Re: [tcpm] Meeting Notes // TCP silent close issue
Yoshifumi Nishida <nsd.ietf@gmail.com> Tue, 16 November 2021 07:49 UTC
Return-Path: <nsd.ietf@gmail.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 846723A09F6
for <tcpm@ietfa.amsl.com>; Mon, 15 Nov 2021 23:49:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id IlSBkt2efjkP for <tcpm@ietfa.amsl.com>;
Mon, 15 Nov 2021 23:49:35 -0800 (PST)
Received: from mail-qt1-x829.google.com (mail-qt1-x829.google.com
[IPv6:2607:f8b0:4864:20::829])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id AB1A63A09F4
for <tcpm@ietf.org>; Mon, 15 Nov 2021 23:49:35 -0800 (PST)
Received: by mail-qt1-x829.google.com with SMTP id q14so18135704qtx.10
for <tcpm@ietf.org>; Mon, 15 Nov 2021 23:49:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=7v5Lt66HofvFGgJ7kXR0jKtOA9K9wCdX/6CLOkqLpNk=;
b=jW9GnuehcWhddR06HwMcq7nDBZ9dK5UuX9GJzdOybD751Y2/cZTdvuHOojPMMEqaHf
lzbBQp6Y0WSo5JQ/kb//T0T1VuRAY00Oc0Oq61MMSBjsdCYacxUoEY/uWc5udwquYwGT
DfV4yxyAdSxxxLD1xq3rAlXRqZ/QBy6mhKdMqK6/YpE8CxOLWDrmhskyEqTwtBm2U4Yx
weRFJhp0QipbL1t1CxD5k39Q79c4hyjeOGwV/8wKC9yt29EwaDuLlKEnrH7Wnxx1vOGL
WYr937fxjE5PuUsXlpZcdKRLMBFFJ1+5LIyFz2LSb+Rzr1arG3bGipqz6T7u1ECJoi/l
/VPw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=7v5Lt66HofvFGgJ7kXR0jKtOA9K9wCdX/6CLOkqLpNk=;
b=onpVgVt/rbyTKlI1TxjP2h4ds/x0HXaNkr3fcCttkcb4ByYnXPXqNgX/IgJPMLRk5e
RpsUuwKSqa8uPPDPgr2aicrF0YJur10BwihxL6d3bvMVIg7dIU59I/2HWK2lOYXAMdKE
fuH6WVtKf0kxh/W6hUNQcnrIwqzwOTO8iSWjzzCepETpC7+lm30Y/IsT8bnYP9lIPeZb
0VAqvHE+k2cLGk0HDcCnEZk1+TXw8G931rthCkO47zOq/e93OUhubXZ7Ub9FR/AsY1Yz
f2MYWqaKtgoHp0sxd3OxZA/MESYkdlGCWWJ6NzguzREu5zdxJ5MDmzLXJENFiRccP7e6
eXyg==
X-Gm-Message-State: AOAM533J9qgU6udgkuwrPvH8reHx6t4Tlo2n0WwzA5yRIE9JbaaThpMl
HQmob+3cwdxX3vjzyF7fL5rSGVRt1N+vfHA/mlx05eDp
X-Google-Smtp-Source: ABdhPJwT25f/taenhfjLtmfBbFU/JTjFm+cWaz0OVwacYNA6X4rYhzhishUOaSMK0ytPUSIV9mJLJj7VkZcgJhvMg/0=
X-Received: by 2002:a05:622a:18e:: with SMTP id
s14mr5758275qtw.203.1637048973782;
Mon, 15 Nov 2021 23:49:33 -0800 (PST)
MIME-Version: 1.0
References: <96A7D17B-D8EC-4724-8E2B-532FEDD3C4B8@fh-muenster.de>
<C8B8411B-9332-4A0C-BDF6-C440EC391408@strayalpha.com>
In-Reply-To: <C8B8411B-9332-4A0C-BDF6-C440EC391408@strayalpha.com>
From: Yoshifumi Nishida <nsd.ietf@gmail.com>
Date: Mon, 15 Nov 2021 23:49:22 -0800
Message-ID: <CAAK044TFU1+FVCNPZPxj6b2biZvipyCGa9WNfD9XTTHZZdR+VA@mail.gmail.com>
To: "touch@strayalpha.com" <touch@strayalpha.com>
Cc: Extensions <tcpm@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008ff00405d0e32aac"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/gmtUwMWfLZty_v1subYYArAe2tM>
Subject: Re: [tcpm] Meeting Notes // TCP silent close issue
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>,
<mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>,
<mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Nov 2021 07:49:41 -0000
