IETF Logo Mail Archive

Re: [tsvwg] Comments on draft-ietf-tsvwg-rfc4960-bis-08

"Maksim Proshin [GMAIL]" <mvproshin@gmail.com> Thu, 11 March 2021 15:10 UTC

Return-Path: <mvproshin@gmail.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEB293A1068 for <tsvwg@ietfa.amsl.com>; Thu, 11 Mar 2021 07:10:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pvyReL1O5o2E for <tsvwg@ietfa.amsl.com>; Thu, 11 Mar 2021 07:10:19 -0800 (PST)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8363C3A1066 for <tsvwg@ietf.org>; Thu, 11 Mar 2021 07:10:18 -0800 (PST)
Received: by mail-lf1-x12a.google.com with SMTP id x4so33612660lfu.7 for <tsvwg@ietf.org>; Thu, 11 Mar 2021 07:10:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WQeoEvm4tEnARAIYHJmCkxEpodONl/xcJvaDUGhxejk=; b=j/qMqvvKEN0X+Jcl7aBqY7y8zmt/lwEyyjlnHJe+bVBt40KbVN+LBQ9WXTHNaruNz1 3CCghhZuoeRYk0FFEDLTHOBcnU2LuCx3rhr9JS6EbmlVpcBXQNLiJfyq08xeIEU2X6Cb THqh6tGv/dhbR8a+h3x/ZNbwGlxUHKolISw1mWgNqO+CoTRFiLuBH9feNOuZrwHZM7ei rtEBlUeQHHCVR6aXskivlQY2ock5CBEoPAS28Bm2amImt1MuHF2DuobwR4Ii3IirT28E mXqPJBN8CCbpIqLjHL1FVqjiL1ze/zj1kJqt0AvN106j62EGxbUZBlaFMXPNG+VOWOdg DoEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WQeoEvm4tEnARAIYHJmCkxEpodONl/xcJvaDUGhxejk=; b=IJ8l2QNSbzuLXVkYgGvlZVVrUKwZrrX8pnVCNRKtwTAzsThVYTr1C1OOnN4EFfd/Ep ESU21ooQAImxCFEw9psuYMLXWbs8XVtqAHuYS5UwA0wackq5cDGai6SP8KxJAGVgPU5D qVkyE3Pdbta1XZWjYizKsR0D660DAq+wfZSIccpezpMt5FLv4UDvMWrf7qEMgsM9YZJJ BdDwKBjZoNAyFpa1u4EJi5in7JPGJKN4byT6zBbzT5qc/A3xDEBrO3XEcMt7AnMThLW7 YU/9cccvbEXDxXI+LdVDwrPFqzkUZTC6ljsKQ1jyPap5jL0ehGUFTXLJ7E8fZV5SmB38 lbTw==
X-Gm-Message-State: AOAM532sVUvbcygsOYPZUuydDuyNkvJPO+z4ewRK54RANbLFlfOxBvC/ p7ItWKGqXmLhd3TfXoGw/o4t9R130VxMMNo9EBCXUoQaI6bqftZ5
X-Google-Smtp-Source: ABdhPJz5JlGPe6ED3cBCGi1DwLEtwvELoUXQ5rWGhhZMEFRC9t4s4fWmGjdAuvO5SAolOlfuWxumsxXXsuh4ejR1sZM=
X-Received: by 2002:a05:6512:12c3:: with SMTP id p3mr2454597lfg.97.1615475414437; Thu, 11 Mar 2021 07:10:14 -0800 (PST)
MIME-Version: 1.0
References: <AM0PR07MB406612FAC3238A432DCC041887F40@AM0PR07MB4066.eurprd07.prod.outlook.com> <3DDB79A9-66F3-4BE9-A414-EA655ED2F8D6@lurchi.franken.de>
In-Reply-To: <3DDB79A9-66F3-4BE9-A414-EA655ED2F8D6@lurchi.franken.de>
From: "Maksim Proshin [GMAIL]" <mvproshin@gmail.com>
Date: Thu, 11 Mar 2021 18:09:38 +0300
Message-ID: <CA+-pjPyXFwVeHSp8eg5Z_UKrUL9JFCGPngHoHTQMiNfqMPg6Aw@mail.gmail.com>
To: Michael Tuexen <Michael.Tuexen@lurchi.franken.de>
Cc: Claudio Porfiri <claudio.porfiri=40ericsson.com@dmarc.ietf.org>, "tsvwg@ietf.org" <tsvwg@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000038933905bd442ebd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/s9jBg3vDK8TtLf-p-etrhEyWQkE>
Subject: Re: [tsvwg] Comments on draft-ietf-tsvwg-rfc4960-bis-08
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Mar 2021 15:10:22 -0000

