TCP Maintenance and Minor Extensions (tcpm) B. Briscoe Internet-Draft BT Updates: 793 (if approved) September 22, 2014 Intended status: Experimental Expires: March 26, 2015 Extended TCP Option Space in the Payload of an Alternative SYN draft-briscoe-tcpm-syn-op-sis-02 Abstract This document describes an experimental method to extend the option space for connection parameters within the initial TCP SYN segment at the start of a TCP connection. In this method the TCP client sends two alternative SYNs: one intended for legacy servers and one intended for upgraded servers. Once it establishes which type of server has responded, it continues the connection appropriate to that server type and aborts the other. The SYN intended for upgraded servers includes additional options at the end of the payload. It is designed to traverse all known middleboxes. In the longer term, clients will be able to send only the SYN intended for upgraded servers. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on March 26, 2015. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents Briscoe Expires March 26, 2015 [Page 1]
Internet-Draft Sister SYNs September 2014 (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Motivation for Adoption (to be removed before publication) . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.3. Experiment Goals . . . . . . . . . . . . . . . . . . . . 4 1.4. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 2. Protocol Specification . . . . . . . . . . . . . . . . . . . 5 2.1. Dual 3-Way Handshake . . . . . . . . . . . . . . . . . . 5 2.2. Retransmission Behaviour . . . . . . . . . . . . . . . . 7 2.3. Segment Structure . . . . . . . . . . . . . . . . . . . . 7 2.3.1. SYN-U Structure (Non-Deterministic) . . . . . . . . . 7 2.3.2. SYN/ACK-U Structure . . . . . . . . . . . . . . . . . 9 2.4. TCP Option Processing . . . . . . . . . . . . . . . . . . 9 2.4.1. Writing TCP Options . . . . . . . . . . . . . . . . . 9 2.4.2. Reading TCP Options . . . . . . . . . . . . . . . . . 10 2.4.3. Forwarding TCP Options . . . . . . . . . . . . . . . 11 3. Discussion of Non-Determinism . . . . . . . . . . . . . . . . 11 4. Migration to Single Handshake . . . . . . . . . . . . . . . . 12 5. Interaction with Pre-Existing TCP . . . . . . . . . . . . . . 13 6. Dual Handshake: The Explicit Variant . . . . . . . . . . . . 13 6.1. Retransmission Behaviour - Explicit Variant . . . . . . . 14 6.2. SYN-L Structure . . . . . . . . . . . . . . . . . . . . . 15 6.3. Corner Cases . . . . . . . . . . . . . . . . . . . . . . 15 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 8. Security Considerations . . . . . . . . . . . . . . . . . . . 16 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 16 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 10.1. Normative References . . . . . . . . . . . . . . . . . . 16 10.2. Informative References . . . . . . . . . . . . . . . . . 17 Appendix A. Alternative Protocol Specifications . . . . . . . . 17 A.1. SYN-U Structure (Deterministic) . . . . . . . . . . . . . 17 Appendix B. Comparison of Alternatives . . . . . . . . . . . . . 19 B.1. Implicit vs Explicit Dual Handshake . . . . . . . . . . . 19 B.2. Non-Deterministic vs Deterministic SYN-U . . . . . . . . 20 B.3. Comparison with Other Proposals . . . . . . . . . . . . . 21 Appendix C. Protocol Design Issues (to be Deleted before Publication) . . . . . . . . . . . . . . . . . . . . 21 Appendix D. Change Log (to be Deleted before Publication) . . . 21 Briscoe Expires March 26, 2015 [Page 2]
Internet-Draft Sister SYNs September 2014 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 24 1. Introduction This document describes an experimental method to extend the TCP option space available in the initial SYN segment of a TCP connection (i.e. SYN set and ACK not set) [RFC0793]. This extension is required to support some combinations of TCP options, notably large ones such as TCP AO [RFC5925] (16B), Multipath TCP [RFC6824] (12B), and TCP Fast Open [I-D.ietf-tcpm-fastopen] (6-18B) as well as other options already typically used in TCP connections, such as SACK-ok (2B), Timestamp (10B), Window Scale (3B), MSS (4B) . In this method the TCP client sends two alternative SYNs: one intended for legacy servers and one intended for upgraded servers. Once it establishes which type of server has responded, it continues the connection appropriate to that server type and aborts the other. The SYN intended for upgraded servers includes additional options at the end of the payload. It is designed to traverse all known middleboxes. The ambition of this specification is more than just a low latency way to extend the TCP option space using two SYNs for parallel capability negotiation. A larger goal is to enable evolution towards: o a single TCP initial segment with more space for control options and o a more structured way for TCP to determine which control options might interact with middleboxes and which are intended solely for end-system interaction. 1.1. Motivation for Adoption (to be removed before publication) It is recognised that there could be potential for compressing together multiple options in order to mitigate the option space problem. However, it seems inevitable that ultimately more option space will be needed, particularly given that many of the TCP options introduced recently consume large numbers of bits in order to provide sufficient information entropy, which is not amenable to compression. Extension of TCP option space on a SYN requires support from both ends. This means it will take many years before the facility is functional for most pairs of end-points. Therefore, given the problem is already becoming pressing, a solution needs to start being deployed now. Briscoe Expires March 26, 2015 [Page 3]
Internet-Draft Sister SYNs September 2014 1.2. Scope This experimental specification extends the TCP wire protocol. It is independent of the dynamic behaviour of TCP and it is independent of (and thus compatible with) any protocol that encapsulates TCP, including IPv4 and IPv6. 1.3. Experiment Goals TCP is critical to the robust functioning of the Internet, therefore any proposed modifications to TCP need to be thoroughly tested. The present specification describes an experimental protocol that provides extra option space on the initial TCP SYN segment. The intention is to specify the protocol sufficiently so that more than one implementation can be built in order to test its function, robustness and interoperability (with itself, with previous version of TCP, and with various commonly deployed middleboxes). Success criteria: The experimental protocol will be considered successful if it satisfies the following requirements in the consensus opinion of the IETF tcpm working group. {ToDo: describe success criteria} Duration: To be credible, the experiment will need to last at least 12 months from publication of the present specification. If successful, a report on the experiment will be written up. it would then be appropriate to work on a standards track specification, in which the experiment report may be included. 1.4. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. In this document, these words will appear with that interpretation only when in ALL CAPS. Lower case uses of these words are not to be interpreted as carrying RFC-2119 significance. TCP header: As defined in RFC 793 [RFC0793]. Even though the present specification places TCP options at the end of the payload, the term 'TCP header' is still used to mean only those fields at the head of the segment, delimited by the TCP Data Offset. Extra TCP options: TCP options placed in the space that the present specification makes available beyond the Data Offset, and beyond any optional payload. Briscoe Expires March 26, 2015 [Page 4]
Internet-Draft Sister SYNs September 2014 TCP payload: User-data to be passed to the layer above TCP. The present document redefines the TCP payload so that it does not include the extra TCP options placed at the end of the payload. Legacy connection: A connection starting with a SYN that a pre- existing TCP server will fully understand. Upgraded connection: A connection starting with an upgraded SYN that will only be fully understood by a server complying with the present specification (even though it might appear valid to a pre- existing TCP server). Legacy server: A TCP listener complying with pre-existing TCP specifications, but not with the present document. Upgraded server: A TCP listener complying with the present document as well as with pre-existing TCP specifications. 2. Protocol Specification 2.1. Dual 3-Way Handshake The upgraded TCP client sends two alternative SYNs: a regular SYN in case the server is legacy and a SYN-U (see Section 2.3.1) in case the server is upgraded. The two SYNs MUST have the same network addresses and the same destination port, but different source ports. Once the client establishes which type of server has responded, it continues the connection appropriate to that server type and aborts the other. The SYN intended for upgraded servers (SYN-U) includes additional TCP options at the end of the payload (see Section 2.3.1). The options are placed at the end of the payload to ensure that the SYN-U is more likely to traverse middleboxes that inspect application-layer headers, which they expect to be at the start of the payload. Table 1 summarises the TCP 3-way handshake exchange for each of the two SYNs between an upgraded TCP client (the active opener) and either: 1. a legacy server, using the two columns to the left, or 2. an upgraded server, using the two columns to the right Because the two SYNs come from different source ports, the server will treat them as separate connections, probably using separate threads (assuming a threaded server). A load balancer might forward each SYN to separate replicas of the same logical server. Each Briscoe Expires March 26, 2015 [Page 5]
Internet-Draft Sister SYNs September 2014 replica will deal with each incoming SYN independently - it does not need to co-ordinate with the other replica. +---+-----------------+-----------+---+----------------+------------+ | | Legacy Server | Legacy | | Upgraded | Upgraded | | | Thread X | Server | | Server Thread | Server | | | | Thread Y | | X | Thread Y | +---+-----------------+-----------+---+----------------+------------+ | 1 | >SYN | >SYN-U | | | >SYN | >SYN-U | | | | | | | | | | 2 | <SYN/ACK | <SYN/ACK | | | <SYN/ACK | <SYN/ACK-U | | | | | | | | | | 3 | Client waits | | | Client waits | | | | for response to | | | for response | | | | both SYNs | | | to SYN-U | | | | | | | | | | | 4 | >ACK | >RST | | | >RST | >ACK | | | | | | | | | | 5 | Cont... | | | | | Cont... | +---+-----------------+-----------+---+----------------+------------+ Table 1: Dual 3-Way Handshake in Two Server Scenarios Each column of the table shows the required 3-way handshake exchange within each connection, using the following symbols: > means client to server < means server to client Cont... means the TCP connection continues as normal The connection that starts with a regular SYN is called the 'legacy connection' and the one that starts with a SYN-U is called the 'upgraded connection'. An upgraded server MUST respond to a SYN-U with an upgraded SYN/ACK (termed a SYN/ACK-U and defined in Section 2.3.2). Then the client recognises that it is talking to an upgraded server. The client's behaviour depends on which response it receives first, as follows: o If the client first receives a SYN/ACK response on the legacy connection, it MUST wait for the response on the upgraded connection. It then proceeds as follows: * If the response on the upgraded connection is a regular SYN/ ACK, the client MUST reset (RST) the upgraded connection and it can continue with the legacy connection. Briscoe Expires March 26, 2015 [Page 6]
Internet-Draft Sister SYNs September 2014 * If the response on the upgraded connection is an upgraded SYN/ ACK-U, the client MUST reset (RST) the legacy connection and it can continue with the upgraded connection. o If the client first receives a legacy SYN/ACK response on the upgraded connection, it MUST reset (RST) the upgraded connection immediately. It can then wait for the response on the legacy connection and, once it arrives, continue as normal. o If the client first receives an upgraded SYN/ACK-U response on the upgraded connection, it MUST reset (RST) the legacy connection immediately and continue with the upgraded connection. 2.2. Retransmission Behaviour If the client receives a response to the SYN, but a short while after that {duration TBA} the response to the SYN-U has not arrived, it SHOULD retransmit the SYN-U. If latency is more important than the extra TCP options, in parallel to any retransmission, or instead of any retransmission, the client MAY give up on the upgraded (SYN-U) connection by sending a reset (RST) and completing the 3-way handshake of the legacy connection. If the client receives no response at all to either the SYN or the SYN-U, it SHOULD solely retransmit one or the other, not both. If latency is more important than the extra TCP options, it will retransmit the SYN. Otherwise it will retransmit the SYN-U. It MUST NOT retransmit both segments, because the lack of response could be due to severe congestion. 2.3. Segment Structure 2.3.1. SYN-U Structure (Non-Deterministic) {Temporary note: The structure for a SYN-U segment specified in this section leads to slightly non-deterministic behaviour, so it will be labelled SYN-UN (for Upgraded Non-deterministic). A deterministic alternative is given in Appendix A. It is expected that one will be chosen during the IETF review process, at which point the other will be deleted.} A SYN-UN is structured as shown in Figure 1. Up to the payload, it is identical to a regular TCP SYN segment, with a base TCP header (TCP hdr) and the usual facility to set the Data Offset (DO) to allow space for TCP options (TCPopts#2). The significance of '#2' will be explained later. Briscoe Expires March 26, 2015 [Page 7]
Internet-Draft Sister SYNs September 2014 Unlike a legacy TCP segment, the payload of a SYN-UN does not continue to the end of the packet. Instead, it can be seen that space is provided for additional TCP options at the end of the packet at an offset from the end of the packet defined using the Extra Options Offset (EOO) field. The EOO field is read from a new 'SynOpSis' TCP option defined in this specification. Note that the handshake described earlier (Section 2.1) ensures that a legacy server will never erroneously pass this mixture of payload and options to the application. If a SYN carries a payload, a TCP server holds back the payload from the application until the 3-way handshake completes. And, once the upgraded client recognises it is talking to a legacy server it will abort the 3-way handshake of the upgraded connection. Therefore it will always prevent the mixed payload from confusing the application. The SynOpSis TCP option MUST be the final TCP option right-aligned at the end of the payload so that the server can find it (using the length of the whole packet found in the network layer header, e.g. IPv4 or IPv6). | EPOO | ,---------->| | DO | | EOO | 2 | ,-------------------->| |<----------------------.<---------. +---------+-----------+---------+-----------+-----------+----------+ | TCP hdr | TCPopts#2 | Payload | TCPopts#1 | TCPopts#3 | SynOpSis | +---------+-----------+---------+-----------+-----------+----------+ All offsets are specified in 4-octet (32-bit) words. Figure 1: The Structure of a SYN-UN segment (not to scale) The SynOpSis TCP option has Kind SynOpSis, with a value {TBA} (See Section 7). The internal structure of the SynOpSis TCP option for a SYN-UN is defined in Figure 2. In general, the SynOpSis TCP option can have different lengths for different purposes. However, in a SYN-UN, the SynOpSis TCP option MUST have Length = 8, so that the server can find where it starts (8 octets before the end of the segment). The first 4 octets of the option contain a magic number {TBA} to reduce the chance that arbitrary data within the payload will be mistaken for a SynOpSis TCP option. Briscoe Expires March 26, 2015 [Page 8]
Internet-Draft Sister SYNs September 2014 +---------------+---------------+-------------------------------+ | Kind=SynOpSis | Length=8 | Magic Number | +---------------+---------------+---------------+---------------+ | Magic Number (cont) | EOO | EPOO | +---------------+---------------+---------------+---------------+ Figure 2: SynOpSis TCP Option for a SYN-UN Two 1-octet offset fields are placed at the end of the SynOpSis TCP option for a SYN-UN: The Extra Options Offset (EOO): The EOO field defines the total size of the extra TCP options in 4-octet words. The start of the extra options will be located 4 * (EOO + 2) octets from the end of the packet. The IP payload size will be 4 * (DO + EOO + 2) + TCP_payload_size. The Extra Prefix Options Offset: The EPOO field defines an additional offset from the start of the extra TCP options that identifies the extent of those extra TCP options that need to be processed before any regular TCP options. The EPOO field defines this offset in 4-octet words. 2.3.2. SYN/ACK-U Structure The SYN/ACK-U carries a simple SynOpSis flag TCP option as defined in Figure 3. It solely identifies that the SYN/ACK is from a server that supports SynOpSis TCP options. +---------------+---------------+ | Kind=SynOpSis | Length=2 | +---------------+---------------+ Figure 3: A SynOpSis flag TCP option 2.4. TCP Option Processing 2.4.1. Writing TCP Options If an upgraded TCP client includes the TCP Fast Open option [I-D.ietf-tcpm-fastopen] in the SYN, it MUST be placed with the extra TCP options after the end of the payload. An upgraded TCP client MUST NOT place any TCP option in the TCP header of a SYN that might cause a TCP server to pass user-data directly to the application before the 3-way handshake completes. Briscoe Expires March 26, 2015 [Page 9]