Hi Joe, everyone, On Fri, Nov 12, 2021 at 8:58 AM touch@strayalpha.com <touch@strayalpha.com> wrote: > Hi, all, > > I noticed the discussion on TCP “silent close”, but didn’t recall seeing > any discussion on this topic on the list, so I figured I’d start one. > > (Incidentally, a question to the chair: aren’t topics with meeting times > slots supposed to have at least been discussed on the list or drafted?) > > The issue, AFAICT, is that: > - an app with a huge number of TCP connections crashes > - so the OS sends out that huge number of FINs > - which a burden on the OS and network > - if the entire OS crashes, no FINs get sent out > - so why not let that happen when the apps crash? > > This is addressed in TIME_WAIT discussions already, e.g.: > > T. Faber, J. Touch and W. Yue, "The TIME-WAIT state in TCP and its effect > on busy servers," IEEE INFOCOM '99. Conference on Computer Communications. > Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and > Communications Societies. The Future is Now (Cat. No.99CH36320), 1999, pp. > 1573-1583 vol.3, doi: https://doi.org/10.1109/INFCOM.1999.752180 > > > The reason is RFCs 793 and 1122 both require hosts to avoid new > connections for the TIME_WAIT period during a reboot, ensuring the safety > of the orphan TCP connections on the remote systems. > > So, in this case, it would be OK for the OS to avoid sending out the burst > of FINs, but *ONLY* if it also ensured those connection identifiers (at > least) remained in TIME_WAIT. I.e., it would be possible for the OS to > simply put them in TIME_WAIT and then allow the TCBs to be garbage > collected either during a scan of TCBs or when a new connection on the same > socket pair occurs. That can happen one of two ways: > - put the TCBs in TIME_WAIT directly (or perform equivalent bookkeeping) > - have the OS pause new connections for the TIME_WAIT period, i.e., > emulating the reboot pause > While I basically agree with what you're proposing here, I would like to think about something extra. In a nutshell, I am thinking that TIME_WAIT is a bit outdated mechanism given that most TCP connections today use TLS. As I wrote in my old I_D ( https://datatracker.ietf.org/doc/html/draft-nishida-tcpm-disabling-paws-00#section-3.3 ), if a connection uses TLS, I think we can distinguish the packets from old connections. A tricky thing for this is that TCP layer cannot know if the connection uses TLS or not. However, in the example Neal presented, people already developed a special API for it. So, I am wondering if we develop another API that can notify TCP layer the upper layer is using TLS, we can establish a connection right away (unless there's no conflict in 4 tuples) without worrying about duplicates from old connections. Also, we might want to update the TLS stack so that it won't close connections even if there're a few decryption errors. In this way, I think we can avoid 2MSL waiting time. -- Yoshi
- [tcpm] Meeting Notes tuexen
- Re: [tcpm] Meeting Notes // TCP silent close issue touch@strayalpha.com
- Re: [tcpm] Meeting Notes // TCP silent close issue tuexen
- Re: [tcpm] Meeting Notes // TCP silent close issue touch@strayalpha.com
- Re: [tcpm] Meeting Notes // TCP silent close issue Scharf, Michael
- Re: [tcpm] Meeting Notes // TCP silent close issue Yoshifumi Nishida
- Re: [tcpm] Meeting Notes // TCP silent close issue touch@strayalpha.com
- Re: [tcpm] Meeting Notes // TCP silent close issue Yoshifumi Nishida