Re: Summary of responses so far and proposal moving forward[WasRe: [tcpm] Is this a problem?]

Mark Allman <mallman@icir.org> Mon, 26 November 2007 14:44 UTC

Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IwfC2-0006JE-GM; Mon, 26 Nov 2007 09:44:14 -0500
Received: from tcpm by megatron.ietf.org with local (Exim 4.43) id 1IwfC0-0006J4-Oj for tcpm-confirm+ok@megatron.ietf.org; Mon, 26 Nov 2007 09:44:12 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IwfC0-0006Iw-Dm for tcpm@ietf.org; Mon, 26 Nov 2007 09:44:12 -0500
Received: from pork.icsi.berkeley.edu ([192.150.186.19]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IwfBz-0001yJ-Qy for tcpm@ietf.org; Mon, 26 Nov 2007 09:44:12 -0500
Received: from guns.icir.org (adsl-69-222-35-58.dsl.bcvloh.ameritech.net [69.222.35.58]) by pork.ICSI.Berkeley.EDU (8.12.11.20060308/8.12.11) with ESMTP id lAQEiAJt001352 for <tcpm@ietf.org>; Mon, 26 Nov 2007 06:44:10 -0800
Received: from lawyers.icir.org (adsl-69-222-35-58.dsl.bcvloh.ameritech.net [69.222.35.58]) by guns.icir.org (Postfix) with ESMTP id 6552212619BC for <tcpm@ietf.org>; Mon, 26 Nov 2007 09:44:05 -0500 (EST)
Received: from lawyers.icir.org (localhost [127.0.0.1]) by lawyers.icir.org (Postfix) with ESMTP id 8F2E62FBFFD for <tcpm@ietf.org>; Mon, 26 Nov 2007 09:26:35 -0500 (EST)
To: tcpm@ietf.org
From: Mark Allman <mallman@icir.org>
Subject: Re: Summary of responses so far and proposal moving forward[WasRe: [tcpm] Is this a problem?]
In-Reply-To: <474A6DFE.4000600@isi.edu>
Organization: ICSI Center for Internet Research (ICIR)
Song-of-the-Day: Walk on the Wild Side
MIME-Version: 1.0
Date: Mon, 26 Nov 2007 09:26:35 -0500
Message-Id: <20071126142635.8F2E62FBFFD@lawyers.icir.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 6cca30437e2d04f45110f2ff8dc1b1d5
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: mallman@icir.org
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1522233682=="
Errors-To: tcpm-bounces@ietf.org

[hat off]

I am not sure where in this thread to weigh in, so I am just replying to
the last thing in my inbox.

I think a couple of things:

  + I disagree with everyone who says this problem of a bunch of clients
    wedging connections on a server into ZWP in the attempt to consume
    a large number of resources can be mitigated effectively at the
    application layer.  Perhaps if a server has one application process
    (or a bunch of tightly coupled processes under one app controller)
    then this could be handled.  But, fundamentally a set of
    applications cannot be expected to have the cross-connection and
    cross-application viewpoint that TCP or the operating system has.
    Therefore, applications cannot solve such a problem.

  + I disagree with the reading of RFCs 793 & 1122 that a connection
    that is doing zero window probing must remain up forever as long as
    the probes are being ACKed.  I think in 'times of trouble' a TCP is
    well within its rights to terminate a connection and I do not think
    that should in any way be viewed as non-compliant.  TCP connections
    are local resources and therefore should remain under local
    control.  If something locally determines that resources are low and
    connection should be terminated for whatever reason then I don't see
    how that is any of anyone else's business.

    That doesn't mean I think the words in 1122 are wrong.  That means I
    think that if folks would call a stack that has run out of memory
    (or, hits some threshold, say) and therefore kills some connections
    that are doing ZWP "non-conformant" then they are simply wrong and
    applying too much protocol lawyering and too little common sense.

    Hence, I don't think the standards need changed in any way.

  + I believe that managing local resources according to local policy is
    reasonable.  Therefore, I don't think we need to standardize *a* way
    to mitigate the attack described in this document.  I think stacks
    can be free to mitigate it (or not) as they see fit.

  + I would not have a problem with a crisp and clean document that
    showed *a* solution to the problem.  Especially good would be a
    demonstration that the problem is a problem in the wild and has not
    been mitigated.  [See my previous---unanswered as far as I can
    tell---note on why I think the tests in the draft are inconclusive
    at best.]  This document could be a technical report or a short
    workshop paper or an informational RFC.

    (As an example, see the SYN-flood RFC.  This describes a fully local
    solution to a problem in an informational way.  There is no strict
    reason to standardize anything in that document, but it is crisp,
    clean and complete and the WG found it something nice to have
    documented.  This persist document is a far cry from the SYN flood
    document at the moment, but I suppose one could envision that a
    document that covers purging connections when resource constrained
    could be developed.)

allman



_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm