[tcpm] New keep-alive text in draft-ietf-netconf-tcp-client-server-03
"Scharf, Michael" <Michael.Scharf@hs-esslingen.de> Mon, 21 October 2019 11:13 UTC
Return-Path: <Michael.Scharf@hs-esslingen.de>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3525812002E for <tcpm@ietfa.amsl.com>; Mon, 21 Oct 2019 04:13:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hs-esslingen.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J2GGDQN8VEF8 for <tcpm@ietfa.amsl.com>; Mon, 21 Oct 2019 04:13:25 -0700 (PDT)
Received: from mail.hs-esslingen.de (mail.hs-esslingen.de [134.108.32.78]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3952F120013 for <tcpm@ietf.org>; Mon, 21 Oct 2019 04:13:25 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.hs-esslingen.de (Postfix) with ESMTP id 2E38F25A25; Mon, 21 Oct 2019 13:13:23 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hs-esslingen.de; s=mail; t=1571656403; bh=AR+a4vr9jt8wJkV+3rxc5CUFdQC+rxYyKAevoHZuxBs=; h=From:To:CC:Subject:Date:From; b=nX2u2OCtzcIjPElUhX0sM+Zh6+xggUDmXQNH1NIGxq2MPWH+NFjUAyg0sl3cvXziZ 5jNyyqbNjE8jSM9zmtxgIaXHAiG09KlqpwEShn0OySMs+whgkfNjcypcvrRKH8PYTa gRNCihX/QSj6y8hEYdqhg7c4r7q2IBWjVBTdTDjY=
X-Virus-Scanned: by amavisd-new-2.7.1 (20120429) (Debian) at hs-esslingen.de
Received: from mail.hs-esslingen.de ([127.0.0.1]) by localhost (hs-esslingen.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vDGXdELhlfcv; Mon, 21 Oct 2019 13:13:22 +0200 (CEST)
Received: from rznt8101.rznt.rzdir.fht-esslingen.de (rznt8101.rznt.rzdir.fht-esslingen.de [134.108.29.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mail.hs-esslingen.de (Postfix) with ESMTPS; Mon, 21 Oct 2019 13:13:22 +0200 (CEST)
Received: from RZNT8114.rznt.rzdir.fht-esslingen.de ([169.254.3.61]) by rznt8101.rznt.rzdir.fht-esslingen.de ([fe80::bd73:d6a9:24d7:95f1%10]) with mapi id 14.03.0468.000; Mon, 21 Oct 2019 13:13:21 +0200
From: "Scharf, Michael" <Michael.Scharf@hs-esslingen.de>
To: "tcpm@ietf.org" <tcpm@ietf.org>
Thread-Topic: New keep-alive text in draft-ietf-netconf-tcp-client-server-03
Thread-Index: AdWIAGYiqBCjfZ91R4qPbWgZa5WWlg==
Date: Mon, 21 Oct 2019 11:13:21 +0000
Message-ID: <6EC6417807D9754DA64F3087E2E2E03E2D4AF9B7@rznt8114.rznt.rzdir.fht-esslingen.de>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [134.108.29.249]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/jjlrt3TfZi4w2UN34PxAkLODtDU>
Subject: [tcpm] New keep-alive text in draft-ietf-netconf-tcp-client-server-03
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2019 11:13:27 -0000
Hi all, As outlined below, the draft draft-ietf-netconf-tcp-client-server was updated. The new version can be found at https://tools.ietf.org/html/draft-ietf-netconf-tcp-client-server-03 and a diff is available at https://www.ietf.org/rfcdiff?url2=draft-ietf-netconf-tcp-client-server-03 . In the new version, I have tried to address comments from the last TCPM meeting. Note that this document is owned the NETCONF working group, but we try to keep TCPM in the loop. In -03, I have drafted a new section with guidance on use of TCP keep-alives. It reuses some text from a related earlier discussion on the TSVAREA list: <snip> 3.2. Usage Guidelines for Configuring TCP Keep-Alives Network stacks may include "keep-alives" in their TCP implementations, although this practice is not universally accepted. If keep-alives are included, [RFC1122] [RFC793bis] mandates that the application MUST be able to turn them on or off for each TCP connection, and that they MUST default to off. Keep-alive mechanisms exist in many protocols. Depending on the protocol stack, TCP keep-alives may only be one out of several alternatives. Which mechanism to use depends on the use case and application requirements. If keep-alives are needed by an application, it is RECOMMENDED that the aliveness check happens at the highest protocol layer possible that is meaningful to the application, in order to maximize the depth of the aliveness check. A TCP keep-alive mechanism should only be invoked in server applications that might otherwise hang indefinitely and consume resources unnecessarily if a client crashes or aborts a connection during a network failure [RFC1122]. TCP keep-alives may consume significant resources both in the network and in endpoints (e.g., battery power). In addition, frequent keep-alives risk network congestion. The higher the frequency of keep-alives, the higher the overhead. Given the cost