From: Sage Weil <sweil@redhat.com>
To: Gregory Farnum <gfarnum@redhat.com>
Cc: ceph-devel <ceph-devel@vger.kernel.org>
Subject: Re: msgr2 protocol
Date: Fri, 3 Jun 2016 09:11:04 -0400 (EDT) [thread overview]
Message-ID: <alpine.DEB.2.11.1606030904430.6221@cpach.fuggernut.com> (raw)
In-Reply-To: <CAJ4mKGaWx8m4Zh_f6tQWe9ows77HHyMmv5y52Rr-5Q-ob_N1Yg@mail.gmail.com>
On Thu, 2 Jun 2016, Gregory Farnum wrote:
> On Thu, Jun 2, 2016 at 11:24 AM, Sage Weil <sweil@redhat.com> wrote:
> > On Thu, 2 Jun 2016, Gregory Farnum wrote:
> >> On Thu, May 26, 2016 at 11:17 AM, Sage Weil <sweil@redhat.com> wrote:
> >> > I wrote up a basic proposal for the new msgr2 protocol:
> >> >
> >> > http://pad.ceph.com/p/msgr2
> >> >
> >> > It is pretty similar to the current protocol, with a few key changes:
> >> >
> >> > 1. The initial banner has a version number for protocl features supported
> >> > and required. This will allow optional behavior later. The current
> >> > protocol doesn't allow this (the banner string is fixed and has to match
> >> > verbatim).
> >> >
> >> > 2. The auth handshake is a low-level msgr exchange now. This more or less
> >> > matches the MAuth and MAuthReply exchange with the mon. Also, the
> >> > authenticator/ticket presentation for established clients can be sent here
> >> > as part of this exchange, instead of as part of the msg_connect and
> >> > msg_connect_reply exchnage.
> >> >
> >> > 3. The identification of peers during connect is moved to the TAG_IDENT
> >> > stage. This way it could happen after authentication and/or encryption,
> >> > if we like. (Not sure it matters.)
> >>
> >> Hmm, reading this through I'm actually confused about how we do
> >> authentication before we identify ourselves.
> >
> > Keep in mind that this TAG_IDENT is the entity type and features--not our
> > cephx auth EntityName (client.foo, osd.123, etc.)--that identity is
> > established (securely) as part of the auth handshake.
> >
> >> Going back to the fast reconnects again (in which we allow a client to
> >> submit all the reconnect data at once and submit a message without
> >> waiting for a response from the server), we'd need to be able to
> >> re-use the previous session key during the authentication phase but
> >> for that to make any sense it would need to have supplied the
> >> identifying cookie.
> >
> > I think the fast reconnect would only be possible if the first connection
> > got far enough to discover the server cookie from it's TAG_IDENT. So the
> > 2 pieces of info we need are the session key established during auth
> > handshake *and* the server cookie from the ident. If, after that point,
> > we disconnect, we can fast reconnect using that info + our last seq etc.
>
> Yes, I agree. But that means the server needs to be able to identify
> the shared secret key being used to sign stuff. Do we not switch over
> from the cluster key to the session key until after auth is done and
> we move to TAG_IDENT?
> That might mean we want to re-sign all the stuff used for
> decision-making in the AUTH phase with our session key as well, hrm.
> Or maybe that doesn't add anything since if somebody has access to the
> session key they can necessarily have seen our session key, so never
> mind.
I would expect the fast reconnect to do something like
cookie, {cookie, last seq i got, next seq i will send, nonce}^previous_session_key
and the server reply to do something like
{nonce+1, last seq i got}^previous_session_key
The server would look up the previous cookie, use that session key to
decrypt the block, verify it looks okay, and use the rest of the info to
initialize the session. Probably with some confounder or something. As
long as the cookie is plaintext, and the rest can be validated against the
previous session key, I think we would have enough?
