IETF Logo Mail Archive

Re: [tcpm] About the SYN/ACK-timer

"Scharf, Michael (Michael)" <michael.scharf@alcatel-lucent.com> Wed, 02 January 2013 09:35 UTC

Return-Path: <michael.scharf@alcatel-lucent.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFE4321F9048 for <tcpm@ietfa.amsl.com>; Wed, 2 Jan 2013 01:35:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.861
X-Spam-Level:
X-Spam-Status: No, score=-9.861 tagged_above=-999 required=5 tests=[AWL=0.388, BAYES_00=-2.599, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LVmeOoq8XF55 for <tcpm@ietfa.amsl.com>; Wed, 2 Jan 2013 01:35:53 -0800 (PST)
Received: from smail3.alcatel.fr (smail3.alcatel.fr [64.208.49.56]) by ietfa.amsl.com (Postfix) with ESMTP id 0C6DE21F9043 for <tcpm@ietf.org>; Wed, 2 Jan 2013 01:35:51 -0800 (PST)
Received: from FRMRSSXCHHUB01.dc-m.alcatel-lucent.com (FRMRSSXCHHUB01.dc-m.alcatel-lucent.com [135.120.45.61]) by smail3.alcatel.fr (8.14.3/8.14.3/ICT) with ESMTP id r029ZPs7032240 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Wed, 2 Jan 2013 10:35:44 +0100
Received: from FRMRSSXCHMBSE3.dc-m.alcatel-lucent.com ([135.120.45.56]) by FRMRSSXCHHUB01.dc-m.alcatel-lucent.com ([135.120.45.61]) with mapi; Wed, 2 Jan 2013 10:35:36 +0100
From: "Scharf, Michael (Michael)" <michael.scharf@alcatel-lucent.com>
To: Jakob Heitz <jakob.heitz@ericsson.com>, Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
Date: Wed, 02 Jan 2013 10:35:35 +0100
Thread-Topic: [tcpm] About the SYN/ACK-timer
Thread-Index: AQHN6Kmen9PlwwSgXU2cX18Avy7He5g1+RIA///C3m2AAAWQIA==
Message-ID: <2A886F9088894347A3BE0CC5B7A85F3E9AA0F0AE4F@FRMRSSXCHMBSE3.dc-m.alcatel-lucent.com>
References: <1D1BEDF8-28D1-41CD-999C-5627E81D0537@ifi.uio.no> <20130102025350.AF22755A074@lawyers.icir.org> <2F3EBB88EC3A454AAB08915FBF0B8C7E148E68@eusaamb109.ericsson.se>, <CAO249ycPs-PqzbjqChzemCgHCr+NbJZuWQrxVR4aE4j-DFbKzQ@mail.gmail.com> <9DF82729-E83B-4515-8BCD-D33E4EBC3E39@ericsson.com>
In-Reply-To: <9DF82729-E83B-4515-8BCD-D33E4EBC3E39@ericsson.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: de-DE, en-US
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.69 on 155.132.188.83
Cc: "tcpm (tcpm@ietf.org)" <tcpm@ietf.org>, "mallman@icir.org" <mallman@icir.org>, Michael Welzl <michawe@ifi.uio.no>, Marco Mellia <mellia@tlc.polito.it>, Joe Touch <touch@isi.edu>
Subject: Re: [tcpm] About the SYN/ACK-timer
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jan 2013 09:35:54 -0000

> -----Original Message-----
> From: tcpm-bounces@ietf.org [mailto:tcpm-bounces@ietf.org] On 
> Behalf Of Jakob Heitz
> Sent: Wednesday, January 02, 2013 9:53 AM
> To: Yoshifumi Nishida
> Cc: Joe Touch; tcpm (tcpm@ietf.org); Marco Mellia; Michael 
> Welzl; mallman@icir.org
> Subject: Re: [tcpm] About the SYN/ACK-timer
> 
> The reason for the accelerated first retransmission:
> The SYN with data may get dropped for 2 reasons.
> 1. Middleboxes that consider it abnormal.

