Transparent TCP Timestamps draft-scheffenegger-tcpm-timestampnegotiation-03

Similar documents
TCP modifications for Congestion Exposure

TCP Modifications for Congestion Exposure

TCP modifications for Congestion Exposure

On the State of ECN and TCP Options on the Internet

Networked Systems and Services, Fall 2017 Reliability with TCP

Networked Systems and Services, Fall 2018 Chapter 3

Information Network 1 TCP 1/2. Youki Kadobayashi NAIST

CS 356: Introduction to Computer Networks. Lecture 16: Transmission Control Protocol (TCP) Chap. 5.2, 6.3. Xiaowei Yang

Congestion / Flow Control in TCP

Your Name: Your student ID number:

TCP Enhancements in Linux. Pasi Sarolahti. Berkeley Summer School Outline

Fast Retransmit. Problem: coarsegrain. timeouts lead to idle periods Fast retransmit: use duplicate ACKs to trigger retransmission

TCP/IP Networking. Part 4: Network and Transport Layer Protocols

file:///c:/users/hpguo/dropbox/website/teaching/fall 2017/CS4470/H...

CS419: Computer Networks. Lecture 10, Part 2: Apr 11, 2005 Transport: TCP mechanics (RFCs: 793, 1122, 1323, 2018, 2581)

Chapter 7. The Transport Layer

TCP Extended Option Space in the Payload of a Supplementary Segment

To see the details of TCP (Transmission Control Protocol). TCP is the main transport layer protocol used in the Internet.

User Datagram Protocol (UDP):

TCP : Fundamentals of Computer Networks Bill Nace

CPSC 3600 HW #4 Fall 2017 Last update: 11/9/2017 Please work together with your project group (3 members)

Internet Networking recitation #10 TCP New Reno Vs. Reno

Transport Protocols and TCP: Review

CSCI-GA Operating Systems. Networking. Hubertus Franke

Transport Protocols & TCP TCP

Transport Layer: outline

Transport layer. UDP: User Datagram Protocol [RFC 768] Review principles: Instantiation in the Internet UDP TCP

Transport layer. Review principles: Instantiation in the Internet UDP TCP. Reliable data transfer Flow control Congestion control

QUIZ: Longest Matching Prefix

TCP Strategies. Keepalive Timer. implementations do not have it as it is occasionally regarded as controversial. between source and destination

TCP = Transmission Control Protocol Connection-oriented protocol Provides a reliable unicast end-to-end byte stream over an unreliable internetwork.

Network Technology 1 5th - Transport Protocol. Mario Lombardo -

TCP and Congestion Control (Day 1) Yoshifumi Nishida Sony Computer Science Labs, Inc. Today's Lecture

Problem Set 7 Due: Start of Class, November 2

User Datagram Protocol

The TCP Minimum RTO Revisited

Investigating the Use of Synchronized Clocks in TCP Congestion Control

TCP Performance. EE 122: Intro to Communication Networks. Fall 2006 (MW 4-5:30 in Donner 155) Vern Paxson TAs: Dilip Antony Joseph and Sukun Kim

Inside Products TCP Problem Finder Thinking Inside the Box

CSCE 463/612 Networks and Distributed Processing Spring 2017

Internet Engineering Task Force (IETF) Google, Inc. R. Scheffenegger, Ed. NetApp, Inc. September 2014

COMP 431 Internet Services & Protocols. Transport Layer Protocols & Services Outline. The Transport Layer Reliable data delivery & flow control in TCP

CS Lecture 1 Review of Basic Protocols

SinFP3. More Than a Complete Framework for Operating System Fingerprinting v1.0. Patrice

Internet Protocols Fall Outline

TCP Basics : Computer Networking. Overview. What s Different From Link Layers? Introduction to TCP. TCP reliability Assigned reading

Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting

draft-johansson-rmcat-scream-cc

CMSC 417. Computer Networks Prof. Ashok K Agrawala Ashok Agrawala. October 25, 2018

Transmission Control Protocol (TCP)

CSCI-1680 Transport Layer I Rodrigo Fonseca

Fall 2012: FCM 708 Bridge Foundation I

TCP/IP Performance ITL

Transport Layer Review

Transport Over IP. CSCI 690 Michael Hutt New York Institute of Technology

Mobile Transport Layer Lesson 02 TCP Data Stream and Data Delivery

Packet Header Formats

ECE 435 Network Engineering Lecture 10

Transport Layer. -UDP (User Datagram Protocol) -TCP (Transport Control Protocol)

Transport: How Applications Communicate

CS118 Discussion 1A, Week 4. Zengwen Yuan Dodd Hall 78, Friday 10:00 11:50 a.m.

Sirindhorn International Institute of Technology Thammasat University

Results of a security assessment of the TCP and IP protocols and common implementation strategies

Topics. TCP sliding window protocol TCP PUSH flag TCP slow start Bulk data throughput

Configuring IP TCP MSS

TRANSMISSION CONTROL PROTOCOL INTRODUCTION TO TCP, THE INTERNET'S STANDARD TRANSPORT PROTOCOL

Networking Technologies and Applications

TCP Response to Lower-Layer Connectivity-Change Indications

Sequence Number. Acknowledgment Number. Checksum. Urgent Pointer plus Sequence Number indicates end of some URGENT data in the packet

TCP Service Model. Today s Lecture. TCP Support for Reliable Delivery. EE 122:TCP, Connection Setup, Reliability

CSCI-1680 Transport Layer I Rodrigo Fonseca

Performance Evaluation of TCP over WLAN with the Snoop Performance Enhancing Proxy

Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du. TCP Attacks. Chester Rebeiro IIT Madras

Transport Layer: Outline

TCP. TCP: Overview. TCP Segment Structure. Maximum Segment Size (MSS) Computer Networks 10/19/2009. CSC 257/457 - Fall

TCP: Transmission Control Protocol RFC 793,1122,1223. Prof. Lin Weiguo Copyleft 2009~2017, School of Computing, CUC

CSCI Topics: Internet Programming Fall 2008

Transport Protocols. CSCI 363 Computer Networks Department of Computer Science

Outline. TCP: Overview RFCs: 793, 1122, 1323, 2018, steam: r Development of reliable protocol r Sliding window protocols

Robust Header Compression (ROHC)

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Configuring Flood Protection

The Transport Layer Reliable data delivery & flow control in TCP. Transport Layer Protocols & Services Outline

Introduction to TCP/IP networking

Correcting mistakes. TCP: Overview RFCs: 793, 1122, 1323, 2018, TCP seq. # s and ACKs. GBN in action. TCP segment structure

Guide To TCP/IP, Second Edition UDP Header Source Port Number (16 bits) IP HEADER Protocol Field = 17 Destination Port Number (16 bit) 15 16

Transport protocols. Transport Layer 3-1

Detecting TCP regressions with tcpdiff. BSDCan Mike Silbersack

Connection-oriented (virtual circuit) Reliable Transfer Buffered Transfer Unstructured Stream Full Duplex Point-to-point Connection End-to-end service

The Transport Layer: TCP & Reliable Data Transfer

The Transport Layer Reliable data delivery & flow control in TCP. Transport Layer Protocols & Services Outline

A proposal for MPTCP Robust session Establishment (MPTCP RobE) enable full multipath capability for MPTCP Markus Amend, Eckard Bogenfeld, Andreas

CS 356: Computer Network Architectures. Lecture 17: End-to-end Protocols and Lab 3 Chapter 5.1, 5.2. Xiaowei Yang

7. TCP 최양희서울대학교컴퓨터공학부

Computer Networks. Transmission Control Protocol. Jianping Pan Spring /3/17 CSC361 1

Model-based Measurements Of Network Loss

Investigate reordering in Linux TCP

TSIN02 - Internetworking

6. The Transport Layer and protocols

Lecture 5. Transport Layer. Transport Layer 1-1

Transcription:

Transparent TCP Timestamps draft-scheffenegger-tcpm-timestampnegotiation-03 Richard Scheffenegger [rs@netapp.com] Mirja Kühlewind [mirja.kuehlewind@ikr.uni-stuttgart.de] 16. November 2011 82nd IETF, Taipei, Taiwan