of keep-alives, parameters have to be configured carefully: o The default idle interval (leaf "idle-time") MUST default to no less than two hours, i.e., 7200 seconds [RFC1122]. A lower value MAY be configured, but keep-alive messages SHOULD NOT be transmitted more frequently than once every 15 seconds. Longer intervals SHOULD be used when possible. o The maximum number of sequential keep-alive probes that can fail (leaf "max-probes") trades off responsiveness and robustness against packet loss. ACK segments that contain no data are not reliably transmitted by TCP. Consequently, if a keep-alive mechanism is implemented it MUST NOT interpret failure to respond to any specific probe as a dead connection [RFC1122]. Typically a single-digit number should suffice. o TCP implementations may include a parameter for the number of seconds between TCP keep-alive probes (leaf "probe-interval"). In order to avoid congestion, the time interval between probes MUST NOT be smaller than one second. Significantly longer intervals SHOULD be used. It is important to note that keep-alive probes (or replies) can get dropped due to network congestion. Sending further probe messages into a congested path after a short interval, without backing off timers, could cause harm and result in a congestion collapse. Therefore it is essential to pick a large, conservative value for this interval. </snip> The lower bound of 15 seconds is taken from RFC 8085. Also, I have tried to use text from RFC 1122 as far as possible. Any thoughts? Thanks Michael (as contributor) -----Original Message----- From: Kent Watsen <kent+ietf@watsen.net> Sent: Saturday, October 19, 2019 12:28 AM To: netconf@ietf.org Cc: Scharf, Michael <Michael.Scharf@hs-esslingen.de>; Wang Haiguang <wang.haiguang.shieldlab@huawei.com>; Frank Xialiang <frank.xialiang@huawei.com> Subject: updates to the client/server suite of drafts Below are the change-logs for the updates just posted. Not yet incorporated: 1. a resolution to the "algorithms" problem in the crypto-types draft. (IANA templates?) 2. an update to the Truststore draft to add support for PSK and raw keys. 3. an update to the Keystore draft to add support for PSK and raw keys. (Henk's response pending) 4. an update to the SSH and TLS drafts to reflect the final outcome to (1). Kent ===== change logs ===== crypto-types: - Added a "key-format" identity. - Added symmetric keys to the example in the Examples section. truststore: - Editorial changes only. keystore: - Updated examples to incorporate new "key-format" identities. - Made the two "generate-*-key" RPCs be "action" statements instead. tcp-client-server: (changes from co-author Micheal Scharf) - Moved the common model section to be before the client and server specific sections. - Added sections "Model Scope" and "Usage Guidelines for Configuring TCP Keep-Alives" to the Common Model section. ssh-client-server: - Updated examples to reflect ietf-crypto-types change (e.g., identities --> enumerations) - Updated "server-authentication" and "client-authentication" nodes from being a leaf of type "ts:host-keys-ref" or "ts:certificates-ref" to a container that uses "ts:local-or-truststore-host-keys-grouping" or "ts:local-or-truststore-certs-grouping". tls-client-server: - Updated "server-authentication" and "client-authentication" nodes from being a leaf of type "ts:certificates-ref" to a container that uses "ts:local-or-truststore-certs-grouping". - Note: this update needed by the TCPM WG. http-client-server: - in ietf-http-client, removed all but the "basic" authentication scheme. - in ietf-http-client, factored out a "client-identity-grouping" grouping, which is now used in both the primary and proxy configuration models. - in ietf-http-server under /client-authentication/local, added an ability to configure authentication credentials for the "basic" authentication scheme. - Note: this update was blocking the adoption call from before. netconf-client-server: - Refactored both the client and server modules similar to how the ietf-restconf-server module was refactored in -13 presented in Montreal. restconf-client-server: - Refactored both the client and server modules similar to how the ietf-restconf-server module was refactored in -13 presented in Montreal. - Added missing "or https-listen" clause in a "must" expression. Kent // contributor
- [tcpm] New keep-alive text in draft-ietf-netconf-… Scharf, Michael