Internet-Draft Sister SYNs September 2014 In order to ensure that the first extra TCP option aligns on a 4-octet word boundary, a TCP client SHOULD {ToDo: MUST?} start the extra TCP options with sufficient 1-octet no-op TCP options [RFC0793]. The number of no-op octets required will be 3 - ((S - 1) % 4), where S is the IP payload size in octets and '%' is the modulo operation. 2.4.2. Reading TCP Options Before processing any TCP options, if the TCP payload is greater than 9 octets, an upgraded server MUST determine whether there is a SynOpSis TCP option at the end of the packet by checking all the following conditions: o The Kind value is the SynOpSis Kind value; o The length is 8; o The next 4 octets match the magic number; o The sum of the value of the EOO field, and all the length fields found by walking along the TCP options at the end of the payload exactly reaches the end of the packet. If any of these conditions fails, the server MUST proceed by processing any TCP options in the TCP header (TCPopts#2 in Figure 1), and treat all octets after the Data Offset as user-data. If an upgraded server finds a valid SynOpSis TCP option at the end of the packet, it MUST process the TCP options in a SYN-UN in the following order: 1. The Prefix TCP options (TCPopts#1 in Figure 1) 2. The regular TCP options following the main header but before the payload (TCPopts#2 in Figure 1); 3. The Suffix TCP options (TCPopts#3 in Figure 1) This arrangement allows the client to reveal certain TCP options for processing by middleboxes (TCPopts#2), while concealing others after the payload. And the client can still control the order in which the server processes all the TCP options. Briscoe Expires March 26, 2015 [Page 10]
Internet-Draft Sister SYNs September 2014 2.4.3. Forwarding TCP Options Middleboxes exist that process some aspects of the TCP header. Although the present specification defines a new location for extra TCP options at the end of a packet, this is intended for the exclusive use of the destination TCP implementation. Legacy middleboxes will not expect to find TCP options beyond the Data Offset anyway. A middlebox MUST continue to treat any data beyond the Data Offset solely as user-data. A TCP implementation is not necessarily aware whether it is deployed in a middlebox or in a destination, e.g. a split TCP connection might use a regular TCP implementation. Therefore, a general-purpose TCP that implements the present specification will need a configuration switch to disable any search for TCP options at the end of the packet. 3. Discussion of Non-Determinism All the TCP headers and options before the payload of a SYN-UN (see Section 2.3.1) are completely indistinguishable from a regular SYN. This makes it very likely that a SYN-UN will be able to traverse any legacy middlebox, even one that splits a TCP connection. A SYN-UN can only be distinguished from any legacy SYN by the presence of the SynOpSis bit-pattern at the end of the packet. This is termed the non-deterministic segment structure, because there will be a very small probability (roughly 2^{-48-L}) that payload data on a regular (non-SynOpSis) SYN could: o happen to contain a pattern in exactly the right place that matches the kind, length and magic number of a SynOpSis TCP option and o happen to contain a valid sequence of numbers in exactly the right places to look like a valid sequence of TCP option lengths. In the above formula, L is the sum of all the bits in all the TCP option length fields that seem to be in the payload. For instance, if it appears that there are 2 TCP options before the SynOpSis option at the end of the payload, then L=2*8=16, and the probability of incorrectly using user-data as TCP options will then be roughly 2^(-64) = 1 in 18 billion billion (18x10^18). This 'stealth' approach has been taken in order to maximise the chances of traversing all the various types of middlebox. Note that the non-determinism is only in one direction. I.e., there is a small chance that arbitrary user data might be mistaken for the Briscoe Expires March 26, 2015 [Page 11]
Internet-Draft Sister SYNs September 2014 SynOpSis TCP option, but it is not possible that a valid SynOpSis TCP option would ever be mistaken for user data. {ToDo: It is recognised that it is potentially unsafe to use probability to determine whether TCP options are hidden at the end of the payload. If the WG prefers not to use the non-deterministic structure in Section 2.3.1, it can be replaced with the alternative more conventional deterministic protocol structure in . (Appendix A.1), and this discussion of non-determinism could then be deleted.