IETF Logo Mail Archive

Re: [tcpm] ECN++ on Pure ACKs if SACK stripped

rs.ietf@gmx.at Mon, 27 November 2023 09:02 UTC

Return-Path: <rs.ietf@gmx.at>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B083EC14CE52; Mon, 27 Nov 2023 01:02:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.103
X-Spam-Level:
X-Spam-Status: No, score=-1.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, BIGNUM_EMAILS_FREEM=1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.at
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fKGwJMUTEbBM; Mon, 27 Nov 2023 01:02:46 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9732BC14CE42; Mon, 27 Nov 2023 01:02:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.at; s=s31663417; t=1701075713; x=1701680513; i=rs.ietf@gmx.at; bh=uSuOoKAdxlLwzHKiZxtUhPpth1h69uTe2FzVDeTvdJQ=; h=X-UI-Sender-Class:Date:From:Reply-To:Subject:To:Cc:References: In-Reply-To; b=drarrqZHdcGT78JQTK2ArT3szH9VmP0ASXlKYAvbUnlSkdsFTev5ki85TQOExg+O 0ne0sW1Q+BNZcEI2v2ywNRKzHbpWQVFNxMjj1H0d8k1Z/PUZcU9Iv0Xgn/NPuHqqG qyALCnIPVijLCieIVcVtyOxwbVL5lGQMzuoT2BUVqbRYsG2WJKRYS2/5n0ql3O1wA b/wl8uh1i3YKFr0kHtm3V6VPJFkarvZS2tXzz4ZhwTTiA+ZVAx/1azidyATlKE//Z qQPXKOTzUpbF8YT/UHvhr0BsE48+8BNhA1heRvKG+6IXgozB+nB1b8vtxtvu+SLjy ZWp+24RXtv7i4/Q0bA==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from [192.168.233.108] ([185.236.167.136]) by mail.gmx.net (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MHXBp-1r3QmG0HC5-00DbFi; Mon, 27 Nov 2023 10:01:53 +0100
Message-ID: <9ab77608-8a63-4fc5-99d9-48f7f6dd74b5@gmx.at>
Date: Mon, 27 Nov 2023 10:01:49 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
From: rs.ietf@gmx.at
Reply-To: rs.ietf@gmx.at
To: Bob Briscoe <ietf@bobbriscoe.net>, Neal Cardwell <ncardwell=40google.com@dmarc.ietf.org>, Markku Kojo <kojo@cs.helsinki.fi>
Cc: tcpm IETF list <tcpm@ietf.org>, tuexen@fh-muenster.de
References: <084E4782-C220-4474-A39E-2617224FD1CD@fh-muenster.de> <7b36150f-50a9-41c5-a71f-b68a84965773@bobbriscoe.net> <fb27a6f4-7cb6-43bf-bd62-8e6bb1a8700e@gmx.at> <41312b57-9ed3-46fa-946f-f3f625c5c5e9@bobbriscoe.net> <477633fd-784c-43fb-b2a0-02b673c94fea@gmx.at> <9aac7a8f-692d-4294-b81e-528a7f790f58@bobbriscoe.net> <ef624bd8-600a-4b2b-ac56-2d2b1deaf245@gmx.at> <2ed3f94b-a56b-48e1-83f0-997ff7ea0670@bobbriscoe.net> <e4484f82-f339-f487-9bfd-256abe97ab86@cs.helsinki.fi> <9bcc5dc1-00ad-4dbe-be1f-587cd64a2773@gmx.at> <e8656fc-9d6c-28e8-9d48-80473e398ad7@cs.helsinki.fi> <f44e3616-ec85-4b9e-986d-11b2943c138d@gmx.at> <9d8de289-6486-440c-8537-ec80e33b0bb2@bobbriscoe.net> <5808772a-f54c-4c09-9610-dc6bb7b63557@gmx.at> <a0fdfc63-9992-41d2-b416-832d52541331@bobbriscoe.net> <CADVnQy=FezUfRfkCW-LedSP7e0ravBOW2z71qLbm2_m9Fo4xPw@mail.gmail.com> <641c7e29-5371-482d-846c-97246e992e06@bobbriscoe.net> <22405dcc-366d-4126-934a-07bb0963f20d@bobbriscoe.net>
In-Reply-To: <22405dcc-366d-4126-934a-07bb0963f20d@bobbriscoe.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:jnNDa+HXGOVPyHRSW/MRjyhbZbL4QU7OHNEXJeCqDtariZnZVuY jt9WU2cIclpqGnfIq4b86oP0uj+1RAzFz2QuT5dxSmdvppWCIcfTZlhkZ3xCujejCnseEsk pj7kwMyryCqeRcStt6h17jNHG+3svQkwqevV+ShBrN6T7K+9JrRsHRIYFGb1hIMAVixUcir ELbutI7jku3BzzqJXSWEw==
UI-OutboundReport: notjunk:1;M01:P0:1UoPCwIVS1E=;dk58vSVIJOtTilHOXl9aEsOWFo5 JtCWRULuFvFUMVShxhOnFTxDtAcrKK5cVZwT+TEerFh4RApOMxDBCjSFfskC/XBR4dFWCj2z6 BtsOrVA3zD3kbY1qsEnyQ+nHQ7kpPh4qak5Mnb9o/eedeZJZATbwnwv17O5qa+y6A/o7EzqFW uI9lANXvrWi75fUYOSU8zSdkPRc0K93nD/9344o/U/6cMdW/JgpeOFwavHjLAOPZCZshjf7ep RXs1g7XB7tvPlPQgkcqr02raVvVodqy+WT4UHT3t6wOGdMm3JHAAIqWjP7+oUQX/LXYzs4eyo PdBm1bEdrMUyWXixvxMLCZrLEnMqEFRPHCGqDGjB/tk//uePlMXrfJNYKSWBjnTyo+Cqxq4Zl hEmfUN6BCd9yg2MtJrStXSafSNfr7GY+AOVuEcsWL+OGvOeOyK5rHLPXx8lfPRjI2JHQwr1ez 3J+Nn+laiGxbnujhMXGrbvxLUjNe9mgZxOnU6G1+K9zgIY0XwI6h99ZW6Jwd2dlhpnESHPcVh rBWGn3pAiL7O/fyzhchE7c1DpuAND5d/TmJbN9DibILiKe/kRe7dqnTo+5F8sNmKmWjvAkgza tpHosQvK/7DgfTvgQtccE9hYr5Okr+/t3cLuZ7X8T5GrxVJPqAZMBIYkGhf9nmGEWboE1RGrG bBlE7npv3lnTgphk7gki7jJfY2f26fcAKzt/xnMt0iwcMynjADdWFZa5vV8/ys2uj7vhl/0rm b90IUmU2v/Z/U1mbroAHIhjm2cI+dsatO6TBuhtaRT2V1alhFOhuZGD1zMT71zABUMkbreHbN A0sDKDR0NvDLChmISrWtcl1G1dRVbE+vnfJDWlVNDawF4V969mW3PC1rCkuaG5lUH3/RgRrvb eYn87vDelwG3/RV4TtQD0Zt7WqcjNgIykEiXpmzukawF3lES1T8e3jXQG+X5kXvNIiLu+uEIH 3CwJSTFyPtx/f/Llxwv5D7v+N/s=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/hd1RTic4xUD3St7kbbStSSpUCcE>
Subject: Re: [tcpm] ECN++ on Pure ACKs if SACK stripped
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Nov 2023 09:02:49 -0000

