IETF Logo Mail Archive

Re: [TLS] Efficiency of ACKing scheme

Eric Rescorla <ekr@rtfm.com> Mon, 06 April 2020 15:20 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE9923A09FB for <tls@ietfa.amsl.com>; Mon, 6 Apr 2020 08:20:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1_hdmyb4YGGH for <tls@ietfa.amsl.com>; Mon, 6 Apr 2020 08:20:26 -0700 (PDT)
Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB8F03A0A31 for <tls@ietf.org>; Mon, 6 Apr 2020 08:20:18 -0700 (PDT)
Received: by mail-lf1-x130.google.com with SMTP id k28so52413lfe.10 for <tls@ietf.org>; Mon, 06 Apr 2020 08:20:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=FDXuHIHCrHQUWyk19n7wueF4o/tEl9wW6JxKgF2tRRs=; b=O2sluAsE3hCE61oJlx7d2doL5Uy4QBibg6iAJ5DpOq1pd5xo1C4aeRC0IyOdNMXO/T dMD7raKR6TPYckf56zymtX4WY6r/pYuqOV8rUbphZxXo7x6LKiVb4Aq86JWQtOVrTpCP wmY/fOe1eOJUtgcGlodVl/SpGsyBaEdnAIcdysvSLJbsCtto+DwW7lmyBR0DiswtoNDy ue/L5klWrJRgFEj1lTkBSONdD+H8oord1QA03Q1tFz0D7WuZpBsn/w03eQ8fzC2mSrH+ KVzM5Ws4bZQ1PIAsDrAcRLtQZ/g8GIrzuNYzDLXzTiBlSqaMieWQ2K3B5mqgWN1DSp0l oHLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=FDXuHIHCrHQUWyk19n7wueF4o/tEl9wW6JxKgF2tRRs=; b=EoCAwN9NHSZ32LdL6Q3Vr77XPUYg6aqMFML9Pw+pnURdVh8TejK1E9izm65KgHld44 sokpFiTYk7m+zOVIlT2/kSNVlUHWnsSOLbTKuiUdZphk3Bo6U8UMRk1Uvb1ceThy08DQ 63vXiwdtawK8MZN73VztCKef1BjQWt6sHJW821D7yNTDp22Y/Ac660U2ITDO92cvI6n8 MmqJDjHz0UGsmRlbFD+E9tqIdyTqnTpDN8mMkcKw4ln5hmLTYtttaEyKigYQ7UuGjRQ0 5Jf7UqwEn04S2SvCXEaB897gs3Vaufd140LAigpiNMLWg42y6sbhrp63A/ws5JBjIkxD SyIg==
X-Gm-Message-State: AGi0PuZJqJ6nfo8cWooCBYLZc8jxazI1imeF+dYKItYCnvutDwjSjGWR DKw5WXob27zUv6VoTnCvNz8pkZ3joEMibROj+gcp8g==
X-Google-Smtp-Source: APiQypJQWQH8Q8QnWVDOecM5MMczAw7E2RPHtbuEK0oV2biRbFtb7oH0wQewTP5ilF3uC/WeyowVFxun8P0FpKG/Hzk=
X-Received: by 2002:a19:f10f:: with SMTP id p15mr13407929lfh.14.1586186417100; Mon, 06 Apr 2020 08:20:17 -0700 (PDT)
MIME-Version: 1.0
References: <AM6PR08MB331820C710440F07055382739BC70@AM6PR08MB3318.eurprd08.prod.outlook.com> <AM6PR08MB331832C84A0E5D04AA5612A99BC70@AM6PR08MB3318.eurprd08.prod.outlook.com> <8fed27dc-f5eb-4104-8308-186c361781bc@www.fastmail.com> <6EC8987C-A1E0-454F-AF09-A43260EB2B56@arm.com> <CAChr6Sx96KBLS+VYFo7DdybraBo7ubz7ojp0fR3XjFcuGWB-2A@mail.gmail.com> <03849701-1A14-4E1A-8298-D483E74E380C@arm.com> <AM6PR08MB3318181A1F2C5B19E9392F849BC20@AM6PR08MB3318.eurprd08.prod.outlook.com>
In-Reply-To: <AM6PR08MB3318181A1F2C5B19E9392F849BC20@AM6PR08MB3318.eurprd08.prod.outlook.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 06 Apr 2020 08:19:40 -0700
Message-ID: <CABcZeBP0s9dt6cm-PK8gkR8RKJRQkxXMaor=xhRF1TzKXn1MZg@mail.gmail.com>
To: Hanno Becker <Hanno.Becker@arm.com>
Cc: Thomas Fossati <Thomas.Fossati@arm.com>, Rob Sayre <sayrer@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f0723005a2a0cd67"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0jr9O-3tYY218-4r5fUnXs9ERzY>
Subject: Re: [TLS] Efficiency of ACKing scheme
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Apr 2020 15:20:29 -0000

On Mon, Apr 6, 2020 at 7:17 AM Hanno Becker <Hanno.Becker@arm.com> wrote:

> Hi Thomas!
>
> > That said, as currently written, this doesn't seem to work particularly
> well on paths that are lossy, slow, and with small MTUs (or a
> combination thereof), which we need to make sure it's reasonably well
> covered as it happens to be one of our main use cases.
> > I'm inclined to say this could be solved by profiling the reliability
> scheme for constrained networks (in I-D.tschofenig-uta-tls13-profile),
>
> Given we agree that there is a significant inefficiency in the ACKing
> scheme as stated, I'd prefer we try to improve the spec now provided we
> find a not too intrusive way to do so, and not postpone the problem.
>
> After all, it seems that there isn't much to be changed if we go for
> option 2 from the original post, which perhaps isn't far off from the
> original intention anyway:
>
> * Sending ACKs: ACKs may be sent for any record immediately, but it is
> recommended to bunch ACKs and in particular send them on any sign of
> disruption.
>
> * Receiving ACKs: Upon receipt of an ACK, implementations should note
> which messages have been received and omit them from future
> retransmissions. It is up to the implementation to decide when to
> retransmit and what to retransmit, but it is recommended they retransmit
> after a period of time during which no further ACK messages have been
> received. They may also proactively retransmit parts of a flight early if
> an ACK message indicates a gap (note, though, that in this example one
> would only retransmit the gap, not the gap + tail as before).
>
> The decisive difference to the current draft is that this takes away the
> character of ACKs as retransmission requests (resulting from the
> recommendation of immediate retransmission upon receipt of a partial ACK),
> while it retains flexibility as to how exactly the scheme is implemented.
>

First, let me say that in scenarios like the one you posit we have other
problems besides ACK inefficiency. Specifically, DTLS doesn't do any real
congestion control and so your initial window will be way too big if you
broadcast a 40K message at once. So I don't think a huge amount of
optimization is in order here. By contrast. we do know that DTLS
retransmission is too slow and given that small flights are common, losing
the ability to indicate that you lost a tail seems undesirable.

ISTM that the easiest way to deal with this is to have the sender treat the
current ACK state as the union of the states it has received and permit
receivers to only ACK each packet once (while encouraging them to fill the
ACK packet). Then you would retransmit if your new ACK state was partial
rather than if the ACK was partial.

-Ekr

v2.23.0 | Report a Bug | By Email