} 4. Migration to Single Handshake The strategy of sending two SYNs in parallel is not essential to the Alternative SYN approach. It is merely an initial strategy that minimises latency when the client does not know whether the server has been upgraded. Evolution to a single SYN with greater optio space could proceed as follows: o Clients could maintain a white-list of upgraded servers discovered by experience and send just the upgraded SYN-U in these cases. o Then, for white-listed servers, the client could send a legacy SYN only in the rare cases when an attempt to use an upgraded connection had previously failed (perhaps a mobile client encountering a new blockage on a new path to a server that it had previously accessed over a good path). o In the longer term, once it can be assumed that most servers are upgraded and the risk of having to fall back to legacy has dropped to near-zero, clients could send just the upgraded SYN first, without maintaining a white-list, but still be prepared to send a legacy SYN in the rare cases when that might fail. There is concern that, although dual handshake approaches might well eventually migrate to a single handshake, they do not scale when there are numerous choices to be made simultaneously. For instance, trying IPv4 and IPv6 in parallel [RFC6555]; and trying SCTP and TCP in parallel [I-D.wing-tsvwg-happy-eyeballs-sctp]; and trying ECN and non-ECN in parallel; and so on. Nonetheless, it is not necessary to try every possible combination of N choices, which would otherwise require 2^N handshakes (assuming each choice is between two options). Instead, a selection of the choices could be attempted together. At the extreme, two handshakes could be attempted, one with all the new features, and one without all the new features. Briscoe Expires March 26, 2015 [Page 12]
Internet-Draft Sister SYNs September 2014 5. Interaction with Pre-Existing TCP {ToDo: TCP API, TCP States and Transitions, TCP Segment Processing, Processing and Segment Size Overhead, Connectionless Resets, ICMP Handling. Interaction with EDO, Interaction with TFO (see Section 2.4.1), Interactions with Other TCP Variants including SYN Cookies, Forward-Compatibility, Interaction with TCP assumptions of Middleboxes. } 6. Dual Handshake: The Explicit Variant This explicit dual handshake is similar to that in Section 2.1, except the SYN that the client intends for a legacy server is explicitly distinguishable from the SYN that would be sent by a legacy client. Then, in the case of an upgraded server, the server can reset the legacy connection itself, rather than creating connection state for at least a round trip until the client resets the connection. {Temporary note: The choice between the explicit handshake in the present section or the handshake in Section 2.1 is a tradeoff between robustness against middlebox interference and minimal server state. During the IETF review process, one might be chosen as the only variant to go forward, at which point the other will be deleted. Alternatively, the IETF could allow both variants and a client could be implemented with either, or both. If both, the application could choose which to use at run-time. Then we will need a section describing the necessary API.} For an explicit dual handshake, the TCP client still sends two alternative SYNs: a SYN-L intended for legacy servers and a SYN-U intended for upgraded servers. The two SYNs MUST have the same network addresses and the same destination port, but different source ports. Once the client establishes which type of server has responded, it continues the connection appropriate to that server type and aborts the other. The SYN intended for upgraded servers includes additional options at the end of the payload (the SYN-U defined as before in Section 2.3.1). Table 2 summarises the TCP 3-way handshake exchange for each of the two SYNs between an upgraded TCP client (the active opener) and either: 1. a legacy server, using the two columns to the left, or 2. an upgraded server, using the two columns to the right Briscoe Expires March 26, 2015 [Page 13]
Internet-Draft Sister SYNs September 2014 The table uses the same layout and symbols as Table 1, which have already been explained in Section 2.1. +---+-------------+--------------+---+--------------+---------------+ | | Legacy | Legacy | | Upgraded | Upgraded | | | Server | Server | | Server | Server Thread | | | Thread X | Thread Y | | Thread X | Y | +---+-------------+--------------+---+--------------+---------------+ | 1 | >SYN-L | >SYN-U | | | >SYN-L | >SYN-U | | | | | | | | | | 2 | <SYN/ACK | <SYN/ACK | | | <RST | <SYN/ACK-U | | | | | | | | | | 3 | >ACK | >RST | | | | >ACK | | | | | | | | | | 4 | Cont... | | | | | Cont... | +---+-------------+--------------+---+--------------+---------------+ Table 2: Explicit Variant of Dual 3-Way Handshake in Two Server Scenarios As before, an upgraded server MUST respond to a SYN-U with a SYN/ACK- U. Then, the client recognises that it is talking to an upgraded server. Unlike before, an upgraded server MUST respond to a SYN-L with a RST. However, the client cannot rely on this behaviour, because a middlebox might strip the SynOpSis TCP option from the SYN-L before it reaches the server. Then the handshake would effectively revert to the implicit variant. Therefore the client's behaviour still depends on which SYN-ACK arrives first, so its response to SYN-ACKs has to follow the rules specified for the implicit handshake variant in Section 2.1. The rules for processing TCP options are unchanged from those in Section 2.4. 6.1. Retransmission Behaviour - Explicit Variant If the client receives a RST on one connection, but a short while after that {duration TBA} the response to the SYN-U has not arrived, it SHOULD retransmit the SYN-U. If latency is more important than the extra TCP options, in parallel to any retransmission, or instead of any retransmission, the client MAY send a SYN without any SynOpSis option, in case this is the cause of the black-hole. However, the presence of the RST implies that one of the SYNs with a SynOpSis TCP option (the SYN-L) probably reached the server, therefore it is more likely (but not certain) that the lack of response on the other connection is due to transmission loss or congestion loss. Briscoe Expires March 26, 2015 [Page 14]