Hi Bob,

 > [BB] I think you're agreeing, but please answer, yes or no: is the
test proposed above for Detecting that SACK blocks are being stripped
acceptable to you?


It is; also, I like that the wording is SHOULD - after all, not doing
this causes self-inflected problems on this particular session.

I also agree with Neals observation - that when SACK is being used, the
heuristics to detect DupACKs are all only working in presence of SACK
blocks. As on-path duplication of packets can happen not only to data
segement, but ACKs as well...

 > [BB] So, I take it from this that you agree that, if SACK stripping
has been detected, the spec has to allow both. That is:
* either disable ECN-capable pure ACKs,
* or replace the test for absence of SACK with a heuristic.


For some reason, I feel the text just prior to the delta-ACE >= 3 to be
too exclusive to other approaches (like validating, that when the TSecr
value increments between "DupACKs", the latter is NOT a DupACK - with
the caveat that the time granularity of timestamps may not be sufficient
to always differentiate this case).

FWIW - I went with the heuristic of delta-ACE >= 3 and no SACK block
present to exclude any DupACK processing, while other potential DupACKs,
with or without SACK blocks, are processed normally.

This does not address the very very special case of a true DupACK
following exactly 2 ACE-ACKs (AoA), but as the stack needs a minimum of
3 DupACKs, and the two AoA in Markkus example had been excluded in the
DupACK processing, a singular DupACK hardly ever elicits a response
(Early Retransmit), and any subsequent data packet would become a proper
DupACK right away.

