[MPTCP] Re: MPTCP implementation feedback for RFC6824bis

[MPTCP] Re: MPTCP implementation feedback for RFC6824bis

[Matthieu Baerts]

[-- Attachment #1: Type: text/plain, Size: 3018 bytes --]

Hi Alan,

Thank you for your reply.

On Fri, Dec 13, 2019 at 1:38 PM Alan Ford <alan.ford(a)gmail.com> wrote:

> Hi Matthieu,
>
> On 13 Dec 2019, at 00:10, Matthieu Baerts <matthieu.baerts(a)tessares.net>
> wrote:
>
> Hi Alan,
>
>
> On Thu, Dec 12, 2019 at 10:19 PM Alan Ford <alan.ford(a)gmail.com> wrote:
>
>> Hi Christoph (and Matthieu & Pablo),
>>
>> WRT checksums, we do say:
>>
>>    For example,
>>    if the initiator sets A=0 in the SYN but the responder sets A=1 in
>>    the SYN/ACK, checksums MUST be used in both directions, and the
>>    initiator will set A=1 in the ACK.
>>
>>    If A=1 is received by a host that does not
>>    want to use checksums, it MUST fall back to regular TCP by ignoring
>>    the MP_CAPABLE option as if it was invalid.
>>
>> Which would seem to cover all these eventualities. The “C” bit is purely
>> an indicator, and the crypto negotiation is clearly specified too.
>>
>
> Thank you for your answer, that's clearer for the A bit.
> Our concern was mainly about the version. How should we react if, as a
> server supporting only v1, we have this sequence:
>
> SYN (MP_CAPABLE: v2)  →
> ←  SYN+ACK (MP_CAPABLE: v1)
> ACK (MP_CAPABLE v2) →
>
> In other words, the server told the client that the maximum version it
> supports is v1. But in the ACK+MP_CAPABLE, the client sends v2 again.
>
> According to the RFC, the negotiation is done in the SYN and SYN+ACK. How
> do we react if the following ACK is sending a version (e.g. v2) which is
> not the expected one (e.g. v1)?
>
> For the moment in our implementation, we fallback to regular TCP.
> It means that future versions of MPTCP have to set the proper version in
> the 3rd ACK -- the negotiated one -- and not a copy of what has been sent
> in the SYN.
>
> Should we add a clarification for that?
>
>
> I see your point but I don’t feel we need any clarification here. The
> exchange as you rightly point out is done on the SYN/SYN+ACK. So when the
> server sends the SYN+ACK with v1, that is the decision that has been made.
> Sending an ACK with v2 is not a valid response. So if the server receives
> this, it treats it as any other invalid option and ignores it, so it treats
> it as if the ACK does not have an MP_CAPABLE, and thus it will fall back to
> regular TCP.
>

Even if at some point, we thought about not checking the version in the 3rd
ACK because it was a bit unclear for us, we now do fallback to regular TCP
if the version in the 3rd ACK is not the expected one.
So it seems that at the end, we correctly interpreted the RFC there. If you
feel that no clarification is needed for that, that's fine for us!

Best regards,
Matthieu
-- 
[image: Tessares SA] <http://www.tessares.net> Matthieu Baerts | R&D
Engineer
matthieu.baerts(a)tessares.net
Tessares SA | Hybrid Access Solutions
www.tessares.net
1 Avenue Jean Monnet, 1348 Louvain-la-Neuve, Belgium

Disclaimer: https://www.tessares.net/mail-disclaimer/

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 5981 bytes --]

[MPTCP] Re: MPTCP implementation feedback for RFC6824bis

[Alan Ford]

[-- Attachment #1: Type: text/plain, Size: 2227 bytes --]

Hi Matthieu,

> On 13 Dec 2019, at 00:10, Matthieu Baerts <matthieu.baerts(a)tessares.net> wrote:
> 
> Hi Alan,
> 
> 
> On Thu, Dec 12, 2019 at 10:19 PM Alan Ford <alan.ford(a)gmail.com <mailto:alan.ford(a)gmail.com>> wrote:
> Hi Christoph (and Matthieu & Pablo),
> 
> WRT checksums, we do say:
> 
>    For example,
>    if the initiator sets A=0 in the SYN but the responder sets A=1 in
>    the SYN/ACK, checksums MUST be used in both directions, and the
>    initiator will set A=1 in the ACK.  
> 
>    If A=1 is received by a host that does not
>    want to use checksums, it MUST fall back to regular TCP by ignoring
>    the MP_CAPABLE option as if it was invalid.
> 
> Which would seem to cover all these eventualities. The “C” bit is purely an indicator, and the crypto negotiation is clearly specified too.
> 
> Thank you for your answer, that's clearer for the A bit.
> Our concern was mainly about the version. How should we react if, as a server supporting only v1, we have this sequence:
> 
> SYN (MP_CAPABLE: v2)  →
> ←  SYN+ACK (MP_CAPABLE: v1)
> ACK (MP_CAPABLE v2) →
> 
> In other words, the server told the client that the maximum version it supports is v1. But in the ACK+MP_CAPABLE, the client sends v2 again.
> 
> According to the RFC, the negotiation is done in the SYN and SYN+ACK. How do we react if the following ACK is sending a version (e.g. v2) which is not the expected one (e.g. v1)?
> 
> For the moment in our implementation, we fallback to regular TCP.
> It means that future versions of MPTCP have to set the proper version in the 3rd ACK -- the negotiated one -- and not a copy of what has been sent in the SYN.
> 
> Should we add a clarification for that?

I see your point but I don’t feel we need any clarification here. The exchange as you rightly point out is done on the SYN/SYN+ACK. So when the server sends the SYN+ACK with v1, that is the decision that has been made. Sending an ACK with v2 is not a valid response. So if the server receives this, it treats it as any other invalid option and ignores it, so it treats it as if the ACK does not have an MP_CAPABLE, and thus it will fall back to regular TCP.

Regards,
Alan




[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 4698 bytes --]

[MPTCP] Re: MPTCP implementation feedback for RFC6824bis

[Matthieu Baerts]

[-- Attachment #1: Type: text/plain, Size: 6388 bytes --]

Hi Alan,


On Thu, Dec 12, 2019 at 10:19 PM Alan Ford <alan.ford(a)gmail.com> wrote:

> Hi Christoph (and Matthieu & Pablo),
>
> WRT checksums, we do say:
>
>    For example,
>    if the initiator sets A=0 in the SYN but the responder sets A=1 in
>    the SYN/ACK, checksums MUST be used in both directions, and the
>    initiator will set A=1 in the ACK.
>
>    If A=1 is received by a host that does not
>    want to use checksums, it MUST fall back to regular TCP by ignoring
>    the MP_CAPABLE option as if it was invalid.
>
> Which would seem to cover all these eventualities. The “C” bit is purely
> an indicator, and the crypto negotiation is clearly specified too.
>

Thank you for your answer, that's clearer for the A bit.
Our concern was mainly about the version. How should we react if, as a
server supporting only v1, we have this sequence:

SYN (MP_CAPABLE: v2)  →
←  SYN+ACK (MP_CAPABLE: v1)
ACK (MP_CAPABLE v2) →

In other words, the server told the client that the maximum version it
supports is v1. But in the ACK+MP_CAPABLE, the client sends v2 again.

According to the RFC, the negotiation is done in the SYN and SYN+ACK. How
do we react if the following ACK is sending a version (e.g. v2) which is
not the expected one (e.g. v1)?

For the moment in our implementation, we fallback to regular TCP.
It means that future versions of MPTCP have to set the proper version in
the 3rd ACK -- the negotiated one -- and not a copy of what has been sent
in the SYN.

Should we add a clarification for that?

Best regards,
Matthieu


>
> Best regards,
> Alan
>
> On 11 Dec 2019, at 19:28, Christoph Paasch <cpaasch(a)apple.com> wrote:
>
> Hello Alan,
>
> there is one more thing that came up from the implementation experience
> (thanks to Matthieu & Paolo in CC).
>
> It is unclear in the draft (or at least, I didn't find the text ;-) ),
> what to do when the flags & version in the third ACK + MP_CAPABLE are
> inconsistent with what was negotiated in the SYN-SYN/ACK exchange.
>
> It would be good to spell this out and say that if there are any
> inconsistencies, a host should simply fallback to regular TCP.
>
>
> Christoph
>
> On Dec 10, 2019, at 8:09 AM, Alan Ford <alan.ford(a)gmail.com> wrote:
>
> Hi Yoshifumi,
>
> On 10 Dec 2019, at 05:30, Yoshifumi Nishida <nsd.ietf(a)gmail.com> wrote:
>
> Hi Alan,
>
> The texts look fine to me, but I have a few questions on them.
>
> On Fri, Dec 6, 2019 at 7:58 AM Alan Ford <alan.ford(a)gmail.com> wrote:
>
>> Hi all,
>>
>> Following on from the discussion of implementation feedback with
>> Christoph, I propose the following edits to RFC6824bis - which is currently
>> in AUTH48 - as clarifications.
>>
>> ADs, please can you confirm you consider these edits sufficiently
>> editorial to fit into AUTH48.
>>
>> WG participants, please speak up if you have any concerns.
>>
>>
>> *Edit 1, clarifying reliability of MP_CAPABLE*
>>
>> Change the sentence reading:
>>
>>    The SYN with MP_CAPABLE occupies the first octet of data sequence
>> space, although this does not need to be acknowledged at the connection
>> level until the first data is sent (see Section 3.3).
>>
>> To:
>>
>>    The SYN with MP_CAPABLE occupies the first octet of data sequence
>> space, and this MUST be acknowledged at the connection level at or before
>> the time the first data is sent or received (see Section 3.3).
>>
>
> What implementations should do when they receive the first data before
> MP_CAPABLE is acked?
> They should terminate the connection or discard the data?
>
>
> By asking this question you have made me realise that this text is in fact
> incompatible with the case when A (the initiator) is also the first sender
> of data.
>
> Given the problem is only with B sending data first, let us forget this
> change, and revert to Christoph’s original problem text, and use only the
> below change:
>
> Change the sentence reading:
>>
>>    If B has data to send first, then the reliable delivery of the ACK +
>> MP_CAPABLE can be inferred by the receipt of this data with an MPTCP Data
>> Sequence Signal (DSS) option (Section 3.3).
>>
>> To:
>>
>>    If B has data to send first, then the reliable delivery of the ACK +
>> MP_CAPABLE is ensured by the receipt of this data with an MPTCP Data
>> Sequence Signal (DSS) option (Section 3.3) containing a DATA_ACK for the
>> MP_CAPABLE (which is the first octet of the data sequence space).
>>
>
> This will resolve the ambiguity in the case of B sending first.
>
> In my personal opinion either one of these edits would be sufficient for
>> making the point, however clearly this has caused some confusion amongst
>> the implementor community so making both these changes should make it
>> absolutely clear as to the expected behaviour here.
>>
>>
>> *Edit 2, mapping constraint*
>>
>> Change the sentence reading:
>>
>>    A Data Sequence Mapping does not need to be included in every
>> MPTCP packet, as long as the subflow sequence space in that packet
>> is covered by a mapping known at the receiver.
>>
>> To:
>>
>>    A Data Sequence Mapping MUST appear on a TCP segment which is covered
>> by the mapping. It does not need to be included in every MPTCP packet, as
>> long as the subflow sequence space in that packet is covered by a mapping
>> known at the receiver.
>>
>>
> What implementations should do when a Data Sequence Mapping doesn't cover
> the TCP segment that carries this option?
>
>
> There are a number of cases where the MUST does not have a consequence; it
> should be obvious from the text for similar failures that it can close it
> with a RST.
>
> BTW, This is not a strong opinion, but I may prefer a text like: "A Data
> Sequence Mapping MUST provide the mapping for the segment that carries this
> option.”
>
>
> OK how about: "A Data Sequence Mapping MUST provide the mapping which
> includes the segment that carries this option.”
>
> Regards,
> Alan
>
>
>
>
>

-- 
[image: Tessares SA] <http://www.tessares.net> Matthieu Baerts | R&D
Engineer
matthieu.baerts(a)tessares.net
Tessares SA | Hybrid Access Solutions
www.tessares.net
1 Avenue Jean Monnet, 1348 Louvain-la-Neuve, Belgium

Disclaimer: https://www.tessares.net/mail-disclaimer/

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 10966 bytes --]

[MPTCP] Re: MPTCP implementation feedback for RFC6824bis

[Alan Ford]

[-- Attachment #1: Type: text/plain, Size: 5148 bytes --]

Hi Christoph (and Matthieu & Pablo),

WRT checksums, we do say:

   For example,
   if the initiator sets A=0 in the SYN but the responder sets A=1 in
   the SYN/ACK, checksums MUST be used in both directions, and the
   initiator will set A=1 in the ACK.  

   If A=1 is received by a host that does not
   want to use checksums, it MUST fall back to regular TCP by ignoring
   the MP_CAPABLE option as if it was invalid.

Which would seem to cover all these eventualities. The “C” bit is purely an indicator, and the crypto negotiation is clearly specified too.

Best regards,
Alan

> On 11 Dec 2019, at 19:28, Christoph Paasch <cpaasch(a)apple.com> wrote:
> 
> Hello Alan,
> 
> there is one more thing that came up from the implementation experience (thanks to Matthieu & Paolo in CC).
> 
> It is unclear in the draft (or at least, I didn't find the text ;-) ), what to do when the flags & version in the third ACK + MP_CAPABLE are inconsistent with what was negotiated in the SYN-SYN/ACK exchange.
> 
> It would be good to spell this out and say that if there are any inconsistencies, a host should simply fallback to regular TCP.
> 
> 
> Christoph
> 
>> On Dec 10, 2019, at 8:09 AM, Alan Ford <alan.ford(a)gmail.com <mailto:alan.ford(a)gmail.com>> wrote:
>> 
>> Hi Yoshifumi,
>> 
>>> On 10 Dec 2019, at 05:30, Yoshifumi Nishida <nsd.ietf(a)gmail.com <mailto:nsd.ietf(a)gmail.com>> wrote:
>>> 
>>> Hi Alan,
>>> 
>>> The texts look fine to me, but I have a few questions on them.
>>> 
>>> On Fri, Dec 6, 2019 at 7:58 AM Alan Ford <alan.ford(a)gmail.com <mailto:alan.ford(a)gmail.com>> wrote:
>>> Hi all,
>>> 
>>> Following on from the discussion of implementation feedback with Christoph, I propose the following edits to RFC6824bis - which is currently in AUTH48 - as clarifications.
>>> 
>>> ADs, please can you confirm you consider these edits sufficiently editorial to fit into AUTH48.
>>> 
>>> WG participants, please speak up if you have any concerns.
>>> 
>>> 
>>> Edit 1, clarifying reliability of MP_CAPABLE
>>> 
>>> Change the sentence reading:
>>> 
>>>    The SYN with MP_CAPABLE occupies the first octet of data sequence space, although this does not need to be acknowledged at the connection level until the first data is sent (see Section 3.3).
>>> 
>>> To:
>>> 
>>>    The SYN with MP_CAPABLE occupies the first octet of data sequence space, and this MUST be acknowledged at the connection level at or before the time the first data is sent or received (see Section 3.3).
>>> 
>>> What implementations should do when they receive the first data before MP_CAPABLE is acked?
>>> They should terminate the connection or discard the data?
>> 
>> By asking this question you have made me realise that this text is in fact incompatible with the case when A (the initiator) is also the first sender of data.
>> 
>> Given the problem is only with B sending data first, let us forget this change, and revert to Christoph’s original problem text, and use only the below change:
>> 
>>> Change the sentence reading:
>>> 
>>>    If B has data to send first, then the reliable delivery of the ACK + MP_CAPABLE can be inferred by the receipt of this data with an MPTCP Data Sequence Signal (DSS) option (Section 3.3). 
>>> 
>>> To:
>>> 
>>>    If B has data to send first, then the reliable delivery of the ACK + MP_CAPABLE is ensured by the receipt of this data with an MPTCP Data Sequence Signal (DSS) option (Section 3.3) containing a DATA_ACK for the MP_CAPABLE (which is the first octet of the data sequence space).
>> 
>> This will resolve the ambiguity in the case of B sending first.
>> 
>>> In my personal opinion either one of these edits would be sufficient for making the point, however clearly this has caused some confusion amongst the implementor community so making both these changes should make it absolutely clear as to the expected behaviour here.
>>> 
>>> 
>>> Edit 2, mapping constraint
>>> 
>>> Change the sentence reading:
>>> 
>>>    A Data Sequence Mapping does not need to be included in every MPTCP packet, as long as the subflow sequence space in that packet is covered by a mapping known at the receiver.
>>> 
>>> To:
>>> 
>>>    A Data Sequence Mapping MUST appear on a TCP segment which is covered by the mapping. It does not need to be included in every MPTCP packet, as long as the subflow sequence space in that packet is covered by a mapping known at the receiver.
>>> 
>>> 
>>> What implementations should do when a Data Sequence Mapping doesn't cover the TCP segment that carries this option?
>> 
>> There are a number of cases where the MUST does not have a consequence; it should be obvious from the text for similar failures that it can close it with a RST.
>> 
>>> BTW, This is not a strong opinion, but I may prefer a text like: "A Data Sequence Mapping MUST provide the mapping for the segment that carries this option.” 
>> 
>> OK how about: "A Data Sequence Mapping MUST provide the mapping which includes the segment that carries this option.” 
>> 
>> Regards,
>> Alan
>> 
>> 
> 


[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 9570 bytes --]

[MPTCP] Re: MPTCP implementation feedback for RFC6824bis

[Christoph Paasch]

[-- Attachment #1: Type: text/plain, Size: 4332 bytes --]

Hello Alan,

there is one more thing that came up from the implementation experience (thanks to Matthieu & Paolo in CC).