Internet-Draft Sister SYNs September 2014 If the client receives no response at all to either the SYN-L or the SYN-U, it SHOULD solely retransmit one or the other, not both. If latency is more important than the extra TCP options, it SHOULD send a SYN without a SynOpSis TCP option. Otherwise it SHOULD retransmit the SYN-U. It MUST NOT retransmit both segments, because the lack of response could be due to severe congestion. 6.2. SYN-L Structure The SYN-L is merely a SYN with with an extra SynOpSis flag option as shown in Figure 3 (see Section 2.3.2). It solely identifies that the SYN is from a client that supports SynOpSis TCP options. In the case of a legacy server, it will just ignore this TCP option that it doesn't recognise. 6.3. Corner Cases There is a small but finite possibility that one load-sharing replica of a server is upgraded, while another is not. The Implicit Handshake is robust to this possibility, but the Explicit Handshake is not., unless the following additional rules are followed: Both aborted: The client might receive a RST on its legacy connection in response to its SYN-L, then a regular SYN/ACK on its upgraded connection in response to its SYN-U. In this case, the client MUST still respond with a RST on its upgraded connection. Otherwise, its extra TCP options will be passed as user-data to the application by the legacy server. If confronted with this unusual scenario where both connections are aborted, the client's only recourse is to retry a new dual handshake on different source ports, or ultimately to fall-back to sending a regular SYN. Both successful: This could happen in either order but, in both cases, the client aborts the last connection to respond: * The client completes the legacy handshake (because it receives a SYN/ACK), but then, before it has aborted the upgraded connection, it receives a SYN/ACK-U on it. In this case, the client MUST abort the upgraded connection even though it would work. Otherwise the client will have opened both connections, one with extra TCP options and one without. This could confuse the application. * The client completes the the upgraded connection after receiving a SYN/ACK-U, but then it receives a SYN/ACK on the legacy connection. In this case, the client MUST abort the legacy connection. Briscoe Expires March 26, 2015 [Page 15]
Internet-Draft Sister SYNs September 2014 7. IANA Considerations This specification requires IANA to allocate one value from the TCP option Kind name-space, against the name "Sister SYN Options (SynOpSis)" Early implementation before the IANA allocation MUST follow [RFC6994] and use experimental option 254 and magic number 0xHHHH (16 bits) {ToDo: Value TBA and register this with IANA}, then migrate to the new option after the allocation. 8. Security Considerations Certain cryptographic functions have different coverage rules for the TCP header and TCP payload. Placing some TCP options at the end of the payload could mean that they are treated differently from regular TCP options. This is a deliberate feature of the protocol, but application developers will need to be aware that this is the case. {ToDo: More} 9. Acknowledgements The idea of this approach grew out of discussions with Joe Touch while developing draft-touch-tcpm-syn-ext-opt, and with Jana Iyengar and Olivier Bonaventure. The idea that it is architecturally preferable to place a protocol extension behind a higher layer, and code its location into upgraded implementations, was originally articulated by Rob Hancock. The following people provided useful review comments: Joe Touch, Yuchung Cheng. Bob Briscoe was part-funded by the European Community under its Seventh Framework Programme through the Trilogy 2 project (ICT- 317756). The views expressed here are solely those of the authors. 10. References 10.1. Normative References [RFC0793] Postel, J., "Transmission Control Protocol", STD 7, RFC 793, September 1981. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC6994] Touch, J., "Shared Use of Experimental TCP Options", RFC 6994, August 2013. Briscoe Expires March 26, 2015 [Page 16]
Internet-Draft Sister SYNs September 2014 10.2. Informative References [I-D.ietf-tcpm-fastopen] Cheng, Y., Chu, J., Radhakrishnan, S., and A. Jain, "TCP Fast Open", draft-ietf-tcpm-fastopen-09 (work in progress), July 2014. [I-D.wing-tsvwg-happy-eyeballs-sctp] Wing, D. and P. Natarajan, "Happy Eyeballs: Trending Towards Success with SCTP", draft-wing-tsvwg-happy- eyeballs-sctp-02 (work in progress), October 2010. [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP Authentication Option", RFC 5925, June 2010. [RFC6555] Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with Dual-Stack Hosts", RFC 6555, April 2012. [RFC6824] Ford, A., Raiciu, C., Handley, M., and O. Bonaventure, "TCP Extensions for Multipath Operation with Multiple Addresses", RFC 6824, January 2013. Appendix A. Alternative Protocol Specifications This appendix is informative and will be deleted before publication. It documents protocol alternatives that the IETF may wish to consider in place of those in the body of the specification. A.1. SYN-U Structure (Deterministic) This appendix describes a structure for an upgraded SYN called SYN-UD (for upgraded deterministic) that is an alternative to the non- deterministic structure defined in Section 2.3.1. It is termed 'deterministic' because it uses the conventional placement for the SynOpSis TCP option (instead of the unconventional SYN-UN placement at the end of the packet, where arbitrary user-data could be mistaken for the SynOpSis option). However, given it uses the new SynOpSis TCP option in the TCP header, it will not always successfully traverse middleboxes. Unlike a SYN- UN, a SYN-UD will certainly not traverse legacy middleboxes that do not forward unrecognised TCP options, and it is unlikely to traverse a legacy middlebox that splits TCP connections, unless it copies unrecognised TCP options. Nonetheless, like the SYN-UN, the options are still placed at the end of the payload to ensure that the SYN-UD is more likely to traverse middleboxes that inspect application-layer headers, which they expect to be at the start of the payload. Briscoe Expires March 26, 2015 [Page 17]
