--- 1/draft-ietf-tcpm-tcp-timestamps-03.txt 2011-02-04 11:14:42.000000000 +0100 +++ 2/draft-ietf-tcpm-tcp-timestamps-04.txt 2011-02-04 11:14:42.000000000 +0100 @@ -1,19 +1,19 @@ TCP Maintenance and Minor F. Gont Extensions (tcpm) UK CPNI -Internet-Draft December 20, 2010 +Internet-Draft February 4, 2011 Intended status: BCP -Expires: June 23, 2011 +Expires: August 8, 2011 Reducing the TIME-WAIT state using TCP timestamps - draft-ietf-tcpm-tcp-timestamps-03.txt + draft-ietf-tcpm-tcp-timestamps-04.txt Abstract This document describes an algorithm for processing incoming SYN segments that allows higher connection-establishment rates between any two TCP endpoints when a TCP timestamps option is present in the incoming SYN segment. This document only modifies processing of SYN segments received for connections in the TIME-WAIT state; processing in all other states is unchanged. @@ -25,25 +25,25 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on June 23, 2011. + This Internet-Draft will expire on August 8, 2011. Copyright Notice - Copyright (c) 2010 IETF Trust and the persons identified as the + Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as @@ -67,33 +67,34 @@ 2. Improved processing of incoming connection requests . . . . . 3 3. Interaction with various timestamps generation algorithms . . 6 4. Interaction with various ISN generation algorithms . . . . . . 7 5. Security Considerations . . . . . . . . . . . . . . . . . . . 8 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 8 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 8.1. Normative References . . . . . . . . . . . . . . . . . . . 8 8.2. Informative References . . . . . . . . . . . . . . . . . . 9 Appendix A. Behavior of the proposed mechanism in specific - scenarios . . . . . . . . . . . . . . . . . . . . . . 9 + scenarios . . . . . . . . . . . . . . . . . . . . . . 10 A.1. Connection request after system reboot . . . . . . . . . . 10 Appendix B. Changes from previous versions of the draft (to be removed by the RFC Editor before publishing this document as an RFC) . . . . . . . . . . . . . . 10 - B.1. Changes from draft-ietf-tcpm-tcp-timestamps-02 . . . . . . 10 - B.2. Changes from draft-ietf-tcpm-tcp-timestamps-01 . . . . . . 10 - B.3. Changes from draft-ietf-tcpm-tcp-timestamps-00 . . . . . . 10 - B.4. Changes from draft-gont-tcpm-tcp-timestamps-04 . . . . . . 10 - B.5. Changes from draft-gont-tcpm-tcp-timestamps-03 . . . . . . 11 - B.6. Changes from draft-gont-tcpm-tcp-timestamps-02 . . . . . . 11 - B.7. Changes from draft-gont-tcpm-tcp-timestamps-01 . . . . . . 11 - B.8. Changes from draft-gont-tcpm-tcp-timestamps-00 . . . . . . 11 + B.1. Changes from draft-ietf-tcpm-tcp-timestamps-03 . . . . . . 10 + B.2. Changes from draft-ietf-tcpm-tcp-timestamps-02 . . . . . . 10 + B.3. Changes from draft-ietf-tcpm-tcp-timestamps-01 . . . . . . 10 + B.4. Changes from draft-ietf-tcpm-tcp-timestamps-00 . . . . . . 11 + B.5. Changes from draft-gont-tcpm-tcp-timestamps-04 . . . . . . 11 + B.6. Changes from draft-gont-tcpm-tcp-timestamps-03 . . . . . . 11 + B.7. Changes from draft-gont-tcpm-tcp-timestamps-02 . . . . . . 11 + B.8. Changes from draft-gont-tcpm-tcp-timestamps-01 . . . . . . 11 + B.9. Changes from draft-gont-tcpm-tcp-timestamps-00 . . . . . . 11 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 11 1. Introduction The Timestamps option, specified in RFC 1323 [RFC1323], allows a TCP to include a timestamp value in its segments, that can be used to perform two functions: Round-Trip Time Measurement (RTTM), and Protection Against Wrapped Sequences (PAWS). For the purpose of PAWS, the timestamps sent on a connection are @@ -322,35 +323,36 @@ An implementation of the mechanism proposed in this document would enable recycling of the TIME-WAIT state even in the presence of ISNs that are not monotonically-increasing across connections, except when the timestamp contained in the incoming SYN is equal to the last timestamp seen on the connection in the TIME-WAIT state (for that direction of the data transfer). 5. Security Considerations - While the algorithm described in this document for processing - incoming SYN segments would benefit from TCP timestamps that are - monotonically-increasing across connections, this document does not - propose any specific algorithm for generating timestamps, nor does it - require monotonically-increasing timestamps across connections. - [CPNI-TCP] contains a detailed discussion of the security - implications of TCP timestamps and of different Timestamps generation - algorithms. + [I-D.ietf-tcpm-tcp-security] contains a detailed discussion of the + security implications of TCP timestamps and of different Timestamps + generation algorithms. 