IETF Logo Mail Archive

Re: [tcpm] ECN and synCookie

"Scheffenegger, Richard" <rs@netapp.com> Thu, 28 November 2013 10:41 UTC

Return-Path: <rs@netapp.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 932EE1ADFD4 for <tcpm@ietfa.amsl.com>; Thu, 28 Nov 2013 02:41:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.902
X-Spam-Level:
X-Spam-Status: No, score=-6.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tL-EDbLiAnsH for <tcpm@ietfa.amsl.com>; Thu, 28 Nov 2013 02:41:53 -0800 (PST)
Received: from mx12.netapp.com (mx12.netapp.com [216.240.18.77]) by ietfa.amsl.com (Postfix) with ESMTP id 7F8A71AD939 for <tcpm@ietf.org>; Thu, 28 Nov 2013 02:41:53 -0800 (PST)
X-IronPort-AV: E=Sophos; i="4.93,790,1378882800"; d="scan'208,217"; a="121255608"
Received: from vmwexceht06-prd.hq.netapp.com ([10.106.77.104]) by mx12-out.netapp.com with ESMTP; 28 Nov 2013 02:41:51 -0800
Received: from SACEXCMBX02-PRD.hq.netapp.com ([169.254.1.147]) by vmwexceht06-prd.hq.netapp.com ([10.106.77.104]) with mapi id 14.03.0123.003; Thu, 28 Nov 2013 02:41:52 -0800
From: "Scheffenegger, Richard" <rs@netapp.com>
To: Krishna Khanal <erkrishna.khanal@gmail.com>, "tcpm@ietf.org" <tcpm@ietf.org>
Thread-Topic: [tcpm] ECN and synCookie
Thread-Index: AQHO6/qTnHyvmDksR0KTCMF38fdvRZo6b0IQ
Date: Thu, 28 Nov 2013 10:41:51 +0000
Message-ID: <012C3117EDDB3C4781FD802A8C27DD4F25EEEF6D@SACEXCMBX02-PRD.hq.netapp.com>
References: <CAPJb4YyPHx6CCC77O2NrfAHmuJcq=HoupaqW7KozWB_Ya3omyw@mail.gmail.com>
In-Reply-To: <CAPJb4YyPHx6CCC77O2NrfAHmuJcq=HoupaqW7KozWB_Ya3omyw@mail.gmail.com>
Accept-Language: de-AT, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.106.53.53]
Content-Type: multipart/alternative; boundary="_000_012C3117EDDB3C4781FD802A8C27DD4F25EEEF6DSACEXCMBX02PRDh_"
MIME-Version: 1.0
Subject: Re: [tcpm] ECN and synCookie
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Nov 2013 10:41:56 -0000

Hi Krishna,

as the exact way how a Syn-Cookie is formed is an arbitrary choice by the server doing this, I don’t see that this couldn’t be achieved. Also, it doesn’t need any standards action.


Changing the Semantics of the TCP ECN handshake however, would change the semantics; I’m one of the co-authors of the AccECN drafts, where a different signaling is to be defined. The point you make has not yet brought forward as a requirement to be included in http://tools.ietf.org/html/draft-ietf-tcpm-accecn-reqs-04. But as we have not yet settled on any specific encoding to go with these requirements, something along the lines below could probably be easily added.

For example, what you ask would probably be easy to implement both with http://tools.ietf.org/html/draft-kuehlewind-tcpm-accurate-ecn-02 and http://tools.ietf.org/html/draft-kuehlewind-tcpm-accurate-ecn-option-01 .

You may also look into the work here http://tools.ietf.org/html/draft-kuehlewind-tcpm-ecn-fallback-01 to see how it could interact.


As a side note, even within RFC3168, your (active open) client would have two (non-standard) options to convey the use of ECN again back to the (passive open) server. One would be to set the ECT(0) or ECT(1) codepoint in the ACK – though RFC1368 doesn’t allow that on pure ACKs; the other one would be to signal CWR in the pure ACK. However, as both approaches are not specific (and the use of ECT on pure ACKs may have other implications for the network), you cann’t rely on the server to react properly.

Of course, any data segment from the client to the server would legitimately contain ECT(0), ECT(1) or CE, and the server could “late” enable ECN support after receiving such a segment, if the session was set up using Syn-Cookies. Up to that point (the first ECN-marked segment from the client), the server could send regular, non-ECN segments, and I think such a session would be fully compliant – just not make use of ECN until the first indication of ECN from the client…


Best regards,

Richard Scheffenegger


From: tcpm [mailto:tcpm-bounces@ietf.org] On Behalf Of Krishna Khanal
Sent: Donnerstag, 28. November 2013 06:28
To: tcpm@ietf.org
Subject: [tcpm] ECN and synCookie


A server with synCookie support generally replies the important options received on SYN from
client on its SYN+ACK packet to client after encoding it in its ISS. Since the number of options
exchanged in SYN are growing, there are some alternate ways to remember this, like echoing
the options in timestamp so that it can be offloaded from ISS.

One of the option exchanged in handshake is ECN. When a server receives a SYN with ECE+CWR
set, it replies with ECE. if server has synCookie enabled, it must remember this on ISS as well.

What about echoing back the ECE option on final ack? If client receives SYN+ACK with ECE, it can
set ECE on final ack and send it to server.

With this, there are two advantages:
1. no need to encode the ECN capability on syncookie
2. if the path is asymmetric (though path can change anytime), client can inform server about it,
if the ECE is not set on final ack, server can ignore ECN even if its enabled.

Were there any discussions in the past on this? Does this make any sense?

Regards,
Krishna

v2.23.0 | Report a Bug | By Email