IETF Logo Mail Archive

Re: [tcpm] ECN++ on Pure ACKs if SACK stripped

Bob Briscoe <ietf@bobbriscoe.net> Sat, 25 November 2023 11:58 UTC

Return-Path: <ietf@bobbriscoe.net>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67847C15C28D for <tcpm@ietfa.amsl.com>; Sat, 25 Nov 2023 03:58:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=bobbriscoe.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u-GqxeSBMI7t for <tcpm@ietfa.amsl.com>; Sat, 25 Nov 2023 03:58:49 -0800 (PST)
Received: from mail-ssdrsserver2.hostinginterface.eu (mail-ssdrsserver2.hostinginterface.eu [185.185.85.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97FE4C15C289 for <tcpm@ietf.org>; Sat, 25 Nov 2023 03:58:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bobbriscoe.net; s=default; h=In-Reply-To:References:Cc:To:From:Subject: MIME-Version:Date:Message-ID:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=P0qa56tAyYZZ8Ujaf9P8fjXSVnHr50SMa6bynUGaysg=; b=wnQrbOsBaxAhzIAY1bxf4baLUV K6UWoOD66kN/0xi2sD/NWk6U3YlMLEoTew7lFyVrUbZDwHmbydZDuzir4iEZXkHyRGiy58kOOdxEd BeMtNuDMe6OCvGdnufbnEeQ/Q9GzxJZbG20Cb2/yzYtz2042+BhtX87UA0MZVwtPMnAfJU47LXkqr hll5LfY33tHo2vMuZi+hJGFt2GPlV04gCHg8R3jm5izd192zLpqCCnPWIPbLMEOVRj2js0Udfc4pB LzPwlfPgeiVI0eshWFZ2tuQxGIApKtW1LFnGVw9y7tig3bmP+mQlpe17+oWxWvZU/x91hzYMeAqHS wdl/Ijkw==;
Received: from 67.153.238.178.in-addr.arpa ([178.238.153.67]:44192 helo=[192.168.1.29]) by ssdrsserver2.hostinginterface.eu with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96.2) (envelope-from <ietf@bobbriscoe.net>) id 1r6rJJ-0002Od-06; Sat, 25 Nov 2023 11:58:47 +0000
Content-Type: multipart/alternative; boundary="------------0sUeDjZJWCnD6mUHP5WWq4ar"
Message-ID: <22405dcc-366d-4126-934a-07bb0963f20d@bobbriscoe.net>
Date: Sat, 25 Nov 2023 11:58:45 +0000
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-GB
From: Bob Briscoe <ietf@bobbriscoe.net>
To: Neal Cardwell <ncardwell=40google.com@dmarc.ietf.org>, rs.ietf@gmx.at, Markku Kojo <kojo@cs.helsinki.fi>
Cc: tcpm IETF list <tcpm@ietf.org>, tuexen@fh-muenster.de
References: <084E4782-C220-4474-A39E-2617224FD1CD@fh-muenster.de> <CAAK044SLamjWht+5PTVu7E=_qzhkhYCEueShQpScTEu_PueAOQ@mail.gmail.com> <7b36150f-50a9-41c5-a71f-b68a84965773@bobbriscoe.net> <fb27a6f4-7cb6-43bf-bd62-8e6bb1a8700e@gmx.at> <41312b57-9ed3-46fa-946f-f3f625c5c5e9@bobbriscoe.net> <477633fd-784c-43fb-b2a0-02b673c94fea@gmx.at> <9aac7a8f-692d-4294-b81e-528a7f790f58@bobbriscoe.net> <ef624bd8-600a-4b2b-ac56-2d2b1deaf245@gmx.at> <2ed3f94b-a56b-48e1-83f0-997ff7ea0670@bobbriscoe.net> <e4484f82-f339-f487-9bfd-256abe97ab86@cs.helsinki.fi> <9bcc5dc1-00ad-4dbe-be1f-587cd64a2773@gmx.at> <e8656fc-9d6c-28e8-9d48-80473e398ad7@cs.helsinki.fi> <f44e3616-ec85-4b9e-986d-11b2943c138d@gmx.at> <9d8de289-6486-440c-8537-ec80e33b0bb2@bobbriscoe.net> <5808772a-f54c-4c09-9610-dc6bb7b63557@gmx.at> <a0fdfc63-9992-41d2-b416-832d52541331@bobbriscoe.net> <CADVnQy=FezUfRfkCW-LedSP7e0ravBOW2z71qLbm2_m9Fo4xPw@mail.gmail.com> <641c7e29-5371-482d-846c-97246e992e06@bobbriscoe.net>
In-Reply-To: <641c7e29-5371-482d-846c-97246e992e06@bobbriscoe.net>
X-MagicSpam-TUUID: 3d8bdc70-5551-47da-9184-e94e5b5076d7
X-MagicSpam-SUUID: db53ac81-cb6b-470e-ac51-71650d7fa0df
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - ssdrsserver2.hostinginterface.eu
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bobbriscoe.net
X-Get-Message-Sender-Via: ssdrsserver2.hostinginterface.eu: authenticated_id: in@bobbriscoe.net
X-Authenticated-Sender: ssdrsserver2.hostinginterface.eu: in@bobbriscoe.net
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/t_HGH01gSIdnQCjqIsxC77PS3ns>
Subject: Re: [tcpm] ECN++ on Pure ACKs if SACK stripped
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Nov 2023 11:58:54 -0000

