Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Internet Engineering Task Force / 101 / 19 Mar 2018
Internet Engineering Task Force / 101 / 19 Mar 2018
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: IETF101-TCPM-20180319-0930

Description

TCPM meeting session at IETF101
2018/03/19 0930

https://datatracker.ietf.org/meeting/101/proceedings/

A

Good morning,.

B

This is TC p.m. so, if you're not interested in T CPM, you might not be in the right room.

B

Okay, so my name is Michael Jackson um I'm, the other Michael I'm Josi co-chairing of this meeting. This is the note. Well you all read when you registered for this meeting and applies for the ITF and applies to this meeting in particular, so we do have a note-taker thanks Cory.

B

If you go to the mic, send your name senate's, say it slowly say your name say it slowly, so it can be taken down on the notes and if you are in the future, sending submitting a draft which are you think this working group is interested in put T CPM in the name, so we can see it I'm going to the add gender, so I will present the working group status at the beginning.

B

Then we will have some presentations regarding working of documents. The first one is the AIF document. Then we have accurate, ECM, TCP rack, then some about the tea CPM converters, the the TCP converters and then we have a presentation by Fernando- are.

C

You.

B

Here yet so, if he's, if he, if he makes it in time, you will see a presentation about the back in the TCP spec, we will have an update on TCP, fast, open deployment and, if time permits, we will look at our the last draft on this list, which already had some discussion on the mailing list. So working group documents finished between the last ITF in this one is the RFC described in cubic, and these are the working documents which are active. The first one I'll turn off back off is actually in working group.

B

Last call still, we just figured out that we don't have a milestone for it, so we have to restart everything. Now, that's a joke, but we really don't have a milestone for it. We are trying to fix this. Then we have TCP IDEO. There was an editorial update, but it's just updating, typos fixing, typos and that stuff Joe said they are trying to get implementation. Experience.

B

Rto consider is a draft which expired, so we haven't seen an update and it's actually, the document is actually expired. Accurate ecn as a document, we have seen an update and we see a presentation on it. The same is applies to TCP req no updates is on the RFC 793 bits document.

B

Tcp M generalized ecn also hasn't seen an update, but it's still both are still alive. The TCP converters document. We will have a presentation today, so.

B

Most of the documents of Specter.

B

Okay, so this is these of its last chest light so Michael. Can you come up and tell him tell us about the current situation.

D

It is smart.

E

Okay good morning next, please that's a boy. We had a review from Microsoft before the working group last call I'm, just mentioning it cuz that was just before it and we updated the draft in working group last call. First, Richard gave a few comments.

E

Also market auctions essentially saying the same thing about some of the idea: references being RFC's already. So that's an easy fix, we'll fix that, and he asked if some generic rules of thumb about the better loss versus easy an adjustment will be in order. Our answer to that was that this really depends on the congestion control. Our draft us ref does recommend 0.8 for Reno type congestion control and for cubic.

E

There is a bit of text somewhere already that says, the results of our tests indicate that cubic benefits from 0.85, but there's no actual actual specification in our document about this number next, then, we got a pretty long list of comments from Marco. Some of them are pretty easy to deal with. First of all, there was a wrong statement in section 4-1 related to the timeout that isn't really about our C system.

E

I mean some argumentation on why I use ecn to vary the degree of back off, and we decided that this paragraph can really just be removed. So this isn't this isn't really specifying anything then. Secondly, he wanted us to specify what happens when Seawind is as a thresh, because I document now says this is only for congestion avoidance, but according to I, receive five six, eight one, it's not clear whether you're in congestion avoidance or when Seawind is at Thresh.

E

So our suggestion is to be conservative and confirm with the previous versions of this document, which say that you only apply this when in congestion avoidance now this is only definitely the case when cement is bigger than ssthresh and in line with what Mark walls has suggested. We could explain that there is a gray area.

E

There is a sentence in RFC, five, six, eight one talking about something being in the gray area, which says that this may benefit from additional attention: experimentation and specifications we'd like to say that about the case of cement being as this rash, as well as serum being smaller than SSO ash, because that is also something that is worth looking at. We looked at it, but we don't spec it next and then there was a concern about the lower bound of two SMSs being introduced in in this RFC. Now that comes from it's an editorial thing.

E

Really it comes from having to be explicit about what we do with as as fresh, whereas the original text just says reduce it. You know in line with being the same as loss.

E

We at this point I just want to say that we never intended to change anything about the EC and behavior, except for this calculation factor. So we'll just fix the text to make it very clear that we're not changing anything except for this calculation factor, if see when can be reduced below SS Rashed, and so be it we're not we're not trying to change anything about the RSC 3168 rules, except for this factor, and that's it.

B

Any comments in the room.

B

So I left the working group last call open for this meeting so that, if you have a comment, you can bring it up now.

F

Praveen does Romanian Microsoft in terms of testing. I saw that there is a research paper and a bunch of measurements on test setups. Has there been any measurement on the internet or any kind of deployment of this yet and has the source code being absorbed into any OS yet for.

E

The first question: not that I know of for the second question, I think we are in the very last stages before that is shipped in FreeBSD.

F

For.

E

Changing the behavior.

F

Of easier by HIPAA by default, changing the behavior of how it responds to easy on marks. I.

E

Think it's off by default: okay,.

B

Any other comments, so if that's not the case, then I sent up send out a note today that I'm closing the working of last call and ask your office to submit in your document and then we will progress it and decide it or your changes. So we don't need a another. Working group. Last call probably wait until we have a milestone.

B

We've requested. Okay. Thank you. Thanks, Mia.

G

Yep so accurate easy- and we have this draft already for a while and we're trying to close it up so in the next slide. There is a quick recap of the problem statement. The problem was that the classic ECM doesn't provide you enough information if you have high levels of congestion.

G

Basically, if you see more than one marking in a round-trip time, you wouldn't know at the sender side, so accurate ecn is just changing the feedback from the receiver to the sender and providing you accurate information about how much markings you have seen in the last round of time. Next slide: accurate Sen provides capability, negotiation, Inspectorate compatible compatible with classic Sen, and it has two ways to send feedback.

G

One is using three bits in the TCP header, so basically reusing the East End bits that are already there from the classic is in, and also the previously the the bit that was probably known as the nonce easier nonce bit. That is now deprecated or not in use anymore, and then it has a second way to provide you even more feedback with the TCP option.

G

But as we know, TCP option might not always go through the past, so you have liked this part in the in the header that you receive for sure and then the option is kind of optional.

G

Next slide: that's how the header looks like so you have, and you will still have as accurate is the end. We have the two easy inflex called easy and cwr, and then the flag that was currently known as NS, the non spec will in future probably be the AE flag. The accurate is the N flick and that's like what you used during the handshake and then later on, if accurate, easy and was negotiated, this field is used for these three bits are used as a field to provide you a counter next slide.

G

This is how the option looks like also very straightforward. We have like three fields for for three different counters. The difference is that the counter provided in the TCP header is a packet counter, and the counters provided in the option field are white counters. So basically, what this also means is that the packet counter does include control packets, which don't have any payload, and the white counters don't include control packets because they don't have any payload.

G

So the this is all actually pretty simple. The the only complexity is actually when to send the TCP option, because you don't have to send it with every packet. That would be a little bit of too much overload.

G

So basically, what the draft says is that you have to send a TCP option and if the information that you receive basically changes or if the code point changes, then if you see a row of congestion experience markings the drafts that you should send the option more often, because that's the part of information that you really want quickly and then it says you must at least send three options per round-trip time which, where a little bit of the implementation complexity comes from, because you never really know how much more packets you will send in the round-trip time and how to distribute them nicely over the round-trip time next slide.

G

So there is an implementation. This implementation provides the basic functionality, but it doesn't cover all the fallback and in special cases, so it's kind of a proof of concept implementation. It's not a full implementation, but it works. It's also a little bit an outdated kernel version, I believe what the implementation does. It uses the easy and sis ETL that's already there and just sets it to different value to enable equities. Yet so the internet interface also stays the same, and what we've done so far is that we have this implemented was an experimentation option.

G

So we we have the the value for the exploitation option reserved in the respective registry next slide.

G

So, just to recap, from the from the discussion we had last time last time we had a discussion about what to do with the TCP flag, because the problem here is that the registry actually says the policy is standard action and this is an experimental type exploitation of document and we had a hammer in the room with the conclusion that we want to assign the NS flag in the TCP header.

G

Sorry, the ACE, a II flick in the TCP header right away with this publication of this document to be clear what this flag is used for and then the process would be with I used a approval and that's what the document currently says. So basically the status is. We got two more reviews since the last meeting from Gauri and Myka's. Thank you very much. I try to address most of their comments put some little changes in there. There are a few more things that need more clarification and I. Think then the document is ready.

B

Thank you.

H

Questions so this is Michael speaking from the floor, so most of my comments are purely editorial about the wording, but there's one comment that I'd like to raise again- and this is about how to end this experiment. If there's partial deployment, because I wonder about because we experimentally are signing the flag, if we do a PS spec that follows so how do we do that? If the PS spec is different from the experiment, and this comes down to the negotiation and as far as I can see, there's no way to do that.

H

So this the negotiation mechanism is not future-proof. In that sense, maybe that's a downside or any solution that I could think of, would burn a TC up, TCP option or whatever. So maybe it is the right thing to do it that way, but I'm concerned that this mechanism is not future proof and I. Think this at minimum must be documented and recent. Why to discuss it? A of the the header it's not possible to decide Robin ago.

H

She ation mechanism and I think this must be documented, because it's a downside of the mechanism and, as I said, I, see a risk as a road reduce your risk that we have to burn another head a bit later and we don't have many of them. So it's different to do options. We don't have many header bits and I think at least this must be documented, and this is not only an editorial change of some words. It's something inherently about the mechanism and its downsides. Yes,.

G

um My take is that the things that we flick as questions we have for the experiment are not things that change the mechanism. Basically in itself, it's things that if you change them in a in the standards, Trek spec, you can just implement them differently and it's no problem. No compatibility, for example, the question about how often to send the TCP option. There's no real I know that the this, the receiving end point doesn't have to rely on a specific rate.

G

It gets or whatever it's really just one who sends the option has to decide on it. So I don't see for those questions we have in the experiment that we have flag out there.

I

So.

G

My hope is really that if we see deployment with this negotiation, that means we're on the right track. This is used and the changes we can do we can just do. The other case is that we don't see any deployment and then the end of the experiment would be like. We don't use it. Yeah.

H

Yeah fully agreed, but as I said, I mean you don't know what will happen as part of the experiment. We don't simply don't know the future. I have no specific concern right now. It's just my point is: if we run into an issue that requires a change we have burnt a bit. Yes,.

G

And.

H

There's no way to undo that if there's partial deployment and I think at least that must be well-documented, that that is in it's in property of the design, and it must be documented. You.

G

Can document it.

J

Michael can I can I. Just ask you good to know of you before you go away in case I'm, just trying to understand what you mean by burning a bit, and this is Bob Brisco for the scribe, because we're we're using a bit. That's already been used. So in a sense, we're we're not burning a bit and we're also reusing it where we're using it for negotiation and we're repurposing it during jegichagi.

G

Honest, it was not used in the city yeah.

H

They're two different aspects: first, the split was probably never used. It was document. It was a documentation for a proposal how to use it probably was never used. But, okay, we can decide in this group. We will use it in future. That's not my problem. My problem is, if you do a PS spec of this, and we have to change the protocol as outcome of the experiment. You have to burn another bit and I'm concerned about the second bit, not about this one here. This is the second one that I'm concerned about, but.

G

I think you will have no matter what you use all these bits, all the few remaining bits for you will have always the same problem like if you as soon as you sign a bit and you start deployment, it's really what you.

H

Taking that there would be a way for I mean I've not done the design, but there would be a way, for example, to use the bit and all this in together with an option and then the peer spec. You remove the option and then you would be able to distinguish whether you run the peer speck of the protocol or the experimental one so that there would be ways to solve it, but it ruins bits elsewhere in the header. So that's the downside.

F

Pravin Microsoft I had a question, so the draft says that some of the usages of the auction are a must still, so it doesn't leave room for an implementation to not implement the option if it chooses who chooses to and so.

G

I did my not change their actually because, like we had in mind that it's a receiver site decision to use the option, because if you know you're an environment where options don't use, then don't use it right. So we reflect this out a little more explicitly. That was like a hidden assumption. We had in mind and I added a sentence somewhere that hopefully clarifies that part. It.

F

Still says that you know you still must parse the option if you receive it right are.

G

You you must pass the option if you said no, you must pass the option if you receive it like, you must have.

J

You read my email yesterday, not really: okay, Bob, let's go yeah. There's a statement in there that the if you like the data send are the one that's receiving. The ACK must be able to muster. Have the implementation to be other as an option, even though it's not, it's only assured to send an option. Yeah.

G

Yeah.

J

So that if, if one end has implemented it, the other end can use it I think that's! Okay with you! Isn't it because, because I thought, your problem was that you didn't want all the complexity of having to deal with sort of the failure of the option and that study was sending it. But if you do get it through from from the receiving end, I mean.

G

I think it's it's it's correct to say and I'm not sure what the exact wording I think it's correct to say: you have to have the implementation to be able to pass it. If you, if you add another kind of switch to say it's implemented but I already know I, don't need this information, though you don't have to pass it. It's like an implementation decision only it.

F

Would be nicer if you made it assured, because then it leaves it up to the implementation so.

G

But I mean like this is this: is part of the TCP stick and it's a generic protocol. So if you don't even provide the code to ever pass the option, that's not what we want. I think if you have a specific connection where you know that you don't need to read the option, let something else.

F

Okay, I think we can take this further on the mail. You know.

G

I look up the exact wording and make sure it's clear, definitely yeah.

J

I suggested wording in this email yesterday, yes,.

K

We had a problem like this, with a sac RFC, actually that the negotiation was an ambiguous and somebody shifted an Immelmann tation that would say will sac and then never said, sacked, and so in fact the actual negotiation in the code is will sac indicates that you can receive sac I've forgotten the detail, but you don't actually turn on sac until you see a sac option because there were half implementations that were fielded, you.

G

Say be careful, be very clear about it right yep got it I! Think.

F

Overalls will be nicer if an implementation could just choose to do the whole implementation without having to deal with the option. It'd be nicer to leave that open in the in the outside. So.

G

I mean like, what's here: what's your use case here because, like I understand that for someone in data centers, now you don't want the option, but you have the code in your in your implementation, because you use a standard implementation that hopefully already has the code and you never use the code. You never run so that code pass. Is that a problem for you.

F

You know I think it's it's more about not having to implement fall back and all that complex logic. Once you implement the option, so you can't just implement the option and not to dealing with all the problems that result from so.

G

But then your scenarios, basically you don't use a general purpose of a writing system that has implemented an accurate, easy and for all use cases, and you, like you, actually customize it for your use case right. Is that really what you have in mind? I'm.

F

Saying that the negotiation part and the part that you can get some feedback from the network without having to implement the option, is still a viable option for illumination.

J

Bob Brisco again I, don't see the problem with I mean, obviously it's work doing the implementation. But if, if you cause an incoming option, you don't have to have any of the code that does any of the they fall back because you're not sending an options and all effect for back as if they were sending it. No yeah yeah.

F

That's a fair point: I think. If it's only about parsing one received, then it's fair.

G

Okay, I come back to you.

B

Any other comment, so I guess I need to be a revision.

G

I.

B

Think we would like to see at least a couple at one more review on on the document from.

H

Okay,.

B

Yeah.

G

Okay,.

B

So when we have another one then- and it's and the issue so address, then we can go to a working group as well. Okay,.

G

Thank you.

B

Serac is next.

L

Hi everyone I'm Neutron I'm here to present the draft update for rock. This is the third update. This is work done with my colleague neon and Tita empuje at Google. Next, please. So this is a quick snapshot of Iraq in the sort of natural rock.

L

Is you can imagine that, having a timer on every packet you have sent instead of just one timer and then basically, this timer is updated as you get an AK and you get a better idea of the RTT and you use that to determine and adjust the time out for every packet.

L

This is sort of a best way to picture what Rack is doing like the example on the right is simply showing this say: you send two packets, so the second packet gets an AK or sac, so you get an update of the RTT and then then you just wind up the timer for the first packet and based on the most recent RTT you get, you can sort of put an arty T plus some window to deal with reorder and that's all the implementation, details and configuration details, but that's the basic concept of rock.

L

So doing time-based instead of counting dewbacks next, please on another sort of combined feature with rockets called the tailless probe and the problem to deal with this. That today, when you have a tailless, you have to wait for a time out and tell loss is occurring, common and especially short connections.

L

They say you send two packets post get lost, and here your serial might be 100, but you only have three packets to package or three packet to send and often lost, and then you would, you see, went to one according to the RC and which is like a big penalty because literally you, sensory, packets and the last to get lost. So you take a time out. The tail loss idea is that, okay, on this kind of occasion, you can just after a round-trip or two, we transmit up like a pro packet.

L

What we do here is you simply: we transmit the last one and if the last one is quickly act within an RTT, then you said it's really just like fast recovery. There is really not that many packet loss, because you know things are sort of coming back. It's not like the entire flight is lost for a long time, so you perform a fast recovery instead of like a four time: I'll reset Seawind style.

L

So that's sort of the tail loss probe idea, and that works great with rack, because it's we saw this time our base recovery. You can just use his probes RTT to adjust the time of the other loss packet next, please!

L

So that's the basic idea of RAC and in this IDF we have just uploaded the cert revision, which we add a few things. One is I talked about a time, the reloading window. Basically, when you wait for how long do we will wait before you declare a package lost, you can just wait for an RTT. That's too aggressive, so you add some cushion and that cushion what we call is the reordering window is, they are usually they might be reloading.

L

So I wait for something and in the past it's a static value in the new draft we make it dynamic and another thing: that's new is called a Dewback special mode, which now rack can be like almost identical, like the two back fresh approach and I offer a sound like like the compatible mode to for staff who want to deploy rack but also want to base on some kind of due back special approach and also there is a example of a fast implementation and like congestion, control interactions that some people along the list has make a very good observation that rack can interact with congestion, control, belly.

L

I'll talk about details later and in terms of deployment in the Google server kernel. We have complete sort of. We place all the doop, a special approach with rack. So today, in our server production colonel there is rock TLP and the standard time out mechanism which is required, but that's it you don't see other like a FAQ or sweet you back or yeah yeah. There are quite a few. This is completely subsumed next, please!

L

So what is this dynamic, reordering window? So in the previous draft, the reordering window is simply set to a quarter of RTT. Very, very simple deals with most of the losses reordering, because a lot of reordering that we are seeing is just a very small scale. Let's say you know, the packet that you sent in the next is delivered just a little bit quicker than the packet that you sent earlier.

L

So the reordering degree is small, but there are cases in when the reordering window can get pretty large, especially on Wi-Fi links where it's, the Wi-Fi retransmission that costs the reordering and Wi-Fi link retransmission is highly dependent on the channel status and in this case rack will perform a spoof, Schloss detection. You say: okay, this packet timer has fired and this package should be consider lost. So if you use lost based congestion control, then it's gonna take a hit on that, and in this case initial idea we have is alright.

L

This precisely measure the reordering degree, but it turns out to be really complex, because when you want to do that, you have to remember the per packet timestamps, even when the packet has been acknowledged right. So, usually in TCP stack when a package cannot you free the the packet because it's been delivered in this case, you have to keep those extra state simply to do this precisely and we believe that's not really worth the effort.

L

What we do is we look at this option that have been created a long time ago called the bouquet sack and what it does is when you receive a packet that covers a sequence that you have already received. You simply return. The sack option says: hey I got this duplicated sequence and it has been on implemented in all the major stacks, like Linux, iOS and Windows since all on by default, and that's a great indication because it signals buoys which transmission Jenna. You have a question there.

F

Clarification question: why do you need to remember the per packets timestamp after the packet is acknowledged because.

L

Even outfits act right: you are trying to gauge okay, this packet has been act and there is some more packet, that's been sort of in flight and the Reis. The way you measure the reordering degree is you have to measure the two right yeah. So that's why you have to keep I know.

F

I get that, but you would you would discard everything only after everything is cumulatively acknowledged up until that point. That's.

L

Right yeah, so sorry, I think I made me say: it's not the act, it's the thus act. So that's fine! Let me clarify yeah that.

M

Okay, that explains it yeah.

L

All right go ahead.

J

Okay,.

L

Yeah, so the basic idea is: we use this act as a signal for aspies retransmission and we increase the reloading window when you get some of that and you decrease when you are doing loss recovery when you don't observe further, these acts, it's a very simple one. Next slide all.

J

Right so yes,.

L

They.

J

Do name supports Gilligan.

J

What I don't understand is you're, saying what you do, but not why you do it or what's your objective, what do you are you trying to get nospherus transmissions, or are you trying to get sort of? Yes.

L

Oh great, so the objective here is to say: you want to adjust this sort of reordering window, essentially the time now for the packets to accommodate higher degree of reordering. So if two packet being we order more than a quarter of minimun RTT, then today the previous version couldn't catch that and it will cause a spools sort of loss, recovery, yeah.

J

But what I'm asking is: how important is it to you not to have that? In other words, if you get some spurious retransmissions, do you care? You know, in other words where where was what's your objective between those that trade off, because that depends what algorithm yeah.

L

So again, if you use a last-place congestion control, especially if you also don't support TCP I fail, which is the TCP undo mechanism, you know, then you will see the you know say: Reno keep dipping the congestion window because of reorder yeah yeah.

J

Yeah I know: I know that I'm just saying, but trying to completely remove spurious transmissions is impossible. So what's your trade off? What do you say? I mean it's I.

J

Have.

K

An answer to that, and- and that is if you take your favorite, very, very complicated recovery scenario and then insert in the forward path- something that shuffles every four packets does it still work, and the answer is no, because you can't do the logic in sequence: space. You want to do the logic in time-space and so that the sort of the limiting case is allow every packet to have an independent delay.

K

Okay and and but so you're correct that there isn't specified a reordering threshold or an implicit reordering threshold. But you want to be able to design that independently. You don't want the algorithm to have built into it assumptions about how much reordering what is the upper bound on the amount of reordering of the reordering distance and so making the algorithm support. Arbitrary levels of reordering such as you can then put in a policy and optimization about how much reordering and how much spurious retransmissions you're willing to deal with.

J

And that and that's important because the the problem I see with adapting to the level of reordering you find is that networks will just cause more reordering and then you'll that's more well. It depends how much at whether it goes beyond a round-trip time. Yeah.

L

So the next I'll put more detail, but basically the idea is to accommodate reordering up to an RTT further than that Rach couldn't do it because in the end of the day, if you have to pass one, send it to them over the moon and one is a local network. There is no way we can accommodate. We ordering like that yeah.

F

Provine Microsoft, so I wanted to know kind of which scenario led you down this path. Did you actually see reordering practically in cases where RTD by four was not good enough? Oh yeah.

L

This is actually triggered by when I studied the traces I have.

F

Seen.

L

Particular.

F

Environments or like Wi-Fi or is this more general, it's.

L

Hard for me, this is service I traced, so I don't know all I know. Is this angle Comcast. You know network a ASN yeah, but since severe we all drink on that.

F

I'm gonna go back to my question and a human.

C

Game Jen.

F

Iyengar sorry I'm gonna go back to the question. I was asking and I can I'm happy to talk to you afterwards. If it's up here, you said that the correction there was after the packet is sacked. In that case it's not be allocated in the stack it's only Delocated after the packet is cumulative yeah.

L

So I think I give that you know forget what I need to modify this right. This is about what happened is that in the TSO processing, when you say you have, you know they say package. Seven, eight nine that gets sacked right in linux they'll be collapsed into one sort of packet buffer. If you call that yeah, which you will lose the timestamps of individuals.

M

And the.

L

Time time the collapse and lost okay, yeah and and then then you have to keep your extra times then when they are doing the collapsing and that's a very complicated change, go.

M

To the essence, thank you. Please,.

L

So this is the more detail of this dynamic reordering window. So all the wielding windows, still the initial stay- is quarter of Menotti and for every round trip that you observe some design option uses equipment by a step.

L

Essentially you buy another quarter of monatti, it's important that it. You don't increase it for every D sack, because you could get a lot of D sack doing we ordering in a roundtrip. So we only do that incremental E and again. This could still miss that right. Let's say the reordering degree is actually 3/4 of our TT. So for the next round, Ferb you still going to cause some spewed, we transmission, and then you just have to learn again.

L

So it takes some round trips to attempt to a level. That's I can accommodate the current reordering and then we don't want to keep this high reordering for forever, because the problem is then your timeout gets too long, and if there is no reordering, you don't want to delay your fast recovery that long.

L

So what we do is another heuristics to say if, after 16 magic, number 16 last recoveries- and we see all the recoveries are done without seeing further defects, then we just reset it and just repeat this process, and all this design is there's a lot of ways to make it more fancier more adaptive. But we just trying to make it simple and good enough in our test cases and then doing fast recovery, we will temporarily we set the reordering window to zero to be very prompt in fast retransmit.

L

So the idea is to be conservative in the beginning, but once we decided okay, we need to go into loss recovery. Then we are very aggressive in marking the packets. We could have cost a lot of spirit retransmission, but with that decision, but it's sort of a trade-off that we have to make and again all this reordering window will be kept under the smooth RTT. So any we are doing further than that. We cannot catch that you will cost buoys with transmission, but I would order.

L

I would argue that for any kind of case that would be always reordering there. It's you cannot do that perfectly, like Bob next like lease, so this is just a showcase of the two algorithms. You know on the right on the left, its the O one and on the right, the new one where this is not a this is in emulation where we deliberately we order packets to hell and the sacks are in the purple color you can see. We are triggering a tongue of sacs, including the D sacs and in the over chin.

L

It will just keep trigger all this false recovery. So you will see the stupid is only 60 mega bits per second, but in the new one, you'll see initially we're still now. Ramping are very good, but we are learning and increasing the reloading window. Once the reloading window is pick enough to accommodate the reordering, then you don't cause further spoof retransmission and even under severe we order you can zoom up on your speed very quickly.

L

So this is just to show that how this dynamic we ordering window works under very severe reorder and if, on the right hand, side the new one. If I look at a longer time scale, you will see after the while that we essentially the reordering window, will rewind and you will Constance police retransmit, but you will read nirn and then pick up again thanks like lease.

L

So the last thing is the dupe. A special emulation mode do back. Special can still be very useful, especially in ultra-low our titties. Why is that? Because in rack I talked about a time out for every packet right and but in say they are sinners. The oddity is less than 100 microsecond a lot of time, but your stack, timer tick might be much bigger than that say: 1 millisecond or even 10 millisecond. So in this case let's say you're reloading time is reality: 300 microsecond, the fasted timer you can fire is say a millisecond.

L

Then this will cause something like so case, the counting simply counting the do. Baxter's offer a good advantage, and we can easily support that by saying if the lumber of the VEX ratio is bigger than or equal to, 3 then just set the reordering window to 0. There is some very subtle differences.

L

If you want to be pathetic about how this dewbacks reso is sort of trigger or used, because you need our c6 675 says that, in order for a packet to be consider loss, you need to have at least three packets that been sacked with higher sequence.

L

But for Rocky it's not such a strange, strict requirement. You just need to have three dewbacks, and at least one of them having higher sequence. There's this example: you send 10 packets and package. Three five seven are sacked in the standard RC.

L

Only one and two are will be consider lost, but in rack all the lost ones until the highest stack point will consider loss, which one is better I think it's really like a minimum is not worse that, like diving into all this details because yeah it's too bad special, which I find that a lot of implementation don't quite follow the RC exactly anyways.

N

So this is a rich after Canada is that statement actually true I mean I was under the impression that in the example with RC 6 to 675, you would enter loss recovery after the sack of packet 7, but once you're you're in loss recovery, the entire point of 66 75 was to recover all these four packets right now. If.

L

You read RC very, very carefully. You have. It does say that you need a leash, rehire sack sequence, packets, to trigger the dewbacks ratio. I can point you it's like one sentence. If you.

O

Alec this is Josi from Mike and then about the 66 75. You are right. One two pocket has been considered as a roast. That's know. If there is any window size, we can send that packet six, because now we in order to in a pro, but this might be a rose but we're not sure. But now we can send it just in case and then we can get feedback.

L

From yes, you absolutely right, I didn't put even the second, if condition, because we're getting into really super minor subtle details, but yeah you're right, it's possible. There is an optional mode in the artsy trigger yeah, I.

N

Think that this exact example of you give was the behavior of 34:17, so the old sack, recovery and I believe that was the was the way that we wanted to address in 66 75, okay. But this is again in.

L

The is it it's an optional mode. It's not like in the standard I think we can take it offline. We can look at this, you know are see, live I lion determine what exactly is the right? I wasn't yeah Jenna.

F

Inger, what's the intuition here for considering six as lost.

L

Why don't you think six is lost? When is three five, seven are loss, it could be reorder it. There is always possibility. That's usually the argument right. The only reason.

F

That 66, 75 or any of the other C's have the three do pack threshold us for reordering and that's why you also have the reordering window. If you remove the reordering window and you remove the three due back threshold for six, they all could very likely be marking success lost too early. You.

L

Could yeah, but again, in my experience you either have most of the time you either have losses on all this sequence or there is some reorder is no loss. So do you always need to wait for more two baths or sacks to confirm I? Think it's really yeah.

F

So this seems I mean again a little uncertain about I'm, not pushing back I'm just trying to understand what the intuition here is, because this seems like early transmit is getting folded in in a strange way, because early they transmit tries to do exactly that right. If seven was the last packet that was sent, then early retransmit would fire recovery of six.

L

Early retransmit will apply here because he required in fly size of four or less that's.

F

Correct yeah but I'm saying that if seven was the last packet that was sent, then that is what would happen. Mm-Hmm.

L

So so, if you don't use this to pass ratio mode in this package- sequence, the pure rack, without this boat well in the armed timer, instead of we transmitting it on the cert packet yeah right it just.

F

Seems more natural to me to mark one two and four as lost not six, because there are more acts that are on their way back. Eight.

L

Nine and ten haven't you.

F

Are arguing if.

L

You pass fish, how it should be one on some cases. I cannot disagree, I guess.

F

That's my Indian.

L

It's it's I, think.

F

Worth pointing out, then, that the do pack threshold here for six is in fact one because that's what's happening here.

L

Right, yeah, okay, I think we are getting into the very well-defined do pass ratio it's very different than what he was written a long time ago in the very first because back then there is no, not even sack. Surely that's.

F

Fine I just think that the the spirit of what is reading there, as three six six and referred to me, is accurate and that actually captures the intuition of what I think about as the reordering threshold and and that's what I was trying to point out.

L

Next slide, please um so the last one is interacting with congestion control. There is the case when, on a single AK, when we receive a will update the RTT and Rach can trigger a lot of packet. That's considered, it lost the simplest of they say you sent 100 packet right, only the very last one made it and in this case Rack will get an update of the RTT and for packet 1 to 99 it's going to arm a timer right once the timer fired.

L

They say after a quarter of RTT later it's going to mark 1 to 99 packet lost, so the in fly will drop or come from 100 down to base essentially zero from 99 to zero. So that's a big change of the in fly and if you just implement the current reno congestion control, which always sent an fast recovery first, it reduce the Seawind by half. Let's say: 50 right so see you in is 50 or SS ratio is 50 and the in fly is essentially zero. So what do you do? Is you burst?

L

50, packets out and without pacing? You is very likely to induce another round of loss which you have to spend to recover. So Linux doesn't have this problem because it uses this proportional reduction, which what it does is that during the fast recovery you either do packet conservation for every packet sex. You say one more packet out or you do slow, sir, for every packet sack you send two packets out, so it does have this situation. So we will recommend using this fast recovery approach, proportional reduction.

L

When you implement rack and another helpful one is you can do TCP, placing so that you don't send a big burst? That would be the most convenient solution for a lot of other situations too next piece, so the development. How frog has is near the end. We don't plan any further sort of algorithm changes. Of course, little tunings is always possible and Linux BSD and Windows all support that and I think the author's for authors see the racks.

L

The latest draft is fairly complete and we would like to ask for like a final review and maybe a last call if the chairs and the group feels it's ready. Okay,.

B

Thank you um one clarification question. You say: Linux FreeBSD and Windows support rec, so I understood that Linux supports version. 3 of this document.

B

As far as I get previously might support version 2, but not version 3 is that right, yep and Windows.

F

Provine Microsoft V support actually draft one or not two or three, so we don't actually support the three extensions that were already later so you.

B

Support the dynamic stuff, no, no version, 2 version.

F

Yeah yeah I think it was version 1, but.

I

Not this version not.

F

This version, ok, thank you.

E

Mike Aversa I I may be asking something very strange, because this isn't I'm a I, don't know so. The thing is I've been playing with a variant of this, and that is really not quite the same. It's a bit more drastic in a certain way. Well, just something that I experienced that I'm just wondering if the same thing could happen here, but I, probably not but I'm just wondering so let me ask something: I experienced is that, with the logic of using time to decide what has been lost on what hasn't been lost?

E

Well, the were cases where I ended up terminating recovery and I was basically over and had just reach and speeded everything, but I was lost. I was left with a large window that I'm now able to basically burst out immediately so I. What I needed to create is a phase of pacing that is after recovery. I, don't know.

E

If that sort of thing can happen to you, because I think a proportional rate reduction would operate within recovery, so I I, don't know if you need to have something at the end of recovery where you, but you can. You know, because basically the a clocking always allows you to send out another packet.

E

So you keep the a clock and you spend your window, but if you don't, then you may be left with a large window at the end of recovery and I mean it happened in my case, but that's really not exactly the same thing right so I don't know.

L

So I definitely agree your observe a shink as we see the same thing, that's why we recommend using FQ pacing for basically in general, don't just do that, but for the PR are this really for just the fast recovery? But again TCP is inclined to cause burns because of the Seawind in fly differences, and it's sort of this is sort of out of scope of the loss recovery.

L

It's not just after the recovery right, they say, you'll see when it's 100 and now you have 100 packet that you want to send you. You push them out. It's just it's a general problem in in TCP not specifically apply to only I guess.

E

I mean that depends on how quickly you pays out stuff during recovery. So if you haven't been fast enough in sending out stuff during recovery, you have this credit after recovery.

E

So if you're not sending out new packets right quickly enough, then you may be repairing your losses and all the losses are finished and everything is fine. But you have this credit of PAC estate. You still allowed to send after.

L

Because, according to the congestion control RC after recovery, your C 1 is always SS fresh right. That's that's the standard yeah.

E

Sure.

L

Yeah and then yes, you may not have much to send so you would later cause a but.

E

I mean if she went is then much bigger than what you have sent right. I mean it may allow you to send out a large number of packets. At the end, it.

L

May but I don't know why this is tie to loss recover. Oh just it.

E

Is a loss recovery because, if you're not if you're not sending during loss recovery fast enough, then you have not. You have not spent here your Seawind right.

E

So if, if you're sending too slowly during that- and you don't have I mean it depends on how many packets you assume are implied. So if you don't have.

L

So, no matter the you use rack or not during loss recovery, once the the lost packet have been repaired. C1 is always set to this.

I

Ss.

L

Fresh and the in fly is also not affected by whatever always am you use, so I guess I, don't okay, it seems like this is either way so I started out.

E

Saying this is something I saw, and it's probably not even related to this. You know: okay,.

F

Leave.

E

It at that.

F

Pravin Microsoft, so this recommends that we keep time stands per package sent right. That's.

I

Why, in.

F

Our implementation, we actually chose to keep it for sequence number space, because, for example, if you do like the TS or LS o, then it's a group of packets that are transmitted at the pretty much the same time. So there's some implementation. Efficiency gained by tracking this per sequence base, rather than per packet, which also means that we can't track the original packet and the retransmission separately so, and the other thing I found is that there is one case that you talked about tail drop, which will not be triggered.

F

If an implementation chooses to do this based on sequence numbers, it might be useful to comment on this in the draft. I think I.

L

Think the trap already that's exactly why we put t.o.p there, because in the end, rack recent acts still requires some ACK right and so for tail drops. Where you don't get any ACK. There is just nothing you can do in using these time stamps you. You have to send something to trigger an ACK to sort of cost more recovery actions. So it doesn't matter how you put the timestamp in in a sequence base or in the packet boundaries yeah. Okay, another.

F

Question so you talked about the inter with congestion control, and then you said we linux users prr to make sure that it doesn't flash the entire. You know. That's.

I

Right in.

F

Flight packets again, is this just about making sure that you're only inflating in-flight by the sacked packets is that the part of prr that is implemented or their other portions of PR or that are applicable? Is that or is that just that part no.

L

So it's PR is not just that part yeah, but part of this idea of PR is instead of bursting packets out. You want to do this sort of you want to paste packets out and gradually reduce the congestion window instead of reduce it at instant and then cost first yeah, but.

F

But my question is like the safety property would be just obtained by doing the the correct inflation of the congestion window right. The pacing is an optional part, because today, for example, without pacing, like you know, the conventional loss recovery yeah, similarly inflates the condition window so that, as long as we guarantee that safety property, then the other portions of PR are not really needed for track.

L

So what I'm saying is that you can use either one of the two Linux use pose it's a car like a pill and suspenders, but during fast recovery. But if you already have pacing and you don't need to implement prr, okay, okay, yeah.

B

Okay, so I would say, give the implementers a bit of time to catch up with version o3, okay, so hoping that whoever has implemented version over to has interest in version. Oh three can report whether it works, whether it's implementable in a good way or if they have any comments, so get some feedback before starting a working group last go on that sure.

L

Sounds good to me, yeah Oh.

J

Bob Brisco I'm wondering whether this draft, whether what you're trying to do is standardize the algorithm you have thought of or whether you're trying to standardize allow people to use different algorithms and you you need to describe what you were trying to do as a sort of black box. Do you see what I mean because it's the former Saints right yeah? So it's it's documenting one algorithm. That's.

L

Right rather yeah yeah, it does not prevent other, better algorithms, yeah, obviously yeah right.

J

Okay, that you, you might want to say that and and I think the draft would benefit from having what the algorithm is trying to do, not just what the algorithm is. Okay, can you repeat that again what the algorithm is trying to do, not just what the algorithm is? In other words, what are the objectives.

L

You mean to put more explicit wadding and in the documents in like not.

J

Warning just you you've, just you've just made it like reading a user manual about something that says this button. Does this this bus and as this this button does this but um says what you're trying to the machine is trying to do as a whole.

L

Okay, this is a draft up based on presenting the business that the whole.

J

Draft.

L

Doesn't say.

J

What what it's aiming to do it's aiming to reach okay,.

L

How about that can we sort of in I'll fly that figure out what whirring you would like to change so I can make it more yeah, okay,.

J

Oh yeah I'm just trying to think of other people who you might want to come up with different algorithms in a standards body. We also need to agree what is a good aim for all of us, not just what is one algorithm to meet that aim? You said I mean.

L

I see so you're saying there should be some consensus of the goal, so this always only just one approach toward that goal: I'm.

B

Closing the line of the journal and I'm asking.

F

You to be quick, pravin, Microsoft, sorry, one more question, so you said the implementation is almost your implementation is replaced all over the other loss recovery with RAC. Is it a goal for the draft or the RFC to say that an implementation should do that, or are you going to leave that open for implementations to do both if they chose to do so to do both yeah.

L

I mean I.

F

Mean do.

L

A Dewback Thresh as well as time-based. Yes, we recommend that you do enable this as a pack or culpability right.

F

Jenai, a very quick suggestion that this is a working group document, so I think you should take input from people who have specific suggestions about motivating text and so on. Specifically speaking to Bob Bob, you write very well. I didn't be wonderful to actually have what you're suggesting, but I would I would also say you know, such as text yeah.

L

So I think I already mentioned that will work offline to improve the document. Yeah.

B

Okay, thank you, okay, so, while the blue sheets- and has everyone signed it, so if not, please catch one and do better. So the next one is the TCP converter.

C

Okay, so so this presentation is both the first presentation of the contractor draft in front of TCP M, because it was already presented in mp TCP in Prague last year, but we did not have the opportunity to present in TCP I'm in Singapore and then an update of the draft after the working group. Acceptance on next slide please. So the initial motivation from the convertor comes from the work that has been done in MP, TCP working group and in MP DCP.

C

We see that there are more and peaty speak Lions then MPT MPT CB servers and there is a benefit of using MP TCP in the access network to be able to combine different paths, even if the server does not support MP TCP, so that you can go to a controller, that's reports and P TCP, so that you can benefit from the two paths in the access network. Even if the converter has not yet been upgraded to support. Mp TCP next slide, please.

C

So what are the objectives of the TCP converter, which has now been accepted by the working group, is to aid the development, the deployment of new TCP extensions? And if you look at the history of the different TCP extensions, we've seen that extensions are first deployed on the clients and then they are deployed much later on the server side and in enterprise networks and service provider networks its.

C

There is a possibility of deploying converters to aid the deployment of some TCP extensions, so the TCP converters they act like proxies and they will proxy connection initiated by clients and the objective of the control to draft is to do this proxy without requiring additional entities. And one important point of the converter Draft compared to other solutions, is that the converter has the ability to inform the client of the options that are supported by the server so that the client can detect.

C

If the server supports and P TCP, for example, then it can decide to bypass the converter. So it means that you only use a converter when there is a benefit of using the controller next slide. So just simple use case.

C

If you want to do NP TCP in the access network from a smart phone to a server that does not support an P TCP, you just use n P TCP to the convertor the tax as a TCP proxy, and then you have a regular TCP connection to fine observer next slide, the next slide and next again. So what are the basic principles for the converter? So it's an explicit TCP proxy between the client and the final server. So the client knows the IP address of the TCP proxy.

C

The client will send comments inside the TCP byte stream. So you can see that as an evolution of Sox, for example, or refinement of Sox and to be able to achieve 0 et, we just put the teeth.

C

The comments of the proxy in the syn and during the initial and shake and the comments and response are encoded in TLB format, to simplify the parsing and the processing of the options, and there is a way for the converter to inform the client of the TCP option that are supported by the server to enable it to bypass the converter. If the server supports the required extensions next slide so now, I have a set of examples to show you in principle: oh, it works and the shim add in all the figures you will see.

C

There are three colors. The green color corresponds to the IP addresses. The blue. Colors corresponds to the TCP header, including the TCP options, and the red color is the information which is added by the converter protocol, and this is part of the byte stream and it is encoded as a set of tlvs. So let's do an example.

C

So the client wants to read your server to be able to read your server where the client will do is that it will send a syn with the TF or p on to the converter, and we use the TF option to be able to put data inside the scene and the data that we put inside the scene is the IP address and the port number of the final server. So the convertor received the syn and thanks to the TF o cookie that it has provided to the client.

C

It confirmed that the sin is legitimate and what it will do is that it will initiate a connection next lightly to other server, and it knows the IP address of the server from the connect TLD, which was part of the original scene. Then the final server will reply to the scene with a cynic. Next slide. Please, and so the connection from the converter to the server is now established and the converter next slide. Please will confirm with a cynic that the connection to the client has been established.

C

So with the connect TLV, we pass the information of the final destination to the converter.

P

Hi Olivia Lars I got a quick question. You stick the IP address into the payload, not the DNS.

C

Name in the current version: this is the IP address, because we want the converter to be fast and if we put the DNS name in the TLV, then it means that we have to do dns resolution in the converter, yeah, I, sort.

P

Of worried about were thinking about scenarios where the clients DNS resolution might be limited and the proxies might not be so it just the.

C

Possibility to add the new TLV, where you put a dns name instead of an IP address in the current version. It's only an IP address, because we want to be fast on the conservative side and next slide. So, as I said, one of the benefit of the converter is that you can detect whether the final destination supports are give an option.

C

So let me take an example with MP TCP, but it would work with other TCP option, so the client creates a connection request through the converter, with the, and here we are using an T capable option which is shown as NPC, and we are using the RFC 68 when T for bit so just MP capable without the key to the converter. Next slide. The converter will try to establish an MP TCP connection to the server the server is MP TCP enabled so next slide.

C

It will reply with the MP capable option and with the key which is selected by the server, and what the converter will do is that upon reception of the simply Zak, what it will do is that it will extract the TCP option that has been returned by the server and it will send them in the payload of the synthesized.

C

Next slide, please to the client so that the client, by just passing the TLV, which is part of the byte stream of the TCP connection from the converter to the client, will know that the server supports and P TCP and knowing that the server supports and P TCP. Then the client for the next connection can decide to bypass the control and go directly to the server.

C

So that's a generic way of enabling the clients to understand what are the options that are supported by a given server, and it means that you can bypass the converter for this specific destination and next slide. Please so to be able to use TFO from the client to the converter. You need to be able to know what is the TFO cookie, which belongs to the converter, and for that there is a bootstrap connection.

C

So when the client starts, it has to initiate a connection to the converter just and the scene with an empty TFO and a bootstrap TLV, and the converter will reply to the client next slide to indicate what is the TFO cookie, that the client has to use to reach the converter and what are the supported, tcp extensions, that the client supports and allows to do a conversion. So that's a way to learn the capabilities of the converter during the bootstrap procedure. Next slide.

C

So now we know the converter cookie and we can use it in the client to reach a converter. So next slide yeah next slide again. So what is the tricky part is how can you do TFO to reach a server while you are already using TFO to reach a converter, and the idea is that we have done the bootstrap since we have done the bootstrap. We know the cookie of the client of the converter, so we use that in the TCP options.

C

That's the blue color, so we use the cookie that we receive from the converter and we want to obtain the cookie from the server so inside the connect TLV that we put in the byte stream in the establishment of the connection. We have a specific TLV that indicates that we want to send the TFO option and apt in an empty TFO option to the server.

C

So when the converter creates the connection to the to the server, what it will do is that it will send a syn with the antitype MTTF or option that comes from the connect tlg of the original sin of the client. So the server now knows that the converter is trying to create a connection and request a TFO cookie. The server will reply with the TFO cookie, so this is the cookie is assigned by the server.

C

So this TFO, cookie assigned by the server is returned to the converter, and what the converter will do is that, as with the MPT CP example, we will just take the TCP options that have been returned by the server and this TCP option that have been returned by the server. We put them as TLV inside the synth music, which is returned by the converter to the client and the client can pass the TFO option, which is which is included in the byte stream and from knowing the TSO option, which is included in the byte stream.

