Re: [tcpm] FW: Review of draft-bagnulo-tcpm-generalized-ecn (David Black)
"Black, David" <David.Black@dell.com> Fri, 07 April 2017 22:33 UTC
Return-Path: <David.Black@dell.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85075128B8E for <tcpm@ietfa.amsl.com>; Fri, 7 Apr 2017 15:33:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dell.com header.b=YqK5b7Oj; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=rsa.com header.b=HCT3WJOf
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ucC7kfQaJiV for <tcpm@ietfa.amsl.com>; Fri, 7 Apr 2017 15:33:22 -0700 (PDT)
Received: from esa7.dell-outbound.iphmx.com (esa7.dell-outbound.iphmx.com [68.232.153.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2BFC12714F for <tcpm@ietf.org>; Fri, 7 Apr 2017 15:33:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dell.com; i=@dell.com; q=dns/txt; s=smtpout; t=1491604266; x=1523140266; h=from:cc:to:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=dI9PtoKtQpZgH8BZohqSWhWNtpyraIY8O9lgPhZ8bOg=; b=YqK5b7Oj5Ghud5dPsX9cDMIZ9c17ZyFVjQ/+f63nsKCp04gttt+wNRL2 Fn2Eozb5TtDP52NAXT95t9WrP6/wCRETETqPAFl4DWWT4RMX9RgAM7d5Q hmUSKxySsTYgnNUX9HGTjW2NFsDUnxr8VMuiD4heDK/FRYCURmQpFFo2P g=;
Received: from esa5.dell-outbound2.iphmx.com ([68.232.153.203]) by esa7.dell-outbound.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Apr 2017 17:31:06 -0500
From: "Black, David" <David.Black@dell.com>
Cc: "tcpm@ietf.org" <tcpm@ietf.org>, "Black, David" <David.Black@dell.com>
Received: from mailuogwhop.emc.com ([168.159.213.141]) by esa5.dell-outbound2.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Apr 2017 04:27:37 +0600
Received: from maildlpprd01.lss.emc.com (maildlpprd01.lss.emc.com [10.253.24.33]) by mailuogwprd05.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id v37MXJOR026540 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 7 Apr 2017 18:33:20 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd05.lss.emc.com v37MXJOR026540
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=rsa.com; s=jan2013; t=1491604400; bh=arryHjGYz6+atiGgE/wTatoeyYM=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=HCT3WJOft081GktAX0H/e+6YAIwhZ6hCiQJKlcaNYo88tvb3vW6D1OrI3n+lkfXOi buaCtSFK/tI9uZPzF/iia2JZGQ0b479kLz6AEysvBEvmVT5M0su+lGOEigKGz24iJb joWP6ibR8v/D6Y0nuhyPFAy40UKKfykVctBxixaY=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd05.lss.emc.com v37MXJOR026540
Received: from mailusrhubprd51.lss.emc.com (mailusrhubprd51.lss.emc.com [10.106.48.24]) by maildlpprd01.lss.emc.com (RSA Interceptor); Fri, 7 Apr 2017 18:32:54 -0400
Received: from MXHUB314.corp.emc.com (MXHUB314.corp.emc.com [10.146.3.92]) by mailusrhubprd51.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id v37MX9i6019305 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL); Fri, 7 Apr 2017 18:33:09 -0400
Received: from MX307CL04.corp.emc.com ([fe80::849f:5da2:11b:4385]) by MXHUB314.corp.emc.com ([10.146.3.92]) with mapi id 14.03.0266.001; Fri, 7 Apr 2017 18:33:09 -0400
To: Bob Briscoe <ietf@bobbriscoe.net>
Thread-Topic: [tcpm] FW: Review of draft-bagnulo-tcpm-generalized-ecn (David Black)
Thread-Index: AdKvtheSW8e/Q8HxSQe3bn4h+L8u/QAVnh6AAAgFZlA=
Date: Fri, 07 Apr 2017 22:33:08 +0000
Message-ID: <CE03DB3D7B45C245BCA0D243277949362F9B3960@MX307CL04.corp.emc.com>
References: <CE03DB3D7B45C245BCA0D243277949362F9B2DB4@MX307CL04.corp.emc.com> <3d53f6a4-697b-0c7a-8c71-524890312beb@bobbriscoe.net>
In-Reply-To: <3d53f6a4-697b-0c7a-8c71-524890312beb@bobbriscoe.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.238.44.149]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd51.lss.emc.com
X-RSA-Classifications: public
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/iPiZQt4yNqrdLS5JrqssunJ1Y_0>
Subject: Re: [tcpm] FW: Review of draft-bagnulo-tcpm-generalized-ecn (David Black)
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Apr 2017 22:33:30 -0000
