Re: [tcpm] FW: Review of draft-bagnulo-tcpm-generalized-ecn (David Black)
Bob Briscoe <ietf@bobbriscoe.net> Fri, 14 April 2017 01:14 UTC
Return-Path: <ietf@bobbriscoe.net>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B13A81242EA for <tcpm@ietfa.amsl.com>; Thu, 13 Apr 2017 18:14:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=bobbriscoe.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K0JXfgiMjMTm for <tcpm@ietfa.amsl.com>; Thu, 13 Apr 2017 18:14:03 -0700 (PDT)
Received: from server.dnsblock1.com (server.dnsblock1.com [85.13.236.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01F5B127599 for <tcpm@ietf.org>; Thu, 13 Apr 2017 18:14:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bobbriscoe.net; s=default; h=Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:Cc:References:To:Subject:Sender :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=gc7MeMQpYj4jvmTaWHujPbMjUcY/P8vvFWDBY5BqSRc=; b=snBN3eT7d9i9cPeOmYvtDgxiN8 Cs5xm9DdEmqTjw4sMgrfUe5FiHu5vbwBrcSLeloJRWoT9IKG3Nbi40nMJdklP12yzHPWVhnQv5S3I 1kJ50f38r3QLCmF5yMIfAGWUkrVL57b2Yf8eBtIaQxHy4HHQ1tYBhz4tGeykVlKf0Qy8ua9P7rRjI G8sgtRgaT5ZB3j2yOIysxlRHta+F8ffeJZXcHrvt4Ts1F4Bmij2SxoS9RldSX9HRGfT+VDGCfBtSP ItQKGWfrnqs+9yfrbsB9i2Pvc9Jbp+JWLpG8fbikBV75oJOHje5lrVTK2sWS/JQeNKqYPA9f5X1mw W2VMgGSg==;
Received: from 203.6.208.46.dyn.plus.net ([46.208.6.203]:38728 helo=[192.168.0.3]) by server.dnsblock1.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.88) (envelope-from <ietf@bobbriscoe.net>) id 1cypoF-0000l3-Jt; Fri, 14 Apr 2017 02:13:59 +0100
To: "Black, David" <David.Black@dell.com>
References: <CE03DB3D7B45C245BCA0D243277949362F9B2DB4@MX307CL04.corp.emc.com> <3d53f6a4-697b-0c7a-8c71-524890312beb@bobbriscoe.net> <CE03DB3D7B45C245BCA0D243277949362F9B3960@MX307CL04.corp.emc.com> <5a4e46a0-bde7-8de5-f6a3-354f06fd9058@bobbriscoe.net>
Cc: "tcpm@ietf.org" <tcpm@ietf.org>, marcelo bagnulo braun <marcelo@it.uc3m.es>
From: Bob Briscoe <ietf@bobbriscoe.net>
Message-ID: <94ff22d6-69b3-164a-8bdb-07149f3e58b3@bobbriscoe.net>
Date: Fri, 14 Apr 2017 02:13:58 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <5a4e46a0-bde7-8de5-f6a3-354f06fd9058@bobbriscoe.net>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server.dnsblock1.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bobbriscoe.net
X-Get-Message-Sender-Via: server.dnsblock1.com: authenticated_id: in@bobbriscoe.net
X-Authenticated-Sender: server.dnsblock1.com: in@bobbriscoe.net
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/mXLmNEzQ6ntwdAUfqqdSeAym4dc>
Subject: Re: [tcpm] FW: Review of draft-bagnulo-tcpm-generalized-ecn (David Black)
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Apr 2017 01:14:06 -0000
David, I hope you will find that I have addressed all your concerns - so at least you will be able to understand it now. The draft is now unexpired. I have also addressed all the points in Mirja's review (some intersecting with your points). You will see that it's actually turned into quite a major re-write. The diff is nearly total, mainly cos I was turning Spanglish into English as I went (Marcelo, it was quite understandable, but just not quite how a native English speaker would say it). However, I have changed technical points in a few places too - the more one thinks about this, the more depth one finds. I just noticed I missed one of your nits (shortening the definition of Retransmission), which I have already fixed in my local copy of the xml for the next rev. Bob On 08/04/17 01:11, Bob Briscoe wrote: > David, > > On 2) I intend to replace the whole of "3.1 Network behaviour" with > the following, which calls out the cases explicitly: > > Previously RFC3168 required the sender to set not-ECT on certain TCP > control packets. Some readers might have erroneously interpreted this > aspect of RFC3168 as a requirement for firewalls, intrusion detection > systems, etc. to check and enforce this behaviour. Now that the > present experimental specification allows TCP senders to set ECT on > all TCP packets (control and data), it needs to be clear that a > firewall (or any network node) SHOULD NOT treat any ECT packet > differently dependent on what type of TCP packet it is. > > One potential exception is envisaged, otherwise the previous sentence > could have said "MUST NOT" rather than "SHOULD NOT". The exception > allows a security function that has detected an ongoing attack to drop > more ECT marked SYNs than not-ECT marked SYNs. Such a policy SHOULD > NOT be applied routinely. It SHOULD only be applied if an attack is > detected, and then only if it is determined that the ECT capability is > intensifying the attack. > > > Bob > > On 07/04/17 23:33, Black, David wrote: >> Bob, >> >> Two comments: >> >> 1) I'll wait for new text before commenting further on Accurate ECN >> vs. vanilla RFC 3168 ECN. The current text left me somewhat >> confused, and the summary of changes from RFC 3168 will almost >> certainly help. >> >> 2) On network node treatment of ECT, RFC 3168 is brief, e.g. (Section >> 5, top of p.7): >> >> The CE codepoint '11' is set by a router to indicate congestion to >> the end nodes. >> >> One wants to avoid text that could be read as modifying that sentence >> by adding possible exceptions for TCP control packets and/or >> retransmissions. >> >>> [BB] Unfortunately, RFC3168 does not specify anything about network >>> node >>> forwarding behaviour wrt ECT. So some firewall policies could have >>> decided to block any TCP control packets that contravene RFC3168. >>> That's >>> why we wrote this section. >> If "firewalls" is what was meant, use that word ;-) ... or as you >> write ... >> >>> However I admit that, by not explaining that DPI was the problem we >>> were >>> trying to solve, rather than removing any ambiguity that might have >>> been >>> interpreted as a need for DPI. We'll fix this. >> In doing so, please keep in mind that in this draft, discussion of >> forwarding and dropping behavior is implicitly about router queue >> management, not middlebox access control (e.g., based on DPI), so >> access control has to be called out explicitly when that is what is >> meant. >> >> Thanks, --David >> > > -- ________________________________________________________________ Bob Briscoe http://bobbriscoe.net/
- Re: [tcpm] FW: Review of draft-bagnulo-tcpm-gener… Bob Briscoe
- Re: [tcpm] FW: Review of draft-bagnulo-tcpm-gener… Black, David
- Re: [tcpm] FW: Review of draft-bagnulo-tcpm-gener… Bob Briscoe
- Re: [tcpm] FW: Review of draft-bagnulo-tcpm-gener… Bob Briscoe
- Re: [tcpm] FW: Review of draft-bagnulo-tcpm-gener… Mirja Kühlewind
- Re: [tcpm] FW: Review of draft-bagnulo-tcpm-gener… Bob Briscoe
- Re: [tcpm] Review of draft-bagnulo-tcpm-generaliz… Mirja Kühlewind
- Re: [tcpm] FW: Review of draft-bagnulo-tcpm-gener… Bob Briscoe
- Re: [tcpm] Review of draft-bagnulo-tcpm-generaliz… Bob Briscoe
- [tcpm] FW: Review of draft-bagnulo-tcpm-generaliz… Black, David