[tcpm] New keep-alive text in draft-ietf-netconf-tcp-client-server-03

"Scharf, Michael" <Michael.Scharf@hs-esslingen.de> Mon, 21 October 2019 11:13 UTC

Return-Path: <Michael.Scharf@hs-esslingen.de>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3525812002E for <tcpm@ietfa.amsl.com>; Mon, 21 Oct 2019 04:13:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hs-esslingen.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J2GGDQN8VEF8 for <tcpm@ietfa.amsl.com>; Mon, 21 Oct 2019 04:13:25 -0700 (PDT)
Received: from mail.hs-esslingen.de (mail.hs-esslingen.de [134.108.32.78]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3952F120013 for <tcpm@ietf.org>; Mon, 21 Oct 2019 04:13:25 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.hs-esslingen.de (Postfix) with ESMTP id 2E38F25A25; Mon, 21 Oct 2019 13:13:23 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hs-esslingen.de; s=mail; t=1571656403; bh=AR+a4vr9jt8wJkV+3rxc5CUFdQC+rxYyKAevoHZuxBs=; h=From:To:CC:Subject:Date:From; b=nX2u2OCtzcIjPElUhX0sM+Zh6+xggUDmXQNH1NIGxq2MPWH+NFjUAyg0sl3cvXziZ 5jNyyqbNjE8jSM9zmtxgIaXHAiG09KlqpwEShn0OySMs+whgkfNjcypcvrRKH8PYTa gRNCihX/QSj6y8hEYdqhg7c4r7q2IBWjVBTdTDjY=
X-Virus-Scanned: by amavisd-new-2.7.1 (20120429) (Debian) at hs-esslingen.de
Received: from mail.hs-esslingen.de ([127.0.0.1]) by localhost (hs-esslingen.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vDGXdELhlfcv; Mon, 21 Oct 2019 13:13:22 +0200 (CEST)
Received: from rznt8101.rznt.rzdir.fht-esslingen.de (rznt8101.rznt.rzdir.fht-esslingen.de [134.108.29.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mail.hs-esslingen.de (Postfix) with ESMTPS; Mon, 21 Oct 2019 13:13:22 +0200 (CEST)
Received: from RZNT8114.rznt.rzdir.fht-esslingen.de ([169.254.3.61]) by rznt8101.rznt.rzdir.fht-esslingen.de ([fe80::bd73:d6a9:24d7:95f1%10]) with mapi id 14.03.0468.000; Mon, 21 Oct 2019 13:13:21 +0200
From: "Scharf, Michael" <Michael.Scharf@hs-esslingen.de>
To: "tcpm@ietf.org" <tcpm@ietf.org>
Thread-Topic: New keep-alive text in draft-ietf-netconf-tcp-client-server-03
Thread-Index: AdWIAGYiqBCjfZ91R4qPbWgZa5WWlg==
Date: Mon, 21 Oct 2019 11:13:21 +0000
Message-ID: <6EC6417807D9754DA64F3087E2E2E03E2D4AF9B7@rznt8114.rznt.rzdir.fht-esslingen.de>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [134.108.29.249]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/jjlrt3TfZi4w2UN34PxAkLODtDU>
Subject: [tcpm] New keep-alive text in draft-ietf-netconf-tcp-client-server-03
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2019 11:13:27 -0000

Hi all,

As outlined below, the draft draft-ietf-netconf-tcp-client-server was updated. The new version can be found at https://tools.ietf.org/html/draft-ietf-netconf-tcp-client-server-03 and a diff is available at https://www.ietf.org/rfcdiff?url2=draft-ietf-netconf-tcp-client-server-03 .

In the new version, I have tried to address comments from the last TCPM meeting. Note that this document is owned the NETCONF working group, but we try to keep TCPM in the loop.

In -03, I have drafted a new section with guidance on use of TCP keep-alives. It reuses some text from a related earlier discussion on the TSVAREA list:

<snip>
3.2.  Usage Guidelines for Configuring TCP Keep-Alives

   Network stacks may include "keep-alives" in their TCP
   implementations, although this practice is not universally accepted.
   If keep-alives are included, [RFC1122] [RFC793bis] mandates that the
   application MUST be able to turn them on or off for each TCP
   connection, and that they MUST default to off.

   Keep-alive mechanisms exist in many protocols.  Depending on the
   protocol stack, TCP keep-alives may only be one out of several
   alternatives.  Which mechanism to use depends on the use case and
   application requirements.  If keep-alives are needed by an
   application, it is RECOMMENDED that the aliveness check happens at
   the highest protocol layer possible that is meaningful to the
   application, in order to maximize the depth of the aliveness check.

