Date: Fri, 05 Nov 2004 23:16:59 +0100 From: Andre Oppermann <andre@freebsd.org> To: Karim Fodil-Lemelin <kfl@xiphos.ca> Cc: freebsd-arch@freebsd.org Subject: Re: Removing T/TCP and replacing it with something simpler Message-ID: <418BFBDB.827E347B@freebsd.org> References: <EKENLNBIDBAHKIELDLPNMELCCEAA.matt@genesi.co.uk> <418BB008.6040907@xiphos.ca> <418BAE54.72E4208F@freebsd.org> <418BB7BC.3010305@xiphos.ca> <418BB909.501CC9FD@freebsd.org> <418BF7EA.2020404@xiphos.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Karim Fodil-Lemelin wrote: > > Ok here is an example, just to make sure I understand: > > CLI1 : SERVER1 (first connection, option negociated, tuple hash > created) > CLI1 : SERVER1 (second connection, sending payload in first packet, > using previously negotiated cookie) > ... > CLI1 : SERVER1 ( nth connection, sending payload in first packet, > using previously negotiated cookie ) > > CLI1 : SERVER2 (first connection, option negociated, tuple created) > CLI1 : SERVER2 (second connection, sending payload in first packet, > using previously negotiated cookie) > ... > CLI1 : SERVER2 ( nth connection, sending payload in first packet, > using previously negotiated cookie ) > ... > CLIX : SERVERY ( if first connection create cookie, store tuple. if > tuple exists send payload in first packet) > > So, each time CL1 goes to a different server it pay the 3WSH tax only > once. This is very alike how T/TCP works right now (beside the cookie > thing). Yes, exactly. Actually the new T/TCP thing works the same as the old one from a functional point of view. What changes is the implementation. The original one was quite intrusive to the TCP code and generated many special cases which made it hard to maintain and to put new code in. In addition it CC* stuff is a rather weak and fragile mechanism. That's why we go with cookies this time and there are only a few places where the code has to be aware of it. Much less intrusive and more easy to maintain properly. > What I am wondering is how can we avoid as much as possible the > "learning" of the different servers since I know that CLIs will have to > go through two gateways running transparent proxies that support the > option (T/TCP). But since they are transparent (using forward rules) the > gateway don't talk to each other but to the SERVERs (from an IP standpoint). > > For example, if the cookie was per machine and not tuples, you could > have something like this: > > step 1: > CLI1 : SERVER1 (first connection, option negociated, cookie negotiated) > CLI1 : SERVER1 (second connection, sending payload in first packet, > using previously negotiated cookie) > ... > step2: > CLI1 : SERVER2 (first connection, option negociated, get the same > machine cookie from "SERVER1" (found a transparent proxy)) > > (From now on CL1 assumes its going through a transparent proxy that can > do T/TCP) > > CLI1 : SERVER3 (first connection, sending payload in first packet, > using previously negotiated machine cookie, validating transparent proxy) > > (If the cookie returned by SERVER3 does not match the"machine cookie it > found in SERVER1" then go back to step 1) > > This way the protocol would use knowledge that there is a transparent > proxy (found at step2) that is doing T/TCP on behalf of the SERVERs. > > What do you think? I think that is nice. Sounds like homework for you. ;-) -- Andre > Regards, > > Andre Oppermann wrote: > > >Karim Fodil-Lemelin wrote: > > > > > >> In the case where all connections go through the SATLINK and are > >>splitted by proxies, it make sense to use this knowledge and not > >>renegotiate cookies for every connections since we know there is only > >>one path to the internet and that all SATLINK connections will support > >>(T/TCP or whatever name it will have). Do you have any plan to include > >>that knowledge in your design or is it too much of a special case to > >>really care? > >> > >> > > > >It does not renegotiate cookies for every connection. Only the first > >connection will do that. Re-seeding of the cookies will happen trans- > >parently. You pay the 3WSH tax only once for the first connection, or > >the first connection after a longer idle time when the cookie expired. > > > > > > > > -- > Karim Fodil-Lemelin > Lead Programmer > > Xiphos Technologies Inc. > (514) 848-9640 x223 > (514) 848-9644 fax > www.xiplink.com > > -------------------------------------------------------------- > The information transmitted is intended only for the > person or entity to which it is addressed and may contain > confidential and/or privileged material. If you have > received this in error, please contact the sender and delete > this communication and any copy immediately. Thank you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?418BFBDB.827E347B>