Re: [tcpm] draft-ietf-tcpm-accurate-ecn-20: Testing for Zeroing of the ACE Field
Bob Briscoe <ietf@bobbriscoe.net> Mon, 15 August 2022 23:13 UTC
Return-Path: <ietf@bobbriscoe.net>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 357E1C14CF08; Mon, 15 Aug 2022 16:13:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=bobbriscoe.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T_63UbZ7zKOa; Mon, 15 Aug 2022 16:13:44 -0700 (PDT)
Received: from mail-ssdrsserver2.hostinginterface.eu (mail-ssdrsserver2.hostinginterface.eu [185.185.85.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F815C14CF06; Mon, 15 Aug 2022 16:13:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bobbriscoe.net; s=default; h=In-Reply-To:From:References:To:Subject: MIME-Version:Date:Message-ID:Content-Type:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=OjM7YrPizTpGtF/KUxbx3IGFWUU7BQk3tzXFEAHWoak=; b=oYFpZ/SQgYDacrxJM9CW5SEB/5 FEBZ85+DFvDNl5ONJC8y0sjPclo34/GsY0pph/Tg91ABxtlDd4YX7jaJt/fg7w8+QAJliBX6F5UAE qeP9WT0d5pjSw1ZgGCVnFxJngNoBwbMd1MQ5xXFvfufKR1hzoojcardxJfjW/BrRBrQw8IKAYe6vO 4pd9fNxOyTFV+X0yfc7c8/sbEvkVjqm11v1BDwWjN5U0lcwqKSi0FXE+y7SpotYRSIXTrqOBfOLEm F/7Zyo01KHIQGqGpiho5ktfjhDxgKOrb4LmTfNnaEalfajLOx4y2Edidf4vpeTCgOmlNHB/5G3SoZ 8+BrJGSQ==;
Received: from 67.153.238.178.in-addr.arpa ([178.238.153.67]:54374 helo=[192.168.1.11]) by ssdrsserver2.hostinginterface.eu with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.95) (envelope-from <ietf@bobbriscoe.net>) id 1oNjHD-0000yt-RE; Tue, 16 Aug 2022 00:13:40 +0100
Content-Type: multipart/alternative; boundary="------------rEGFMcPYWUDKlVM07OhUBCuK"
Message-ID: <33f4ecee-8631-048a-2678-8246d268aa83@bobbriscoe.net>
Date: Tue, 16 Aug 2022 00:13:24 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0
Content-Language: en-GB
To: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>, Neal Cardwell <ncardwell=40google.com@dmarc.ietf.org>, "draft-ietf-tcpm-accurate-ecn@ietf.org" <draft-ietf-tcpm-accurate-ecn@ietf.org>, tcpm <tcpm@ietf.org>, "ietf@kuehlewind.net" <ietf@kuehlewind.net>, "Scheffenegger, Richard" <Richard.Scheffenegger@netapp.com>
References: <CADVnQykDOLvU5y15tVihGWv-vUtE5O0Ly6MkWFOz55x_XOVi5Q@mail.gmail.com> <A80FE78D-5481-4A0A-AE34-1132785F30E5@ericsson.com>
From: Bob Briscoe <ietf@bobbriscoe.net>
In-Reply-To: <A80FE78D-5481-4A0A-AE34-1132785F30E5@ericsson.com>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - ssdrsserver2.hostinginterface.eu
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bobbriscoe.net
X-Get-Message-Sender-Via: ssdrsserver2.hostinginterface.eu: authenticated_id: in@bobbriscoe.net
X-Authenticated-Sender: ssdrsserver2.hostinginterface.eu: in@bobbriscoe.net
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/uoHUn8u1S4rJ0ARuBvOYXpqyZwo>
Subject: Re: [tcpm] draft-ietf-tcpm-accurate-ecn-20: Testing for Zeroing of the ACE Field
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2022 23:13:49 -0000
Neal & Mirja, Using the option without the ACE field is a possibility, but it has ramifications. Below, first I will assume we are going to try to do this, then I'll go through the ramifications that I can think of, and see whether there are any show-stoppers. But first, I suggest you take a look at my last response to Neal's point about hardware TSO offload, which I think was Neal's main motivation. If there is any misunderstanding there, it would be best to sort that out first. On 15/08/2022 14:54, Mirja Kuehlewind wrote: > > Hi Neal, > > I agree with you that we could probably revise the text slightly. I > believe we didn’t really consider the case where we still get valid > information in the option but not in the ACE field. So we also assume > in section 3.2.3.2.5. (Consistency between AccECN Feedback Fields) > that the ACE field can be used as a consistency check for the option. > [BB] That's not quite true - it's the other way round. We assumed that, once the AccECN Option passes the tests for mangling at the start of the connections, it has to be considered robust. Then the option is used as a consistency check for the ACE field (in case the option goes away and the ACE field alone has to be relied on). I mention this, for background on the ramifications later. > However, for the case that your described below where you basically > know that the ACE field is managed locally but the option seem to > work, it would be sad to disable ECN completely. > > Maybe we can/should relax the text a bit by restating it this way: > > OLD > > If the value of this ACE field is zero (0b000), for the remainder of > the half-connection the Data Sender ought to send non-ECN-capable > packets and it is advised not to respond to any feedback of CE markings. > > NEW > > If the value of this ACE field is zero (0b000), for the remainder of > the half-connection the Data Sender is advised not to respond to any > CE feedback in the ACE field and ought to send non-ECN-capable packets > if no other CE feedback is reliably provided in the AccECN option. > [BB] 1/ Can I suggest a rewording because we need to say what to do in either case. NEW2: If the value of this ACE field is zero (0b000), a Data Sender proceeds as follows: o If it has also not yet received any valid AccECN TCP options (or it has not implemented logic to process them), for the remainder of the half-connection it ought to send non-ECN-capable packets and it is advised not to respond to any feedback of CE markings. o If it has received a valid AccECN TCP option, it can continue sending ECN-capable packets, but it MUST ignore incoming values of the ACE field and rely solely on AccECN TCP options. Note that, in either case, the decision of one Data Sender for one half connection is independent of the other. > Of course that leaves the question open when the feedback in the > option is reliable, but maybe we can just leave this to the > implementation and further experimentation. > [BB} 2/ Ramifications There is the rather fundamental problem that the ACE field is used during the 3WHS to negotiate use of AccECN in the first place. So if it is established on the first SYN=0 packet in each direction that the ACE field is unreliable, can the ends be certain that what appeared to be a negotiation of AccECN during the 3WHS wasn't just an accident of mangling? Also the ACE field is used to check whether the IP-ECN field is mangled. So if the ACE field is unreliable, the check of the IP-ECN field could also be unreliable. The protocol was based on the idea that the ACE field is in the main TCP header, so it cannot /not/ be sent, whereas AccECN options would be sent only when convenient. If end A deems that it is going to ignore the incoming ACE field, it has no way of signalling that to end B. So end B might adopt a policy of seldom sending AccECN Options or sending as few fields as possible. Whereas, if it knew the other end was solely reliant on them, it would send them more frequently, or with more fields. Making such a fundamental change to the spec at this stage will require a very careful check of every word (I'm willing to do that, but I didn't before sending this email). There are likely to be all sorts of places that will become confusing unless wording is changed. E.g. right from the start it says ACE is essential and the AccECN Option is supplementary. Also an exception will have to be added to the section that Mirja mentions about consistency checking. And the rules for when to send an AccECN option (if sending them at all) might need to be changed. If they are changed, they will need to be tested with an updated implementation. One more response to Neal below... > Mirja > > *From: *tcpm <tcpm-bounces@ietf.org> on behalf of Neal Cardwell > <ncardwell=40google.com@dmarc.ietf.org> > *Date: *Friday, 5. August 2022 at 03:23 > *To: *"draft-ietf-tcpm-accurate-ecn@ietf.org" > <draft-ietf-tcpm-accurate-ecn@ietf.org>, tcpm <tcpm@ietf.org>, Bob > Briscoe <ietf@bobbriscoe.net>, "ietf@kuehlewind.net" > <ietf@kuehlewind.net>, "Scheffenegger, Richard" > <Richard.Scheffenegger@netapp.com> > *Subject: *[tcpm] draft-ietf-tcpm-accurate-ecn-20: Testing for Zeroing > of the ACE Field > > Re: > > https://www.ietf.org/archive/id/draft-ietf-tcpm-accurate-ecn-20.html > > 3.2.2.4. Testing for Zeroing of the ACE Field – > > https://www.ietf.org/archive/id/draft-ietf-tcpm-accurate-ecn-20.html#section-3.2.2.4 > – says: > > "If AccECN has been successfully negotiated, the Data Sender SHOULD > check the value of the ACE counter in the first packet (with or > without data) that arrives with SYN=0. If the value of this ACE field > is zero (0b000), for the remainder of the half-connection the Data > Sender ought to send non-ECN-capable packets and it is advised not to > respond to any feedback of CE markings. Reason: the symptoms imply > either potential mangling of the ECN fields in both the IP and TCP > headers, or a broken remote TCP implementation. This advice is not > stated normatively (in capitals), because the best strategy might > depend on experience of the most likely types of mangling, which can > only be known at the time of deployment." > > I would have imagined that the response where a data sender detects > "Zeroing of the ACE Field" would be to simply fall back to using the > AccECN options, rather than falling back to sending non-ECN-capable > packets, thus losing the benefits of L4S congestion control. Would > that be feasible? > > AFAICT a data sender can do just fine with zeroed ACE fields, as long > as the data receiver is sending valid AccECN options. > > I can imagine several different arguments for a response to "Zeroing > of the ACE Field" that involves simply falling back to using the > AccECN options rather than disabling the sending of ECN-capable packets: > > (1) The part of Postel's robustness principle that says "be liberal in > what you accept" would seem to argue that a data sender should be > liberal in accepting a zeroed ACE field as long as the AccECN options > are intact and seemingly valid. > > (2) For data senders that need to use TSO, but who have NICs where TSO > necessarily corrupts the ACE field (due to RFC3168-style tweaking of > the CWR bit that cannot be disabled), it would be advantageous to > those data senders to be able to simply send zero ACE fields, rather > than send ACE values that they know would be corrupted. AFAICT this > could allow such senders to benefit from both TSO and L4S. > [BB] I do not envisage that AccECN code will allow a NIC to mangle its own protocol. The idea (described in the draft and implemented by Ilpo) is for initial implementations of AccECN to use software TSO as implemented in the kernel (and patched by Ilpo). I assume that there will be an API to determine whether hardware support for AccECN is available, so that AccECN implementations can use h/w offload when it is, and use s/w offload when it isn't. This will allow AccECN testing on a percentage of connections (for instance), while still doing h/w offload for the rest. The percentage of connections might be spread over all servers, or might be confined to a percentage of servers dedicated to offering AccECN support. Bob > (3) Similarly, if a middlebox somewhere zeroes out the ACE field, > AFAICT this could allow such senders to benefit from L4S in this case > as long as the incoming AccECN options are intact and seemingly valid. > > Thoughts? > > thanks, > > neal > -- ________________________________________________________________ Bob Briscoehttp://bobbriscoe.net/
- [tcpm] draft-ietf-tcpm-accurate-ecn-20: Testing f… Neal Cardwell
- Re: [tcpm] draft-ietf-tcpm-accurate-ecn-20: Testi… Mirja Kuehlewind
- Re: [tcpm] draft-ietf-tcpm-accurate-ecn-20: Testi… Neal Cardwell
- Re: [tcpm] draft-ietf-tcpm-accurate-ecn-20: Testi… Bob Briscoe