Thanks,
   Richard





Am 25.11.2023 um 12:58 schrieb Bob Briscoe:
> Richard, Markku, Neal, list and chairs,
>
> As promised in the previous email, I've cut out unnecessary verbiage
> from the proposed new text (green) for the additional DupACK test in the
> ECN++ draft.
>
> I've also cut the example heuristic using timestamps, which solely
> applied to the special case just within TLP, so it would have required a
> whole load of explanation of TLP and the special case problem. This
> leaves just one example alternative heuristic, which applies generally
> (as it's only an example, an implementer can do something else like
> timestamps if they choose).
>
> So, I believe this contains what Markku proposed, and what I think
> Richard will agree to, as well as Neal's suggestions:
> ------------------------------------------------------------------------
>
>
> 3.3.3.1.  Additional DupACK Check
>
>     A TCP implementation that is sending ECN-capable pure ACKs MUST add
>     the following check to all its algorithms that detect duplicate ACKs
>     (defined in Section 2 of [RFC5681]):
>
>     *  If there is no SACK option on an incoming pure ACK (ECN-capable or
>        not) despite SACK having been negotiated, it is not counted as a
>        duplicate ACK.
>
>     SACK blocks are known to be stripped on some paths through the public
>     Internet, or some implementations are known to negotiate SACK but
>     never send SACK blocks.  Therefore, if a TCP implementation is
>     sending ECN-capable pure ACKs, it SHOULD check for these pathologies
>     (unless it is intended solely for an environment known to be clear of
>     them), as follows:
>
>     *  If an incoming pure ACK appears to be a duplicate, but:
>
>        -  it does not carry any SACK blocks (despite SACK having been
>           negotiated)
>
>        -  and AccECN [I-D.ietf-tcpm-accurate-ecn] has been negotiated but
>           the ACE field has increased by less than 3 (after allowing for
>           wrap)
>
>        then the implementation can deem that SACK blocks are being
>        stripped.  In this case, for the rest of the connection, it
>        SHOULD:
>
>        -  either disable the sending of ECN-capable pure ACKs;
>
>        -  or use heuristics such as the following in place of the
>           additional DupACK check in the very first bullet above:
>
>           o  If the ACE field [I-D.ietf-tcpm-accurate-ecn] has
>              incremented by at least 3, an incoming ACK is not counted as
>              a duplicate ACK.
> ------------------------------------------------------------------------
>
>
> Bob
>
> On 25/11/2023 11:45, Bob Briscoe wrote:
>> Neal,
>>
>> I've brought your last comment to the beginning, as the rest depends
>> on it.
>>
>> On 25/11/2023 00:06, Neal Cardwell wrote:
>>> AFAICT a third viable strategy is: when SACK has been negotiated,
>>> only consider an ACK a dupack if it includes SACK blocks. This is the
>>> approach taken by the Linux TCP stack.
>>>
>>> AFAICT if that strategy is used, then the TCP endpoint doesn't need
>>> to try to guess if SACK blocks are being stripped, if it is willing
>>> to pay the performance penalty if this does happen.
>>
>> [BB2] This is where we started from in July (the nice simple
>> additional DupACK test to distinguish DupACKs from ACKs of ACKs that
>> is in the current draft - and black rather than green below - HTML
>> email reader required).
>>
>> But since March, just before each draft submission, Markku has been
>> promising to explain his concern, which he finally did the day after
>> the recent tcpm meeting. First it was that SACK-negotiated doesn't
>> necessarily imply that D-SACK is implemented. We addressed that by
>> requiring D-SACK if SACK is negotiated for AccECN. Then the argument