Hi Michael, others,

I'd like to discuss the following particular comment:

>
> Section 8.4 " Handle "Out of the Blue" Packets"
> The whole section assumes that a single SCTP Host is taking care of a
computing machine,
> whereas it can be better for the implementor to have multiple SCTP Host
instances taking
> care of different SCTP Endpoint within the same machine.
> In my opinion for being considered OOTB, an SCTP packet must be addressed
to one of the
> SCTP Endpoints belonging to a specific SCTP Host.


*But that would mean that you don't get back inn indication that the peer
end-point is notavailable, which is bad. It is bad for the peer not
detecting this and bad for the hostwhen being attacked.*

I think your reasoning about the indication is clear but I don't think that
in the case when the host is being attacked, it's a good idea to spend
resources on ABORT generation. I would even prefer to silently discard it
instead like in the case when SCTP received an invalid cookie. I also think
that there are other arguments against ABORT in such case. Based on our
experience it's a big problem for other SCTP implementations to be deployed
because kernel SCTP implementations always abort packets not belonging to
them and this might even stop other implementations to be developed. So in
my opinion there are pros and cons and as a compromise I would clearly
describe this situation in a spec and put "SHOULD silently discard the
packet" similarly to an invalid cookie which will bring a room for
restrictive implementations to send back an ABORT.
This is probably not just SCTP issue so it would also be good to see how
other transports handle such situation and align with them.

On Fri, Feb 19, 2021 at 1:02 AM Michael Tuexen <
Michael.Tuexen@lurchi.franken.de> wrote:

> > On 1. Dec 2020, at 09:07, Claudio Porfiri <claudio.porfiri=
> 40ericsson.com@dmarc.ietf.org> wrote:
> >
> > Hi,
> > here are my comments on the draft:
> Hi Claudio,
>
> thank you very much for the comments. See my replies in-line.
>
> Best regards
> Michael
> >
> > Generic:
> > About chunks and timers, I'd wish to observe that having a t3-rtx timer
> on per chunk is
> > computationally expensive, and that I don't see how it's possible that
> chunks being
> > bundled in the same SCTP packet can be lost independently.
> > An effective implementation would have a T3-rtx timer on per SCTP packet
> and tie
> > all the transported chunks.
> The specification describes a T3-rtx timer per destination address, not
> per packet.
> Having a per-packet timer or even a per DATA chunk timer seems to require
> way to
> much resources. You can improve the loss recover by using similar to RACK,
> if you
> want.
>
> However, there was one sentence mentioning this:
>
> Note: If the implementation is maintaining a timer on each DATA chunk,
> then only DATA chunks whose timer expired would be marked for
> retransmission.
>
> I removed it.
> >
> > About implementation of rx-buffer: it should be written somewhere that
> there MUST be
> > independent rx-buffers on per Association. This come from having
> observed that
> > implementations exist that share the same rx-buffer among all the
> Associations
> > (and endpoints) and advertise the arwnd with the full shared buffer size.
> > The clear side effect is that a zero-window situation for an Association
> causes
> > zero-window case on all the other Associations.
> I agree that having a receive buffer for multiple association is a bad
> idea. And
> I think the specification talks about receive buffers in the context of
> association.
> Just to make it crystal clear, I added in the section
> Parameters Necessary per Association
> the following text:
>
> Receive Buffer: Buffer to store received user data which is not yet
> delivered
>                 to the upper layer.
>
> >
> > In section 6.1 "Transmission of DATA Chunks", part A, it's written:
> >       If the sender continues to receive SACKs from the peer while
> >       doing zero window probing, the unacknowledged window probes
> >       SHOULD NOT increment the error counter for the association or any
> >       destination transport address.  This is because the receiver
> >       could keep its window closed for an indefinite time.
> > Actually, when a fault happens at the SCTP User, the indefinite time of
> zero-window
> > situation may cause a deadlock situation, I have observed that problem
> in the reality.
> > It would be good suggesting for the implementor to have a supervision
> for zero-window
> > situation that allows aborting the Association when that state lasts too
> long.
> As you state, the problem is not at the SCTP layer, but the user not
> reading data.
> So the SCTP association, the problem is with the upper layer. Therefore it
> makes
> sense to have a heartbeat like mechanism in the upper layer; like all the
> SIGTRAN layers or Diameter...
> >
> >
> > In section 6.4 "Multi-Homed SCTP Endpoints"
> >   By default, an endpoint SHOULD always transmit to the primary path,
> >   unless the SCTP user explicitly specifies the destination transport
> >   address (and possibly source transport address) to use.
> > In situation where the primary path is not stable, this can cause
> traffic bouncing
> > between paths. There are cases where cost is different per path, thus
> the SCTP adopter
> > wants to use the primary path as soon as possible (i.e. when the path is
> IPSec encapsulated
> > and the bandwidth on secondary IPSec tunnel is less than on the primary),
> > but when the paths have the same cost, moving the association due to
> t3-rtx expiration
> > towards another path would make the Association to use the path with
> better quality.
> > That's why I'd change SHOULD with MAY and give the implementor a chance
> for deciding.
> If you change it to MAY you basically give up to concept of a primary
> path...
> >
> > Section 7.3 "Path MTU Discovery"
> >   An endpoint SHOULD apply these techniques, and SHOULD do so on a per-
> >   destination-address basis.
> > In my opinion SHOULD is a MUST.
> But it is allowed to disable PMTUD, for example when used in networks
> where you know the MTU.
> So SHOULD allows for this.
> >
> > Section 8.4 " Handle "Out of the Blue" Packets"
> > The whole section assumes that a single SCTP Host is taking care of a
> computing machine,
> > whereas it can be better for the implementor to have multiple SCTP Host
> instances taking
> > care of different SCTP Endpoint within the same machine.
> > In my opinion for being considered OOTB, an SCTP packet must be
> addressed to one of the
> > SCTP Endpoints belonging to a specific SCTP Host.
> But that would mean that you don't get back inn indication that the peer
> end-point is not
> available, which is bad. It is bad for the peer not detecting this and bad
> for the host
> when being attacked.
> > With the current description, whenever a situation requires to have
> separated SCTP Hosts
> > in the same machine, a filtering mechanism is needed to avoid the hosts
> to mutually abort the
> > traffic, and when the filtering mechanism is implemented the behavior is
> the one I wish
> > to have in the host itself i.e. to only take care of the traffic
> directed towards the
> > SCTP Endpoints defined for it.
> > In the part
> >   8)  The receiver SHOULD respond to the sender of the OOTB packet with
> >       an ABORT.
> > I think that SHOULD is to be replaced by MAY.
> The SHOULD protects the host, a MAY does not.
> >
> >
> > Section 16 " Suggested SCTP Protocol Parameter Values"
> >   The following protocol parameters are RECOMMENDED:
> >
> >   RTO.Initial:  1 second
> >   RTO.Min:  1 second
> >   RTO.Max:  60 seconds
> >   Max.Burst:  4
> >   RTO.Alpha:  1/8
> >   RTO.Beta:  1/4
> >   Valid.Cookie.Life:  60 seconds
> >   Association.Max.Retrans:  10 attempts
> >   Path.Max.Retrans:  5 attempts (per destination address)
> >   Max.Init.Retransmits:  8 attempts
> >   HB.interval:  30 seconds
> >   HB.Max.Burst:  1
> >   SACK.Delay:  200 milliseconds
> >
> > The timers used depend on the actual network, there are cases where
> > in order to fulfil the requirements, they need to be set one order of
> > magnitude below the values recommended. (SIGTRAN and RAN).
> > I'd suggest not to state absolute values, but to provide a criteria
> > for selecting those values.
> > In the signaling networks the ratio is
> > RTO.Max = 4 * RTO.Min
> > RTO.Initial = 2 * RTO.Min
> > HB.interval = 20 * RTO.Min
> > SACK.Delay = RTO.Min / 5
> I understand completely your point and wanted around 2000 (when SCTP was
> initially specified) to write up an RFC describing SCTP parameter settings
> which could be used in signalling networks. This was not possible, since
> the IETF only describes protocols and setting for the Internet. Signalling
> networks are not part of it.
> The settings used in the document for RTO.Min, RTO.Max, and RTO.Initial
> are based on 6298 and RFC 8961. One can argue if 20 seconds or 30 seconds
> for HB.Interval are better. The SACK.Delay has the value as you propose.
> >
> >
> >
> > Best regards,
> > Claudio Porfiri
> >
>
>

-- 
BR, Maxim

v2.23.0 | Report a Bug | By Email