Richard, Markku, Neal, list and chairs,

As promised in the previous email, I've cut out unnecessary verbiage 
from the proposed new text (green) for the additional DupACK test in the 
ECN++ draft.

I've also cut the example heuristic using timestamps, which solely 
applied to the special case just within TLP, so it would have required a 
whole load of explanation of TLP and the special case problem. This 
leaves just one example alternative heuristic, which applies generally 
(as it's only an example, an implementer can do something else like 
timestamps if they choose).

So, I believe this contains what Markku proposed, and what I think 
Richard will agree to, as well as Neal's suggestions:
------------------------------------------------------------------------


3.3.3.1.  Additional DupACK Check

    A TCP implementation that is sending ECN-capable pure ACKs MUST add
    the following check to all its algorithms that detect duplicate ACKs
(defined in Section 2 of [RFC5681]):

    *  If there is no SACK option on an incoming pure ACK (ECN-capable or
       not) despite SACK having been negotiated, it is not counted as a
       duplicate ACK.

SACK blocks are known to be stripped on some paths through the public
    Internet, or some implementations are known to negotiate SACK but
    never send SACK blocks.  Therefore, if a TCP implementation is
    sending ECN-capable pure ACKs, it SHOULD check for these pathologies
    (unless it is intended solely for an environment known to be clear of
    them), as follows:

    *  If an incoming pure ACK appears to be a duplicate, but:

       -  it does not carry any SACK blocks (despite SACK having been
          negotiated)

       -  and AccECN [I-D.ietf-tcpm-accurate-ecn] has been negotiated but
          the ACE field has increased by less than 3 (after allowing for
          wrap)

       then the implementation can deem that SACK blocks are being
       stripped.  In this case, for the rest of the connection, it
       SHOULD:

       -  either disable the sending of ECN-capable pure ACKs;

       -  or use heuristics such as the following in place of the
          additional DupACK check in the very first bullet above:

          o  If the ACE field [I-D.ietf-tcpm-accurate-ecn] has
             incremented by at least 3, an incoming ACK is not counted as
             a duplicate ACK.
------------------------------------------------------------------------