It is unclear in the draft (or at least, I didn't find the text ;-) ), what to do when the flags & version in the third ACK + MP_CAPABLE are inconsistent with what was negotiated in the SYN-SYN/ACK exchange.

It would be good to spell this out and say that if there are any inconsistencies, a host should simply fallback to regular TCP.


Christoph

> On Dec 10, 2019, at 8:09 AM, Alan Ford <alan.ford(a)gmail.com> wrote:
> 
> Hi Yoshifumi,
> 
>> On 10 Dec 2019, at 05:30, Yoshifumi Nishida <nsd.ietf(a)gmail.com <mailto:nsd.ietf(a)gmail.com>> wrote:
>> 
>> Hi Alan,
>> 
>> The texts look fine to me, but I have a few questions on them.
>> 
>> On Fri, Dec 6, 2019 at 7:58 AM Alan Ford <alan.ford(a)gmail.com <mailto:alan.ford(a)gmail.com>> wrote:
>> Hi all,
>> 
>> Following on from the discussion of implementation feedback with Christoph, I propose the following edits to RFC6824bis - which is currently in AUTH48 - as clarifications.
>> 
>> ADs, please can you confirm you consider these edits sufficiently editorial to fit into AUTH48.
>> 
>> WG participants, please speak up if you have any concerns.
>> 
>> 
>> Edit 1, clarifying reliability of MP_CAPABLE
>> 
>> Change the sentence reading:
>> 
>>    The SYN with MP_CAPABLE occupies the first octet of data sequence space, although this does not need to be acknowledged at the connection level until the first data is sent (see Section 3.3).
>> 
>> To:
>> 
>>    The SYN with MP_CAPABLE occupies the first octet of data sequence space, and this MUST be acknowledged at the connection level at or before the time the first data is sent or received (see Section 3.3).
>> 
>> What implementations should do when they receive the first data before MP_CAPABLE is acked?
>> They should terminate the connection or discard the data?
> 
> By asking this question you have made me realise that this text is in fact incompatible with the case when A (the initiator) is also the first sender of data.
> 
> Given the problem is only with B sending data first, let us forget this change, and revert to Christoph’s original problem text, and use only the below change:
> 
>> Change the sentence reading:
>> 
>>    If B has data to send first, then the reliable delivery of the ACK + MP_CAPABLE can be inferred by the receipt of this data with an MPTCP Data Sequence Signal (DSS) option (Section 3.3). 
>> 
>> To:
>> 
>>    If B has data to send first, then the reliable delivery of the ACK + MP_CAPABLE is ensured by the receipt of this data with an MPTCP Data Sequence Signal (DSS) option (Section 3.3) containing a DATA_ACK for the MP_CAPABLE (which is the first octet of the data sequence space).
> 
> This will resolve the ambiguity in the case of B sending first.
> 
>> In my personal opinion either one of these edits would be sufficient for making the point, however clearly this has caused some confusion amongst the implementor community so making both these changes should make it absolutely clear as to the expected behaviour here.
>> 
>> 
>> Edit 2, mapping constraint
>> 
>> Change the sentence reading:
>> 
>>    A Data Sequence Mapping does not need to be included in every MPTCP packet, as long as the subflow sequence space in that packet is covered by a mapping known at the receiver.
>> 
>> To:
>> 
>>    A Data Sequence Mapping MUST appear on a TCP segment which is covered by the mapping. It does not need to be included in every MPTCP packet, as long as the subflow sequence space in that packet is covered by a mapping known at the receiver.
>> 
>> 
>> What implementations should do when a Data Sequence Mapping doesn't cover the TCP segment that carries this option?
> 
> There are a number of cases where the MUST does not have a consequence; it should be obvious from the text for similar failures that it can close it with a RST.
> 
>> BTW, This is not a strong opinion, but I may prefer a text like: "A Data Sequence Mapping MUST provide the mapping for the segment that carries this option.” 
> 
> OK how about: "A Data Sequence Mapping MUST provide the mapping which includes the segment that carries this option.” 
> 
> Regards,
> Alan
> 
> 


[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 8025 bytes --]

[MPTCP] Re: MPTCP implementation feedback for RFC6824bis

[Christoph Paasch]

[-- Attachment #1: Type: text/plain, Size: 14941 bytes --]

Hello Alan,

> On Dec 5, 2019, at 7:03 AM, Alan Ford <alan.ford(a)gmail.com> wrote:
>> On 5 Dec 2019, at 00:33, Christoph Paasch <cpaasch(a)apple.com <mailto:cpaasch(a)apple.com>> wrote:
>>> On Dec 4, 2019, at 1:50 PM, Alan Ford <alan.ford(a)gmail.com <mailto:alan.ford(a)gmail.com>> wrote:
>>> Thank you for the clarifications. I was revisiting the text to see ways to make these clarifications, however I find myself unsure of the need; please see comments below:
>>> 
>>> 
>>> Section 3.1 clarification
>>> 
>>> Towards the end of Section 3.1 we actually say the following:
>>> 
>>>    The SYN with MP_CAPABLE occupies the first octet of data sequence space, although this does not need to be acknowledged at the connection level until the first data is sent (see Section 3.3).
>>> 
>>> Which would seem to cover exactly this concern.
>> 
>> I'm not sure how it covers the concern, because the issue I raise is that the client needs to somehow find out if the MP_CAPABLE made it to the receiver. And the clarification I suggest is to spell out that it is the DATA_ACK (see my next comment).
>> 
>>> However if you still feel further clarification is required, then we could add this also to the sentence you suggest, i.e.:
>>> 
>>>    If B has data to send first, then the reliable delivery of the ACK + MP_CAPABLE can be inferred by the receipt of this data with an MPTCP Data Sequence Signal (DSS) option (Section 3.3). 
>>> 
>> 
>> The ambiguity here is that DSS does not imply DATA_ACK. One could send a DSS without a DATA_ACK, but that would not signal to the client the reliable delivery of the MP_CAPABLE. Only the DATA_ACK will do so.
> 
> OK well maybe I am not understanding your concern here. The first sentence I quote says that the MP_CAPABLE needs to be DATA_ACKed when the first data is sent.

Actually, strictly reading, the first sentence says that it must not be acknowledged until first data sent. It does not say that a MP_CAPABLE MUST be DATA_ACKed.

> The sentence beginning “If B has Data to send first” means:
> 
> - A->B SYN
> - B->A SYN/ACK + MP_CAPABLE
> - A->B ACK + MP_CAPABLE
> - B->A ACK + DATA + DSS
> 
> DSS can contain one or both of DSM and DATA_ACK. However the previously quoted sentence says that the MP_CAPABLE needs to be acknowledged at the connection-level (i.e. DATA_ACKed) when the first data is sent.
> 
> However in writing this I realise that that text makes no comment about who is sending data. Because the intention is it applies to any data being sent (if B is sending, then it will include a DATA_ACK as well as a DSS; if A is sending then B will acknowledge with a DATA_ACK), but it could be read by someone to mean “only when acknowledging the first data does the MP_CAPABLE need to be included in the DATA_ACK”, which is not the desired meaning.
> 
> I am all for improving clarity so I think a clearer version of “If B has data…” would go:
> 
>     If B has data to send first, then the reliable delivery of the ACK + MP_CAPABLE is ensured by the receipt of this data with an MPTCP Data Sequence Signal (DSS) option (Section 3.3) containing a DATA_ACK for the MP_CAPABLE (which is the first octet of the data sequence space).
> 
> Would you be ok with that? It is shorter than the other edits whilst still being unambiguous.

This however does not say that the reception fo a DATA_ACK allows A to stop sending the MP_CAPABLE. I still think that it should be spelled out somewhere.

> 
>>> Can change to:
>>> 
>>>    If B has data to send first, then the reliable delivery of the ACK + MP_CAPABLE can be inferred by the receipt of this data with an MPTCP Data Sequence Signal (DSS) option (Section 3.3) containing a DATA_ACK for the MP_CAPABLE (which is the first octet of the data sequence space). Furthermore, when A receives a DATA_ACK from B it is a signal of the reliable delivery of A's MP_CAPABLE.
>>> 
>>> Please confirm if you still feel this is necessary, given the quote I provide.
>> 
>> Yes, I still feel that this is necessary.
>> 
>>> 
>>> 
>>> Early Mapping
>>> 
>>>    A Data Sequence Mapping does not need to be included in every MPTCP
>>>    packet, as long as the subflow sequence space in that packet is
>>>    covered by a mapping known at the receiver.  This can be used to
>>>    reduce overhead in cases where the mapping is known in advance.  One
>>>    such case is when there is a single subflow between the hosts, and
>>>    another is when segments of data are scheduled in larger-than-packet-
>>>    sized chunks.
>>> 
>>> I would suggest simply adding a sentence at the beginning saying “A Data Sequence Mapping MUST appear on a TCP segment which is covered by the mapping”.
>> 
>> Yes, adding that sentence would clarify this.
>> 
>> I also would remove the sentence "This can be used to..." and "One such case is..." - it adds to the confusion IMO.
> 
> I quite like to retain examples where possible; these seem harmless when combined with the clarification from the MUST, it ensures people behave!

