Re: [tcpm] ECN+SYN
Stefanos Harhalakis <v13@v13.gr> Thu, 21 February 2008 21:53 UTC
Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: ietfarch-tcpm-archive@core3.amsl.com
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9127528CB3A; Thu, 21 Feb 2008 13:53:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.115
X-Spam-Level:
X-Spam-Status: No, score=-0.115 tagged_above=-999 required=5 tests=[AWL=-0.278, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, J_CHICKENPOX_33=0.6, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TITPwDRJt6Cv; Thu, 21 Feb 2008 13:53:36 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0B8C028CAC8; Thu, 21 Feb 2008 13:53:36 -0800 (PST)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6539E28C772 for <tcpm@core3.amsl.com>; Thu, 21 Feb 2008 13:53:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 70D-yDNV28Kz for <tcpm@core3.amsl.com>; Thu, 21 Feb 2008 13:53:32 -0800 (PST)
Received: from mx-out-01.forthnet.gr (mx-out.forthnet.gr [193.92.150.104]) by core3.amsl.com (Postfix) with ESMTP id 25FD63A69C1 for <tcpm@ietf.org>; Thu, 21 Feb 2008 13:53:31 -0800 (PST)
Received: from mx-av-05.forthnet.gr (mx-av.forthnet.gr [193.92.150.27]) by mx-out-01.forthnet.gr (8.13.8/8.13.8) with ESMTP id m1LLrQ0r007924; Thu, 21 Feb 2008 23:53:26 +0200
Received: from MX-IN-02.forthnet.gr (mx-in-02.forthnet.gr [193.92.150.185]) by mx-av-05.forthnet.gr (8.14.2/8.14.2) with ESMTP id m1LLrQ6J020708; Thu, 21 Feb 2008 23:53:26 +0200
Received: from hell.hell.gr (adsl3-182.lsf.forthnet.gr [79.103.130.182]) by MX-IN-02.forthnet.gr (8.14.2/8.14.2) with ESMTP id m1LLrNX4003641; Thu, 21 Feb 2008 23:53:24 +0200
Authentication-Results: MX-IN-02.forthnet.gr smtp.mail=v13@v13.gr; spf=neutral
Authentication-Results: MX-IN-02.forthnet.gr header.from=v13@v13.gr; sender-id=neutral
From: Stefanos Harhalakis <v13@v13.gr>
To: Sally Floyd <sallyfloyd@mac.com>
Date: Thu, 21 Feb 2008 23:53:08 +0200
User-Agent: KMail/1.9.7
References: <200802200116.26451.v13@v13.gr> <AD614F47-6972-468C-B679-1ADA288B5C2C@mac.com>
In-Reply-To: <AD614F47-6972-468C-B679-1ADA288B5C2C@mac.com>
MIME-Version: 1.0
Content-Disposition: inline
Message-Id: <200802212353.09084.v13@v13.gr>
Cc: akuzma@northwestern.edu, tcpm@ietf.org
Subject: Re: [tcpm] ECN+SYN
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org
On Thursday 21 February 2008, Sally Floyd wrote: > In summary, I would be *strongly* opposed to any proposal > for TCP SYN packets to be sent as ECN-capable. Hello Sally and thank you for your detailed and explanatory reply! (I'm replying to the whole mail as a whole) After carefully reading your mail a couple of times, re-examining draft-ietf-tcpm-ecnsyn-05.txt and having in mind RFC3168, I still believe that the draft should be modified a bit regarding the SYN+ECT case. For the rest of the mail I'm using the term ECT when referring to flags in IP packets and ECN when referring to TCP flags. First of all, partially in contrast with RFC3168, the draft indirectly suggests that ECT should be used in SYN/ACK packets as: a) an improvement for detecting congestion a little bit earlier and starting with a reduced window size (smaller initial window) (p.8, bottom) b) a method of QoS that will result in less SYN/ACK looses when operating on an ECN enabled network (p.5, bottom (2)) (p.7, top). Point (a) has to do with ECN(+ECT) and (b) has to do with ECT. Also, the draft: a) Proposes ECT for SYN/ACK segments b) Forbids ECT for SYN segments I argue that the exact same reasons specified in point (b) (regarding QoS) apply to SYN segments too. In fact, if you imagine an ECN enabled Internet that uses RED everywhere then the only dropped segments of a TCP session because of congestion may be the SYNs (!!). Also consider that loosing the first SYN of a session MAY result in a ECN-less connection (RFC3168 6.1.1.1) - which increases its importance. I suggest that the draft: a) Do not forbid ECT for SYN segments b) Propose the usage of ECT for SYN segments Since on an ECN enabled Internet that uses AQM everywhere the ECN bits in IP will (most probably) also work as a kind of QoS, we should not consider ECT only as a congestion indication method. We should have in mind the effects of not using ECT which will result in poorer performance. I totally agree that most probably we will not benefit from congestion indication in SYN segments and I understand that RFC3168 explicitly says that "an ECT codepoint MUST NOT be set in a packet unless the loss of that packet in the network would be detected by the end nodes and interpreted as an indication of congestion" (RFC3168 5.2) but on the other hand, SYN and SYN/ACK segments are not exactly data (for normal operations) and (I believe that) they are only a very small fraction of the whole internet traffic (either as packet count or byte count). So, it may be wise and harmless to also propose in this draft that "when a host sends a SYN segment it MAY set the ECT codepoint to prevent intermediate routers from dropping it instead of marking it" Regarding security considerations: I fail to see why ECT+SYN may be a threat. Of course a malicious user may use it to prevent intermediate routers from dropping those packets but trying to prevent this: a) Is not what we're doing everywhere else b) Is like disallowing fast and reliable internet connections to prevent malicious users from performing SYN flooding. Hope that this clarifies my thoughts... and that they are not (totally) wrong :-) Best regards, Harhalakis Stefanos _______________________________________________ tcpm mailing list tcpm@ietf.org http://www.ietf.org/mailman/listinfo/tcpm
- [tcpm] ECN+SYN Stefanos Harhalakis
- Re: [tcpm] ECN+SYN Stefanos Harhalakis
- Re: [tcpm] ECN+SYN Sally Floyd
- Re: [tcpm] ECN+SYN Stefanos Harhalakis
- Re: [tcpm] ECN+SYN Sally Floyd
- Re: [tcpm] ECN+SYN Stefanos Harhalakis