Re: [tcpm] Congestion control in face of ICMP unreachable messages
Ted Faber <faber@ISI.EDU> Mon, 24 September 2007 21:37 UTC
Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IZvcP-0001rP-IQ; Mon, 24 Sep 2007 17:37:29 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IZvcO-0001rA-K3 for tcpm@ietf.org; Mon, 24 Sep 2007 17:37:28 -0400
Received: from boreas.isi.edu ([128.9.160.161]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IZvcN-0006c0-69 for tcpm@ietf.org; Mon, 24 Sep 2007 17:37:28 -0400
Received: from hut.isi.edu (hut.isi.edu [128.9.168.160]) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id l8OLaRWe019517 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 24 Sep 2007 14:36:27 -0700 (PDT)
Received: (from faber@localhost) by hut.isi.edu (8.14.1/8.14.1/Submit) id l8OLaRb5040627; Mon, 24 Sep 2007 14:36:27 -0700 (PDT) (envelope-from faber)
Date: Mon, 24 Sep 2007 14:36:27 -0700
From: Ted Faber <faber@ISI.EDU>
To: Daniel Schaffrath <daniel.schaffrath@mac.com>
Subject: Re: [tcpm] Congestion control in face of ICMP unreachable messages
Message-ID: <20070924213627.GE39402@hut.isi.edu>
References: <8B61F72F-2F75-4388-976F-9748F8784AB3@mac.com> <20070817162542.GA2511@hut.isi.edu> <4AD719E5-AF65-4D4C-8BE8-B070793F69C3@mac.com> <20070907004335.GB48227@hut.isi.edu> <F0EB06F1-58B9-49B1-8CC0-AFEF49ABC276@mac.com> <20070914005315.GL13168@hut.isi.edu> <12EA28CC-C380-46EB-8886-C7BA9EC86148@mac.com>
Mime-Version: 1.0
In-Reply-To: <12EA28CC-C380-46EB-8886-C7BA9EC86148@mac.com>
User-Agent: Mutt/1.4.2.3i
X-url: http://www.isi.edu/~faber
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: faber@hut.isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0770535483960d190d4a0d020e7060bd
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0958589867=="
Errors-To: tcpm-bounces@ietf.org
On Thu, Sep 20, 2007 at 09:21:14PM +0200, Daniel Schaffrath wrote: > > On 2007/09/14 , at 02:53, Ted Faber wrote: > > * ICMP operates on a different timescale than TCP. It may take > > a router longer to decide that there's a host unreachable > > situation than the TCP stack would. It may also take a router > > longer to detect the opposite. > In my (naive?) understanding they not necessarily operate on a > different timescale. For instance, it may take a router some time to > execute an ARP request which may fail and then it would send a late > ICMP (for the initial early segment, the later one got queued, then > dropped). But if for whatever reason a port is disconnected (and by > this a whole (sub-)net vanishes from the routing table) the router > might be able to immediately (within an RTT) decide to send an ICMP. > In either case the TCP source can decide about the timescale an > arriving ICMP operates on (by looking at the sequence numbers > therein). Of course, provided all involved nodes being non-malicious. Yeah, but that seems like a long run for a short slide to me, as a private individual. It might help in very simple cases, but there are a couple "might"s in there and a TCP endpoint making a decision about an ICMP packet based on matching sequence numbers. Practically this seems to be making TCP more brittle to deal with a pretty uncommon case. > > > * They're really easy to spoof. > I got that in the meantime from Jon explanation. And how come, if > they are really that easy to spoof, that for ICMP port/proto/etc. > unreachable messages RFC 1122 asks to drop the connection? Isn't that > a very easy attack then. btw: I just noticed while browsing the Linux > source that Linux treats port/proto/net/host unreachable messages all > the same, i.e., flag an error on the socket and that's it. Have you seen: ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-ietf-tcpm-icmp-attacks-02.txt Fernando and this group are looking at these issues. Perhaps your ideas can be combined with that document? > > Anyways: if ICMP were used to skip doubling RTO an attacker cannot > make a TCP source to flood the network by this. I don't think any of that is an obvious mechanism to cause a DoS attack. > > >I don't think you gain very much, either. If your application > >believes > >that the connection has stuttered - a route flap or something - the > >easiest way to fix it may be to reconnect. I'll bet you do this a > >couple times a day with your browser. Hitting reload on a slow > >loading > >page does exactly this. Other applications may value continuity of > >connection more. > I exhibit exactly this behavior. And I don't like it. I'd like the > network to solve these issues for me... :) I do it, too. TCP serves a lot of applications that aren't people browsing the web. Why do you think TCP should