Internet-Draft Sister SYNs September 2014 The placement of the SynOpSis TCP option in a SYN-UD segment is shown in Figure 4. It can be seen that extra TCP options are still placed at the end of the payload at an offset from the end of the packet defined using the Extra Options Offset (EOO) field. The EOO field is read from a new 'SynOpSis' TCP option defined in this specification. The SynOpSis TCP options is placed in the regular TCP option space of the SYN-UD. | DO | | EOO | ,------------------------------------------->| |<----------. +---------+-----------+----------+-----------+---------+-----------+ | TCP hdr | TCPopts#1 | SynOpSis | TCPopts#3 | Payload | TCPopts#2 | +---------+-----------+----------+-----------+---------+-----------+ Figure 4: The Structure of an alternative (deterministic) SYN-UD segment (not to scale) The SynOpSis TCP option for a SYN-UD segment MUST have Kind SynOpSis, with a value {TBA} (See Section 7) and Length = 3. In general, the SynOpSis TCP option can have different lengths for different purposes. However, in a SYN-UD, the SynOpSis TCP option has Length = 3, so that it can carry the 1-octet EOO field, which MUST be present in a SYN-UD. The internal structure of the SynOpSis TCP option for a SYN-UD segment is defined in Figure 5. +---------------+---------------+---------------+ | Kind=SynOpSis | Length=3 | EOO | +---------------+---------------+---------------+ Figure 5: SynOpSis TCP Option for a deterministic SYN-UD The Extra Options Offset (EOO) field defines the total size of the extra TCP options in 4-octet words. The start of the extra options will be located 4 * EOO octets from the end of the packet. The IP packet payload size will be 4 * (DO + EOO) + TCP_payload_size. An upgraded server MUST process the TCP options in a SYN-UD in the following order: 1. The regular TCP options following the main header but before the SynOpSis TCP option (TCPopts#1 in Figure 4) 2. The TCP options at the end of the payload (TCPopts#2 in Figure 4) Briscoe Expires March 26, 2015 [Page 18]
Internet-Draft Sister SYNs September 2014 3. The regular TCP options following the main header but after the SynOpSis TCP option (TCPopts#3 in Figure 4); Appendix B. Comparison of Alternatives B.1. Implicit vs Explicit Dual Handshake In the body of this specification, two variants of the dual handshake are defined: 1. The implicit dual handshake (Section 2.1) with just a regular SYN (no SynOpSis flag option) on the legacy connection; 2. The explicit dual handshake (Section 6) with a SYN-L (SynOpSis flag option) on the legacy connection. Both schemes double up connection state (for a round trip) on the legacy server. But only the implicit scheme doubles up connection state (for a round trip) on the upgraded server as well. On the other hand, the explicit scheme risks delay accessing a legacy server if a middlebox discards the SYN-L (e.g. some firewalls discard packets with unrecognised TCP options). Table 3 summarises these points. +----------------------------------+---------------+----------------+ | | SYN | SYN-L | | | (Implicit) | (Explicit) | +----------------------------------+---------------+----------------+ | Minimum state on upgraded server | - | + | | | | | | Minimum risk of delay to legacy | + | - | | server | | | +----------------------------------+---------------+----------------+ Table 3: Comparison of Implicit vs. Explicit Dual Handshake on the Legacy Connection There is no need for the IETF to choose between these. If the spec allows either or both, the tradeoff can be left to implementers at build-time, or to the application at run-time. Initially clients might choose the Implicit Dual Handshake to minimise delays due to middlebox interference. But later, perhaps once more middleboxes support the scheme, clients might choose the Explicit scheme, to minimise state on upgraded servers. Briscoe Expires March 26, 2015 [Page 19]
Internet-Draft Sister SYNs September 2014 B.2. Non-Deterministic vs Deterministic SYN-U Two alternative segment structures for the SYN-U are defined, but in this case it is recommended that the IETF needs to choose between them so that only one or the other would be specified: a. The non-deterministic SYN-UN (Section 2.3.1), with the SynOpSis TCP option located at the end of the packet; b. The deterministic SYN-UD (Appendix A.1), with the SynOpSis TCP option located conventionally in the sequence of TCP options in the TCP header. The non-deterministic SYN-UN presents a small risk of user data being mistaken for TCP options. Also, whether or not the client needs extra option space, it requires the server to always check for a TCP option at the end of any SYN with a payload greater than 9 octets. On the other hand, the deterministic SYN-UD risks delay accessing an upgraded server because it is visible to middleboxes that discard packets with unrecognised TCP options. Also the SYN-UD is vulnerable to being removed by middleboxes that do not forward unrecognised options, whereas the SYN-UN is likely to traverse all legacy middleboxes, even split TCP connections. Table 4 summarises these points. +---------------------------+---------------------+-----------------+ | | SYN-UN (Non- | SYN-UD | | | deterministic) | (Deterministic) | +---------------------------+---------------------+-----------------+ | User data unmistakable | - | + | | | | | | No need for upgraded | - | + | | server to check end of | | | | every SYN payload | | | | | | | | Minimum risk of delay to | + | - | | upgraded server | | | | | | | | Extra TCP options likely | + | - | | to traverse all | | | | middleboxes | | | +---------------------------+---------------------+-----------------+ Table 4: Comparison of Implicit vs. Explicit Dual Handshake on the Legacy Connection The IETF needs to choose between SYN-UN and SYN-UD, because if implementation of either or both were allowed, the two deficiencies Briscoe Expires March 26, 2015 [Page 20]
Internet-Draft Sister SYNs September 2014 of SYN-UN would still affect server implementations, whether or not the client used a SYN-UN to take advantage of the two benefits. Currently this document favours SYN-UN, because SYN-UD's lack of reliable middlebox traversal introduces a functional deficiency (if extra option space is absolutely required, the connection cannot even start). In contrast, SYN-UN's first failing has vanishingly small probability, and its second failing 'only' increases server processing - it does not impair the ability of connections to function outright. B.3. Comparison with Other Proposals {ToDo} Appendix C. Protocol Design Issues (to be Deleted before Publication) This appendix is informative, not normative. It records outstanding issues with the protocol design that will need to be resolved before publication. Reliance on segmentation boundary: The definition of the position of the SynOpSis TCP options depends on where the sender decided to place a segment boundary. In general, a sender cannot rely on segment boundaries being preserved, e.g. by segmentation offloading hardware. In the case of a SYN, no more payload data is sent in the first round trip, therefore using this segment boundary is probably safe. However, it may constrain future attempts to send additional data in the first round. Tie to EDO?: Consider whether a successful SYN/ACK-U implies EDO is also supported. Size of SynOpSis magic number: Justify choice. Appendix D. Change Log (to be Deleted before Publication) A detailed version history can be accesssed at <http://datatracker.ietf.org/doc/draft-briscoe-tcpm-syn-op-sis/ history/> From briscoe...-01 to briscoe...-02: Technical changes: * Defined the client behaviour dependent on which response arrives first. Briscoe Expires March 26, 2015 [Page 21]
Internet-Draft Sister SYNs September 2014 * Allowed retransmission of either SYN or SYN-U if no response from either. * Redefined EOO as an offset from the end of the packet, not from the beginning of the payload. * Added section on Migration to a Single Handshake. Reworded dual handshake so that it is not mandatory for the client to send dual SYNs simultaneously; only the relation between the SYNs and the response to either is mandatory, while parallel SYNs is purely for latency reduction. * Added rules for writing TCP options, i.e. i) options like TFO MUST NOT be located in the TCP header and ii) add no-ops to align on 4-octet boundary. * Added rules for forwarding TCP options, i.e. only the destination looks for TCP options after the Data Offset, not middleboxes. * Moved the Explicit Handshake variant (SYN-L) into the body from the appendix, and recommended the choice could be down to implementers or apps. Included section on corner cases. * Introduced more normative language throughout the Protocol Spec. Editorial changes: * Added temporary motivation section * Added confusible terminology to Terminology section. * Divided protocol spec into sub-sections. * Handshake table: Clarified that the two columns under each server represent separate threads, that may run on separate servers, without co-ordination. Represented message dependencies in the alignment of the rows. * Explained the table. * Explained why a legacy server won't ever pass SYN-U to the app. * More precisely described loss as 'not arrived before a timeout', and explained the tradeoff between latency and extra TCP options. Briscoe Expires March 26, 2015 [Page 22]
Internet-Draft Sister SYNs September 2014 * Gave reasoning for locating TCP options in three groups. * Acknowledged Rob Hancock for the architectural idea of hiding an extension to a protocol in the layer above. * Appendix about protocol alternatives now only presents the SYN- UD alternative, given the implicit/explicit handshake choice has been moved to the body. * Rewrote appendix about comparing the choices to treat the two pairs of choices separately, rather than discussing all four combinations of pairs of choices. From briscoe...-00 to briscoe...-01: Technical changes: * Added the definition of a SYN/ACK-U * Deterministic Protocol Spec: Replaced SYN/ACK-L with RST (Joe Touch) * Added Non-Deterministic Explicit and Deterministic Implicit Protocol Specs in Appendices * Added Comparison of Alternatives as an Appendix * Security Considerations: Added note about crypto coverage of TCP options in the payload being different from that of other TCP options. * Added an appendix to record outstanding Protocol Design Issues, and included segmentation boundary issue (Yuchung Cheng). Editorial changes: * Changed TCP option Kind from SYN-OP-SIS to SynOpSis * Protocol Spec: Explained why the extra TCP options are placed at the end of the payload * Throughout: avoided the ambiguity in the word payload, now that there are TCP options at the end of the payload. Some might consider these to be within the payload, while others might consider them to be placed beyond the payload. * Segment structure figures: Clarified that they are not to scale. Briscoe Expires March 26, 2015 [Page 23]
Internet-Draft Sister SYNs September 2014 * Added placeholder section "Interaction with TCP" * Acknowledged reviewers Author's Address Bob Briscoe BT B54/77, Adastral Park Martlesham Heath Ipswich IP5 3RE UK Phone: +44 1473 645196 Email: bob.briscoe@bt.com URI: http://bobbriscoe.net/ Briscoe Expires March 26, 2015 [Page 24]