IETF Logo Mail Archive

Re: [tcpm] WGLC on draft-ietf-tcpm-persist

"Anantha Ramaiah (ananth)" <ananth@cisco.com> Mon, 31 January 2011 23:31 UTC

Return-Path: <ananth@cisco.com>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ABBAD3A6BFF for <tcpm@core3.amsl.com>; Mon, 31 Jan 2011 15:31:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.536
X-Spam-Level:
X-Spam-Status: No, score=-10.536 tagged_above=-999 required=5 tests=[AWL=0.063, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1JW2PDu8AC8g for <tcpm@core3.amsl.com>; Mon, 31 Jan 2011 15:31:28 -0800 (PST)
Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by core3.amsl.com (Postfix) with ESMTP id 8D1623A6B88 for <tcpm@ietf.org>; Mon, 31 Jan 2011 15:31:28 -0800 (PST)
Authentication-Results: sj-iport-5.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvwDAD/VRk2rR7Ht/2dsb2JhbACWG45gc6FMmy2FTgSFE4pZ
Received: from sj-core-1.cisco.com ([171.71.177.237]) by sj-iport-5.cisco.com with ESMTP; 31 Jan 2011 23:34:43 +0000
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id p0VNYicv007802; Mon, 31 Jan 2011 23:34:44 GMT
Received: from xmb-sjc-21c.amer.cisco.com ([171.70.151.176]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 31 Jan 2011 15:34:43 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 31 Jan 2011 15:34:42 -0800
Message-ID: <0C53DCFB700D144284A584F54711EC580BBA47B6@xmb-sjc-21c.amer.cisco.com>
In-Reply-To: <AANLkTim9oh=7u-k7Z2nnQ5txt0My8OPgzBfN4UZydUbQ@mail.gmail.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [tcpm] WGLC on draft-ietf-tcpm-persist
Thread-Index: AcvBm1d61wBwnJn9Q2auE6oITLWOGAAAE4wA
References: <4D2FC53C.4030304@mti-systems.com><4D463A1A.2090301@mti-systems.com> <AANLkTim9oh=7u-k7Z2nnQ5txt0My8OPgzBfN4UZydUbQ@mail.gmail.com>
From: "Anantha Ramaiah (ananth)" <ananth@cisco.com>
To: John Heffner <johnwheffner@gmail.com>, Wesley Eddy <wes@mti-systems.com>
X-OriginalArrivalTime: 31 Jan 2011 23:34:43.0973 (UTC) FILETIME=[7063A350:01CBC19F]
Cc: tcpm@ietf.org
Subject: Re: [tcpm] WGLC on draft-ietf-tcpm-persist
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Jan 2011 23:31:29 -0000

John,
    We have been through this in the past and the authors have clarified the reasons for some of the questions being posed by you and others. Here is yet another attempt. Pl see inline responses :-

> -----Original Message-----
> From: tcpm-bounces@ietf.org [mailto:tcpm-bounces@ietf.org] On Behalf Of
> John Heffner
> Sent: Monday, January 31, 2011 3:05 PM
> To: Wesley Eddy
> Cc: tcpm@ietf.org
> Subject: Re: [tcpm] WGLC on draft-ietf-tcpm-persist
> 
> First, apologies for missing the last call deadline.  But I'd like for
> the record to state that I don't believe the authors have addressed
> the substantive criticisms raised on the list.  I'm also not sure that
> consensus has been reached on this document, but that is for the
> working group chairs to decide.

Pl go read the emails threads on this list on this subject. The only issue, if I recall correctly was, the mention of a socket API in the document. Now, this is an informational document and the mention of the socket API is purely for illustrations only and thus doesn't mandate any new protocol changes. We have also noted very clearly that it is up to the implementation to chose whatever API it wants to. 

> 
> To summarize my position in a single phrase, closing a TCP connection
> because it is in the persist state is a mistake.  And this document

Nobody is advocating that. We are just clarifying that it is OK to close a connection at any time, persist state in no exception to this rule. These 2 are different things. What makes you carry an impression that we are asking implementations to close the connection stuck in persist state? We are simply clarifying the it is inline with RFC's spirits if the decision is made consciously. 