> > I'm not totally certain this will actually be a win, though. For example,
> > say we send
> >
> > msg5 + msg6 + msg7 + msg8 + msg9 + msg10
> >
> > and have seen an ack through msg6. That means on reconnect we either have
> > to wait for a round trip to get the last_ack and find out whether the
> > server got 7-10, or blindly resend 7-10 even though they might be dups.
> > Whether it's a win will depend on the message sizes vs connection latency.
> >
> > My inclination is still to leave the door open for fast reconnect, but
> > ignore it in the initial implementation for simplicity...
>
> Yeah, if we actually get interrupted without acks it's not so helpful.
> I'm thinking more the case where the OSD is needing to politely tear
> down tcp sessions/sockets earlier than it would like to than that the
> network is frequently failing on us.
Oh yeah, that's a good point. It's probably worth it then!
sage
next prev parent reply other threads:[~2016-06-03 13:10 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-26 18:17 msgr2 protocol Sage Weil
2016-05-27 4:41 ` Haomai Wang
2016-05-27 4:45 ` Haomai Wang
2016-05-27 8:28 ` Marcus Watts
2016-05-27 17:33 ` Sage Weil
2016-05-27 17:28 ` Sage Weil
2016-05-27 9:44 ` Yehuda Sadeh-Weinraub
2016-05-27 17:37 ` Sage Weil
2016-05-28 18:19 ` Yehuda Sadeh-Weinraub
2016-06-02 15:43 ` Sage Weil
2016-06-02 15:59 ` Haomai Wang
2016-06-02 16:35 ` Sage Weil
2016-06-02 18:11 ` Gregory Farnum
2016-06-02 18:24 ` Sage Weil
2016-06-02 18:34 ` Gregory Farnum
2016-06-03 13:11 ` Sage Weil [this message]
2016-06-03 13:24 ` Sage Weil
2016-06-03 16:47 ` Haomai Wang
2016-06-03 17:33 ` Sage Weil
2016-06-03 17:35 ` Haomai Wang
2016-06-06 8:23 ` Junwang Zhao
2016-06-10 8:31 ` Marcus Watts
2016-06-10 10:11 ` Sage Weil
2016-06-10 10:48 ` Sage Weil
2016-06-06 20:16 ` Gregory Farnum
2016-06-10 11:04 ` Sage Weil
2016-06-10 19:05 ` Marcus Watts
2016-06-10 21:15 ` Sage Weil
2016-06-10 21:22 ` Gregory Farnum
2016-06-11 23:05 ` Marcus Watts
2016-06-12 23:59 ` Sage Weil
[not found] ` <CACJqLyax_SXEZp3vA2_wR+CdwKOo2Re=SsK2xfXqmXjz9d8iNw@mail.gmail.com>
2016-09-09 21:14 ` Sage Weil
[not found] ` <CACJqLyYwKZ5_1OHR_5=+mr=1ED2Nt34x4TB29j5dE1D+NjzFpg@mail.gmail.com>
2016-09-10 14:43 ` Haomai Wang
2016-09-11 17:05 ` Sage Weil
2016-09-12 2:29 ` Haomai Wang
2016-09-12 13:21 ` Sage Weil
2016-09-13 0:03 ` Gregory Farnum
2016-09-13 1:35 ` Haomai Wang
2016-09-13 13:21 ` Sage Weil
2016-09-13 11:50 ` Jeff Layton
2016-09-13 11:18 ` Jeff Layton
2016-09-13 13:31 ` Sage Weil
2016-09-13 14:48 ` Jeff Layton
2016-09-13 15:10 ` Sage Weil
2016-09-13 20:07 ` Gregory Farnum
2016-06-02 18:16 ` Gregory Farnum
2016-06-29 11:59 Avner Ben Hanoch
2016-06-29 16:52 ` Yehuda Sadeh-Weinraub
2016-06-30 11:59 ` Avner Ben Hanoch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.11.1606030904430.6221@cpach.fuggernut.com \
--to=sweil@redhat.com \
--cc=ceph-devel@vger.kernel.org \
--cc=gfarnum@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.