IETF Logo Mail Archive

Re: [tcpm] Disabling PAWS when possible

Yoshifumi Nishida <nishida@sfc.wide.ad.jp> Fri, 22 June 2018 23:23 UTC

Return-Path: <nishida@sfc.wide.ad.jp>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB882130F0E for <tcpm@ietfa.amsl.com>; Fri, 22 Jun 2018 16:23:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lS2ZRgyZH54N for <tcpm@ietfa.amsl.com>; Fri, 22 Jun 2018 16:23:21 -0700 (PDT)
Received: from mail.sfc.wide.ad.jp (shonan.sfc.wide.ad.jp [IPv6:2001:200:0:8803::53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46927130E10 for <tcpm@ietf.org>; Fri, 22 Jun 2018 16:23:21 -0700 (PDT)
Received: from mail-io0-f170.google.com (mail-io0-f170.google.com [209.85.223.170]) by mail.sfc.wide.ad.jp (Postfix) with ESMTPSA id 760C4278536 for <tcpm@ietf.org>; Sat, 23 Jun 2018 08:23:19 +0900 (JST)
Received: by mail-io0-f170.google.com with SMTP id f1-v6so7534358ioh.6 for <tcpm@ietf.org>; Fri, 22 Jun 2018 16:23:19 -0700 (PDT)
X-Gm-Message-State: APt69E22/lzvXswin94OgTUga8L2GL4LgOnUWA75Zm1aTGgvwOwIUvdf nFQ1pvLZA81Xcs66V4ppBKZsLEaIKOUEcprmN9s=
X-Google-Smtp-Source: AAOMgpdA5lZfLred2woz/RkjtEE2TjGMKfPTzTVDhd8J7YCrMafpP8+bIHGEFAP9Jc/J/HL2geHZYg932fmr7xRt6Hg=
X-Received: by 2002:a6b:dd14:: with SMTP id f20-v6mr2934767ioc.7.1529709798384; Fri, 22 Jun 2018 16:23:18 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:11c4:0:0:0:0:0 with HTTP; Fri, 22 Jun 2018 16:23:17 -0700 (PDT)
In-Reply-To: <CADVnQynPKzxeFHf_DrGCbQrqcv6U4r=p_3RGXyPfooMzQNQ=cg@mail.gmail.com>
References: <CAO249yccvy3c2ytrwOFBAg88X3V4ubbUVzr_Ag3PnrJQOFmckg@mail.gmail.com> <CADVnQynPKzxeFHf_DrGCbQrqcv6U4r=p_3RGXyPfooMzQNQ=cg@mail.gmail.com>
From: Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
Date: Fri, 22 Jun 2018 16:23:17 -0700
X-Gmail-Original-Message-ID: <CAO249yfD6na651CSWkzjYRFaEAft9MNyUgjf+X4JNHYJbTCvJw@mail.gmail.com>
Message-ID: <CAO249yfD6na651CSWkzjYRFaEAft9MNyUgjf+X4JNHYJbTCvJw@mail.gmail.com>
To: Neal Cardwell <ncardwell@google.com>
Cc: Yoshifumi Nishida <nishida@sfc.wide.ad.jp>, "tcpm@ietf.org" <tcpm@ietf.org>, Yuchung Cheng <ycheng@google.com>, Eric Dumazet <edumazet@google.com>, Wei Wang <weiwan@google.com>, Van Jacobson <vanj@google.com>
Content-Type: multipart/alternative; boundary="0000000000002469f9056f435150"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/pxTdz3cr_Bbg4guKUawlmUFcgUA>
Subject: Re: [tcpm] Disabling PAWS when possible
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jun 2018 23:23:25 -0000

Hi Neal,

On Fri, Jun 22, 2018 at 9:56 AM, Neal Cardwell <ncardwell@google.com> wrote:

> On Thu, Jun 21, 2018 at 2:50 AM Yoshifumi Nishida
> <nishida@sfc.wide.ad.jp> wrote:
> >
> > Hello,
> >
> > I have been thinking about PAWS and TS option for a while and prepared a
> simple short draft.
> > The basic ideas in the draft are like this.
> >
> > 1: There are several technologies (such as tcpinc, mptcp, tls) that can
> be used as a replacement of PAWS
> >     They can even provide stronger protections than PAWS, which might be
> able to contribute to recycling connections in TIME_WAIT.
> >
> > 2: Some implementations have records of transmission times on each
> segment which won't require TS option for RTTM.
> >
> > 3: When 1 is available, we don't have to put a TS option in every
> segment.
> >     Also, when 1 and 2 are available, we don't have to use TS option at
> all.
> >     Since we already have base technologies to replace PAWS and TS, all
> we need here is a simple signaling mechanism for feature negotiation.
> >
> > The draft is still very premature and I may overlook something, but it
> would be great if I could get some feedback.
> >
> > Thanks,
> > --
> > Yoshi
>
>
> Hi Yoshifumi,
>
> Thanks for this draft! Personally, I am fine with the general
> direction of disabling PAWS. But I would argue strongly for keeping
> TCP timestamps.


> The draft mentions "suppressing timestamp options" here:
>
>   ... The goal of the
>    proposal in the draft is to provide stronger protections for old
>    duplicated segments while facilitating the use of TCP option space by
>    suppressing timestamp options.
>
> I would argue strongly against suppressing/omitting TCP timestamp
> options, even if other mechanisms are available that subsume PAWS
> protection.
>
> There are a number of significant advantages to TCP timestamps, beyond
> PAWS:
>
> (1) quickly detecting spurious loss recoveries (using the Eifel
> algorithm - https://tools.ietf.org/html/rfc3522 - implemented by
> Linux)
>
> (2) architecturally, they allow TCP to have an approximation to the
> "packet number" that QUIC has (enabling (1)):
>   https://tools.ietf.org/html/draft-ietf-quic-recovery-08#section-2
>
> (3) allowing receivers to estimate RTT (used by Linux receive buffer
> autotuning)
>
> (4) allowing more precise bandwidth and RTT measurements by congestion
> control and passive monitoring systems
>
> And there are probably other nice uses that I'm forgetting. :-)
>

Thanks. These are very useful pointers for me to think about the draft
further.

I think you argument is fair enough.

My intention is to relax the requirement "The TSopt MUST be sent in every
non-<RST> segment for the duration of the connection" in RFC7323
so that TSopt can be sent at arbitrary intervals. Arbitrary intervals can
contain infinite interval, but you can only do so when you really want,
otherwise you shouldn't.
So, disabling TS entirely is just an option.


> From my perspective, one huge advantage from disabling PAWS is that it
> enables the timestamps to be an opaque identifier, so that the sender
> can use them in any way it chooses. In particular, it would allow the
> sender to use microsecond timestamps, without worrying about the
> remote side dropping packets due to PAWS checks. This was the main
> challenge we found in implementing microsecond TCP timestamps inside
> Google datacenters, as we discussed at TCPM a while back (slide 6):
>
>   https://www.ietf.org/proceedings/97/slides/slides-
> 97-tcpm-tcp-options-for-low-latency-00.pdf
>
> My main comment would be, if some proposal is going to standardize a
> negotiation scheme for using timestamps but disabling PAWS, IMHO there
> could be huge value in having that negotiation mechanism optionally
> specify the semantics of a sender's timestamp values, so that
> congestion control and passive monitoring tools could make use of the
> timestamps for bandwidth and latency measurements. This could be
> something as simple as 2 bits, e.g.:
>
>  bits : meaning
>   00: traditional RFC 7323 timestamps: use PAWS
>   01: microsecond timestamps, disable PAWS
>   10: millisecond timestamps, disable PAWS
>   11: values with other semantics, disable PAWS
>

Yes, I am aware of this draft.
One thing I'm curious is that I thought servers in google may have records
of transmission time per packet as it's required by RACK.
However, this draft utilizes TS option with fine granularity.
Do you still need TS option even when you have records of transmission
time, or this feature is not used in the datacenter?

Anyway, both changing timestamp granularity and disabling PAWS change TS
option semantics.
It can make sense to have an unified negotiation scheme for both.
I will think about it more.

Thank you so much!
--
Yoshi

v2.23.0 | Report a Bug | By Email