Re: statement regarding keepalives

Kent Watsen <kwatsen@juniper.net> Wed, 15 August 2018 20:56 UTC

Return-Path: <kwatsen@juniper.net>
X-Original-To: tsv-area@ietfa.amsl.com
Delivered-To: tsv-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 747C2130E11; Wed, 15 Aug 2018 13:56:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.711
X-Spam-Level:
X-Spam-Status: No, score=-2.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sOXP_G1I5zID; Wed, 15 Aug 2018 13:56:08 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58F80130E09; Wed, 15 Aug 2018 13:56:08 -0700 (PDT)
Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w7FKmhew029316; Wed, 15 Aug 2018 13:56:05 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=eySRMSMhgbanEM4e65dkOh7DzCJ9E9QBR0CmTDoJm3I=; b=KjgtlDjk9+bh4V0pud6Kps15w/zt9re9HodzFcDyfKHTeVonZ/QjJBp4Q0/OIn78Bd01 Ilm7EBiivNJXDssDu4kwCP1Y+70jcqOaYbNZEVvMCQB0mk6w8rIhiQA3vw7A6b65hLyq pKi3oNJdMnSGaZHVHhYKYIrnw+jGgJ7ubdUcqVIOG5iFrYpGhxRQ7vtEhxQHZgn5MsoJ hqpDP8la99Hel75Wb6ceKfKqLSottGYWh2ro0hq/Y9GvdGxRyN1KTMevAi5rQbD72EYv NueBm6OlBhDmljU7JLyLRfTmDewbzHmX7M4fHQUROR2CNfCR6UH4PYr9hiTXDswOoVCN 1Q==
Received: from nam05-dm3-obe.outbound.protection.outlook.com (mail-dm3nam05lp0120.outbound.protection.outlook.com [216.32.181.120]) by mx0b-00273201.pphosted.com with ESMTP id 2kvsgur6w7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 15 Aug 2018 13:56:05 -0700
Received: from DM6PR05MB4665.namprd05.prod.outlook.com (20.176.109.202) by DM6PR05MB4300.namprd05.prod.outlook.com (20.176.78.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1059.10; Wed, 15 Aug 2018 20:56:03 +0000
Received: from DM6PR05MB4665.namprd05.prod.outlook.com ([fe80::e0bc:6a82:571d:258]) by DM6PR05MB4665.namprd05.prod.outlook.com ([fe80::e0bc:6a82:571d:258%2]) with mapi id 15.20.1059.010; Wed, 15 Aug 2018 20:56:03 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: Tom Herbert <tom@herbertland.com>
CC: Joe Touch <touch@strayalpha.com>, "netconf-chairs@ietf.org" <netconf-chairs@ietf.org>, "tsv-area@ietf.org" <tsv-area@ietf.org>, "tsvwg-ads@tools.ietf.org" <tsvwg-ads@tools.ietf.org>, "tls-ads@ietf.org" <tls-ads@ietf.org>
Subject: Re: statement regarding keepalives
Thread-Topic: statement regarding keepalives
Thread-Index: AQHUGkG/LZoJEIu3uky/qk612ULG36SYCm6A///2yoCAAGpcgIAomY+AgABWhYD//+GFgA==
Date: Wed, 15 Aug 2018 20:56:02 +0000
Message-ID: <513E9F0D-CFAD-4009-8F86-289D9DC55A79@juniper.net>
References: <D3326DE0-3F31-4045-B945-82B3F417BE4B@juniper.net> <alpine.DEB.2.20.1807201340240.14354@uplift.swm.pp.se> <B50DC954-CBB6-41C5-BE3A-F1DECD6046A5@juniper.net> <717202c9c6c6b3d083bfa4c8a9925e45@strayalpha.com> <6377766E-9A03-41BA-A4D4-8796F46278BD@juniper.net> <CALx6S34+rG_rx+79=iaeu5YT4pYUWRqAym6S_CNzJq9-a40Yvw@mail.gmail.com>
In-Reply-To: <CALx6S34+rG_rx+79=iaeu5YT4pYUWRqAym6S_CNzJq9-a40Yvw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: [66.129.241.13]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM6PR05MB4300; 6:hbUx8iqLV/N+KZM8iTzNYDLYj0fCIQQg6Wk113gAWF1gqY7hlBENa0ieIuKpfHzFaxs3Q5kvlz/Py+jcJTJqGDQV0dBaBKauwScDceGOR23nU15+Pnf51xTpMlFkFSH6nomXnGnzh6BWZUWeEyyASqlvxDIe+8AJ73xLlm0iuqS3e7Lwo11eADmlit3aJd3E1+4QpHNCZ5Ta6cZvgMYWDJJrc1JUfCLRk8MtjKl0c64wSs3PqRxSxBWe7Ep0p3WF4QhBRdHXZQ3sAE2cbbJGE93pzug32NPpGEGNWYYamu0peZslO4bjwcsj8DGdwWbQO6VSn9atO5K1OR1fzNDD9ke5XAbPPIO3J3EgLnGCOe49b0RUSHHBcUZFQBtiTTlxlf+ERfd7YkQHHZ82Z/H3OBHfxSfM2FE0c/T+r9tr2flgWSZ7th1/rga5KIs/sggi4gUhZli0uOQvvA/sMCurwA==; 5:yPu3VyIVfvhaU2fVZ8lnBcYZB/cpStESd4skpHKC9FyO1IHnlSeS2PDlzMQG0bYlnOWYpGOuih3PHiVINj+FpnhT5YSqMODgkr0UiUm67XQ/qycCBg/CcerTPrdngmzK0ot+inXBngpXVl2j+h4hXQmNXr2h82070r0Mq6/HEbY=; 7:j7+A+bs8ZCaDKTOtk4leDQ8IB6cYNsdy+c1A4RIcaY+gGiebzbhS9eTqilgSAWhMvFp6dmIJmacABgMrcr4PBbp4VawQV8LXCKNkkOrXMKLjQGk1Rl7nDVFiwLKY2XpTAr8mY9cipxcMnVL8oP6SYFGey5bxJbdX6/02wJtuby+8bNQuR5QyDhyOBkmB7IghXXOrRMlgQkrFleyBd9UoizF/N9V9lvWH8LihahyH+5r3HRRY1IR8mttpNtsa7xQh
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: d857604f-3b04-4944-21b3-08d602f18334
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DM6PR05MB4300;
x-ms-traffictypediagnostic: DM6PR05MB4300:
x-microsoft-antispam-prvs: <DM6PR05MB4300317CD7A07BAB0FDF7064A53F0@DM6PR05MB4300.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3231311)(944501410)(52105095)(3002001)(6055026)(149027)(150027)(6041310)(20161123562045)(20161123558120)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:DM6PR05MB4300; BCL:0; PCL:0; RULEID:; SRVR:DM6PR05MB4300;
x-forefront-prvs: 07658B8EA3
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(376002)(39860400002)(346002)(396003)(366004)(189003)(199004)(3480700004)(2900100001)(446003)(486006)(476003)(11346002)(2616005)(26005)(14454004)(66066001)(102836004)(82746002)(316002)(5250100002)(99286004)(3846002)(186003)(6916009)(83716003)(76176011)(256004)(6506007)(86362001)(68736007)(6116002)(14444005)(54906003)(58126008)(53936002)(25786009)(81156014)(229853002)(6436002)(8676002)(6486002)(93886005)(6512007)(2906002)(305945005)(4326008)(6246003)(478600001)(7736002)(81166006)(33656002)(36756003)(7116003)(106356001)(8936002)(105586002)(97736004)(5660300001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR05MB4300; H:DM6PR05MB4665.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: yMUlYW00lx6BCP4Mz6eV476TyrlTGuJ0AIiUSLX/tqnFlkcKE5KoxEiTXe3+00PumyNE74D6G1OGjc7iE3z/ku9dklvEwaQSC/gN77j0PqaAr6wTbOpyvAxbND9+5a3zj5GdCNNl5+64k21b9pAU7vKSaaGkEqfAwUouB+qP15G29AaLuvKeW2gJFdeHaNnnu4zj2b5yFoLQ4poq8kyihbOzcpNkvQb9zqRsbmNvI2gqa0tWYmtRYF5kpsPu6WE7VuLqV9nm12bsOvVdNVcnaGlsml+dX84i2umZNjrBrX010XLDGqoTH5qoAJp3psCVyldsnDuUCYTFaqkC0MnkOO7iBsQ9RJmo26gkfNDdqpk=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <FEEDCEC8C9530E43BC401032132FCF63@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: d857604f-3b04-4944-21b3-08d602f18334
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Aug 2018 20:56:02.9578 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR05MB4300
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-08-15_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1808150212
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-area/8mdMwODgHQzYzBIhP2Y3Car_uoI>
X-BeenThere: tsv-area@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF Transport and Services Area Mailing List <tsv-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-area>, <mailto:tsv-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-area/>
List-Post: <mailto:tsv-area@ietf.org>
List-Help: <mailto:tsv-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-area>, <mailto:tsv-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Aug 2018 20:56:11 -0000