Ok, fair enough!


Thanks,
Christoph

> 
> Best regards,
> Alan
> 
>>> 
>>> Regarding late mapping, we say:
>>> 
>>>    Implementations MAY hold onto such unmapped data for a
>>>    short while, in the expectation that a mapping will arrive shortly.
>>>    Such unmapped data cannot be counted as being within the connection-
>>>    level receive window because this is relative to the data sequence
>>>    numbers, so if the receiver runs out of memory to hold this data, it
>>>    will have to be discarded.  If a mapping for that subflow-level
>>>    sequence space does not arrive within a receive window of data, that
>>>    subflow SHOULD be treated as broken, closed with a RST, and any
>>>    unmapped data silently discarded.
>>> 
>>> Note the last sentence. We already bound this suggestion to just a subflow receive window of data, and provide a mechanism to reject (RST and silently discard). If we add the above text re early mapping that would also apply in this case and provide your requirement that the mapping lands on a segment covered by the mapping.
>> 
>> Yes, this last sentence, combined with the above-mentioned addition should make things fine.
>> 
>> 
>> Thanks,
>> Christoph
>> 
>>> 
>>> Any thoughts?
>>> 
>>> Best regards,
>>> Alan
>>> 
>>>> On 2 Dec 2019, at 17:27, Christoph Paasch <cpaasch(a)apple.com <mailto:cpaasch(a)apple.com>> wrote:
>>>> 
>>>> Hello Alan,
>>>> 
>>>> On 29/11/19 - 21:13:38, Alan Ford wrote:
>>>>>> On 28 Nov 2019, at 19:49, Christoph Paasch <cpaasch(a)apple.com <mailto:cpaasch(a)apple.com>> wrote:
>>>>>>> On Nov 28, 2019, at 8:16 AM, Alan Ford <alan.ford(a)gmail.com <mailto:alan.ford(a)gmail.com> <mailto:alan.ford(a)gmail.com <mailto:alan.ford(a)gmail.com>>> wrote:
>>>>>>>> On 27 Nov 2019, at 19:29, Christoph Paasch <cpaasch(a)apple.com <mailto:cpaasch(a)apple.com> <mailto:cpaasch(a)apple.com <mailto:cpaasch(a)apple.com>>> wrote:
>>>>>>>> Section 3.3.1, page 32 & 33, "A data sequence mapping does not need..."
>>>>>>>> 
>>>>>>>> This paragraph states that it is permissive to send a mapping in advance. Late-mapping is specified a bit higher around the sentence 
>>>>>>>> "Implementations MAY hold onto such unmapped data for a short while in the expectation that a mapping will arrive shortly"
>>>>>>>> 
>>>>>>>> This kind of early/late mapping announcements are difficult to handle in an implementation. The Linux Kernel implementation of multipath-tcp.org <http://multipath-tcp.org/> <http://multipath-tcp.org/ <http://multipath-tcp.org/>> has always disallowed such kind of mappings. Meaning, whenever a DSS-option is received such that the range specified by the relative subflow-sequence number in the DSS-option and the data-length does not (partially) cover the TCP sequence number of the packet itself, the subflow will be killed with a TCP-RST. The problem around handling such early/late mappings is that it is unclear for how long the stack needs to remember these mappings (in the early-mapping case), or for how long he needs to hold on to the data (in the late-mapping case).
>>>>>>>> 
>>>>>>>> We thus suggest to change this to the following:
>>>>>>>> Whenever a DSS-option is received on a packet such that the mapping of the subflow-sequence space does not partially cover the TCP-sequence number of  the packet itself, the host MUST discard this mapping and MAY destroy the subflow with a TCP-RST. It should be noted that a DATA_FIN that does not come with data has a relative subflow-sequence number of 0 and thus should be handled separately.
>>>>>>> 
>>>>>>> This one I do have an issue with:
>>>>>>> 
>>>>>>> - It is a technical change
>>>>>>> - Wording to this effect has been in the document since pretty much the beginning
>>>>>>> - It is a MAY which might as well say “there is no guarantee this would work”
>>>>>> 
>>>>>> The problem with the MAY is that the sender can't really know if the receiver accepts it (more regarding this below)
>>>>>> 
>>>>>>> Most importantly, the replacement text seems not to address this issue at all. If I read it correctly, it says that the data sequence mapping option MUST partially cover the subflow sequence space of the packet itself. But that has nothing to do with late or early mapping, both could partially cover the subflow sequence space and preceding data.
>>>>>>> 
>>>>>>> Can you clarify exactly what you want to permit and prevent, here?
>>>>>> 
>>>>>> Let me try to clarify what exactly we mean with early/late mapping so that we are all on the same terms here:
>>>>>> 
>>>>>> Early mapping:
>>>>>> 
>>>>>> A TCP-segment with sequence-number 1 holds a DSS-option with subflow-sequence number 1001 and data-length 100. This means we need to allocate space to store this DSS-option so that when the TCP-segment with seqno 1001 arrives we can know the mapping. There may be coming more of these DSS-options which all need to be stored in allocated memory. It is unclear what the limit to this is and there is no way to communicate this limit to the sender.
>>>>> 
>>>>> I don’t think we have ever intended to support a mapping like this. If the text is not clear here then yes, we might have an issue.
>>>> 
>>>> Yes, I do think that the text is not very clear on that  - we should clarify
>>>> that.
>>>> 
>>>>> We intend only to support: A TCP segment with sequence-number 1 holds a DSS option for SSN 1 and length 10000 (so multiple segments in the future).
>>>> 
>>>> Sounds good!
>>>> 
>>>>> Or, slightly more convoluted, a TCP segment with SN 100, length 100, which holds a DSS option for 151-250, and bytes 50-150 were already covered by a previous mapping.
>>>> 
>>>> Also good.
>>>> 
>>>>> I do not believe we have ever intended mappings on data segments where the segments do not include any of the mapped data. We did, however, intend to support mappings on pure ACKs in order to avoid any option space limits.
>>>> 
>>>> Mappings on a pure ACK are an unlikely use-case. The problem is that in the
>>>> end the mapping needs to reliably make it to the receiver as otherwise he
>>>> needs to throw the data away. Combining it with data implicitly makes it
>>>> reliable.
>>>> 
>>>> In case of option-space limits, it is better to send the options that do
>>>> consume a lot of space (ADD_ADDR,...) on the pure ACK.
>>>> 
>>>>> 
>>>>>> Late mapping:
>>>>>> 
>>>>>> The receiver receives data without DSS-options with TCP-sequence 1 to 1001. The corresponding DSS-option however arrives with the TCP-segment with seqno 2001. Here, the receiver needs to hold on to this data, waiting for the TCP-segment with the DSS-option. At one point the receiver needs to drop the data due to memory limits. Again, the sender has no way for knowing what this limit is.
>>>>> 
>>>>> So this is slightly more problematic, and this is what the MAY in the text is designed to discuss.
>>>>> 
>>>>> I believe we had intended to support a situation where you could have a segment 1-1000 without a DSS option, and 1001-2000 also without, and then 2001-3000 with the option then providing a mapping for 1 to 2001 or higher.
>>>> 
>>>> I think this scenario is fine to some extend with a slight change that the
>>>> provided mapping should be for 1 to 2002 or higher (thus, including the byte
>>>> of the 2001-3000 segment).
>>>> 
>>>>> This would allow a sender to start pushing out data before it knew what a mapping might look like.
>>>>> It does, however, seem an unlikely situation but you as a receiver could of course reduce the subflow window size in order to limit buffering. The text does recognise the memory issue and point out that this won’t be DATA ACKed and as such a sender should soon realise and retransmit on a separate subflow and then this subflow may eventually be closed.
>>>> 
>>>> Yes, it seems like an unlikerly situation and I'm not sure about the
>>>> use-case for doing this.
>>>> 
>>>>> Another situation would involve two mappings on the same TCP segment. If the first 50 bytes of a segment are covered by the mapping provided in that segment, but there are then also another 50 bytes, then the mapping can’t be provided until the next segment.
>>>> 
>>>> Yes, two mappings on a single packet are problematic simply because of the
>>>> lack of option-space.
>>>> 
>>>>> I guess my initial thought here is that this was intended to cover a number of corner cases but if it does not work for you then there are several compliant ways of dealing with it.
>>>>> 
>>>>>> When the DSS-option comes together with the corresponding TCP-sequence it is straight-forward to store it together with the data. There are no issues with memory-allocation,... as all of this is accounted together with the announced window (yes, the memory is not counted against the window, but the receiver can foresee the DSS-option overhead when computing what window he should announce).
>>>>>> 
>>>>>> When a receiver gets data without a DSS-option, he can store it for up to 64KB of data as that is the maximum data-level length and the last segment of the 64KB-train could be holding the DSS-option. After that he has to drop the data.
>>>>>> 
>>>>>> When the mapping partially covers the segment it also isn't a problem as the unmapped part can safely be dropped and the mapped part can be passed on to the MPTCP-layer.
>>>>>> 
>>>>>> All of this does not imply that every segment of a mapping needs to hold the DSS-option. Just one of them needs to have it.
>>>>> 
>>>>> That last statement aligns with what was intended in the text. But are you really saying that, or are you saying that the first one needs to have it? Because that would be a change.
>>>> 
>>>> No, the first one does not need to have it. Just one of them.
>>>> 
>>>> 
>>>> Cheers,
>>>> Christoph
> 


[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 23310 bytes --]

[MPTCP] Re: MPTCP implementation feedback for RFC6824bis

[Christoph Paasch]

[-- Attachment #1: Type: text/plain, Size: 12336 bytes --]

Hello Alan,

> On Dec 4, 2019, at 1:50 PM, Alan Ford <alan.ford(a)gmail.com> wrote:
> 
> Hi Christoph,
> 
> Thank you for the clarifications. I was revisiting the text to see ways to make these clarifications, however I find myself unsure of the need; please see comments below:
> 
> 
> Section 3.1 clarification
> 
> Towards the end of Section 3.1 we actually say the following:
> 
>    The SYN with MP_CAPABLE occupies the first octet of data sequence space, although this does not need to be acknowledged at the connection level until the first data is sent (see Section 3.3).
> 
> Which would seem to cover exactly this concern.

I'm not sure how it covers the concern, because the issue I raise is that the client needs to somehow find out if the MP_CAPABLE made it to the receiver. And the clarification I suggest is to spell out that it is the DATA_ACK (see my next comment).

> However if you still feel further clarification is required, then we could add this also to the sentence you suggest, i.e.:
> 
>    If B has data to send first, then the reliable delivery of the ACK + MP_CAPABLE can be inferred by the receipt of this data with an MPTCP Data Sequence Signal (DSS) option (Section 3.3). 
> 

The ambiguity here is that DSS does not imply DATA_ACK. One could send a DSS without a DATA_ACK, but that would not signal to the client the reliable delivery of the MP_CAPABLE. Only the DATA_ACK will do so.

> Can change to:
> 
>    If B has data to send first, then the reliable delivery of the ACK + MP_CAPABLE can be inferred by the receipt of this data with an MPTCP Data Sequence Signal (DSS) option (Section 3.3) containing a DATA_ACK for the MP_CAPABLE (which is the first octet of the data sequence space). Furthermore, when A receives a DATA_ACK from B it is a signal of the reliable delivery of A's MP_CAPABLE.
> 
> Please confirm if you still feel this is necessary, given the quote I provide.

Yes, I still feel that this is necessary.

> 
> 
> Early Mapping
> 
>    A Data Sequence Mapping does not need to be included in every MPTCP
>    packet, as long as the subflow sequence space in that packet is
>    covered by a mapping known at the receiver.  This can be used to
>    reduce overhead in cases where the mapping is known in advance.  One
>    such case is when there is a single subflow between the hosts, and
>    another is when segments of data are scheduled in larger-than-packet-
>    sized chunks.
> 
> I would suggest simply adding a sentence at the beginning saying “A Data Sequence Mapping MUST appear on a TCP segment which is covered by the mapping”.

Yes, adding that sentence would clarify this.

I also would remove the sentence "This can be used to..." and "One such case is..." - it adds to the confusion IMO.

> 
> Regarding late mapping, we say:
> 
>    Implementations MAY hold onto such unmapped data for a
>    short while, in the expectation that a mapping will arrive shortly.
>    Such unmapped data cannot be counted as being within the connection-
>    level receive window because this is relative to the data sequence
>    numbers, so if the receiver runs out of memory to hold this data, it
>    will have to be discarded.  If a mapping for that subflow-level
>    sequence space does not arrive within a receive window of data, that
>    subflow SHOULD be treated as broken, closed with a RST, and any
>    unmapped data silently discarded.
> 
> Note the last sentence. We already bound this suggestion to just a subflow receive window of data, and provide a mechanism to reject (RST and silently discard). If we add the above text re early mapping that would also apply in this case and provide your requirement that the mapping lands on a segment covered by the mapping.

Yes, this last sentence, combined with the above-mentioned addition should make things fine.


Thanks,
Christoph

> 
> Any thoughts?
> 
> Best regards,
> Alan
> 
>> On 2 Dec 2019, at 17:27, Christoph Paasch <cpaasch(a)apple.com <mailto:cpaasch(a)apple.com>> wrote:
>> 
>> Hello Alan,
>> 
>> On 29/11/19 - 21:13:38, Alan Ford wrote:
>>>> On 28 Nov 2019, at 19:49, Christoph Paasch <cpaasch(a)apple.com <mailto:cpaasch(a)apple.com>> wrote:
>>>>> On Nov 28, 2019, at 8:16 AM, Alan Ford <alan.ford(a)gmail.com <mailto:alan.ford(a)gmail.com> <mailto:alan.ford(a)gmail.com <mailto:alan.ford(a)gmail.com>>> wrote:
>>>>>> On 27 Nov 2019, at 19:29, Christoph Paasch <cpaasch(a)apple.com <mailto:cpaasch(a)apple.com> <mailto:cpaasch(a)apple.com <mailto:cpaasch(a)apple.com>>> wrote:
>>>>>> Section 3.3.1, page 32 & 33, "A data sequence mapping does not need..."
>>>>>> 
>>>>>> This paragraph states that it is permissive to send a mapping in advance. Late-mapping is specified a bit higher around the sentence 
>>>>>> "Implementations MAY hold onto such unmapped data for a short while in the expectation that a mapping will arrive shortly"
>>>>>> 
>>>>>> This kind of early/late mapping announcements are difficult to handle in an implementation. The Linux Kernel implementation of multipath-tcp.org <http://multipath-tcp.org/> <http://multipath-tcp.org/ <http://multipath-tcp.org/>> has always disallowed such kind of mappings. Meaning, whenever a DSS-option is received such that the range specified by the relative subflow-sequence number in the DSS-option and the data-length does not (partially) cover the TCP sequence number of the packet itself, the subflow will be killed with a TCP-RST. The problem around handling such early/late mappings is that it is unclear for how long the stack needs to remember these mappings (in the early-mapping case), or for how long he needs to hold on to the data (in the late-mapping case).
>>>>>> 
>>>>>> We thus suggest to change this to the following:
>>>>>> Whenever a DSS-option is received on a packet such that the mapping of the subflow-sequence space does not partially cover the TCP-sequence number of  the packet itself, the host MUST discard this mapping and MAY destroy the subflow with a TCP-RST. It should be noted that a DATA_FIN that does not come with data has a relative subflow-sequence number of 0 and thus should be handled separately.
>>>>> 
>>>>> This one I do have an issue with:
>>>>> 
>>>>> - It is a technical change
>>>>> - Wording to this effect has been in the document since pretty much the beginning
>>>>> - It is a MAY which might as well say “there is no guarantee this would work”
>>>> 
>>>> The problem with the MAY is that the sender can't really know if the receiver accepts it (more regarding this below)
>>>> 
>>>>> Most importantly, the replacement text seems not to address this issue at all. If I read it correctly, it says that the data sequence mapping option MUST partially cover the subflow sequence space of the packet itself. But that has nothing to do with late or early mapping, both could partially cover the subflow sequence space and preceding data.
>>>>> 
>>>>> Can you clarify exactly what you want to permit and prevent, here?
>>>> 
>>>> Let me try to clarify what exactly we mean with early/late mapping so that we are all on the same terms here:
>>>> 
>>>> Early mapping:
>>>> 
>>>> A TCP-segment with sequence-number 1 holds a DSS-option with subflow-sequence number 1001 and data-length 100. This means we need to allocate space to store this DSS-option so that when the TCP-segment with seqno 1001 arrives we can know the mapping. There may be coming more of these DSS-options which all need to be stored in allocated memory. It is unclear what the limit to this is and there is no way to communicate this limit to the sender.
>>> 
>>> I don’t think we have ever intended to support a mapping like this. If the text is not clear here then yes, we might have an issue.
>> 
>> Yes, I do think that the text is not very clear on that  - we should clarify
>> that.
>> 
>>> We intend only to support: A TCP segment with sequence-number 1 holds a DSS option for SSN 1 and length 10000 (so multiple segments in the future).
>> 
>> Sounds good!
>> 
>>> Or, slightly more convoluted, a TCP segment with SN 100, length 100, which holds a DSS option for 151-250, and bytes 50-150 were already covered by a previous mapping.
>> 
>> Also good.
>> 
>>> I do not believe we have ever intended mappings on data segments where the segments do not include any of the mapped data. We did, however, intend to support mappings on pure ACKs in order to avoid any option space limits.
>> 
>> Mappings on a pure ACK are an unlikely use-case. The problem is that in the
>> end the mapping needs to reliably make it to the receiver as otherwise he
>> needs to throw the data away. Combining it with data implicitly makes it
>> reliable.
>> 
>> In case of option-space limits, it is better to send the options that do
>> consume a lot of space (ADD_ADDR,...) on the pure ACK.
>> 
>>> 
>>>> Late mapping:
>>>> 
>>>> The receiver receives data without DSS-options with TCP-sequence 1 to 1001. The corresponding DSS-option however arrives with the TCP-segment with seqno 2001. Here, the receiver needs to hold on to this data, waiting for the TCP-segment with the DSS-option. At one point the receiver needs to drop the data due to memory limits. Again, the sender has no way for knowing what this limit is.
>>> 
>>> So this is slightly more problematic, and this is what the MAY in the text is designed to discuss.
>>> 
>>> I believe we had intended to support a situation where you could have a segment 1-1000 without a DSS option, and 1001-2000 also without, and then 2001-3000 with the option then providing a mapping for 1 to 2001 or higher.
>> 
>> I think this scenario is fine to some extend with a slight change that the
>> provided mapping should be for 1 to 2002 or higher (thus, including the byte
>> of the 2001-3000 segment).
>> 
>>> This would allow a sender to start pushing out data before it knew what a mapping might look like.
>>> It does, however, seem an unlikely situation but you as a receiver could of course reduce the subflow window size in order to limit buffering. The text does recognise the memory issue and point out that this won’t be DATA ACKed and as such a sender should soon realise and retransmit on a separate subflow and then this subflow may eventually be closed.
>> 
>> Yes, it seems like an unlikerly situation and I'm not sure about the
>> use-case for doing this.
>> 
>>> Another situation would involve two mappings on the same TCP segment. If the first 50 bytes of a segment are covered by the mapping provided in that segment, but there are then also another 50 bytes, then the mapping can’t be provided until the next segment.
>> 
>> Yes, two mappings on a single packet are problematic simply because of the
>> lack of option-space.
>> 
>>> I guess my initial thought here is that this was intended to cover a number of corner cases but if it does not work for you then there are several compliant ways of dealing with it.
>>> 
>>>> When the DSS-option comes together with the corresponding TCP-sequence it is straight-forward to store it together with the data. There are no issues with memory-allocation,... as all of this is accounted together with the announced window (yes, the memory is not counted against the window, but the receiver can foresee the DSS-option overhead when computing what window he should announce).
>>>> 
>>>> When a receiver gets data without a DSS-option, he can store it for up to 64KB of data as that is the maximum data-level length and the last segment of the 64KB-train could be holding the DSS-option. After that he has to drop the data.
>>>> 
>>>> When the mapping partially covers the segment it also isn't a problem as the unmapped part can safely be dropped and the mapped part can be passed on to the MPTCP-layer.
>>>> 
>>>> All of this does not imply that every segment of a mapping needs to hold the DSS-option. Just one of them needs to have it.
>>> 
>>> That last statement aligns with what was intended in the text. But are you really saying that, or are you saying that the first one needs to have it? Because that would be a change.
>> 
>> No, the first one does not need to have it. Just one of them.
>> 
>> 
>> Cheers,
>> Christoph
>> 
> 


[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 17911 bytes --]

[MPTCP] Re: MPTCP implementation feedback for RFC6824bis

[Mat Martineau]

[-- Attachment #1: Type: text/plain, Size: 7513 bytes --]

The following message was held by the server (since Alan is not a list member), and due to a mailman server bug could not be released for delivery. I'm forwarding the copy that was sent to list owners.

Regards,
Mat


From: Alan Ford <alan.ford(a)gmail.com>
Subject: Re: MPTCP implementation feedback for RFC6824bis
Date: November 29, 2019 at 1:13:38 PM PST
To: Christoph Paasch <cpaasch(a)apple.com>
Cc: MultiPath TCP - IETF WG <multipathtcp(a)ietf.org>, Yoshifumi Nishida <nsd.ietf(a)gmail.com>, Philip Eardley <philip.eardley(a)bt.com>, Mirja Kuehlewind <ietf(a)kuehlewind.net>, mptcp Upstreaming <mptcp(a)lists.01.org>

Hi Christoph,

> On 28 Nov 2019, at 19:49, Christoph Paasch <cpaasch(a)apple.com <mailto:cpaasch(a)apple.com>> wrote:
> 
> Hello Alan,
> 
>> On Nov 28, 2019, at 8:16 AM, Alan Ford <alan.ford(a)gmail.com <mailto:alan.ford(a)gmail.com>> wrote:
>> 
>> Hi Christoph,
>> 
>> Thank you for the feedback. Comments inline...
>> 
>>> On 27 Nov 2019, at 19:29, Christoph Paasch <cpaasch(a)apple.com <mailto:cpaasch(a)apple.com>> wrote:
>>> Section 3.3.1, page 32 & 33, "A data sequence mapping does not need..."
>>> 
>>> This paragraph states that it is permissive to send a mapping in advance. Late-mapping is specified a bit higher around the sentence 
>>> "Implementations MAY hold onto such unmapped data for a short while in the expectation that a mapping will arrive shortly"
>>> 
>>> This kind of early/late mapping announcements are difficult to handle in an implementation. The Linux Kernel implementation of multipath-tcp.org <http://multipath-tcp.org/> has always disallowed such kind of mappings. Meaning, whenever a DSS-option is received such that the range specified by the relative subflow-sequence number in the DSS-option and the data-length does not (partially) cover the TCP sequence number of the packet itself, the subflow will be killed with a TCP-RST. The problem around handling such early/late mappings is that it is unclear for how long the stack needs to remember these mappings (in the early-mapping case), or for how long he needs to hold on to the data (in the late-mapping case).
>>> 
>>> We thus suggest to change this to the following:
>>> Whenever a DSS-option is received on a packet such that the mapping of the subflow-sequence space does not partially cover the TCP-sequence number of  the packet itself, the host MUST discard this mapping and MAY destroy the subflow with a TCP-RST. It should be noted that a DATA_FIN that does not come with data has a relative subflow-sequence number of 0 and thus should be handled separately.
>> 
>> This one I do have an issue with:
>> 
>> - It is a technical change
>> - Wording to this effect has been in the document since pretty much the beginning
>> - It is a MAY which might as well say “there is no guarantee this would work”
> 
> The problem with the MAY is that the sender can't really know if the receiver accepts it (more regarding this below)
> 
>> Most importantly, the replacement text seems not to address this issue at all. If I read it correctly, it says that the data sequence mapping option MUST partially cover the subflow sequence space of the packet itself. But that has nothing to do with late or early mapping, both could partially cover the subflow sequence space and preceding data.
>> 
>> Can you clarify exactly what you want to permit and prevent, here?
> 
> Let me try to clarify what exactly we mean with early/late mapping so that we are all on the same terms here:
> 
> Early mapping:
> 
> A TCP-segment with sequence-number 1 holds a DSS-option with subflow-sequence number 1001 and data-length 100. This means we need to allocate space to store this DSS-option so that when the TCP-segment with seqno 1001 arrives we can know the mapping. There may be coming more of these DSS-options which all need to be stored in allocated memory. It is unclear what the limit to this is and there is no way to communicate this limit to the sender.

I don’t think we have ever intended to support a mapping like this. If the text is not clear here then yes, we might have an issue.

We intend only to support: A TCP segment with sequence-number 1 holds a DSS option for SSN 1 and length 10000 (so multiple segments in the future).

Or, slightly more convoluted, a TCP segment with SN 100, length 100, which holds a DSS option for 151-250, and bytes 50-150 were already covered by a previous mapping.

I do not believe we have ever intended mappings on data segments where the segments do not include any of the mapped data. We did, however, intend to support mappings on pure ACKs in order to avoid any option space limits.

> Late mapping:
> 
> The receiver receives data without DSS-options with TCP-sequence 1 to 1001. The corresponding DSS-option however arrives with the TCP-segment with seqno 2001. Here, the receiver needs to hold on to this data, waiting for the TCP-segment with the DSS-option. At one point the receiver needs to drop the data due to memory limits. Again, the sender has no way for knowing what this limit is.

So this is slightly more problematic, and this is what the MAY in the text is designed to discuss.