Agenda Timestamp Echo on SYN TCP RTO calculation Changes since -02 draft 16. November 2011 82nd IETF, Taipei, Taiwan 2

TCP Timestamp Echo on SYN +-------+-------+---------------------+---------------------+ Kind=8 10 TS Value (TSval) TS Echo Reply (TSecr) +-------+-------+---------------------+---------------------+ 1 1 4 4 Some senders set TSecr!= 0 on [SYN] RFC1323 states, a sender SHOULD set TSecr to zero, if no valid timestamp is known Investigated this issue against Waikato Dataset (IP Header trace) covering 1. Jan. 2005 17. Aug. 2005 16. November 2011 82nd IETF, Taipei, Taiwan 3

TCP Timestamp Echo on SYN 1 016 245 629 [SYN] packets in trace 878 264 323 (86.4%) unique [SYN] 3 634 [SYN] && TSecr!= 0 (3.6 ppm) 3 613 (99.4%) unique 586 unique host pairs 457 unique senders 1 953 unique TSecr values 16. November 2011 82nd IETF, Taipei, Taiwan 4

TCP Timestamp Echo on SYN Majority of TSecr values sent on [SYN] is seen in at least one preceeding packet always from a different TCP session between the two hosts 1 783 (of 1 953; 91.3%) [SYN] && TSecr!= 0 preceeded by 1 191 [FIN, ACK] 5 [FIN, PSH, ACK] 573 [ACK] 13 [PSH, ACK] Remaining 171 [SYN] have no packet from opposite side (unidirectional flow captured) 16. November 2011 82nd IETF, Taipei, Taiwan 5

TCP Timestamp Echo on SYN passive OS signature on [SYN] && TSecr!= 0 MSS SACK TS NOP WS 3520 (96.86%) NOP NOP TS 56 ( 1.54%) MSS NOP WS NOP NOP TS 22 ( 0.61%) MSS NOP NOP TS 16 ( 0.44%) MSS NOP NOP TS WS 9 ( 0.25%) MSS SACK TS 8 ( 0.22%) MSS NOP WS NOP NOP TS NOP 1 ( 0.03%) MSS NOP WS NOP NOP TS NOP NOP 1 ( 0.03%) MSS NOP WS NOP NOP TS NOP WS 1 ( 0.03%) 16. November 2011 82nd IETF, Taipei, Taiwan 6

TCP Timestamp Echo on SYN passive OS signature on [SYN] && TSecr!= 0 p0f fails to identify senders (stringent heuristics) SinFP uses relaxed heuristics 1 IPv4: HEURISTIC0/P2: BSD: Darwin: 8.6.0 2 IPv4: BH0FH0WH1OH0MH1/P2: BSD: FreeBSD: 4.4 4 IPv4: HEURISTIC0/P2: BSD: FreeBSD: 4.10 12 IPv4: BH0FH0WH0OH0MH1/P2: BSD: Darwin: 8.6.0 106 IPv4: unknown 4 IPv4: BH0FH0WH1OH0MH1/P2: GNU/Linux: Linux: 2.2.x 5 IPv4: BH0FH0WH0OH1MH0/P2: GNU/Linux: Linux: 2.4.x 5 IPv4: BH0FH0WH1OH0MH1/P2: GNU/Linux: Linux: 2.4.x 6 IPv4: BH0FH0WH1OH0MH0/P2: GNU/Linux: Linux: 2.4.x 49 IPv4: BH0FH0WH0OH0MH1/P2: GNU/Linux: Linux: 2.6.x 217 IPv4: HEURISTIC0/P2: GNU/Linux: Linux: 2.6.x 409 IPv4: BH0FH0WH0OH0MH1/P2: GNU/Linux: Linux: 2.4.x 2814 IPv4: HEURISTIC0/P2: GNU/Linux: Linux: 2.4.x 16. November 2011 82nd IETF, Taipei, Taiwan 7