   A TCP keep-alive mechanism should only be invoked in server
   applications that might otherwise hang indefinitely and consume
   resources unnecessarily if a client crashes or aborts a connection
   during a network failure [RFC1122].  TCP keep-alives may consume
   significant resources both in the network and in endpoints (e.g.,
   battery power).  In addition, frequent keep-alives risk network
   congestion.  The higher the frequency of keep-alives, the higher the
   overhead.

   Given the cost of keep-alives, parameters have to be configured
   carefully:

   o  The default idle interval (leaf "idle-time") MUST default to no
      less than two hours, i.e., 7200 seconds [RFC1122].  A lower value
      MAY be configured, but keep-alive messages SHOULD NOT be
      transmitted more frequently than once every 15 seconds.  Longer
      intervals SHOULD be used when possible.

   o  The maximum number of sequential keep-alive probes that can fail
      (leaf "max-probes") trades off responsiveness and robustness
      against packet loss.  ACK segments that contain no data are not
      reliably transmitted by TCP.  Consequently, if a keep-alive
      mechanism is implemented it MUST NOT interpret failure to respond
      to any specific probe as a dead connection [RFC1122].  Typically a
      single-digit number should suffice.

   o  TCP implementations may include a parameter for the number of
      seconds between TCP keep-alive probes (leaf "probe-interval").  In
      order to avoid congestion, the time interval between probes MUST
      NOT be smaller than one second.  Significantly longer intervals
      SHOULD be used.  It is important to note that keep-alive probes
      (or replies) can get dropped due to network congestion.  Sending
      further probe messages into a congested path after a short
      interval, without backing off timers, could cause harm and result
      in a congestion collapse.  Therefore it is essential to pick a
      large, conservative value for this interval.
</snip>

The lower bound of 15 seconds is taken from RFC 8085. Also, I have tried to use text from RFC 1122 as far as possible.

Any thoughts?

Thanks

Michael (as contributor)


-----Original Message-----
From: Kent Watsen <kent+ietf@watsen.net> 
Sent: Saturday, October 19, 2019 12:28 AM
To: netconf@ietf.org
Cc: Scharf, Michael <Michael.Scharf@hs-esslingen.de>de>; Wang Haiguang <wang.haiguang.shieldlab@huawei.com>om>; Frank Xialiang <frank.xialiang@huawei.com>
Subject: updates to the client/server suite of drafts

Below are the change-logs for the updates just posted.

Not yet incorporated:

  1. a resolution to the "algorithms" problem in the
     crypto-types draft.  (IANA templates?)
  2. an update to the Truststore draft to add support
     for PSK and raw keys.
  3. an update to the Keystore draft to add support
     for PSK and raw keys. (Henk's response pending)
  4. an update to the SSH and TLS drafts to reflect
     the final outcome to (1).

Kent


===== change logs =====

crypto-types:

  - Added a "key-format" identity.
  - Added symmetric keys to the example in the Examples section.

truststore:

  - Editorial changes only.

keystore:

  - Updated examples to incorporate new "key-format" identities.
  - Made the two "generate-*-key" RPCs be "action" statements
    instead.

tcp-client-server: (changes from co-author Micheal Scharf)

  - Moved the common model section to be before the
    client and server specific sections.
  - Added sections "Model Scope" and "Usage Guidelines
    for Configuring TCP Keep-Alives" to the Common
    Model section.

ssh-client-server:

  - Updated examples to reflect ietf-crypto-types change
    (e.g., identities --&gt; enumerations)
  - Updated "server-authentication" and "client-authentication"
    nodes from being a leaf of type "ts:host-keys-ref" or 
    "ts:certificates-ref" to a container that uses 
    "ts:local-or-truststore-host-keys-grouping" or 
    "ts:local-or-truststore-certs-grouping".

tls-client-server:

  - Updated "server-authentication" and "client-authentication"
    nodes from being a leaf of type "ts:certificates-ref" to a
    container that uses "ts:local-or-truststore-certs-grouping".
  - Note: this update needed by the TCPM WG.

http-client-server:

  - in ietf-http-client, removed all but the "basic" 
    authentication scheme.
  - in ietf-http-client, factored out a "client-identity-grouping"
    grouping, which is now used in both the primary and proxy
    configuration models.
  - in ietf-http-server under /client-authentication/local, added
    an ability to configure authentication credentials for the
    "basic" authentication scheme.
  - Note: this update was blocking the adoption call from before.

netconf-client-server:

  - Refactored both the client and server modules similar to
    how the ietf-restconf-server module was refactored in -13 
    presented in Montreal.

restconf-client-server:

  - Refactored both the client and server modules similar to
    how the ietf-restconf-server module was refactored in -13 
    presented in Montreal.
  - Added missing "or https-listen" clause in a "must" expression.



Kent // contributor