate in SYN flood
> >> protection, but that's not impossible given the right architecture.
> >>>>> 
> >>>>> --
> >>>>> Jakob Heitz.
> >>>>> 
> >>>> _______________________________________________
> >>>> tcpm mailing list
> >>>> tcpm@ietf.org
> >>>> https://www.ietf.org/mailman/listinfo/tcpm
> >>> 
> >> _______________________________________________
> >> tcpm mailing list
> >> tcpm@ietf.org
> >> https://www.ietf.org/mailman/listinfo/tcpm
>

v2.23.0 | Report a Bug | By Email