TCP Timestamp Echo on SYN 3509 sessions initiated from Linux (96.5%) 106 sessions initiated from unknown Host OS 19 sessions identified as BSD derived Known feature of Linux, when either sysctl_tcp_tw_reuse or sysctl_tcp_tw_recycle are enabled. This is used to shorten the TimeWait interval before sockets may be reused between two hosts. Observed TSecr values are not random, but preceeded in all observable instances by identical TSval (in a different TCP session), clearly indicating some kind of per-host timestamp cache. 16. November 2011 82nd IETF, Taipei, Taiwan 8

TCP Timestamp Echo on SYN As timestamp values represented uptime in some way, values are not random distributed. Would lead to reduced false positive negotiation with current proposal. Most TSecr values are seen in [FIN] segments (61.3%). As [FIN] packets are closing a TCP session, small semantic change to send TSval = 0 on [FIN] would further alleviate this issue. As with timestamp offset randomization (draft-gont-tcpm-tcp-timestamps), may break linux feature - revert to regular timewait session closure. 16. November 2011 82nd IETF, Taipei, Taiwan 9

TCP RTO calculation Defined in RFC6298: RTO = srtt + max(g, k * RTTvar) ; k = 4 RTTvar = (1-b) * RTTvar + b * srtt R ; b = 1/4 srtt = (1-a) * srtt + a * R ; a = 1/8 The sampled RTT (R ) no longer includes delack processing variability RTTvar will become smaller RTT represents primarily represents network delay One RTT extra delay before RTO expires added by restarting the RTO timer for each seen ACK 16. November 2011 82nd IETF, Taipei, Taiwan 10

4x RTTvar srtt TCP RTO calculation RFC1323 / 6298 Sender Receiver RTT includes delayed ACK delay t 0 TSval=t 0 t 1 TSval=t 1 t 2 t 3 X t 2 TSecr=t 0 Retransmission permitted after t 2 + RTO t 2 + RTO Typically at t 3 + RTO t 3 + RTO 16. November 2011 82nd IETF, Taipei, Taiwan 11

4x RTTvar srtt TCP RTO calculation new semantic t 0 TSval=t 0 Sender Receiver RTT excludes delayed ACK delay t 1 TSval=t 1 t 2 t 3 X t 2 TSecr=t 1 Retransmission permitted after t 2 + RTO too fast? t 2 + RTO t 3 + RTO Explicitly stipulate max(t 2,t 3 ) + RTO (last received ACK + RTO)? 16. November 2011 82nd IETF, Taipei, Taiwan 12

Major Change since -01 kind len 8 10 TSval TSecr 1 Ver Mask Reserved Adj Int 1 2 5 8 5 11 Redefined lower 16 bits No longer alike IEEE 754 floating point representation No special case handling when evaluating Interval Interval now signaled as scale/value pair like TCP window scaling Conceptually, the Interval is a large integer, right-shifted Adj times to fit into Int with the most significant bit Derived calculations stay identical (i.e. OWD) as with previous draft Allows for implicit clock source quality signaling by leading zero bits in Int 16. November 2011 82nd IETF, Taipei, Taiwan 13

Major Change since -01 kind len 8 10 TSval TSecr 1 Ver Mask Reserved Adj Int 1 2 5 8 5 11 Definition: 1 sec = 0x40 0000 0000 (39 bit length) Right shifted 28 times, to fit into 11 bit Int = 0x400, Adj=28 Alternative representations: Int=0x200, Adj=29; Int=0x100, Adj=30; Int=0x080, Adj=31 Allows for clock tick intervals between ~16 sec and a few nanoseconds, each with up to 10 alternative representations (clock source quality levels) 16. November 2011 82nd IETF, Taipei, Taiwan 14

Major Change since -01 kind len 8 10 TSval TSecr 1 Ver Mask Reserved Adj Int 1 2 5 8 5 11 Expected to be (compile time) static value for current slow running TCP clock sources (100 µs or longer intervals) 16. November 2011 82nd IETF, Taipei, Taiwan 15

Transparent TCP Timestamps Questions: semantic change to timestamp to have TSval set to zero on [FIN]? Changed signaling of Interval (simple shift vs. IEEE-754 like float) less problematic? Ready for adoption as a WG Item? 16. November 2011 82nd IETF, Taipei, Taiwan 16

Thank you! 16. November 2011 82nd IETF, Taipei, Taiwan 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback