RE: Summary of responses so far and proposal moving forward[WasRe:[tcpm] Is this a problem?]
"Anantha Ramaiah (ananth)" <ananth@cisco.com> Fri, 30 November 2007 03:21 UTC
Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IxwRK-0000Da-4a; Thu, 29 Nov 2007 22:21:18 -0500
Received: from tcpm by megatron.ietf.org with local (Exim 4.43) id 1IxwRI-0000DN-OG for tcpm-confirm+ok@megatron.ietf.org; Thu, 29 Nov 2007 22:21:16 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IxwRI-0000DF-C7 for tcpm@ietf.org; Thu, 29 Nov 2007 22:21:16 -0500
Received: from sj-iport-6.cisco.com ([171.71.176.117]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IxwRH-0006jF-A2 for tcpm@ietf.org; Thu, 29 Nov 2007 22:21:16 -0500
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-6.cisco.com with ESMTP; 29 Nov 2007 19:21:14 -0800
Received: from sj-core-3.cisco.com (sj-core-3.cisco.com [171.68.223.137]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id lAU3LEo7005929; Thu, 29 Nov 2007 19:21:14 -0800
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id lAU3LAgK025671; Fri, 30 Nov 2007 03:21:10 GMT
Received: from xmb-sjc-21c.amer.cisco.com ([171.70.151.176]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 29 Nov 2007 19:21:10 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Summary of responses so far and proposal moving forward[WasRe:[tcpm] Is this a problem?]
Date: Thu, 29 Nov 2007 19:21:07 -0800
Message-ID: <0C53DCFB700D144284A584F54711EC5804597A88@xmb-sjc-21c.amer.cisco.com>
In-Reply-To: <C186A11B-5858-4905-A4F9-E6DFC920B585@windriver.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Summary of responses so far and proposal moving forward[WasRe:[tcpm] Is this a problem?]
Thread-Index: Acgyqr+YWa5juMFZT+uGzGRouICCZQAATuRQ
From: "Anantha Ramaiah (ananth)" <ananth@cisco.com>
To: David Borman <david.borman@windriver.com>
X-OriginalArrivalTime: 30 Nov 2007 03:21:10.0437 (UTC) FILETIME=[0DC94550:01C83300]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=7735; t=1196392874; x=1197256874; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=ananth@cisco.com; z=From:=20=22Anantha=20Ramaiah=20(ananth)=22=20<ananth@cisco.com> |Subject:=20RE=3A=20Summary=20of=20responses=20so=20far=20and=20proposal= 20moving=20forward[WasRe=3A[tcpm]=20Is=20this=20a=20problem?] |Sender:=20; bh=55ALsYuaMpa5Xux/x8yxU9woqBEO7lF3E+asdvs51vI=; b=f6P1zq34F6X+VQsjxj8guQ06PpHF35nboND8k4zCA6UqlXuZgZYQV8hTKPMZafNgaMgq4vt5 1koxkEd046Q6QB4uhykFEUGOS6/HhSAzVLgYNY1fBsMUY2CgM4zk8I1z;
Authentication-Results: sj-dkim-2; header.From=ananth@cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 33cc095b503da4365ce57c727e553cf1
Cc: TCP Maintenance and Minor Extensions WG <tcpm@ietf.org>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org
Hi David, Firstly, I appreciate your explanations on TCP design and the differences between standard and implementation, those are all good. That said, it appears that this is what is being said (at least that is what is being inferred in the email exchanges) :- Case 1: Abort by the application and OS ================================== "The application OR any entity (like OS) which is instructed by the application to abort the TCP connection when deemed necessary". "The OS can abort the TCP connection when deemed necessary". These actions seems to enjoy full compliance of RFC 793/1122. Also an example : if there are 270 connections hanging out in persist state for 110 days, the system administrator chooses to clear some of these connections, now system administrator is acting on behalf of the system and may not be the application, this is not a violation of the RFC, it appears. WHEREAS Case 2: Aborts done inside TCP layer ============================ Assuming that one implementation chooses to have a design like : instructs each individual components in the system like transports layer to abort some connections and thereby relinquish system resources when deemed necessary using an explicit or implicit feedback from the OS. Now this action seems to be violating the RFC since it was done inside the jurisdiction of TCP code. I am having hard time understanding this. To me, it is pure implementation thingy. To me all the above actions (case 1 and 2), either are all compliant to RFC OR all of them aren't. May be it is just me. Please read on... Lets take the example of one mitigation for "SYN attacks" (I think also mentioned in the recent SYN flood informational RFC) It talks about detecting "possibly" malicious connections hanging out there in half-ESTAB state and the possible mitigations. One of the simple mitigations is to toss the "oldest" embryos and make room for the "new ones" and all of these actions doesn't violate any RFC. It could be argued for SYN flood case : Why should one do that, they can let the connections hang out forever, timeout happens OR the host crashes etc., the point is that you want to make an "attempt" to permit new, possibly legitimate connections, conserve system resources for legitimate clients. Is this foolproof?, no, there are corner cases everywhere in every solution. That doesn't mean you shouldn't be having anti-DOS solutions in place. Now the above draft talks about connections which are going to be established and NOT already established. But I can see a lot of similarities in the goals between the SYN flood and persist drafts. Now, I know people may say that the persist draft is totally different since you are talking about connection that are in >= ESTAB state. The state of affairs so far seems to be : you can't simply touch the TCP connection persisting since RFC 1122 tells you to keep this forever, but wait, you can kill them, but please do so only in the context of the application and may be OS, but not inside TCP since doing so violates RFC. But remember, it could be that someone chose to enhance the their TCP stack's anti-DOS capabilities with some algorithm they believed would help, terming that as a RFC violation seems too far fetched. Anyways, I am stuck on the way RFC compliance is measured here and I am thinking we are applying too much layering here than mandated by the generic nature of the existing RFC. $0.02, -Anantha > -----Original Message----- > From: David Borman [mailto:david.borman@windriver.com] > Sent: Thursday, November 29, 2007 9:09 AM > To: MURALI BASHYAM > Cc: TCP Maintenance and Minor Extensions WG; Mark Allman; Joe Touch > Subject: Re: Summary of responses so far and proposal moving > forward[WasRe:[tcpm] Is this a problem?] > > > On Nov 28, 2007, at 7:32 PM, MURALI BASHYAM wrote: > ... > > The second aspect is the ability of the application to explicitly > > cause the TCP connection to leave the ZWP state at the > specified time > > independent of available resources. There are applications where > > having this level of control over the TCP connection makes > sense (web, > > game servers). > > But aborting this connection with trigger from TCP or OS or > > application is a protocol violation, i don't buy the fact > that if the > > OS does it, it's not a violation, that's what i was referring to as > > pure wordplay. > > Fine. Call it wordplay. There's nothing wrong with that, because you > *have* to get the words right. You have to be crisp on the > protocol definition. The implementation can blur the > boundaries, but the > protocol definition can't. The aborting of a connection > (whether in > persist or any other state) when the other side is alive and > responding has to be done by the application. TCP should not > be doing that without direct instructions from the > application. Whether that is done directly by the > application by using the existing abort or user timeout > interface, or whether a new interface is defined to allow the > application tells the OS to run a timer and abort the > connection when the timer goes off, it is still being done > under the direction of the application. > > > > A protocol is a contract between the sender and receiver > here, and the > > contract defines the wire behaviour. > > The TCP protocol is what is defined in RFC 793/1122, and any > other RFCs that are applicable. It is more than just the > wire behavior. > > > > I care about the wire behaviour of the connection, and if i observe > > the behaviour of the connection in the ZWP state prior to > this change, > > i see ACKs and probes exchanged infinitely. With this change (no > > matter who does it, OS, app, TCP), i see ACKs and probes being > > exchanged for some time, followed by a RST segment to abort the > > connection. > > > > Do you agree that if we do the latter without changing the > wording of > > RFC1122, it's a protocol violation? > > My claim all along has been that it is. > > There already exists two mechanisms for the application to > abort a connection, directly with the abort interface, or > indirectly with the user timeout on the send interface, and > you will get the same wire behavior, a connection in persist > state gets aborted. > > The only protocol problem here is to have TCP abort a > connection in ZWP state without the application having first > explicitly asked for that to happen. And if you need a new > interface to provide that functionality, then that will be a > change to the TCP protocol. > > The OS freeing up resources when they run out by doing things > like aborting connections is not a protocol violation, > because it isn't TCP making that decision. Take that to the > extreme, and you'd be arguing that the system crashing is a > TCP protocol violation, and that's just silly. > > > > > > > If we agree that it's a violation, then it's a standards > track nature > > of draft. > > If it changes TCP, in this case adding a new User/TCP > interface, then it should be on the standards track. > > -David Borman > > > > _______________________________________________ > tcpm mailing list > tcpm@ietf.org > https://www1.ietf.org/mailman/listinfo/tcpm > _______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- Re: Summary of responses so far and proposal movi… MURALI BASHYAM
- Re: Summary of responses so far and proposal movi… David Borman
- Re: Summary of responses so far and proposal movi… MURALI BASHYAM
- Re: Summary of responses so far and proposal movi… David Borman
- Re: Summary of responses so far and proposal movi… Ted Faber
- Re: Summary of responses so far and proposal movi… Joe Touch
- RE: Summary of responses so far and proposal movi… Anantha Ramaiah (ananth)
- Re: Summary of responses so far and proposal movi… David Borman
- RE: Summary of responses so far and proposal movi… Caitlin Bestler
- Re: Summary of responses so far and proposal movi… MURALI BASHYAM
- Re: Summary of responses so far and proposal movi… Joe Touch