C

It can detect what is the cookie so SC that has been provided by the server and the client can cache this cookie for the specific server. Now on the next slide, we will see how the client can open a TFO connection to the server so now that what it will do is that it will go to the converter, use the connect TLV specifying the tcp open option, part the TF o, which has been supplied by the server.

C

So this TF o is copied by the converter in the scene that it sent to the to the final server next slide. So you see the TF o, which has been allocated by the server. The server recognize the cookie that is provided to the IP address, which is TD IP address of the converter, and it accepts the data and then you can do the syn ACK and the converter does the cynic as usual, so the solution works with TF o as well, just by using the information in the connect yield. So next slide please.

C

So this was the the introduction of the converter, and this is basically what I have shown in Prague last year. Now I will try to describe what we have done since the working group at AG adoption, which was three or four weeks ago. So we did lots of small little changes to try to clarify and simplify the text, and we have looked at out other TCP extensions than TFO and NP tcp could be supported by the converter. So next slide, please so first we look at the.

C

We would say the base tcp options, so the options that are part of RFC 793 so end of option list no operation and maximum segment size. For these options we don't see any of doing the conversion of these options on the converter. So what we propose is that the converter does not provide the conversion services for these kind of options.

C

Next slide, then there is window scale, so the window scale option is really a property of the tcp implementation and in the converter we have a TCP connection from the client to the converter and another TCP connection from the converter to the final server. It makes sense for the client to request the server to you, the the converter, to use Windows scale, but we don't believe that it makes sense for the client to request a specific window scaling value for the converter.

C

So the idea is that we don't want the control, the client to be able to impose a specific window scaling on the converter. So this should be the property of the converter. For that.

K

Are you familiar with the rounding hazards with the window scale option with.

C

So there's.

K

Some hazards in the window scale option that you can't avoid retracting the window if you're close to the end close to the end of the window space and the rounding is such that you cannot specify the boundaries at the actual window, the actual window. You want to announce, I'll, take it offline, okay, there's there's some deep traps lurking here.

C

So next slide, then we have time stamp selective acknowledgements and we'll keep a CCP. We believe that for these options they can be supported by the converter. So this is true for timestamp, for sec permitted and for multipath CCP and, of course, of kind 5, the Selective ik option. It cannot be advertised in a scene, so it doesn't make sense to support it on on the converter. Next slide, then fast open, so I explain how we can support fast open. So this is a part of the design of the converter draft next slide.

C

Tcp use a timeout, so there is an option which is related to TCP use a timeout kind 28. But it's unclear to us whether this option is already has really been implemented or not. So we know that the socket option is implemented, but we don't know whether the TCP option is implement. So is someone aware of an implementation of the TCP option for the TCP user timeout? If you are well, let me know, and then we can think on how to support it and whether it would be useful to support it next slide.

C

Then there is a TCP authentication option. Well, the objective of this option is to be able to detect modifications to the TCP header and the TCP payload. This option is in principle, against a proxy in the middle, so it does not make sense for a converter to be able to support TCP authentication option. Then the question is whether there is a benefit in trying to support the in the NAT extension of the TCP authentication option and we'd be interested in having feedback from the working group. On on that.

C

So my understanding is that the TCP authentication option is mainly used for bgp sessions and for for that use case, it does not really make sense to go through a proxy, because you want to use a TCP option also to detect failures, and so it doesn't make sense to go to a proxy and next slide, and then we have the experimental, TCP extensions.

C

This is the list which is registered by the Ayana in the current graph. We do not consider these experimental, TCP extensions, and our suggestion is that those extensions should be described in a separate draft. Otherwise, we will have a draft that will need to be updated every time there is a new experimental, TCP extension next slide.

C

So to conclude, we started from a proposal that was focused on multiple CCP and TFO, because there is a clear demand to be able to support converters for multiple CCP, but the discussions within the ITF convinced that there are other use case for other tcp extension. So in the draft we try to take into account all the comments that we have raised: doing the email discussions on the NP tcp and the tcp and mailing list. So we have an application level protocol.

C

We still need to have a service name or code to be reserved by Jana, so we use zero ATT through TFO and the client can bypass the converter. If service supports the extension so on, next steps will be to improve and fine-tune the discussion of the other tcp extensions based on the feedback from the working group, and we will get back from implementers and do interoperate tests. As far as I know, there are three implementations that are being developed for this solution.

K

Matter so I may have missed it, but has there been any discussion of how this interacts with TLS.

C

So what happens when you do TLS from the client to the server? So you have. You have to rely on the certificates that are provided by the server, and so the server will authenticate the connection, and so you have so you it since you encrypt everything and you authenticate everything passing through a proxy or passing through a router doesn't change anything because the TLS is working at the at the byte stream layer and not at the TCP header. So the only issue are the IP addresses and.

K

Handling the certificates and.

C

Handling.

K

The certificates.

C

You.

L

Tone chain, and still find hard to convince myself about the motivation seems like the motivation slide is to support multi pass inside the access network. Yes, but the most useful, MP TCP feature a usage. I've seen is to do the pockets of the parking lot problem where you launch the use, MP TCP across both Wi-Fi and LTE interface, on on your phone, our Saviour interface. It doesn't seem to match this case because then, where do you put the converter? It has to be very close to the server.

L

So could you put more detail some example: scenarios of doing MPT, CP InDesign access network? What's the benefit? What motivates them to do that so.

C

Just one motivation: for example: if you look at what has been explained in Korea about the deployment and the usage of the Sox proxies in Korea, 2x2, Bond, Wi-Fi and LTE together, there are the use case is to put the proxy in the network operators itself. So you have a network operator that provides Wi-Fi and LTE services and the proxy is inside the operators. Network.

L

Okay, so essentially the the access Necker is doing both Wi-Fi and cellular service. Okay, but that sounds is I, feel it's very limited at least doesn't apply to the case in u.s., of course, maybe in Europe, but I don't know how many eyes P are providing both services together, like they have a large user. So how.

C

Many ISPs are providing both Wi-Fi and LTE yeah and cellular services, so.

L

If.

C

If you are an incumbent operator typically, when you have, you will have mobile services and then, if you have dsl, then you have Wi-Fi access point on your DSL Network and many networks are providing solutions such as fun or others to share the Wi-Fi access point from multiple users. So this is pretty common. Okay,.

L

Is this part in the draft that what you just provide the example, the example you just provided? No.

C

No, so there are examples about if you look at the draft on the use cases for MP TCP. Those examples are in the RFC I think it's 60 41 at least use cases and deployment experience with NP TCP, okay,.

L

There's.

C

The draft site that RC.

L

I sound, yes, okay! Thank you.

A

State, your name Jonathan modie, sorry I violate the height requirement. Evidently, I had two comments. My first comment is that I found some tension in the draft between this idea that the client should have should be able to specify exactly which extensions it wants to use, and therefore the purpose of this is to enable them to use those extensions when they want to at least up to the convertor that supports them versus the what seemed like much less control.

A

The client has over what the server, though the converter talks to the server it seems like there was a lot of things where the draft says well, the client can say client can request something, but the actual the actual values are dependent upon what the converters stack supports and it struck me that there was a real dichotomy between the fine-grained control. You want to give the clients and the lack of control they have over that other TCP session.

A

That's.

C

The first thing: how would you answer that and I have yeah I see what you mean.

C

So the draft comes from a solution to support MP TCP, and then we were asked to extend it to other TCP options and what we need to do is that, and but we did not have time during the working group acceptance between the working group of acceptance and the draft deadline to look at all the TCP options in details and to see how the client can use each of the TCP options and to to build a table with all the combinations that would make sense.

C

But this is something that we plan to do, but the idea is that we want to let the converter specify I would say: I support this TCP extension. Let's say: I support, MP, TCP and sac and I'm able to do the conversion services for MP, TCP and sac and then for timestamp same time. I'm implementing, 73, 23 I will do timestamp for all the TCP connections. That I will open to the final nation anyway, and so this is not a conversion service. So there is a.

C

There is a tussle between what the client is requesting and what is the basic policy of the converter TCP implementation, and this is something that we need to clearly specify in the draft, and this is related to your question. I guess.

A

My second comment is that I think the draft really needs to explain why or how you're going to avoid all of the normal pitfalls that we see with middleboxes I mean you're, essentially adding a middle box here. There's all sorts of inherent concerns with that and I think that you, your draft, really needs to explain how you're going to avoid all of those.

C

So so we are aware of the issues with middle boxes, because they they played a key role in the design of MP TCP, and we had to pass through all of them with an P TCP and we managed to patch all of them in with an pcp I. Think the difference between the existing middle boxes and the converter is that the converter is explicit.

C

So you know what the converter will be doing doing to your TCP connection, and this is a major change compared to the middle boxes, and then we can add a section looking at if we have on the pass, a middle box that would remove TCP option. Here is what will happen. We can have a section saying if we have on the pass, a middle box that removes information in the scene payload. This is what will happen and and so on.

A

I'm not sure that this really is different than the middle box, though it in some ways it is different because you explicitly know it's there in other ways: it's not different. It doesn't solve all of all of the concerns that are there sure it's not trans.

A

At that point, it's not transparent, and so you have a maybe the problems are different, but they're still potentially problems that are there and concerns that are there, and so I still think that there's I still think there are considerations that should be addressed, and we talk more about that awful.

C

Well, we can extend the middle book section, so there are two parts of the middle book section. The part between the client and the convertor I think this is the one where we should have the focus, and then there is the part of middleboxes that would sit between the convertor and the final destination, but this is part of the existing TCP extensions, for that, so I would focus on the client, converter path and the presence of Mir boxes on those paths.

C

Do you agree with that? Or do you want to discuss as well? What happens when you have middle boxes between the converter and the final destination.

A

What I'm concerned about is that when we see middle boxes, we have problems because the middle boxes can go stale, they may support slightly different versions of various drafts.

A

You also have a buffering that occurs there that you need to deal with. People are trying to measure with timestamps, get different results and there's a lot there's all sorts of things that occur at middle boxes and you're introducing the middle box.

A

Now it's not a transparent middle box, but it's still a middle box and there's still considerations that make us typically not like middle boxes being there, and you need to make sure that you address those as part of your draft and say how the converter is not going to cause those problems or how it's going to work around the the problems that are inherent with little boxes. Yeah.

G

So if I have to propose right in my head, then the big difference is that you're actually connecting to the converter, so the destination IP address is the destination IP address to the converter. You open an enter and TCP connection to the converter, which is really not the same as a middle box. So a lot of those considerations we're worried about really.

I

Does.

G

Not apply because it's an explicit thing, the client decides to do.

F

Pravin Microsoft, so I I in your slides. You showed the success case where you know connection was successfully established. What about the error cases where you know the server sends a reset back or it might be doing like DDoS protection it might be trying to validate the client's source address ownership. How would all those things work so.

C

What happens if the server refuses the connection that was trying to be established by the client through the converter, then the server will send a reset to the converter and the converter will relay the reset to the client. So.

F

Does it relay all TCP packets? Is this like converter, trying to just relay all these B flags and is that what it's doing or is it no.

C

No, so we have two TCP connections, so there is one between the client and the converter and one between the converter and the server. And so, if the the connection, which is attempted by the converter, to reach the clock, the server is refused by the server. Then the converter will refuse the connection to the client.

C

What we do is that we only send the converter will only send a syn ACK once it has received a cynic from the server, because we want to be the client to be in a position to be able to detect whether the server is accepting the connection or not right.

F

What about like source address validation for DDoS attack prevention? In that case the server would challenge the original sin. How does this get relayed? Oh.

C

Do you relay service validation with what kind of source address validation? Do you.

F

Want you might be doing like Sinatra, you might send a challenge, act back or you might drop the syn to validate that the client. Actually you.

C

Drop the sin yeah and you ask the converter to retransmit the scene right.

F

But.

C

On the converter, you are trying to open the TCP connection to the server, and so this there is a state on the converter that will retransmit the scene. Yeah.