>> switched to the possibility that SACK might be stripped, which the
>> latest text addresses (in green below - for the ECN++ draft). That
>> might not sound much, but it took 8 months and approaching 100 emails
>> to get to the consensus we have reached (TBC). Nonetheless, if an
>> implementer like you is prepared to take the performance penalty, the
>> added (green) text is a 'SHOULD' not a 'MUST'.
>>
>> On your detailed points - see more [BB2]...
>> I'll also send another email after this with new proposed text, 'cos
>> while making your proposed edits, I noticed a number of ways to make
>> my original less wordy.
>>
>>>
>>> On Fri, Nov 24, 2023 at 6:20 PM Bob Briscoe
>>> <ietf=40bobbriscoe.net@dmarc.ietf.org> wrote:
>>>
>>>     Richard,
>>>
>>>     I think you are now agreeing with Markku, so we are close to
>>>     closure! See [BB]...
>>>
>>>     On 24/11/2023 17:52, rs.ietf@gmx.at wrote:
>>>>
>>>>
>>>>     Am 24.11.2023 um 16:55 schrieb Bob Briscoe:
>>>>>             1) Detecting that SACK blocks are being stripped
>>>>>
>>>>>     Assuming AccECN & SACK are both negotiated, is Markku's
>>>>>     proposed test on
>>>>>     an incoming pure ACK acceptable to everyone?:
>>>>>          if (no SACK && Δ(ACE)<3)
>>>>
>>>>
>>>>     I believe you want to detect DupACKs? So the generally accepted
>>>>     test if
>>>>     this ACK is a DupAck (does not advance snd.una, while there is
>>>>     outstanding data snd.max != snd.una) would come first?
>>>
>>>     [BB] Yes, that's taken as a given, because this test is
>>>     /additional/ to wherever DupACKs are tested for.
>>>
>>>>
>>>>     And as long as no retransmission (fast or RTO or PTO) has happened,
>>>>     *every* DupACK is supposed to contain a SACK block; DSACK blocks
>>>>     are -
>>>>     with the current wording - also expected on spurious retransmitted
>>>>     segments - and only them.
>>>>
>>>>     (the network pathology of duplicating packets on-path should elicit
>>>>     DSACK for packets that were never retransmitted).
>>>>
>>>>>
>>>>>     As I said, ACE might have wrapped, but let's treat this as an
>>>>>     experiment, to see whether that is a significant problem.
>>>>
>>>>     The reason why we picked 3 as a very strong suggestion is, that
>>>>     typical
>>>>     AoA  would lead to a particular stream of ACEs (e.g. 5, 0, 3, 6,
>>>>     1, 4,
>>>>     7, 2, 5) - with two consecutive AoAs need to be lost before a
>>>>     wrap-around becomes indistiguishable (any other pattern would
>>>>     need some
>>>>     data exchange).
>>>
>>>     [BB] I think you're agreeing, but please answer, yes or no: is
>>>     the test proposed above for Detecting that SACK blocks are being
>>>     stripped acceptable to you?
>>>
>>>>
>>>>
>>>>     But doing one step back:
>>>>
>>>>     While AccECN defines a specific receiver side reaction, which
>>>>     the other
>>>>     side can rely upon, and ECN++ specifies that pure ACKs could be
>>>>     ECT-enabled, as an Implementer, rather than dealing with these
>>>>     increasingly improbable special cases, I would refrain from
>>>>     sending the
>>>>     optional ECT-enabled ACKs in the first place. Only when subsequent
>>>>     mechanisms are found to be needed (e.g. TARR, NewCWV,
>>>>     Careful-Resume,
>>>>     ...) where retaining up-to-date CC state in the reverse
>>>>     direction is
>>>>     becoming more interesting, it would become interesting to send out
>>>>     ECT-enabled ACKs.
>>>
>>>     [BB] So, I take it from this that you agree that, if SACK
>>>     stripping has been detected, the spec has to allow both. That is:
>>>     * either disable ECN-capable pure ACKs,
>>>     * or replace the test for absence of SACK with a heuristic.
>>>
>>>     Here's proposed text for the ECN++ spec. I'm afraid I'm asking
>>>     you to fill in text for the timestamp test in the final bullet. I
