Re: [tcpm] Comments on Soft Errors I-D: draft-ietf-tcpm-tcp-soft-errors-06
Gorry Fairhurst <gorry@erg.abdn.ac.uk> Tue, 03 July 2007 07:54 UTC
Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I5dDQ-0003hb-86; Tue, 03 Jul 2007 03:54:28 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I5dDN-0003go-8Y for tcpm@ietf.org; Tue, 03 Jul 2007 03:54:25 -0400
Received: from dee.erg.abdn.ac.uk ([139.133.204.82] helo=erg.abdn.ac.uk) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1I5dDM-0003I0-N6 for tcpm@ietf.org; Tue, 03 Jul 2007 03:54:25 -0400
Received: from [139.133.204.42] (ra-gorry.erg.abdn.ac.uk [139.133.204.42]) (authenticated bits=0) by erg.abdn.ac.uk (8.13.4/8.13.4) with ESMTP id l637rP9d010131 (version=TLSv1/SSLv3 cipher=DES-CBC3-SHA bits=168 verify=NOT); Tue, 3 Jul 2007 08:53:26 +0100 (BST)
User-Agent: Microsoft-Entourage/11.3.3.061214
Date: Tue, 03 Jul 2007 09:53:24 +0200
Subject: Re: [tcpm] Comments on Soft Errors I-D: draft-ietf-tcpm-tcp-soft-errors-06
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
To: Joe Touch <touch@ISI.EDU>, Gorry Fairhurst <gf@erg.abdn.ac.uk>
Message-ID: <C2AFCD14.74BD%gorry@erg.abdn.ac.uk>
Thread-Topic: [tcpm] Comments on Soft Errors I-D: draft-ietf-tcpm-tcp-soft-errors-06
Thread-Index: Ace9RztieibqLik6Edy+OgAKlc/qXg==
In-Reply-To: <46895C7F.7060307@isi.edu>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-ERG-MailScanner: Found to be clean
X-ERG-MailScanner-From: gorry@erg.abdn.ac.uk
X-Spam-Status: No
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0e9ebc0cbd700a87c0637ad0e2c91610
Cc: tcpm@ietf.org, Fernando Gont <fernando@gont.com.ar>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org
My observation was only that if a host repeatedly opens several TCP sessions to search for a valid IP address (e.g. Attempting to try all IP addresses that correspond to abc.com), then it *could* consume much more network & host resources, than a host that opens a session to each address in turn, with a backoff between each request. Gorry On 2/7/07 22:13, "Joe Touch" <touch@ISI.EDU> wrote: > > > Gorry Fairhurst wrote: >> The document looks in good shape, and seemed easy to read to me. >> >> Here are a few comments on the latest draft, really relating to >> congestion-control and increased state. >> >> Best wishes, >> >> Gorry >> >> In Section 3.2 (Problems that may arise with Dual Stack IPv6 on by Default): >> There may also be drawbacks in this approach --- e.g. this creates >> additional host state, and could also establish additional context state for >> other devices along the network path (NAT. Firewall, link compressors, >> encryption devices, etc). >> >> Similarly, section 5 does not speak of the effects of a non-standard >> approach on the network. One question I have relates to the behaviour of a >> parallel and/or successive strategy to exploit multiple IP bindings. If I >> understand, this opens a (potentially) large number of connections, to see >> which succeeds. This seems to me to be injecting extra SYN packets into the >> network, and therefore can potentially waste network resources. >> >> If these connections are in series, each is opened one after another, after >> a "fixed" time (i.e. not exponentially backed-off)... which generates more >> state or more packets/rtt than using the standard algorithm. >> >> When connections are opened in parallel, this is even more noted. In an >> extreme case, this could look like a syn-attack or lead to congestion-based >> loss. Are these concerns valid? Is this only used for a single IPv4 and an >> equivalent IPv6 address? Are there limitations that would mitigate these >> effects if I had many candidate addresses? > > RFC1122 discusses the technique of trying multiple addresses, and it is > issue only when a DNS name resolves to multiple addresses. It would be > unusual for a large number of addresses to refer to the same host; in > many cases, there are only a small number for one host (typically for > IPv4 and IPv6), and the larger number is used for DNS rotation to > distribute load to a number of servers. There are exceptions, such as > where multiple IP addresses are used for shared web service -- though > that has fallen out of use as newer HTTP protocols determine the host in > the request (sending GET and the DNS name, in addition to the filename) > rather than only by the IP address (which was the only way compatible > with HTTP 1.0, e.g.). > > Whether in serial or in parallel, methods to moderate the number of > outstanding SYNs are probably useful. But this isn't the focus of this > document anyway. > > Joe > >> ---- >> >> The remaining comments are editorial, for the author to consider in their >> next rev: >> >> INTRODUCTION, paragraph 14: >> - Could consider to tighten English a little. >> >> CURRENT: >> This document describes a non-standard, but widely implemented, >> modification to TCP's handling