F

Because you are- and this is this just seems like it- will trip up all kinds of like DDoS protection algorithms, because now this one IP address is trying to open, like so many connections. On behalf of so much.

C

So on this slide there is one IP address for the converter, one for the client for the server, but the deployment could use a block of IP addresses on the converter and have one IP address, which is directly mapped to each client. So it doesn't mean that all the connections will go through this. True, a single IP address from the converter, so the converter could have a block of IP addresses here.

F

We go to clarify that in the draft, if it's not already, there.

Q

Hey Jacqueline, my concerns are similar to chains. I. Think the I had the the draft says. No, the configuring. The list of converters in the clients is out of scope, I understand, but are there any configuration strategies that are known to work like if you have, for example, when the Wi-Fi is in one network and the LTE is and another, then it? You know the draft talks about the routing would be configured such that only certain client IPS would reach the converter right.

Q

So when, when some of the paths are out of scope with the client, is the client able to tell I guess besides not seeing the Cenac I'm.

C

Not sure understand what you mean, so you are discussing about deployment where the client has multiple paths to reach the converter. Where.

Q

The client has multiple paths, and perhaps some of the paths do not reach the converter, but.

C

If some of the paths do not reach the converter, then you are trying to open a TCP connection and you can apply something like IP, eyeballs or whatever to detect, which path is able to reach a converter, because the converter is an IP address, and so you can test whether a specific path will reach the given converter. Okay,.

Q

So this is just our clients problem to determine whether.

C

Bootstrap, which allows a client to try to open a connection to the server. If it has multiple paths, then you can try to do bootstrap in parallel over the different paths and to see which path, which is the server that it wants to interact that it wants to interact with, and once it has created the would shrug to this converter. Then it knows that this pass is working to reach the converter. Okay,.

Q

So, do you have a list of sort of expected characteristics of the discovery mechanism for the list of converters? Do.

C

You mean by expected characteristics.

Q

I guess.

Q

So.

C

We just validate the establishment of a TCP connection to the converter and we get the TFO cookie of the converter. Okay,.

Q

I can take and.

C

We learn what other capabilities of the conversion kind.

G

Of the same and set me a cool event by the way, and so you have an IP address, so if your your passes, I connect it to the Internet, you should be able to reach the IP address. It's not it's not like that. The the converters somewhere on the path that you have to bypass you actually explicitly send your traffic to the converter.

Q

So.

G

Yeah, if you, if you try to connect to the converter and the converter, try and convert it decides it doesn't want to support you as a client. Then it says like no, not UCP connection for you. You have to connect to the server directly right.

M

My name is Tim Shepherd, as people have been asking more questions, I get more confused about what exactly this is and I think perhaps there's another part of the story, and that you also need a converter that is inside the client operating system somewhere. I, don't know whether it's in the kernel or in some library but I was trying to imagine. Does the app have to be reworked so that it knows to come to connect to this converter instead of connecting directly to the server.

C

It could so it's and it's just like sucks. We sucks, you have libraries that will implement sucks and there are applications that support sucks, yeah.

M

So this is, this is much yeah, so some of the person who I forget who was asking you know you have to talk about middleboxes this one view of this is this is much more like a socks, proxy yeah. It's.

I

A nice, if so and.

M

Then one of the somebody was asking about TLS earlier, it's sort of like if, if you're, if this connection is being initiated, the TLS would be between you could also there's two possible TLS is there's a TLS session with the converter and there's a.

I

Tls session.

M

With the well, you might want to TLS session with the converter I.

C

Don't think we want to have a key listen to the converter, because we want the solution to operate on the bite on the TCP byte stream and put your some of.

M

The some of the payload of your session is actually communication with the converter and you might I don't know if.

C

But only the beginning of the payload, so this will be stripped by the converter and there is so. If you are there's.

M

No original session.

C

If you do a TLS session, deterioration will be with the final server, so.

M

You you're saying you would never want to secure the connection with the converter at this point in the draft no yeah but anyway so, but all of this was unclear to me. I guess is my real point as to what exactly you're talking about doing, and maybe it would help if I read the drafts so.

C

Looking at the TLS case, so the the TLS case, when you create a TLS session, you know the IP address of the final server. In this case, you would have to change a bit the TLS implementation on the client to say that we reach this final server, which is part of the connect tlg via an explicit proxy, and it would be some I guess, I'm speculating.

M

It would be similar to doing a TLS session worth of some server out there or the net through a Sox yeah yeah. Your guys.

Q

Will sock your.

M

Connection to the Sox gateway as one IP address, but the u. The TLS session would understand that. It's not actually the TLS session is not with the same IP address that we're sending the packets to that we're opening the TCP connection to you yeah. So, thanks for helping clarify that a little bit.

R

Beyond midst of Apple other question in regards to the TFO converter functionality here, I would imagine that, in a scenario where the access provider is deploying converters large-scale, there will be many many different converters sort of like a load balance scenario. Maybe and I could imagine that the outgoing appeared rest from the converter to the actual server might be changing, in which case you might not get much benefit out of converting TFO, because that relay cookie won't be valid anymore. It.

C

Depends on are, you will manage the IP addresses on the converter, but if you look at IP v6, for example, with ipv6, you could have a deterministic way of mapping the client address onto a converter, address and I think this solves your issue. And the other point is that, with the bootstrap procedure, the client is able to connect to one specific converter, and so there is some stickiness in the relationship between the client and the converter.

C

So you don't go through one converter or another from HTC from one TCP connection to another you just when you boot your client, you select one converter and you will stay with the same converter for some time for.

R

Some time, but typically T of a key on lifetime might be longer than some time, but whoever could go out of business could go into maintenance and then you might have to select a different converter. Breaking TFO to the actual server is.

C

Just a minor.

R

Command, it's not yeah.

C

But then, when you go to maintenance, then you will detect that you are not to the same converter, because your cookie to the converter will be refused by the converter. So you will know that all the cookies that you have learned you have to on the client side. You have to delete them because they are not valid anymore, because you are not sure that you are using the same ip address with your final server. But this is part of the client implementation.

R

Yes, but not of this, if the converter was a low balance converter that you don't know what you connect actually to user connect to the same IP address, which might be preferable.

C

Yeah, but then there are, there are questions on all you want to deploy the converter and all you want to do load balancing for the converter. You.

I

Have to.

C

Take special care because this is not a standard web server. This is something apps.

L

You can chain and I think it would be really helpful in a draft to have sort of a walkthrough of the process. They say a mobile phone client trying to use this feature and wants to go to su TPS youtube.com. How does he get the converter address and how does he initiate those connections and I think that will help a lot of this sort of related problem of middle boxes and deployment schemes, because right now we're trying to infer that based on what you presented and that's, why you get so many questions about yeah.

C

So we can write this as an appendix, but there are multiple deployments that are possible, so we can find an example where, for example, you would have a DNS name that corresponds to the converter. But this is not the only possible deployment, and so we can just provide that as an example. But there are many deployments that are possible. Yeah.

L

I think an example will help and therefore you can say this is not the only way to use.

A

That.

L

But it helps a lot too. We.

A

Can just end the scale.

L

Thank you.

O

You can ask clarification questions since you are talking about implementation, so can you can we implement this everything on the user and what do we have to modify TCP stack.

C

So the main issue is on the convertor side. If you want to implement that solution, when we receive a sin, we don't want the TCP stack to reply immediately with a cynic, so we want to delay the acceptance of the sin until we have accepted the connection from the server side. So this is not totally a use of space implementation, so you need to extract the sin, put it in a buffer.

C

While you are trying to open the connection to the server and once the connection to the server has been confirmed, then you can put the scene back in the stack from the establishment of the connection. Okay,.

O

So then, so someone is working on implementation, so what's kind of platform they allow so.

C

There are three implementation that I'm aware of, and the plan is to discuss with the implementers and to try to do some interrupts test before monreale and get back in Montreal with results from interoperability test. Okay, thank.

O

You.

B

So if there are no further comments, then thank you and continue the work.

B

So the next one is Fernando doing this remotely and it looks like he wants to use his screen. Let's try this.

B

Finale, so you think you need to go to the mic. If you heard hear me, then we can accept you.

D

Here he is.

D

Okay, we.

B

See you and here you.

S

Are you going to see the slice from my screen or are you going to show them from your screen? I can.

B

Show them from my screen, and it would be nice if you could. You are very loud in this room if.

F

I could okay.

B

Calm down.

B

Where's, the sequence number stuff.

S

Okay,.

S

So hello, this is going to be a very short presentation about an idea that we wrote with David Orman next slide. Please so I assume that you have read previous versions of this document. Essentially, if you look at 793, there's essentially a bug in the sequence, number validation, essentially with the rules that we have in RFC 793, there are three scenarios that would actually fail. One of them is the TCP simultaneous open.

S

The other is the TCP simultaneous closed and the other one is the case of simultaneous zero window groups, essentially all of the stats that we know of have fixed these issues like many many many years ago, but the relevant standard 793 was never updated in the respect next slide.

S

So what's the goal of our document well, first of all document, the bug second propose a workaround for it.

S

Third to document other implemented workarounds like we proposed one of them, but, for example, Linux differs from that one and formally update 793, and it's like so essentially when it comes to the difference of what we've proposed versus what some other stocks have implemented, essentially with a simple change that we proposed to 793, which is, for example, what has been implemented on bsds for like tens of years.

S

Essentially, we accommodate Windows groups of one bytes, whereas in the case of Linux they do like a more let's say, more general test in which they allow for simultaneous zero Windows proofs of any size. Not just one bite, I mean one byte is the de facto standard, but they accommodate like Windows zero window groups of any size next slide.

S

So essentially, what where we wonder what we should do with this document a couple of years ago, when you know the last time that we had committed time on it. Some folks have argued that we should be documented. What other stacks are doing so so far our Eddy contains done. So.

S

The our question to the working group is whether you know these should be adopted as a working group item or or what's the proposal way forward.

S

Any.

B

Comments.

K

This particular button is Matt Mathis. This particular group of bugs are in the category of things that caused me to may not encourage being about any new implementers that there's a lot of really important details and implementation that are not written down. You're getting them written down would be a major step forward and actually get a completely self consistent description of the protocol itself.

L

You John Chen. Can we just merge that into the 793 piece? Is.

H

So this is Michael speaking. That is certainly one option that we could discuss. However, formerly when we adapted 7n Cerebus, we actually decided that we will only adopt changes that have ttpm consensus or even IETF consensus to be precise, so we would violate our procedure. Having said that, it's certainly one option and that we have as far as I know, ves has at the moment an informational comment on this problem. Already in some non Cerebus I mean changing the equation.

H

According to our previous consensus, we would actually need a standard strike specification for it. As I said, we can discuss what we do exactly, but if we would change seven months rebus in this respect, we would probably have special care specifically on this change, because we don't have the RFC for this specific thing. So.

L

Since I the way I understand your the suggest sequence is first, we need to have consensus that this is indeed a problem. We want to work on and then decide whether to put in our sees the best ORS or a new RFC yeah.

H

I mean for sure 479 Cerebus. The most important thing would be to agree on if other than acknowledging that there is a problem, if there's agreement on on one solution, several solutions and possibly on recommendations to implementers, because it's already understood there's more than one solution to the problem.

H

But the key question is is: do we know that there is a minimum solution for this, or is the only thing we can do with documenting or set of recommendations to implementers how to work around that back, and that actually, is something that this group has to decide.

L

So so my question is: what's wrong: with 1x0 window probe I mean that's the problem.

S

It's not that it's wrong. The thing is that you could actually send Windows proofs of any other size. So it's like a the one by window. Probe is a de facto standard, but nobody requests you or requires you for this zero window prove to just be exactly one byte. You could do zero window proofs or five bytes. If you wanted.

L

So but so you want to relax the current standard to allow that or no no.

S

No actually, what we proposed in our document is to accommodate this see no window proofs of one byte. Okay, now, when it comes to see to see the window proves, there's nothing that requires you that they had to be one byte. So what Linux did, which is not what we are necessarily recommended is accommodated. We see no windows probes of any size, that's not there.

S

We actually, what we do in the document is just accommodate the case of a one byte 0 window probe, because that that's the de facto standard but Linux they made it more general I, guess that they said ok. Well, if there's no requirement that those have to be one byte, then we should accommodate 0 windows, proofs of any size and that.

L

Will cause some problems if Linux is doing that today? No no at all, okay, I guess I'm, not clear what problem we try to solve here, other than improving the arms changing the RC No. So.

S

You have a problem. The problem that we have now is that there are three scenarios that fail with a car. What the text that you have in 793, those are simultaneous, opens simultaneous clothes and simultaneously the windows proves. So that's the problem. We had that we are trying to solve. Now we have one proposed workaround for that, which you know solves all of those problems accommodates. You know, Windows proofs of one byte. Those are the different two standard, okay, now Linux, when they fix it.

S

This problem they made the fix more general and they say: okay, we want to below zero windows pros of any size, not just one byte, which is the de facto standard.

L

Okay, now I understand a problem. I think I need more time to asses how important or series these problems are.

B

Micro tricks, unless an individual I think what this document is missing right now is documenting the solutions used by several operating systems. So you describe Whitely how Linux is doing it, but I think it's agreed. It's a problem in the specification we don't know what all the implementations are doing, so I would suggest, reach out a couple of implementations and document what they are doing: I'm willing to offer help for FreeBSD, but reach out also other ones and document this in this industry.

B

What.

S

We propose you know what ID is what BSD stuff it be as these two. Actually, uh it might be. My David Bowman himself that implemented the fix in BSD, but I might be wrong, but what the world we propose is what the is these do. So.

B

This is not stated in the document and reach out other operating systems as well, so that we have a that. We can see. Okay.

I

It's.

B

Out there the other point is I'm, not sure I'm, not fluent in the RFC's but I. My impression was that your window probing is tied to one additional byte. You can't over booked by 10 MSS, so I don't know about that, but reach out implementation status.

P

Lot of tigers, I think that fixing the bakken in 793 is sort of a no-brainer, and we should we should do this and um whether that means that we do Narada against 793 after we request consensus, what should be in the Nevada or if we put it in 793 piss, which will eventually obsolete 793 I, don't really care right, but I think fixing. This is a good thing.

P

um I would also sort of I think this is going towards what the previous, because I said, it would be nice if, whatever we did wouldn't render major strikes immediately out of compliance, because you know we are late here. They have all fixed this. So if we can, if you can write text that um the documents, what mail major stacks have already done and and doesn't force them to change what they have been implementing for the last couple of years, that would be nice.

P

So that means allowing certainly the one-bite thing that vsts are doing, but maybe also permitting the multiple bites thing that linux has been doing, um not that linux lengthy, would really care a lot I think if they all of a sudden, didn't follow this new RFC anymore, but it would be nice, I think and similarly to Michael's point on understand what the stacks are doing before we make a recognition. This is step one to that, but yeah. This seems like a no-brainer to to do, and it shouldn't take very long quote. Unquote.

B

Okay, so I think the the question was adopting this as a working group document, so my view is: we should first get the document getting information about implementations and and this stuff I'm not. We are not asking about working up adoption right now. What we would like to have a show of hands who is who thinks that it's good to address this area, this problem space or who things it doesn't matter so can we have a show hands on our Fennell?

B

Fernando is coming wait a minute.

S

Yeah the connection with that I just want response to would large Lars mentioned. I agree with that, and you know, while the document right now proposes like world work around the to you know, we could, you know, propose like to alter they walk arounds and that's fine regarding you know whether these should be fixed or not. I'm, curious myself. If you could actually move seventy seven hundred ninety three bees to standard, if you actually don't fits it, because you have the requirement to actually face known bugs.

H

On that one, as I said, I think there is already text on this known issue here and so, and the only thing that at the moment is missing. I. Think in seven landscape is, is a change of the equation, so I mean I think the text already states that there is a known problem there and there are known solutions for workarounds and, as this community could agree that that's good enough, but can you actually move the document to full standard? If the document has no problems?

H

Well, we my understanding of the process, is that Semillon Cerebus would be proposed standard, but I, don't know what the process sort of fine but I think it doesn't move directly to full standard. If it's a bit. Ok, but anyway, I mean this document. Actually it has a different scope that not a seven lines rapist so because it also removes a lot of content in there. It's only the base, specs, so I, don't think we're safe from our problem here. But of course, I mean having a back in a dis document is certainly not perfect.

H

I think we all agree on that. I think.

K

Given that it's clear that there excuse me that the that there are bugs in 793 excluding them from the scope of 793 bist seems kind of artificial. It is what the words were written back when the planning was done. But this bug feels to me like it's below the horizon for being a scope, change blow the limit for a scope, change and important enough to do that as an exception. I really am uncomfortable with the idea of leaving 793 containing a bug that we know about that. We've known about for too decade.

B

So, okay, coming back to the show of hands so who thinks it's? It's a good thing! That's this working group deals with this issue, not saying that this document has to be a working group document that work on this. So who thinks this should be addressed.

B

Who is against Ted? Okay, thank.

H

You I would say for the note taker I've, seen probably of the order of twenty hands and no objection.

B

Ttp fast open.

F

Hello, everyone: this is a talk on how the experience with deploying fast open on the internet has been going so far, I present with some information that the last IETF this is more update. Since then, can we go to the next slide? Please a quick update, so we enable this by default in the fall creators update, which has been out in the market for a while. Now it is the significant majority of all Windows 10 devices at this point, so the way we could enable fast open was to build a fallback algorithm.

F

So when you know there are middle box problems, how do you safely recover from those? So for that first, we built a middle box that simulates all those known problems, so it also serves as kind of a regression test. If you want details on what kind of test cases we added it's in the previous presentation so and then we ended up implementing a passive probing algorithm when I say passive probing. This means there's actually using active user traffic.

F

I should have used the word active, but it's actually using user traffic to figure out if TFO works on the network. Last time we found that around 26% devices were successfully using Tier four and did not fall back, and then we also did a AV test to see if there was any correlation statistically significant code with page navigation failures, and we couldn't find any problems which mean which meant that the algorithm was actually working. Fine, we did find that you know there were failures that were correlated with both specific networks. Geographies next slide, please.

F

This is again a recap of that fallback. Algorithm I wanted to quickly go over this, so this is limited passive probing. So the goal here is to not impact user experience. So when we do probing, we want to make sure that we don't sacrifice too many connections. So this is the way this works. Is that because establishing that TFO does work on the network requires multiple connections to the same server, which means you need multiple probe connections, but we only allow one probe connection to go through at a given time on a particular network.

F

It's think of it like a sema4. So if you are browsing to let's say xyz.com, then you need to go to that site again, but it may not necessarily trigger the probe if the previous connection was still active, the next probe will not go out, so this is sequenced in time.

F

The other important thing is that we wait for the connection to be close, reach the closed state before we can figure out whether the probe was successful, and then it has to match all these other conditions that you know no reset was received in response to sin. No sin time out the connection didn't fully. Timeout data was exchanged in both directions. The connection wasn't cancelled by the application and no certain are TT increased during any time in the connection lifetime.

F

If all of these kind of conditions match, then we mark the connection as probe is successful, and two of these probes have to succeed to the same server for us to say, hey, TF or succeeded on the network.

F

If we hit a fallback on any of these probes, we persist that information and never attempt it again. If we hit success, then we continue using tier four for that boot session. So this was the algorithm as implemented in the follow creators update.

F

There are some shortcomings here. The the goal here was to be very conservative. We wanted to avoid any problems with the user experience, so the algorithm was, you know very conservative. One of the problems is that the sin timeout heuristic is actually a large fraction of you know the fallback use cases we see in terms of you know. If you look at the pie charts the sin timeout is is a pretty large chunk of it, and that could be because there is just connectivity issues and we also don't persist.

F

Success, which also is very conservative, because you know if it's succeed on a network is highly likely that it will succeed again.

F

We also assume that the problems are closer to the client and not the server, and then there are possibly long delays before we can figure out 50 over actually works like if you have a long-running HTTP 2 connection, then it for it to reach the flow state. It might take a very long time and then you would delay enabling fast open and for that duration because of the CMOS order that I described earlier.

F

The other cases like you are the connection to could take a very long time out of the outlet. Ii was very high. There is also the problem of the the worst case middle box, like the middle box, just sees the TFO cookie request and then just blocks all traffic from that IP address. That's like the absolute worst case for tier 4, and this algorithm doesn't really help. You know the user. Experience is still bad. If that happens, an X light, please.

F

So in the next version we are actually making the algorithm more aggressive. Firstly, we will persist now both success and fallback. So if we do see probes succeed on a particular network that is kind of remembered forever, until until we decide to you know, object the operating system again. Essentially, we also will start off every device to probe again, because this is a different algorithm, so we are starting with a clean slate.

F

So when this update goes out to the devices, they will all start probing again the because the same timeout was so aggressive, we're actually now only turning off TFO. If the syn, with the TF option failed in the subsequence in succeeded, this kind of tells you that it was not because of you know, network connectivity. It was because of the option and the probing is because of this change. Now the probing does have to be restricted to Internet connected networks. You could exercise tear flow in a private network. If you wanted to.

F

One more case that Rose found is that in some places, TCP options are just reflected back to the client. So if you send a cookie request, the server sends you back the cookie request: option I mean that's just weird deployment, so we just again use this as a condition to turn turn the feature off next slide, please some more data, so this is kind of the overall population right now retail devices out there. This is from the fall Korea's creators update with all the spring creators update is not yet deployed.

F

45 percent of devices complete TFO probing, which means they go to a TFO compatible server multiple times in that boot session is.

C

A.

F

Clarification question on the previous slide very quickly. He said when the subsequent syn succeeds. You only fallback. Your sin fails on subsequent one succeeds. How do you define subsequent in addition to the fact that it's happening after this is the.

T

Timeout and.

F

A retransmission yeah so that sin has to succeed. It's a retransmitted sin yeah without the okay, yeah, very cool. Thank you so off those devices, then we find that overall about 46 percent succeed and 54 percent fall back. So if you look at like your overall population, it's about like 21 percent, because the number of devices have grown. The other shortcoming I did not explain. Was that because we're not persisting success, it is possible that if they're correct, if T failures later the overall device population might taper over time because we're not persisting success.

F

So if you do it as in time out subsequently a device that previously succeeded could eventually fall back.

F

We do expect that these numbers will improve in the next update, because the aggressive same time out logic is going away.

F

We do find that there are some really poor success rates in some geographies China, for example, only 3% devices that completed proving succeed with Tier four and in India it's about 18%, though not great numbers, and then we repeated an a/b experiment on the retail population, which is we have a much larger device population right now and again, no significant correlation with page navigations, which tells us that the algorithm is working as intended. Next slide, please, looking ahead, this algorithm is really complex, so what we are looking to do is whether we can simplify this.

F

It seems to us that you know one of the better ways of doing this would be to actually use active probing, which means that you know we don't end up using any of the user traffic to figure out if tier 4 works. This solves those three problems which we haven't addressed yet, which is like it could be long delays before you figure out. If tier 4 works, you know, user experience could still suffer if something bad happens, and then this simplifies the whole algorithm and then the the other remaining problem is.

F

If the problem is closer to the server side and there, you could do some form of happy hours. This is all like looking ahead. We have not yet actually done any sort of implementation for solving these problems.

F

One of the important things I wanted to ask is that other browsers should now consider enabling Tia phone windows, because the operating system has fallback algorithm. The browser's do not need any kind of complex logic to detect. If this feature works, the safety is provided in the TCP stack itself, so it should be pretty safe for browsers to turn this on and rely on the built-in for all back algorithm in the operating system.

F

The questions I want to try and with is seven four one three seems like an important RC to me, given that you know yes, I realize that quic is, you know, gaining more traction, but then there are networks where it will not work and you would want to achieve zero oddity with TCP. So it seems to me like something: I would recommend that this group consider whether to make it Sanders track and then, if we do go along that path, it might be useful to document possible fallback algorithms for dealing with metaphors problems.

F

Jenna Inger, thanks of the presentation that data is great, there's a quick question on the data and the previous slide. If you can go back to that, you so I know that there's one particular error that the Apple folks encountered and I don't know if you've thought about how you might be able to provision for that- and this was when a TF of sin was sent, the entire IP got black hole. Yeah. Have you thought about that yeah so I actually covered that as a shortcoming with this fallback algorithm. We cannot recover from that case.

F

So.

I

Regardless.

F

Of whether you do active roaming or this passive probing algorithm, you can never recover from such a case and yeah.

I

Yeah.

F

We are actually not seen any kind of problems in the deployment so far, which means you know. Such a bad case is actually not happening out there. All right it might be good to see if, if it's, if it's an a/b experiment, if the total number of connections that are failing, it is in fact different, like the total population of successful connections with fall back without fall back every yeah.

M

We.

F

We correlated this with navigation failures in the browser and there is no such statistics statistically significant correlation, so which means yeah. It's not like turning onto your first causing pages to start failing to load, that's good to know, although, unfortunately, the Apple experience still seems to suggest that, even if it happens on a tiny fraction of cases, it's quite it's fatal effectively.

F

It's.

I

It's tiny.

F

Enough that we can, we can chalk it off on the next slide. So I'll just finish this one thought before I give it back to media I, believe that this is still I, believe it should see all the experimental track. I absolutely believe. Yes, fallback algorithms are critical to the success of anybody.

F

Implementing this so I absolutely think that fallback algorithms should be documented and I believe that the experiment that people conduct should include fall back as well as the restorative of thirteen, and we should come back to the question of whether two standards track after we've had more data on both the fallback and on this from of vendors, but yet be very supportive of having the fallback algorithms in there.

G

Kudamon are any of your data also for connection about mobile cars. Yeah.

F

This is a mix again. I can't tell you. The distribution like the mobile footprint of Windows is not that high compared to other operating systems, so yeah I mean I, don't have the exact breakdown. But yes, this covers all possible devices, including Xbox consoles and.

G

See if there's different between mobile networks and break it down by network yeah,.

F

It would be good to do that breakdown, but I think like another vendor, which has a bigger mobile presence, will need to do similar data collection too, to be able to give you a better answer for that. So.

G

In this case, I agree with Jana that we would need more tighter, especially from abandoned or soup, to move to standards track and documenting fallbacks. Also +1 I guess see if I was special, but some of the forwards might also apply to like every other, to TCP option. We have probably yeah.

F

For example, easy and so yeah.

R

Christophe Apple I had a question. What do you do? You have like any plan for handling the unknowns, because the way TFO can fail or middleboxes can mess up. Tfo is basically the the number of ways that they can do. It is basically in finite.

R

For one example, is we found one mailbox you send us in with data it gets acknowledged. You can send a lot of data. You can receive gigabytes of data until you stop sending that the traffic stops for 10 seconds after data connection breaks, and it was due to TFO like that, which is why we we on our side. We are still very conservative and don't there yet to enable it globally. Oh. If you experience I.

F

Mean so if you look at the conditions for this probe to succeed, they are very exhaustive right, so connection should not timeout. That is one of the conditions right so, but.

R

Do you have a 10 second idle period in the connection the.

F

Probe connection may not you're right. So yes, if the our connection does not experience this then yeah. There is no guarantees that you will be able to recover from such a failure. Well,.

R

This is again like we cannot, cannot.

F

Cover, like infinite cases,.

R

Absolutely.

F

Well,.

R

I'm, basically saying is that there are things that we can't foresee and they still happen.

H

So this is Michael speaking from the floor. This is just to share my personal opinion on that.

H

On the last question that I've said before privately I think we are already relatively close to the data that we knew it would need for proposed standards here, because the one thing is you see here now and pretty impressive data already I mean for sure we can ask for more, and that would be good, but already we have experienced visits so that that's one of the prerequisites that we typically have in eCPM for moving to standards track is, from my point of view, already closely fulfilled.

H

The second thing is we see other people using TFO now, and this is typically our sign- that there is some value in doing this, and this would be to me another reason that this is actually clearly a candidate for PS and PS means proposed standard. It doesn't mean internet standard, I,.

F

Would agree, I think this is critical, critical work because TCP is here to stay, whether you know, even even if quick takes off I mean you will fall back to PC Mag.

K

Mathis I wanted to suggest that at this stage, that a single data point or very small number of data points that are really bizarre- is probably not too worrying, because they're- probably from handcrafted boxes, for instance, specialized security appliances that are hand curated in front of no such agency, and they can have outlier bugs or outlier behaviors that we don't expect because they're defending against attacks that we don't know about and I would bet devices that, for instance, exhibited this black hole.

K

Behavior no longer do that, and so I would argue that once we get to a critical mass, all the devices that do really strange things will disappear. Kind of low population. Yes,.

F

I agree: I mean when we did window scaling. We there were stories of like routers, rebooting and whatnot. So unless you deploy this you're, never going to move the ecosystem forward, I.

K

Also had a conversation with somebody who said yes, please deploy because I'm trying to get my management to replace these damn things.

F

Gen-I and god I think I'm, partly echoing what Matt just said, which is we can't I, don't think it's sensible to even look for 100% coverage. It's completely reasonable to have some failures and I think that's natural normal and it ought to be expected, but I still think it should be. I mean it'll, be an experiment and I. Think the the fallback is absurdly critical, but I yeah, I, guess I. Just want to record matt said.

O

Is your see from from macro Mike about the making RFC 74 awesome to post one three proposed standard I have little concern about it, because no, we cannot use, therefore any kind of TCP connection. If we can be used with T areas. That's fine, but it's sometimes not the case. Then we have a problem for it. Impotency and draft 74 fun. Something already mentioned such concern para. If we make it proposed standard, we have a very sorry little guy trying or applicability without such things, it's too risky to make it proposal standard. That's my opinion.

O

That's nope, yeah.

F

Absolutely I mean we need to document the dangers of 0 et. This applies to more than three or four, and then yesterday, like Windows implementations, always doing this only on TLS connections, you.

L

Junction here, I'm, not sure I agree your point about TFO being a standard because when he avoids proposed, as the experimental people already make it very clear that I have two documents that the TFO requirement, particularly barb here. That TFO is only good for item potent applications and that's already clearly documented. So if you want further warning, we can improve that I. Don't think this should be a barrier to the standard tract and.

J

That was, this is Bob. This is what I was coming up to support you chung, because, as I don't think you should not say something can be a proposed standard just because it's got limited applicability. Otherwise tcp wouldn't be a proposed standard because you can't use it for unreliable connections.

F

By definition, all of the work we do is limited applicability, Jahangir I had a question. Actually I did want to also ask something else: I forgot earlier about the data. It's very interesting that it's the that you have such a ridiculous skew in geography. You said only 3% of connections were successful in China and 18% in India. Do you have any more insights into this because that seems like that seems surprising to me. 18% is a ridiculously low number, but.

I

It's half.

F

Of what you.

I

Were seeing otherwise all I can.

F

Say is that it's not like one ISP? We see this across networks in those geographies, so it's probably some middle box. It could be the firewall I, don't know we don't have those details at this point. Do you have data on the type of failure that was encountered? Like was a dissent which of the which of the failures that you listed up. There was.

I

Encountered yeah.

F

I, don't have the data right now, but it we I think I'll try to dig that up for you, offline, I'm, curious.

I

In the next.

F

Ietf, because, right now the the one of the problems is that sin time out here restrict which is because of just bad networks. You could hit that all the time, and that would be one reason why the success rate is so bad, and now that is going away in the next update, we might get different numbers and yeah I will get back to you. I had a similar thought about the the subsequent. No, this no subsequent but connection timeout after handshake sacked after handshake success, which could also be something too mind.

F

It might be I, don't know how to think about beliefs in the data it might be worthwhile. Look not normalizing that against what the normal connection timeout is for that regime for that region or for that particular grouping whatever you have just to understand, if that's actually a causal or not yeah, that's a fair point so again like the goal here is to be not very aggressive, because we are using user traffic once we do active probing.

F

You know we might be more Mia more aggressive than this I was trying about in terms of analysis rather than in terms of actual mechanism, sure yeah. That is useful data point together. Yes, thank you.

B

So any more comments, no so I think it's a looks like.

B

Okay, so we want to do is run.

T

One small comment.

B

My column yeah, alright.

T

Suppose anger I was wondering whether you have any analysis of happy eyeballs as well and I'll be helpful to know how you guys do happy eyeballs in and to give some guidance unhappy, eyeballs easy. We.

F

Don't so we we have a custom implementation of happy. I was not the algorithm in the RFC for ipv4 versus v6 for TF over there is no happy I was because yeah we just used the user connection to to probe. So if, if the connection was v6, which is preferred, usually we would do the probe on the v6 connection, say.

B

We want to do a short show of hands who is in favor of evolving this into a PS direction.

H

So, for the note taker I would say: 15.

B

Anyone against it none, okay! So for the last presentation we had planned 10 minutes. If they are available, we have five minutes available.

L

Great. Thank you, hello,.

U

Everyone, my name, is ginger from Molly I'm here to present our job to a new eat.

B

Mike, okay,.

U

I'm here to present the draft, a new congestion control in bandwidth, guarantee network.

U

My co-author Tim presented a draft called invite signaling for transport us at last ITF, so one suggestion will receive from lhasa ETF was to write a separate congestion control chart. So here we are um here. These are the prerequisites to use this new congestion. Control algorithm is not meant to replace existing TCP congestion control so is only to be used for applications which has really like high-bandwidth low-latency requirement that current tcp Canal satisfy and then together with the invention link, then you can use this new new algorithm, so two important prerequisite.

U

First, you have to guarantee the bandwidth before the data transmission. You can either use out-of-band or invite signaling and then the second you om data is used constantly to monitor network state status, more important. It used to offer to monitor the queue taps once it reaches the pre config threshold. It will send an alarm to say to indicate that the network might be congested, so they slices the congestion window.

U

Comparison between the proposed algorithm and the TCP Reno, so important thing to notice is, since we have the Ballet's guarantee, so we don't have slow start in case of tcp start our faster recovery, the transmission, the congestion window, can jump to say our rate right away, and then um the OEM alarm, together with the duplicate Ike, is used together to indicate a congestion in that case, when that happens, with the congestion window size only chops to the ER.

U

In case only duplicate.

U

Duplicate ACKs are received; we don't reduce the congestion window size, so this is important, so we use OEM to detect whether it's really pegged the duplic package applied because of real congestion or because of a random failure.

U

Okay, so this is summary of the important changes, so it's used for Perez guaranty networks. We don't have slow start but young to see our directly and in case so the congestion window, size stays between Sarah and MPR during congestion avoidance and important om is used to indicate whether network is in congested or not.

U

So the next steps we want to collect more comments, and we want to refine our POC to collect more data, especially compared with other algorithms, also to make our and be in basically hard work better. With this algorithm together.

B

Thank you. This was really on time. Our scale is now over. So that's why I would suggest put the get there discussion on the mailing list. It already started there and then this concludes this meeting. Thank you for attending, see you in Montreal and if you haven't signed the blue sheets, do it now and bring them back.

D

You.