If there is such a middlebox, the best solution is to try to learn that and cache it, on order to avoid the use of SYN data at all. This is mostly orthogonal to the retransmission timer. Except for one detail: The smaller the gap between the two transmissions, the higher is the risk of reordering, i. e., that such heuristics break because the RTO is *too* small. Thus, accelerated first retranmission can indeed have drawbacks with middleboxes... And, with an initial RTO of 1s, the only penalty is the 1s timeout for the first connection. After that, the sender would hopefully not use SYN data any more.

So, what remains is the 1s RTO for the first connection to that destination. An initial timeout below one second to an unknown destination comes along with quite some risk of spuriour retransmission on narrow-band links. It might not be a too good idea because of that.

> 2. SYN flood protection at the server.

I might miss something fundamental, but if a server is in SYN flood protection mode, would it not be a good idea if the client backs off a bit? Using a 100ms timer is quite the opposite of that.

In summary, it is not clear to me what actual problem we discuss here.

For what it is worth, as already mentioned multiple times: There is a TCPM working group item draft-ietf-tcpm-fastopen, which has quite some related text, including the initial RTO.

Michael

 
> I expect SYN flood protection to be much more aggressive 
> towards SYN packets with data.
> In the majority of cases, the SYN with data should get 
> through just fine. When it doesn't, the accelerated 
> retransmission without the data will recover.
> 
> Cheers,
> Jakob.
> 
> On Jan 1, 2013, at 11:32 PM, "Yoshifumi Nishida" 
> <nishida@sfc.wide.ad.jp> wrote:
> 
> 
> 
> 	Hi Jakob,
> 	
> 	
> 	On Tue, Jan 1, 2013 at 9:25 PM, Jakob Heitz 
> <jakob.heitz@ericsson.com> wrote:
> 	
> 
> 		On Tuesday, January 01, 2013 6:54 PM, 
> mallman@icir.org <mailto:mallman@icir.org>  
> <mailto:mallman@icir.org> wrote:
> 		
> 		> I am confused.
> 		>
> 		>> Not sure about everyone else, but the way I 
> interpreted (and meant)
> 		>> the 1s bit was to say "a new value, such as 
> 1s, as opposed to a
> 		>> complex adaptive mechanism". It wasn't about 
> the exact value of 1s
> 		>> per se.
> 		>
> 		> You say "a new value, such as 1s".  My point 
> is 1s is NOT a new value.
> 		> It is the standardized value.  Before 
> proposing some new
> 		> value, it'd at
> 		> least be handy if folks understood the current value.
> 		>
> 		>> About lowering the initial RTO further: I, 
> for one, hadn't thought of
> 		>> that, and am not fully aware of all the 
> pro's and con's. But yeah, it
> 		>> might be worth considering?
> 		>
> 		> Well, if you're not suggesting lowering the 
> initial RTO then what are
> 		> you suggesting?  I have no idea what you are 
> saying here.  The initial
> 		> RTO is the RTO that is used before an RTT 
> sample is taken.  So, just
> 		> what are you suggesting here?
> 		>
> 		> allman
> 		
> 		
> 		I am suggesting:
> 		1st SYN contains data.
> 		Retransmit that SYN without data after 100mS.
> 		Make the next retransmit timer 1 second with 
> the normal power of 2 backoff after that. All SYN retransmits 
> without data.
> 		Do the same for the SYN/ACK.
> 		No cookies.
> 		The initial 100mS SYN retransmit timer MAY be 
> lengthened by application knowledge of conditions. For 
> example, satellite or wireless.
> 
> 
> 	I think you consider 1 second SYN RTO is fine. But, you 
> want to accelerate the first retransmission. 
> 	This seems to be a bit inconsistent design to me.
> 	Well, it might be useful if the SYNs are discarded 
> because of accidental packet drops or because of data payload.
> 	But, I'm still wondering how practical these situations are. 
> 
> 	Thanks,
> 	--
> 	Yoshifumi
> 
>

v2.23.0 | Report a Bug | By Email