Bob, Two comments: 1) I'll wait for new text before commenting further on Accurate ECN vs. vanilla RFC 3168 ECN. The current text left me somewhat confused, and the summary of changes from RFC 3168 will almost certainly help. 2) On network node treatment of ECT, RFC 3168 is brief, e.g. (Section 5, top of p.7): The CE codepoint '11' is set by a router to indicate congestion to the end nodes. One wants to avoid text that could be read as modifying that sentence by adding possible exceptions for TCP control packets and/or retransmissions. > [BB] Unfortunately, RFC3168 does not specify anything about network node > forwarding behaviour wrt ECT. So some firewall policies could have > decided to block any TCP control packets that contravene RFC3168. That's > why we wrote this section. If "firewalls" is what was meant, use that word ;-) ... or as you write ... > However I admit that, by not explaining that DPI was the problem we were > trying to solve, rather than removing any ambiguity that might have been > interpreted as a need for DPI. We'll fix this. In doing so, please keep in mind that in this draft, discussion of forwarding and dropping behavior is implicitly about router queue management, not middlebox access control (e.g., based on DPI), so access control has to be called out explicitly when that is what is meant. Thanks, --David > -----Original Message----- > From: Bob Briscoe [mailto:ietf@bobbriscoe.net] > Sent: Friday, April 7, 2017 6:05 PM > To: Black, David <david.black@emc.com> > Cc: tcpm@ietf.org > Subject: Re: [tcpm] FW: Review of draft-bagnulo-tcpm-generalized-ecn > (David Black) > > David, > > Thank you for these useful comments. > Detailed responses inline. > > In summary, I think all your proposed changes improve clarity. I don't > think you've disagreed with any technical effect of the proposed protocol. > > > On 07/04/17 16:46, Black, David wrote: > > I sent this review to the draft authors privately, and they asked that I > forward to the TCPM list; this version had been edited slightly from what I > sent to the draft authors. Please cc: me directly on any responses or follow- > up emails, as I'm not currently on the TCPM list. > > > > In general, I think this draft is headed in the right direction. I've limited this > review to items with at least moderate technical impact. I apologize that it's > taken over 4 months to get this review done - the day job has been putting > much more pressure on my IETF activity that expected since the start of this > year. > > > > Overall concern: Abstract and Introduction should make it clear that this > draft is primarily about Accurate ECN, with applicability to vanilla RFC 3168 > ECN being an open question for further discussion. > [BB] We obviously need to clarify that AccECN is solely relevant to > SYNs, and all other control packets could be made ECN-capable whether or > not AccECN was being used. Actually, AccECN is only mentioned in the > sections about SYNs. However, I accept that it would help to point that > out explicitly. And to explain why. Here's why: > > In RFC3168 ECN feedback, the Echo Congestion Experienced (ECE) flag is > used for capability negotiation during the 3WHS. So, even if the client > makes the SYN ECN-capable and then it's marked CE, the SYN-ACK has > nowhere for the server to feed this back. In contrast, an AccECN server > supports feedback in the SYN/ACK of any CE on the SYN. > > The relevant sections of AccECN are: > https://tools.ietf.org/html/draft-ietf-tcpm-accurate-ecn-02#section-2.5 > https://tools.ietf.org/html/draft-ietf-tcpm-accurate-ecn-02#section-3.1 > > BTW, there is one mention of AccECN in the section on Pure ACKs as well > - necessary to consider whether AccECN would count CE on Pure ACKs. > We'll clarify that this is not saying that AccECN is necessary. > > > It's also not clear to me whether applicability to vanilla RFC 3168 ECN is a > single global decision for all packet types vs. a per-packet-type decision. > [BB] This is a consequence of the process of reaching consensus. > > Initially, we had to assume that someone might come up with a good > argument against setting ECT on one of the types. So it is written as if > the decision on each type is independent. Nonetheless, I think it would > now make sense to add a sentence saying: > > To comply with this spec, a TCP sender will set ECT on all types of > control packets. > > However, RFC3168 allows an ECN sender to choose not to set ECT on any > individual packet (although it gives no example reasons why a sender > would not set ECT). So I don't think we don't need to /require/ a TCP > sender to set all types of packet to ECT. > > > > > -- Section 1.3 > > > > OLD > > RFC3168 does not prevents from using ECN in TCP > > control packets lightly. It provides a number of specific reasons > > for each packet type. In this Section 4, we revisit each of the > > arguments provided by RFC3168 and explore possibilities to enable the > > ECN capability in the different packet types. > > NEW > > RFC3168 does not prohibit use of ECN for TCP > > control packets lightly. It provides a number of specific reasons why > > ECN should not be used for each packet type. In this Section 4, we > analyze > > each of the reasons provided by RFC3168 as part of explaining why this > > experiment is reasonable to conduct for each of the different packet > types. > > > > Last sentence in old text is too weak - "explore possibilities" doesn't sound > like providing a solid rationale for experimentation. > > > > -- Section 2 > > > > OLD > > Retransmission: A TCP segment that has been retransmitted by the TCP > > sender because it determined that the original segment was lost, > > which may or may not be the case. > > NEW > > Retransmission: A TCP segment that has been retransmitted by the TCP > > sender. > > > > Shortened definition to improve clarity. > [BB] AOK so far > > -- Section 3.1 > > > > This section is problematic as written, as it appears to require a router to > parse TCP packets and maintain enough state to detect retransmissions. > That's surely not what was intended ;-). > [BB] Indeed. We intended this to apply to any middlebox (e.g. firewall) > that already parses the TCP header. > > This section should be rewritten and dramatically shorted to require that > routers treat ECT-marked TCP control packets and retransmissions just like > any other ECT-marked packet, > [BB] I agree (and I hope my co-author does) that it would be clearer > just to say this. > > as specified in RFC 3168 (and don't repeat lengthy RFC 3168 text here). > > [BB] Unfortunately, RFC3168 does not specify anything about network node > forwarding behaviour wrt ECT. So some firewall policies could have > decided to block any TCP control packets that contravene RFC3168. That's > why we wrote this section. > > However I admit that, by not explaining that DPI was the problem we were > trying to solve, it reads like we are advocating DPI, rather than > removing any ambiguity that might have been interpreted as a need for > DPI. We'll fix this. > > > > The reason to rewrite this section to point to RFC 3168 is that any > divergence from RFC 3168 network node behavior for other ECT-marked > packets is likely to not only be a bad idea, but to also be fatal to this proposal. > It's ok to cite RFCs beyond 3168 if needed to specify the network node > behavior. > [BB] As above, no network node behaviour wrt ECT is specified in RFC > 3168 (unless you can point to it - I just checked again, and I couldn't > find it). > > > > -- Section 3.2.1.1 > > > > The server SHOULD not set any of the ECT codepoints if > > the server is included in the cache as not supporting ECN in the SYN > > packet. > > > > Which cache? The natural reading of this text is "the client's cache" in > which case this requirement is unimplementable as written because the > server can't see the client's cache. I suspect that the actual requirement is > that the server not change its ECN behavior until any client cache entry for it > is certain to have aged out (how long would that be? provide an answer ...). > [BB] This is a simple typo. I'm sure the sentence was intended to start > "The client SHOULD...", not "The server SHOULD..." (The section is > entitled "TCP client behaviour"). Sorry about that. > > There appears to be an analogous concern with the server cache in 3.2.1.2. > [BB] I'm not sure I agree with the need for a server cache about clients > at all. The incoming SYNs unambiguously say what type of client they > came from. > > I will check with my co-author why this sentence is here. > > > > --Section 3.2.2.1 > > > > Also, it should be noted than if an ACK > > is dropped due to congestion the sender of the ACK does not react by > > reducing the load in any way. > > > > Given that statement, much of the discussion of how to reduce sender > load on the network may be irrelevant. > [BB] I agree. We will put this sentence first. Then say that ECT on pure > ACKs could be used for ACK CC and refer to RFC 5690 rather than > describing a possible ACK CC scheme here. Then make the point that an > ECN connection not implementing ACK CC is hardly worse than a non-ECN > connection not implementing ACK CC, both of which are the norm. > > In the quoted sentence, at least the first instance of "ACK" should be > "pure ACK". > [BB] Yup. > > > > -- Section 3.2.3.1 > > > > I think the reduction in offered load discussion in this section is pointless; > [BB] The text is sort-of saying that. But I admit it could be clearer - > we'll sort it. > > the sender should behave as if the Zero Window Probe were dropped. > [BB] Well, I don't know that any TCP implementation does anything > specific in this case. And I certainly can't find anything written in > RFC793 or RFC5681 about this. > > > > -- End of Section 3.2 > > > > This would be a good place to summarize sender and receiver behavior > changes. That summary is needed anyhow, as the changes to RFC 3168 need > to be clearly called out, and preferably summarized in one place. > [BB] Good, yes. > > > > -- Section 4.1 > > > > In particular, setting the CE > > codepoint in the very same packet seem to fulfill this criteria, > > since either the packet is delivered and the CE codepoint signal is > > delivered to the endpoint, or the packet is dropped, so the original > > congestion signal through the packet loss is delivered to the > > endpoint. > > > > That assumes that "the very same packet" will be retransmitted, which is > correct for data packets, but not control packets (e.g., a pure ACK or a zero > window probe). What may be missing (or not well stated in the rest of this > paragraph) is that drops of these packets don't cause congestion reactions. > [BB] Yes, we'll make this point clearer. > > > > As currently specified, ECN adoption implies an increased reliability > > of the ECN congestion signal and a decrease in the reliability in the > > TCP control packets. We believe that it is possible and desirable to > > restore the tradeoff existent in non ECN capable networks in terms of > > reliability, where the congestion signal delivery is as reliable as > > in a non ECN capable network and so it is the delivery of TCP control > > packets. > > > > Add a section reference for decrease in reliability - to Section 1.1 ?? > [BB] Will do. > > Thanks again, > > > > Bob > > > > Thanks, --David > > -------------------------------------------------------- > > David L. Black, Distinguished Engineer > > Dell EMC, 176 South St., Hopkinton, MA 01748 > > +1 (508) 293-7953 Cell: +1 (978) 394-7754 > > David.Black@dell.com <=== NEW === > > -------------------------------------------------------- > > > > _______________________________________________ > > tcpm mailing list > > tcpm@ietf.org > > https://www.ietf.org/mailman/listinfo/tcpm > > > > -- > __________________________________________________________ > ______ > Bob Briscoe http://bobbriscoe.net/
- Re: [tcpm] FW: Review of draft-bagnulo-tcpm-gener… Bob Briscoe
- Re: [tcpm] FW: Review of draft-bagnulo-tcpm-gener… Black, David
- Re: [tcpm] FW: Review of draft-bagnulo-tcpm-gener… Bob Briscoe
- Re: [tcpm] FW: Review of draft-bagnulo-tcpm-gener… Bob Briscoe
- Re: [tcpm] FW: Review of draft-bagnulo-tcpm-gener… Mirja Kühlewind
- Re: [tcpm] FW: Review of draft-bagnulo-tcpm-gener… Bob Briscoe
- Re: [tcpm] Review of draft-bagnulo-tcpm-generaliz… Mirja Kühlewind
- Re: [tcpm] FW: Review of draft-bagnulo-tcpm-gener… Bob Briscoe
- Re: [tcpm] Review of draft-bagnulo-tcpm-generaliz… Bob Briscoe
- [tcpm] FW: Review of draft-bagnulo-tcpm-generaliz… Black, David