6. IANA Considerations This document has no actions for IANA. 7. Acknowledgements + This document is based on part of the contents of the technical + report "Security Assessment of the Transmission Control Protocol + (TCP)" [CPNI-TCP] written by Fernando Gont on behalf of the United + Kingdom's Centre for the Protection of National Infrastructure (UK + CPNI). + The author of this document would like to thank (in alphabetical order) Mark Allman, Francis Dupont, Wesley Eddy, Lars Eggert, Alfred Hoenes, John Heffner, Christian Huitema, Eric Rescorla, Joe Touch, and Alexander Zimmermann for providing valuable feedback on an earlier version of this document. Additionally, the author would like to thank David Borman for a fruitful discussion on TCP timestamps at IETF 73. Finally, the author would like to thank the United Kingdom's Centre @@ -370,33 +372,38 @@ [RFC1323] Jacobson, V., Braden, B., and D. Borman, "TCP Extensions for High Performance", RFC 1323, May 1992. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. 8.2. Informative References [CPNI-TCP] CPNI, "Security Assessment of the Transmission Control - Protocol (TCP)", http://www.cpni.gov.uk/Docs/ - tn-03-09-security-assessment-TCP.pdf, 2009. + Protocol (TCP)", 2009, . [I-D.gont-timestamps-generation] Gont, F. and A. Oppermann, "On the generation of TCP timestamps", draft-gont-timestamps-generation-00 (work in progress), June 2010. [I-D.ietf-tcpm-1323bis] Borman, D., Braden, R., and V. Jacobson, "TCP Extensions for High Performance", draft-ietf-tcpm-1323bis-01 (work in progress), March 2009. + [I-D.ietf-tcpm-tcp-security] + Gont, F., "Security Assessment of the Transmission Control + Protocol (TCP)", draft-ietf-tcpm-tcp-security-02 (work in + progress), January 2011. + [INFOCOM-99] Faber, T., Touch, J., and W. Yue, "The TIME-WAIT state in TCP and Its Effect on Busy Servers", Proc. IEEE Infocom, 1999, pp. 1573-1583 . [Linux] The Linux Project, "http://www.kernel.org". [Opperman] Oppermann, A., "FYI: Extended TCP syncookies in FreeBSD- current", Post to the tcpm mailing-list. Available at: ht @@ -437,61 +445,65 @@ of previous time stamps, the resulting timestamps might not be monotonically-increasing, and hence the proposed algorithm might be unable to recycle the previous incarnation of the connection that is in the TIME-WAIT state. This case corresponds to the current state- of-affairs without the algorithm proposed in this document. Appendix B. Changes from previous versions of the draft (to be removed by the RFC Editor before publishing this document as an RFC) -B.1. Changes from draft-ietf-tcpm-tcp-timestamps-02 +B.1. Changes from draft-ietf-tcpm-tcp-timestamps-03 + + o Addresses Tim Polk's DISCUSS. + +B.2. Changes from draft-ietf-tcpm-tcp-timestamps-02 o Addresses COMMENTs received during IESG review, and maybe Tim Polk's DISCUSS. -B.2. Changes from draft-ietf-tcpm-tcp-timestamps-01 +B.3. Changes from draft-ietf-tcpm-tcp-timestamps-01 o Addresses AD-review comments by Lars Eggert. -B.3. Changes from draft-ietf-tcpm-tcp-timestamps-00 +B.4. Changes from draft-ietf-tcpm-tcp-timestamps-00 o Addresses WG Last call comments received from Wesley Eddy, John Heffner and Joe Touch. o Minor editorial fix (reported by Wes Eddy). -B.4. Changes from draft-gont-tcpm-tcp-timestamps-04 +B.5. Changes from draft-gont-tcpm-tcp-timestamps-04 o Draft resubmitted as draft-ietf. -B.5. Changes from draft-gont-tcpm-tcp-timestamps-03 +B.6. Changes from draft-gont-tcpm-tcp-timestamps-03 o Changed the document title o Removed all the text related to the algorithm earlier proposed for timestamps generation. o Addresses comments received from Alexander Zimmermann, Christian Huitema, Joe Touch, and others. -B.6. Changes from draft-gont-tcpm-tcp-timestamps-02 +B.7. Changes from draft-gont-tcpm-tcp-timestamps-02 o Minor edits (the I-D was just about to expire, so it was resubmitted with almost no changes). -B.7. Changes from draft-gont-tcpm-tcp-timestamps-01 +B.8. Changes from draft-gont-tcpm-tcp-timestamps-01 o Version -01 of the draft had expired, and hence the I-D is resubmitted to make it available again (no changes). -B.8. Changes from draft-gont-tcpm-tcp-timestamps-00 +B.9. Changes from draft-gont-tcpm-tcp-timestamps-00 o Fixed author's affiliation. o Addressed feedback submitted by Alfred Hoenes (see: http://www.ietf.org/mail-archive/web/tcpm/current/msg04281.html), plus nits sent by Alfred off-list. Author's Address Fernando Gont