Bob

On 25/11/2023 11:45, Bob Briscoe wrote:
> Neal,
>
> I've brought your last comment to the beginning, as the rest depends 
> on it.
>
> On 25/11/2023 00:06, Neal Cardwell wrote:
>> AFAICT a third viable strategy is: when SACK has been negotiated, 
>> only consider an ACK a dupack if it includes SACK blocks. This is the 
>> approach taken by the Linux TCP stack.
>>
>> AFAICT if that strategy is used, then the TCP endpoint doesn't need 
>> to try to guess if SACK blocks are being stripped, if it is willing 
>> to pay the performance penalty if this does happen.
>
> [BB2] This is where we started from in July (the nice simple 
> additional DupACK test to distinguish DupACKs from ACKs of ACKs that 
> is in the current draft - and black rather than green below - HTML 
> email reader required).
>
> But since March, just before each draft submission, Markku has been 
> promising to explain his concern, which he finally did the day after 
> the recent tcpm meeting. First it was that SACK-negotiated doesn't 
> necessarily imply that D-SACK is implemented. We addressed that by 
> requiring D-SACK if SACK is negotiated for AccECN. Then the argument 
> switched to the possibility that SACK might be stripped, which the 
> latest text addresses (in green below - for the ECN++ draft). That 
> might not sound much, but it took 8 months and approaching 100 emails 
> to get to the consensus we have reached (TBC). Nonetheless, if an 
> implementer like you is prepared to take the performance penalty, the 
> added (green) text is a 'SHOULD' not a 'MUST'.
>
> On your detailed points - see more [BB2]...
> I'll also send another email after this with new proposed text, 'cos 
> while making your proposed edits, I noticed a number of ways to make 
> my original less wordy.
>
>>
>> On Fri, Nov 24, 2023 at 6:20 PM Bob Briscoe 
>> <ietf=40bobbriscoe.net@dmarc.ietf.org> wrote:
>>
>>     Richard,
>>
>>     I think you are now agreeing with Markku, so we are close to
>>     closure! See [BB]...
>>
>>     On 24/11/2023 17:52, rs.ietf@gmx.at wrote:
>>>
>>>
>>>     Am 24.11.2023 um 16:55 schrieb Bob Briscoe:
>>>>             1) Detecting that SACK blocks are being stripped
>>>>
>>>>     Assuming AccECN & SACK are both negotiated, is Markku's
>>>>     proposed test on
>>>>     an incoming pure ACK acceptable to everyone?:
>>>>          if (no SACK && Δ(ACE)<3)
>>>
>>>
>>>     I believe you want to detect DupACKs? So the generally accepted
>>>     test if
>>>     this ACK is a DupAck (does not advance snd.una, while there is
>>>     outstanding data snd.max != snd.una) would come first?
>>
>>     [BB] Yes, that's taken as a given, because this test is
>>     /additional/ to wherever DupACKs are tested for.
>>
>>>
>>>     And as long as no retransmission (fast or RTO or PTO) has happened,
>>>     *every* DupACK is supposed to contain a SACK block; DSACK blocks
>>>     are -
>>>     with the current wording - also expected on spurious retransmitted
>>>     segments - and only them.
>>>
>>>     (the network pathology of duplicating packets on-path should elicit
>>>     DSACK for packets that were never retransmitted).
>>>
>>>>
>>>>     As I said, ACE might have wrapped, but let's treat this as an
>>>>     experiment, to see whether that is a significant problem.
>>>
>>>     The reason why we picked 3 as a very strong suggestion is, that
>>>     typical
>>>     AoA  would lead to a particular stream of ACEs (e.g. 5, 0, 3, 6,
>>>     1, 4,
>>>     7, 2, 5) - with two consecutive AoAs need to be lost before a
>>>     wrap-around becomes indistiguishable (any other pattern would
>>>     need some
>>>     data exchange).
>>
>>     [BB] I think you're agreeing, but please answer, yes or no: is
>>     the test proposed above for Detecting that SACK blocks are being
>>     stripped acceptable to you?
>>
>>>
>>>
>>>     But doing one step back:
>>>
>>>     While AccECN defines a specific receiver side reaction, which
>>>     the other
>>>     side can rely upon, and ECN++ specifies that pure ACKs could be
>>>     ECT-enabled, as an Implementer, rather than dealing with these
>>>     increasingly improbable special cases, I would refrain from
>>>     sending the
>>>     optional ECT-enabled ACKs in the first place. Only when subsequent
>>>     mechanisms are found to be needed (e.g. TARR, NewCWV,