> describes a mechanism to do exactly that.  If the language in RFC1122
> needs to be clarified, the clarification should be that a connection
> may be aborted while in the persist state.  It should not be aborted
> *because* it is in the persist state.

Where did you get the impression? this has been your stance since day one, I suggest this as a way to move forward. The authors have tried their best put the verbiage to clarify the intent. Now, you seem to be not convinced, it would be nicer if you can :-

- read the document and state which sections are not conformant.
- suggest a modified text.

It is a very short document and hence I guess this shouldn't be a big deal.

> 
> To be more specific, the majority of the doc describes a DoS attack by
> resource exhaustion; however, the persist condition is only a small
> subset of this class of resource exhaustion attacks.  Addressing only
> connections in the persist state ignores the rest of the problem.  The
> document does not address this very simple well-know attack:
> <http://shlang.com/netkill/>.  This document also does not address
> connections where, for example, one byte of window is opened every 60
> seconds, and how they might be prioritized relative to connections in
> the persist state.  Using the mechanism described in the document
> leaves a system completely vulnerable to resource exhaustion by such a
> slow-acking attacker.  As a developer, why would I choose to implement
> this?  Unless these simple variations are addressed, I think it's a
> waste of time.

Well, we removed all the resource management stuff from the document since the WG wanted this document as a simple clarification document. I thought we added the case of one byte window being opened etc., and why addressing such a thing is beyond the scope of this document. I can check the document again...

> 
> Additionally, most implementations already provide an API for handling
> closing of sockets in FIN_WAIT or CLOSING states, with the SO_LINGER
> option.  I don't think this document makes a sufficient justification
> for why this existing mechanism is inadequate, or why the proposed API
> is necessary or sufficient.

We explained this earlier. SO_LINGER applies only during connection close. Applications would like to know the reason for connection not making any progress which includes persist. Now, application is simply telling TCP layer that if the connection is in persist for more then a stipulated time, TCP can go ahead and kill the connection in the same manner like retransmit timeout. Now, I don't want the above statement to say that RTO and persist need to be treated the same way, we are just saying that "as long as application closes the connection or has indicated its willingness to close the connection" it can do so and it is in spirits of RFC 1122.  

I am at loss to understand your concers on this very simple document. It would be nicer if you can point to the exact sections where this document is vague or isn't clear.

Side note :- now this is typical, someone is going to snip portions of my response and get hung up one statement (may be a language weakness or something that is not intended etc., ) hence I am urging folks to read the response in its entirety while responding and not pick (nitpick) on some text.

-Anantha

> 
> Thanks,
>   -John
> 
> 
> On Sun, Jan 30, 2011 at 11:27 PM, Wesley Eddy <wes@mti-systems.com>
> wrote:
> > On 1/13/2011 10:38 PM, Wesley Eddy wrote:
> >>
> >> Based on the discussion of section 7 (programming considerations),
> the
> >> document on clarifying the persist condition has been updated by the
> >> authors.
> >>
> >> The document can be found at:
> >> https://datatracker.ietf.org/doc/draft-ietf-tcpm-persist/
> >>
> >> We think this is ready for working group last call now, so with this
> >> email, I'd like to start a two-week WGLC on the document to last
> until
> >> 1/28. Please send your comments to the TCPM list by then.
> >
> >
> > Since this last call has concluded, I'm planning to do the PROTO
> writeup and
> > send up the document to the IESG late this week.  Since this document
> is
> > fairly short, includes relatively simple technical material, and was
> > well-discussed earlier in its history, I wasn't concerned by the lack
> of
> > WGLC feedback, but will note it in the writeup.
> >
> > If there's any disagreement on this, or someone wants more time to
> review,
> > please shout in the next couple days, before I submit the document to
> the
> > IESG for publication.
> >
> > --
> > Wes Eddy
> > MTI Systems
> > _______________________________________________
> > tcpm mailing list
> > tcpm@ietf.org
> > https://www.ietf.org/mailman/listinfo/tcpm
> >
> _______________________________________________
> tcpm mailing list
> tcpm@ietf.org
> https://www.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email