>>>     can't easily work out what to say that generalizes for any case,
>>>     not just the TLP case. Pls (anyone) also suggest edits if you
>>>     disagree with anything else...
>>>
>>>
>>>     3.3.3.1.  Additional DupACK Check
>>>
>>>        A TCP implementation that is sending ECN-capable pure ACKs
>>>     MUST add
>>>        the following check to all its algorithms that use duplicate
>>>        detection on incoming pure ACKs:
>>>
>>>        *  If there is no SACK option on an incoming pure ACK
>>>     (ECN-capable or
>>>           not) despite SACK having been negotiated, it is not counted
>>>     as a
>>>           duplicate ACK.
>>>
>>>        SACK blocks are known to be stripped on some paths through the
>>>     public
>>>        Internet, or some implementations are known to negotiate SACK but
>>>        never send SACK blocks.  Therefore, if a TCP implementation is
>>>        sending ECN-capable pure ACKs, it SHOULD check for these
>>>     pathologies
>>>        (unless it is intended solely for an environment clear of these
>>>        pathologies), as follows:
>>>
>>>        *  If an incoming pure ACK appears to be a duplicate (it does not
>>>           advance the cumulative acknowledgement while there is
>>>     outstanding
>>>           data), but:
>>>
>>>
>>> That parenthetical definition of a duplicate ACK is incomplete. To
>>> avoid bugs, I would suggest referring the reader to the full
>>> definition in RFC 5681, Section 2.
>>
>> [BB2] Thanks for this ref. I'll refer to that definition right from
>> the start, and delete the parenthesis.
>>
>>>
>>>           -  it does not carry any SACK blocks (despite SACK having been
>>>              negotiated)
>>>
>>>           -  and AccECN [I-D.ietf-tcpm-accurate-ecn] has been
>>>     negotiated but
>>>              the ACE field has increased by less than 3 (after
>>>     allowing for
>>>              wrap)
>>>
>>>
>>>           then it can be assumed that SACK blocks are being stripped.  In
>>>           this case the implementation SHOULD take one of the
>>>     following two
>>>           actions:
>>>
>>>
>>> Rather than "it can be assumed that SACK blocks are being stripped" I
>>> would suggest "then the implementation can estimate that SACK blocks
>>> are being stripped".
>>
>> [BB2] Better. But 'estimate' isn't quite right - it's used more for
>> numerical output, so I'll use 'deem' if that's OK.
>>
>> Thanks
>>
>>
>>
>> Bob
>>
>>>
>>>           -  either disable the sending of ECN-capable pure ACKs;
>>>
>>>           -  or in all algorithms that use duplicate detection on
>>>     incoming
>>>              pure ACKs, replace the above additional DupACK check with an
>>>              heuristic such as the following:
>>>
>>>              o  If the ACE field [I-D.ietf-tcpm-accurate-ecn] has
>>>                 incremented by at least 3, an incoming ACK SHOULD NOT be
>>>                 counted as a Duplicate ACK;
>>>
>>>              o  if the echoed timestamp (TSecr) [RFC7323] {ToDo: complete
>>>                 the bullet}, an incoming ACK SHOULD NOT be counted as a
>>>                 Duplicate ACK.
>>>
>>>
>>>
>>>
>>> best regards,
>>> neal
>>>
>>>
>>>     Thank you
>>>
>>>
>>>     Bob
>>>
>>>
>>>>
>>>>     Richard
>>>
>>>     --
>>>     ________________________________________________________________
>>>     Bob Briscoehttp://bobbriscoe.net/
>>>
>>>     _______________________________________________
>>>     tcpm mailing list
>>>     tcpm@ietf.org
>>>     https://www.ietf.org/mailman/listinfo/tcpm
>>>
>>
>> --
>> ________________________________________________________________
>> Bob Briscoehttp://bobbriscoe.net/
>
> --
> ________________________________________________________________
> Bob Briscoehttp://bobbriscoe.net/
>

v2.23.0 | Report a Bug | By Email