of ICMP soft error messages, that >> rejects pending connection-requests when those error messages are >> received. This behavior reduces the likelihood of long delays >> between connection establishment attempts that may arise in a number >> of scenarios, including one in which dual stack nodes that have IPv6 >> enabled by default are deployed in IPv4 or mixed IPv4 and IPv6 >> environments. >> SUGGESTION: >> This document describes a non-standard, but widely implemented, >> modification to TCP's handling of ICMP soft error messages, which >> rejects pending connection-requests when these error messages are >> received. This behavior reduces the likelihood of long delays >> between connection establishment attempts that may arise in a number >> of scenarios, including one in which dual stack nodes that have IPv6 >> enabled by default are deployed in IPv4, or mixed IPv4 and IPv6 >> environments. >> >> Section 1., paragraph 2: >> In the Internet architecture, the Internet Control Message Protocol >> (ICMP) [RFC0792] is one fault isolation technique to report network >> error conditions to the hosts sending datagrams over the network. >> >> - Add the IPv6 ICMP reference too here? >> >> >> Section 3.2., paragraph 1: >> - Language could perhaps be improved. >> CURRENT: >> A particular scenario in which the above sketched type of problem may >> occur regularly is that where dual stack nodes that have IPv6 enabled >> by default are deployed in IPv4 or mixed IPv4 and IPv6 environments, >> and the IPv6 connectivity is non-existent >> [I-D.ietf-v6ops-v6onbydefault]. >> >> SUGGESTION: >> >> A particular scenario in which the problems outlined above >> can occur regularly arises where dual stack nodes (with IPv6 enabled >> by default) are deployed in IPv4 or mixed IPv4 and IPv6 environments, >> and the IPv6 connectivity is non-existent. >> [I-D.ietf-v6ops-v6onbydefault]. >> >> Section 4.1., paragraph 0: >> Could Add: Section 5 discusses drawbacks to changing this behaviour. >> >> >> Section 4.2., paragraph 1: >> - Language could perhaps be improved. >> OLD: >> A more conservative approach than simply treating soft errors as hard >> errors as described above would be to abort a connection in the SYN- >> SENT or SYN-RECEIVED states only after an ICMP Destination >> Unreachable has been received a specified number of times, and the >> SYN segment has been retransmitted more than some specified number of >> times. >> >> SUGGESTION: >> An approach that is more conservative than simply treating soft errors >> as hard >> errors, as described above, would be to abort a connection in the SYN- >> SENT or SYN-RECEIVED states only after an ICMP Destination >> Unreachable has been received a specified number of times, and the >> SYN segment has been retransmitted more than some specified number of >> times. >> >> Section 5, paragraph 1: >> - Capital E? >> CURRENT: >> +----------------------------------+--------------------------------+ >> | Time Exceeded (codes 0 and 1) | Time exceeded (codes 0 and 1) | >> ^ >> >> Section 5.3., paragraph 1: >> CURRENT: >> Some NATs respond to an unsolicited inbound SYN segment with an ICMP >> soft error message. If the system sending the unsolicited SYN >> segment implements the workaround described in this document, it will >> abort the connection upon receipt of the ICMP error message, thus >> probably preventing TCP's simultaneous open through the NAT from >> succeeding. However, it must be stressed that those NATs described >> in this section are not BEHAVE-compliant, and therefore should >> implement REQ-4 of [I-D.ietf-behave-tcp] instead. >> >> SUGGESTION: >> Some NATs respond to an unsolicited inbound SYN segment with an ICMP >> soft error message. If the system sending the unsolicited SYN >> segment implements the workaround described in this document, it will >> abort the connection upon receipt of the ICMP error message, thus >> probably preventing TCP's simultaneous open through the NAT from >> succeeding. However, it must be stressed that the NATs described >> in this section are not BEHAVE-compliant, and therefore should >> implement REQ-4 of [I-D.ietf-behave-tcp] instead. >> >> >> >> _______________________________________________ >> tcpm mailing list >> tcpm@ietf.org >> https://www1.ietf.org/mailman/listinfo/tcpm _______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] Comments on Soft Errors I-D: draft-ietf-tc… Gorry Fairhurst
- Re: [tcpm] Comments on Soft Errors I-D: draft-iet… Joe Touch
- Re: [tcpm] Comments on Soft Errors I-D: draft-iet… Lloyd Wood
- Re: [tcpm] Comments on Soft Errors I-D: draft-iet… Joe Touch
- Re: [tcpm] Comments on Soft Errors I-D: draft-iet… Gorry Fairhurst
- Re: [tcpm] Comments on Soft Errors I-D: draft-iet… Joe Touch
- Re: [tcpm] Comments on Soft Errors I-D: draft-iet… Lloyd Wood
- Re: [tcpm] Comments on Soft Errors I-D: draft-iet… Gorry Fairhurst