I believe we had intended to support a situation where you could have a segment 1-1000 without a DSS option, and 1001-2000 also without, and then 2001-3000 with the option then providing a mapping for 1 to 2001 or higher. This would allow a sender to start pushing out data before it knew what a mapping might look like. It does, however, seem an unlikely situation but you as a receiver could of course reduce the subflow window size in order to limit buffering. The text does recognise the memory issue and point out that this won’t be DATA ACKed and as such a sender should soon realise and retransmit on a separate subflow and then this subflow may eventually be closed.

Another situation would involve two mappings on the same TCP segment. If the first 50 bytes of a segment are covered by the mapping provided in that segment, but there are then also another 50 bytes, then the mapping can’t be provided until the next segment.

I guess my initial thought here is that this was intended to cover a number of corner cases but if it does not work for you then there are several compliant ways of dealing with it.

> When the DSS-option comes together with the corresponding TCP-sequence it is straight-forward to store it together with the data. There are no issues with memory-allocation,... as all of this is accounted together with the announced window (yes, the memory is not counted against the window, but the receiver can foresee the DSS-option overhead when computing what window he should announce).
> 
> When a receiver gets data without a DSS-option, he can store it for up to 64KB of data as that is the maximum data-level length and the last segment of the 64KB-train could be holding the DSS-option. After that he has to drop the data.
> 
> When the mapping partially covers the segment it also isn't a problem as the unmapped part can safely be dropped and the mapped part can be passed on to the MPTCP-layer.
> 
> All of this does not imply that every segment of a mapping needs to hold the DSS-option. Just one of them needs to have it.

That last statement aligns with what was intended in the text. But are you really saying that, or are you saying that the first one needs to have it? Because that would be a change.

Best regards,
Alan




[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 17380 bytes --]

[MPTCP] Re: MPTCP implementation feedback for RFC6824bis

[Mat Martineau]

[-- Attachment #1: Type: text/plain, Size: 4261 bytes --]

The following message was held by the server (since Alan is not a list member), and due to a mailman server bug could not be released for delivery. I'm forwarding the copy that was sent to list owners.

Regards,
Mat


From: Alan Ford <alan.ford(a)gmail.com>
Subject: Re: MPTCP implementation feedback for RFC6824bis
Date: November 28, 2019 at 8:16:31 AM PST
To: Christoph Paasch <cpaasch(a)apple.com>
Cc: MultiPath TCP - IETF WG <multipathtcp(a)ietf.org>, Yoshifumi Nishida <nsd.ietf(a)gmail.com>, Philip Eardley <philip.eardley(a)bt.com>, Mirja Kuehlewind <ietf(a)kuehlewind.net>, mptcp Upstreaming <mptcp(a)lists.01.org>

Hi Christoph,

Thank you for the feedback. Comments inline...

> On 27 Nov 2019, at 19:29, Christoph Paasch <cpaasch(a)apple.com <mailto:cpaasch(a)apple.com>> wrote:
> 
> Hello,
> 
> as I mentioned during the meeting last week in Singapore, the team working on upstreaming MPTCP into the Linux Kernel has some feedback on RFC6824bis that would be good to be factored into the RFC before publication.
> 
> Here is the list of comments/changes the team is suggesting:
> 
> Section 3.1, page 19, "If B has data to send first,..."
> 
> The first phrase states that when A receives a DSS from B it indicates successful delivery of the MP_CAPABLE. However, it is not the DSS but rather the DATA_ACK that indicates this. Digging through some past e-mail exchanges I had with Alan I see that that was indeed the intention.
> 
> We are thus suggesting to change this text to:
> If B has data to send first, then the reliable delivery of the ACK+MP_CAPABLE can be inferred by the receipt of this data with a MPTCP Data Sequence Signal (DSS) option that includes a DATA_ACK (Section 3.3). Further, whenever A receives a DATA_ACK from B it is a signal of the reliable delivery of A's MP_CAPABLE. After this, A can send data to B with a regular DSS option.

That seems entirely logical clarification, and was the intention anyway. A developer probably infers the meaning but clarification is no bad thing.

> Section 3.3.1, page 32 & 33, "A data sequence mapping does not need..."
> 
> This paragraph states that it is permissive to send a mapping in advance. Late-mapping is specified a bit higher around the sentence 
> "Implementations MAY hold onto such unmapped data for a short while in the expectation that a mapping will arrive shortly"
> 
> This kind of early/late mapping announcements are difficult to handle in an implementation. The Linux Kernel implementation of multipath-tcp.org <http://multipath-tcp.org/> has always disallowed such kind of mappings. Meaning, whenever a DSS-option is received such that the range specified by the relative subflow-sequence number in the DSS-option and the data-length does not (partially) cover the TCP sequence number of the packet itself, the subflow will be killed with a TCP-RST. The problem around handling such early/late mappings is that it is unclear for how long the stack needs to remember these mappings (in the early-mapping case), or for how long he needs to hold on to the data (in the late-mapping case).
> 
> We thus suggest to change this to the following:
> Whenever a DSS-option is received on a packet such that the mapping of the subflow-sequence space does not partially cover the TCP-sequence number of  the packet itself, the host MUST discard this mapping and MAY destroy the subflow with a TCP-RST. It should be noted that a DATA_FIN that does not come with data has a relative subflow-sequence number of 0 and thus should be handled separately.

This one I do have an issue with:

- It is a technical change
- Wording to this effect has been in the document since pretty much the beginning
- It is a MAY which might as well say “there is no guarantee this would work”

Most importantly, the replacement text seems not to address this issue at all. If I read it correctly, it says that the data sequence mapping option MUST partially cover the subflow sequence space of the packet itself. But that has nothing to do with late or early mapping, both could partially cover the subflow sequence space and preceding data.

Can you clarify exactly what you want to permit and prevent, here?

Best regards,
Alan





[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 8803 bytes --]

[MPTCP] Re: MPTCP implementation feedback for RFC6824bis

[Christoph Paasch]

[-- Attachment #1: Type: text/plain, Size: 7832 bytes --]

Hello Alan,

On 29/11/19 - 21:13:38, Alan Ford wrote:
> > On 28 Nov 2019, at 19:49, Christoph Paasch <cpaasch(a)apple.com> wrote:
> >> On Nov 28, 2019, at 8:16 AM, Alan Ford <alan.ford(a)gmail.com <mailto:alan.ford(a)gmail.com>> wrote:
> >>> On 27 Nov 2019, at 19:29, Christoph Paasch <cpaasch(a)apple.com <mailto:cpaasch(a)apple.com>> wrote:
> >>> Section 3.3.1, page 32 & 33, "A data sequence mapping does not need..."
> >>> 
> >>> This paragraph states that it is permissive to send a mapping in advance. Late-mapping is specified a bit higher around the sentence 
> >>> "Implementations MAY hold onto such unmapped data for a short while in the expectation that a mapping will arrive shortly"
> >>> 
> >>> This kind of early/late mapping announcements are difficult to handle in an implementation. The Linux Kernel implementation of multipath-tcp.org <http://multipath-tcp.org/> has always disallowed such kind of mappings. Meaning, whenever a DSS-option is received such that the range specified by the relative subflow-sequence number in the DSS-option and the data-length does not (partially) cover the TCP sequence number of the packet itself, the subflow will be killed with a TCP-RST. The problem around handling such early/late mappings is that it is unclear for how long the stack needs to remember these mappings (in the early-mapping case), or for how long he needs to hold on to the data (in the late-mapping case).
> >>> 
> >>> We thus suggest to change this to the following:
> >>> Whenever a DSS-option is received on a packet such that the mapping of the subflow-sequence space does not partially cover the TCP-sequence number of  the packet itself, the host MUST discard this mapping and MAY destroy the subflow with a TCP-RST. It should be noted that a DATA_FIN that does not come with data has a relative subflow-sequence number of 0 and thus should be handled separately.
> >> 
> >> This one I do have an issue with:
> >> 
> >> - It is a technical change
> >> - Wording to this effect has been in the document since pretty much the beginning
> >> - It is a MAY which might as well say “there is no guarantee this would work”
> > 
> > The problem with the MAY is that the sender can't really know if the receiver accepts it (more regarding this below)
> > 
> >> Most importantly, the replacement text seems not to address this issue at all. If I read it correctly, it says that the data sequence mapping option MUST partially cover the subflow sequence space of the packet itself. But that has nothing to do with late or early mapping, both could partially cover the subflow sequence space and preceding data.
> >> 
> >> Can you clarify exactly what you want to permit and prevent, here?
> > 
> > Let me try to clarify what exactly we mean with early/late mapping so that we are all on the same terms here:
> > 
> > Early mapping:
> > 
> > A TCP-segment with sequence-number 1 holds a DSS-option with subflow-sequence number 1001 and data-length 100. This means we need to allocate space to store this DSS-option so that when the TCP-segment with seqno 1001 arrives we can know the mapping. There may be coming more of these DSS-options which all need to be stored in allocated memory. It is unclear what the limit to this is and there is no way to communicate this limit to the sender.
> 
> I don’t think we have ever intended to support a mapping like this. If the text is not clear here then yes, we might have an issue.