>>>     Careful-Resume,
>>>     ...) where retaining up-to-date CC state in the reverse
>>>     direction is
>>>     becoming more interesting, it would become interesting to send out
>>>     ECT-enabled ACKs.
>>
>>     [BB] So, I take it from this that you agree that, if SACK
>>     stripping has been detected, the spec has to allow both. That is:
>>     * either disable ECN-capable pure ACKs,
>>     * or replace the test for absence of SACK with a heuristic.
>>
>>     Here's proposed text for the ECN++ spec. I'm afraid I'm asking
>>     you to fill in text for the timestamp test in the final bullet. I
>>     can't easily work out what to say that generalizes for any case,
>>     not just the TLP case. Pls (anyone) also suggest edits if you
>>     disagree with anything else...
>>
>>
>>     3.3.3.1.  Additional DupACK Check
>>
>>        A TCP implementation that is sending ECN-capable pure ACKs
>>     MUST add
>>        the following check to all its algorithms that use duplicate
>>        detection on incoming pure ACKs:
>>
>>        *  If there is no SACK option on an incoming pure ACK
>>     (ECN-capable or
>>           not) despite SACK having been negotiated, it is not counted
>>     as a
>>           duplicate ACK.
>>
>>     SACK blocks are known to be stripped on some paths through the public
>>        Internet, or some implementations are known to negotiate SACK but
>>        never send SACK blocks.  Therefore, if a TCP implementation is
>>        sending ECN-capable pure ACKs, it SHOULD check for these
>>     pathologies
>>        (unless it is intended solely for an environment clear of these
>>        pathologies), as follows:
>>
>>        *  If an incoming pure ACK appears to be a duplicate (it does not
>>           advance the cumulative acknowledgement while there is
>>     outstanding
>>           data), but:
>>
>>
>> That parenthetical definition of a duplicate ACK is incomplete. To 
>> avoid bugs, I would suggest referring the reader to the full 
>> definition in RFC 5681, Section 2.
>
> [BB2] Thanks for this ref. I'll refer to that definition right from 
> the start, and delete the parenthesis.
>
>>
>>           -  it does not carry any SACK blocks (despite SACK having been
>>              negotiated)
>>
>>           -  and AccECN [I-D.ietf-tcpm-accurate-ecn] has been
>>     negotiated but
>>              the ACE field has increased by less than 3 (after
>>     allowing for
>>              wrap)
>>
>>
>>           then it can be assumed that SACK blocks are being stripped.  In
>>           this case the implementation SHOULD take one of the
>>     following two
>>           actions:
>>
>>
>> Rather than "it can be assumed that SACK blocks are being stripped" I 
>> would suggest "then the implementation can estimate that SACK blocks 
>> are being stripped".
>
> [BB2] Better. But 'estimate' isn't quite right - it's used more for 
> numerical output, so I'll use 'deem' if that's OK.
>
> Thanks
>
>
>
> Bob
>
>>
>>           -  either disable the sending of ECN-capable pure ACKs;
>>
>>           -  or in all algorithms that use duplicate detection on
>>     incoming
>>              pure ACKs, replace the above additional DupACK check with an
>>              heuristic such as the following:
>>
>>              o  If the ACE field [I-D.ietf-tcpm-accurate-ecn] has
>>                 incremented by at least 3, an incoming ACK SHOULD NOT be
>>                 counted as a Duplicate ACK;
>>
>>              o  if the echoed timestamp (TSecr) [RFC7323] {ToDo: complete
>>                 the bullet}, an incoming ACK SHOULD NOT be counted as a
>>                 Duplicate ACK.
>>
>>
>>
>>
>> best regards,
>> neal
>>
>>
>>     Thank you
>>
>>
>>     Bob
>>
>>
>>>
>>>     Richard
>>
>>     -- 
>>     ________________________________________________________________
>>     Bob Briscoehttp://bobbriscoe.net/
>>
>>     _______________________________________________
>>     tcpm mailing list
>>     tcpm@ietf.org
>>     https://www.ietf.org/mailman/listinfo/tcpm
>>
>
> -- 
> ________________________________________________________________
> Bob Briscoehttp://bobbriscoe.net/

-- 
________________________________________________________________
Bob Briscoehttp://bobbriscoe.net/

v2.23.0 | Report a Bug | By Email