handle this rather than Firefox (for example)? > > [...] > > >>>Explain to me why ICMP messages indicating that your packets are not > >>>being delivered indicate you should not slow down. > >> > >>I am not saying you shouldn't slow down. After RTO of course you > >>should reset cwnd and halve ssthresh. I was just thinking of skipping > >>(or delaying) doubling RTO if the retransmission after RTO does not > >>simply vanish in the network but is replied to with an ICMP (host/ > >>net) unreachable message. This seems reasonable to me if my above > >>finding is true. > > > >I think its extra complexity for minimal gain. > >But, I haven't done anything to validate that opinion. Do you have > >some > >evidence either way? > > Complexity seems to be almost a dysphemism to me here. Perhaps you think complexity is a dirtier word than I do. It's hard to understand how making TCP's retransmission depend partially on ICMP isn't making TCP more complex. I'm happy to use whatever term you prefer. > The gain is > obviously a much faster restarting connection. And it's > extraordinary... given an adequate scenario which is of course not > the usual dial-up leafnode to the wired Internet but for instance a > node which is part of a subnet managed by olsrd (causing route > interruptions and the like). It seems like the case you're considering - a TCP connection that has a conncectivity breach that's noticed by ICMP and restored within a few RTTs - is pretty uncommon. Many application protocols (HTTP,FTP) are already prepared to deal with these kind of interruptions. Again, I don't see a compelling case for the benefits. Just speaking for myself. > > The question is if there is some rationale for this behavior. > Actually, I was thinking there was (ICMP reply for single slow-start > recovery retransmit indicating no congestion for the first few hops > at least). But in the meantime I found that for zero window probing > (which is comparable to "roadblock" probing) RFC 1122 in 4.2.2.17 > recommends exponentiell back-off as well. Whereas I understand that > exponentiell back-off is necessary for the _network_ to recover from > severe congestion, I don't understand why exponentiell back-off is > recommended for recovering from zero windows (which is more or less > _application_ congestion). Of course, for zero window probes which > are not ACKed back-off is essentiel. There is a DISCUSSION paragraph > in 4.2.2.17 which is unfortunately not clear to me. It might be > understood as if exponentiell back-off allows fast recovery from a > zero window condition, although (from my understanding) it does > exactly the opposite. Of course, it may all boil down to defining > words, i.e., exponentiell back-off being fast by definition as > complexity theory knows off much worse growth. But "traditionally" > exponentiell is not fast. 4.2.2.17 is dealing with the case that one end of the connection is advertising a 0 size window. In this case the other end knows that the connection still exists, but it isn't accepting data. That whole probing operation is to elicit a window update if one has been lost. In general, TCP is conservative with sending probes of any kind. -- Ted Faber http://www.isi.edu/~faber PGP: http://www.isi.edu/~faber/pubkeys.asc Unexpected attachment on this mail? See http://www.isi.edu/~faber/FAQ.html#SIG
_______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] Congestion control in face of ICMP unreach… Daniel Schaffrath
- Re: [tcpm] Congestion control in face of ICMP unr… Ted Faber
- Re: [tcpm] Congestion control in face of ICMP unr… Joe Touch
- Re: [tcpm] Congestion control in face of ICMP unr… Daniel Schaffrath
- Re: [tcpm] Congestion control in face of ICMP unr… Daniel Schaffrath
- Re: [tcpm] Congestion control in face of ICMP unr… Ted Faber
- Re: [tcpm] Congestion control in face of ICMP unr… Joe Touch
- Re: [tcpm] Congestion control in face of ICMP unr… Daniel Schaffrath
- Re: [tcpm] Congestion control in face of ICMP unr… Daniel Schaffrath
- Re: [tcpm] Congestion control in face of ICMP unr… Joe Touch
- Re: [tcpm] Congestion control in face of ICMP unr… Joe Touch
- Re: [tcpm] Congestion control in face of ICMP unr… Daniel Schaffrath
- Re: [tcpm] Congestion control in face of ICMP unr… Daniel Schaffrath
- Re: [tcpm] Congestion control in face of ICMP unr… Ted Faber
- Re: [tcpm] Congestion control in face of ICMP unr… Joe Touch
- Re: [tcpm] Congestion control in face of ICMP unr… Joe Touch
- Re: [tcpm] Congestion control in face of ICMP unr… Daniel Schaffrath
- Re: [tcpm] Congestion control in face of ICMP unr… Joe Touch
- Re: [tcpm] Congestion control in face of ICMP unr… Ted Faber