Yes, I do think that the text is not very clear on that  - we should clarify
that.

> We intend only to support: A TCP segment with sequence-number 1 holds a DSS option for SSN 1 and length 10000 (so multiple segments in the future).

Sounds good!

> Or, slightly more convoluted, a TCP segment with SN 100, length 100, which holds a DSS option for 151-250, and bytes 50-150 were already covered by a previous mapping.

Also good.

> I do not believe we have ever intended mappings on data segments where the segments do not include any of the mapped data. We did, however, intend to support mappings on pure ACKs in order to avoid any option space limits.

Mappings on a pure ACK are an unlikely use-case. The problem is that in the
end the mapping needs to reliably make it to the receiver as otherwise he
needs to throw the data away. Combining it with data implicitly makes it
reliable.

In case of option-space limits, it is better to send the options that do
consume a lot of space (ADD_ADDR,...) on the pure ACK.

> 
> > Late mapping:
> > 
> > The receiver receives data without DSS-options with TCP-sequence 1 to 1001. The corresponding DSS-option however arrives with the TCP-segment with seqno 2001. Here, the receiver needs to hold on to this data, waiting for the TCP-segment with the DSS-option. At one point the receiver needs to drop the data due to memory limits. Again, the sender has no way for knowing what this limit is.
> 
> So this is slightly more problematic, and this is what the MAY in the text is designed to discuss.
> 
> I believe we had intended to support a situation where you could have a segment 1-1000 without a DSS option, and 1001-2000 also without, and then 2001-3000 with the option then providing a mapping for 1 to 2001 or higher.

I think this scenario is fine to some extend with a slight change that the
provided mapping should be for 1 to 2002 or higher (thus, including the byte
of the 2001-3000 segment).

> This would allow a sender to start pushing out data before it knew what a mapping might look like.
> It does, however, seem an unlikely situation but you as a receiver could of course reduce the subflow window size in order to limit buffering. The text does recognise the memory issue and point out that this won’t be DATA ACKed and as such a sender should soon realise and retransmit on a separate subflow and then this subflow may eventually be closed.

Yes, it seems like an unlikerly situation and I'm not sure about the
use-case for doing this.

> Another situation would involve two mappings on the same TCP segment. If the first 50 bytes of a segment are covered by the mapping provided in that segment, but there are then also another 50 bytes, then the mapping can’t be provided until the next segment.

Yes, two mappings on a single packet are problematic simply because of the
lack of option-space.

> I guess my initial thought here is that this was intended to cover a number of corner cases but if it does not work for you then there are several compliant ways of dealing with it.
> 
> > When the DSS-option comes together with the corresponding TCP-sequence it is straight-forward to store it together with the data. There are no issues with memory-allocation,... as all of this is accounted together with the announced window (yes, the memory is not counted against the window, but the receiver can foresee the DSS-option overhead when computing what window he should announce).
> > 
> > When a receiver gets data without a DSS-option, he can store it for up to 64KB of data as that is the maximum data-level length and the last segment of the 64KB-train could be holding the DSS-option. After that he has to drop the data.
> > 
> > When the mapping partially covers the segment it also isn't a problem as the unmapped part can safely be dropped and the mapped part can be passed on to the MPTCP-layer.
> > 
> > All of this does not imply that every segment of a mapping needs to hold the DSS-option. Just one of them needs to have it.
> 
> That last statement aligns with what was intended in the text. But are you really saying that, or are you saying that the first one needs to have it? Because that would be a change.

No, the first one does not need to have it. Just one of them.


Cheers,
Christoph

[MPTCP] Re: MPTCP implementation feedback for RFC6824bis

[Christoph Paasch]

[-- Attachment #1: Type: text/plain, Size: 6012 bytes --]

Hello Alan,

> On Nov 28, 2019, at 8:16 AM, Alan Ford <alan.ford(a)gmail.com> wrote:
> 
> Hi Christoph,
> 
> Thank you for the feedback. Comments inline...
> 
>> On 27 Nov 2019, at 19:29, Christoph Paasch <cpaasch(a)apple.com <mailto:cpaasch(a)apple.com>> wrote:
>> 
>> Hello,
>> 
>> as I mentioned during the meeting last week in Singapore, the team working on upstreaming MPTCP into the Linux Kernel has some feedback on RFC6824bis that would be good to be factored into the RFC before publication.
>> 
>> Here is the list of comments/changes the team is suggesting:
>> 
>> Section 3.1, page 19, "If B has data to send first,..."
>> 
>> The first phrase states that when A receives a DSS from B it indicates successful delivery of the MP_CAPABLE. However, it is not the DSS but rather the DATA_ACK that indicates this. Digging through some past e-mail exchanges I had with Alan I see that that was indeed the intention.
>> 
>> We are thus suggesting to change this text to:
>> If B has data to send first, then the reliable delivery of the ACK+MP_CAPABLE can be inferred by the receipt of this data with a MPTCP Data Sequence Signal (DSS) option that includes a DATA_ACK (Section 3.3). Further, whenever A receives a DATA_ACK from B it is a signal of the reliable delivery of A's MP_CAPABLE. After this, A can send data to B with a regular DSS option.
> 
> That seems entirely logical clarification, and was the intention anyway. A developer probably infers the meaning but clarification is no bad thing.

Sounds good! It would be good to clarify this.

> 
>> Section 3.3.1, page 32 & 33, "A data sequence mapping does not need..."
>> 
>> This paragraph states that it is permissive to send a mapping in advance. Late-mapping is specified a bit higher around the sentence 
>> "Implementations MAY hold onto such unmapped data for a short while in the expectation that a mapping will arrive shortly"
>> 
>> This kind of early/late mapping announcements are difficult to handle in an implementation. The Linux Kernel implementation of multipath-tcp.org <http://multipath-tcp.org/> has always disallowed such kind of mappings. Meaning, whenever a DSS-option is received such that the range specified by the relative subflow-sequence number in the DSS-option and the data-length does not (partially) cover the TCP sequence number of the packet itself, the subflow will be killed with a TCP-RST. The problem around handling such early/late mappings is that it is unclear for how long the stack needs to remember these mappings (in the early-mapping case), or for how long he needs to hold on to the data (in the late-mapping case).
>> 
>> We thus suggest to change this to the following:
>> Whenever a DSS-option is received on a packet such that the mapping of the subflow-sequence space does not partially cover the TCP-sequence number of  the packet itself, the host MUST discard this mapping and MAY destroy the subflow with a TCP-RST. It should be noted that a DATA_FIN that does not come with data has a relative subflow-sequence number of 0 and thus should be handled separately.
> 
> This one I do have an issue with:
> 
> - It is a technical change
> - Wording to this effect has been in the document since pretty much the beginning
> - It is a MAY which might as well say “there is no guarantee this would work”

The problem with the MAY is that the sender can't really know if the receiver accepts it (more regarding this below)

> Most importantly, the replacement text seems not to address this issue at all. If I read it correctly, it says that the data sequence mapping option MUST partially cover the subflow sequence space of the packet itself. But that has nothing to do with late or early mapping, both could partially cover the subflow sequence space and preceding data.
> 
> Can you clarify exactly what you want to permit and prevent, here?

Let me try to clarify what exactly we mean with early/late mapping so that we are all on the same terms here:

Early mapping:

A TCP-segment with sequence-number 1 holds a DSS-option with subflow-sequence number 1001 and data-length 100. This means we need to allocate space to store this DSS-option so that when the TCP-segment with seqno 1001 arrives we can know the mapping. There may be coming more of these DSS-options which all need to be stored in allocated memory. It is unclear what the limit to this is and there is no way to communicate this limit to the sender.

Late mapping:

The receiver receives data without DSS-options with TCP-sequence 1 to 1001. The corresponding DSS-option however arrives with the TCP-segment with seqno 2001. Here, the receiver needs to hold on to this data, waiting for the TCP-segment with the DSS-option. At one point the receiver needs to drop the data due to memory limits. Again, the sender has no way for knowing what this limit is.


When the DSS-option comes together with the corresponding TCP-sequence it is straight-forward to store it together with the data. There are no issues with memory-allocation,... as all of this is accounted together with the announced window (yes, the memory is not counted against the window, but the receiver can foresee the DSS-option overhead when computing what window he should announce).

When a receiver gets data without a DSS-option, he can store it for up to 64KB of data as that is the maximum data-level length and the last segment of the 64KB-train could be holding the DSS-option. After that he has to drop the data.

When the mapping partially covers the segment it also isn't a problem as the unmapped part can safely be dropped and the mapped part can be passed on to the MPTCP-layer.

All of this does not imply that every segment of a mapping needs to hold the DSS-option. Just one of them needs to have it.


Does this help? It is all about making things more deterministic as it is very hard for the receiver to handle these late/early mappings.

Thanks,
Christoph




[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 11616 bytes --]