Transport Area Working Group Minutes
Taken by Aaron Falk, some editing by Vern Paxson

Agenda:

Kicking TCP: speeding recovery from subnet outages, Phil Karn

Presentation on performance problems relating to TCP exponential backoff
that occurs when subnet links have outages.  The timer ratchets up to a
large value and when the outage resolves, the sender often still has to
wait a long time before finally resuming transmission.  Most common cases
are found on terrestrial wireless links and dialup links. Proposal is to
introduce a new ICMP message, "source encourage", to tell sender to
immediately retransmit if a timeout is pending.  Sent by stateful routers
connected to candidate links. Open issues include being vulnerable to
denial of service attacks.

An *implicit* approach (as opposed to the explicit ICMP approach) is to
have routers store an IP packet for each connection, which can happen
automatically if the router winds up queueing packets because the link
layer has announced that it cannot forward at the moment.  Per connection
storage not possible with IPsec.

Discussion:

Vern (from list): sending a later packet to restart will generate a single
   ACK because it will be above a sequence hole, not enough to kick TCP.
Phil: if you hold on to the most recent packet, then that will be the
   retransmission and so will be in sequence when forwarded.  Releasing new
   packets when link is back up will in fact kick TCP.

Comment: could mitigate DOS concerns by having router disregard kicks
   for outages less than 30 seconds.

Matt Mathis: do you decrement TTL?
Phil: you raise issue of max segment lifetime, which is an outdated concept.
Matt: gets you into PAWs scenarios, recommend rethinking TTL. Some FDDI
   interfaces save packets forever when cable is removed then reinject them
   making stacks unstable.
Tim Shepard: always need PAWS, not just for FDDI.

Comment: When kicked does TCP reset timer?
Phil: forces TCP to act as if timer has expired.
Comment: doesn't TCP max timeout do this?
Vern: it's really annoying waiting an entire minute for this to
   happen. RTO draft caps timer backoff at a minimum of one minute.
   (Intent was not to change de facto implementations.)

Joe Touch: What about when there are alternate routes to carry traffic
   that would otherwise get queued up by the broken link?
Phil: may result in additional delayed dupACKs.
Joe: Router will never know that other paths exist.

Mark Handley: prefer explicit mechanism for use with other protocols beside
   TCP. Receiver should not accept additional messages for some period
   after getting one.

Tim S.: Old idea allowed end-user to push button to generate message
   rather than having timer. But this is really no different than the
   reload button on browsers. Actually a 'go' button would be better
   because reload restarts the object. Explicit message is a good thing.

Vern: Exposing to user would require building in hysterisis. "Sporadic
   reward leaves to a belief in supersition."
(Tim: that's what RED is today. :)

Jamshid Mahdavi: Two thoughts. In favor of implicit because can be
   implemented now. Are there other problems besides PAWS?
Phil: do both and see which ones work.
Jamshid:  What about an ICMP message in support of corruptive losses and
   killing both at one time?
Phil: a better message is 'corruption is now ended.'

Joe: concerned a button will be exploited by end users. Implicit is a
   lot cleaner.

Ted Tso: don't underestimate people's temptation to hack their stacks
   to be more agressive.

Steve Deering: In favor of implicit. Buttons are good but should be
   like elevator or walk buttons.

John Wroclawski: Future devices won't have humans to push buttons. Would
   be unhappy with a solution that required a human user.

Jamshid: User idea is orthogonal to problem since user doesn't know when
   link is back up.

Comment: ICMP message is preferable and could be implemented in
   cellular systems easily.

Vern: what does router hold onto?
Phil: There's explicit flow control between router and subnet and router
   holds only packets that haven't gone to the subnet.

Comment: All examples are in the class of catastrophic failure. Do you
   have any examples of failures of only one TCP of many?
Phil: you are assuming this is all in handheld device. When laptops are
   plugged into a cell phone, the phone is like a router and doesn't have
   the TCP stack.
Comment: draft needs examples where TCP is not in device with link.

Joe: need to build a system where there is no assumption that the
   wireless link is the first hop.

Tim: need to document mechanism of what to do when ICMP message shows
   up regardless of a button or implicit mechanisms.

*************

Link Outage ICMP Notification -- Gabriel Montenegro, Sun

Both link-outage and link-outage-over are useful. Link outage was a valid
message at one time, worth revisiting. Easy to send, no state, simple
synchronous response using ICMP which stacks and apps already know about:
use 'host unreachable' message. RFC1122 says IP must pass these messages
to transport. But can't overload existing 'unreachable' codes. Recommend
using code #8: 'host isolated.' Introduced for routers (IMPs, actually).
Contains enough message to identify originating host. Actions could include
local disk caching, activate browser use of caches, freeze timers, etc.
Possible issues include whether errors are hard or soft. Could decide
based on whether message comes from local host or router.

Steve Deering: some links will send 'destination unreachable' messages
   when link goes down. What is an example of a hard error?
Gabe: one in which the upper layers won't retransmit forever. Like unhooking
   ethernet during an NFS transaction.
Steve: would need an AI to guess what the right response is. Give me an
   example when you'd know what to do?

Geoff Huston: what about the denial of service implications? This would
   be a great way to take down a network.
(Steve: minumum ICMP format include IP header plus 8 bytes.)

Jamshid: ICMP net down + ICMP kick won't work to manage TCP because you
   can't be sure you'll get the kick.

Van Jacobson: because one router can't reach a destination doesn't mean
   the packets won't reach the destination. Most vendors tend to misinterpret
   this information. Many firewalls filter out these ICMP messages.
   Suggest you don't do this because you can't know enough about your
   topology except for very simple networks.

Steve: one use for ICMP message is to print out a diagnostic when application
   finally quits.

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.