Hi Tom,

I recall you're mentioning NAT before.  It fell into a crack and I
lost sight of it.

You bring up an interesting point, it goes to the motivation for
wanting to do keepalives in the first place.  The text doesn't
yet mention maintain flow state as a motivation.

The first paragraph of the "keepalives" section says:

  When the initiator of a networking session needs to maintain a
  long-lived connection, it is necessary for it to periodically test
  the aliveness of the remote device.

Would it make sense to adjust it to say the following?

  When the initiator of a networking session needs to maintain a
  long-lived connection, it is necessary for it to periodically 
  ensure network accessibility to and test the aliveness of the
  remote device.  For instance, without keepalive, an intermediate
  NAT or firewalls may evict the flow state for quiet connections
  due to a timeout or least recently used policy.  Similarly, the
  remote application process, while accessible, may be hung, thus
  accounting for the reason why the connection is quiet.



Regarding your other comment, that the discussion should "include
considerations on the frequency of keepalives and their cost", it
seems that you almost wrote the paragraph below.  Would you be 
willing to proffer some formal text we could paste in, maybe to
the end of the "keepalives" section or another section?  If not,
I can try to take a stab at it.


Thanks,
Kent



===== original message =====

I think the statement is missing a primary purpose of keepalives,
maybe the most important one, which to maintain flow state in NAT and
firewalls and prevent eviction by timeout or LRU.

Also, any meaningful discussion or statement about keepalives should
include considerations on the frequency of keepalives and their cost.

Keepalives themselves carry no meaningful end user data, they are
purely management overhead. The higher the frequency of keepalives,
the higher the overhead and hence the more network resources they
consume. At some point they can become a source of congestion,
especially when keepalive timers become synchronized across a network
as I previously pointed out. Unfortunately, there is no standard for
how NAT state eviction is done and no standard NAT timeout, so the
frequency of keepalives to prevent NAT state eviction is probably
higher than it should be (hence more network overhead).

In terms of cost, consider the effects of waking up the transmitter on
a smart phone periodically just for the purpose of keeping connections
up. With a high enough frequency this will drain the battery quickly.
In fact, one of the touted benefits of IPv6 was supposed to be that
NAT isn't present so there is no need for periodic keepalives to
maintain NAT state and hence this would conserve power on mobile
devices. Use of keepalives in power constrained devices is a real
issue.

Tom

>