Internet DRAFT - draft-allman-tcpx2-hack

draft-allman-tcpx2-hack




Network Working Group                                          M. Allman
Internet-Draft                                                      ICSI
Expires: November 2006                                          May 2006


                        TCPx2: Don't Fence Me In
                     draft-allman-tcpx2-hack-00.txt

Status of this Memo

    By submitting this Internet-Draft, each author represents that any
    applicable patent or other IPR claims of which he or she is aware
    have been or will be disclosed, and any of which he or she becomes
    aware will be disclosed, in accordance with Section 6 of BCP 79.

    Internet-Drafts are working documents of the Internet Engineering
    Task Force (IETF), its areas, and its working groups.  Note that
    other groups may also distribute working documents as
    Internet-Drafts.

    Internet-Drafts are draft documents valid for a maximum of six
    months and may be updated, replaced, or obsoleted by other documents
    at any time.  It is inappropriate to use Internet-Drafts as
    reference material or to cite them other than as "work in progress."

    The list of current Internet-Drafts can be accessed at
    http://www.ietf.org/ietf/1id-abstracts.txt.

    The list of Internet-Draft Shadow Directories can be accessed at
    http://www.ietf.org/shadow.html.

Copyright Notice

    Copyright (C) The Internet Society (2006).

Abstract
    
    In this document we aim to solve several problems caused by TCP's
    lack of header space for certain values by increasing the size of
    header without changing the semantics of the protocol.

1.  Introduction

        "Oh, give me land, lots of land under starry skies above" 
                                                       -- Bing Crosby
    
    TCP [RFC793] has proven itself to be quite robust and useful across
    a wide range of applications.  However, as the Internet has evolved
    the range of values that can be held in various TCP header fields
    have become increasingly anemic.  A number of suggestions and
    specifications have been put forth to mitigate particular issues.
    In this document, we do not address any one particular issue, but
    rather attempt to provide more head room in all of TCP's header
    fields.


Expires: November 2006                                          [Page 1]

draft-allman-tcpx2-hack-00.txt                                  May 2006

    The most prominent example of the size of a TCP header value being a
    limitation is the case of the advertised window.  [RFC793] provides
    16 bits for the advertised window, which provides for a window of up
    to 64KB.  As detailed in [RFC1323] this limit has proved too small
    and causes severely limited performance as the capacity of networks
    has increased.  [RFC1323] provides the "Window Scale" (WS) option to
    address the standard limitation.  The WS option is a shift value
    that is negotiated during TCP's three-way handshake.  On incoming
    segments the advertised window value in the packet is left shifted
    by the negotiated number of bits, while on outgoing packets the
    advertised window is right shifted by the number of negotiated bits
    such that it fits in the alloted 16 bits.  A recent study shows that
    roughly 27% of observed web connections use window scaling [MAF05].
    Anecdotes indicate that all major operating system TCP
    implementations support window scaling (but, clearly many do not use
    the WS option by default).

    Increasing the size of the advertised window, in turn, means that
    TCP can chew through the sequence space more rapidly.  Therefore,
    the timestamp (TS) option and the PAWS algorithm were also specified
    in [RFC1323] to protect the TCP sender against wrapping the sequence
    space too quickly and not being able to discern this case from the
    case of old segments arriving.

    Another case where the standard TCP header is running out of room is
    in the "reserved bits" area.  Originally, TCP had 6 reserved bits
    adjacent to the "flags" field.  Explicit Congestion Notification
    (ECN) [RFC3168] and the ECN Nonce [RFC3540] consume 3 of these
    bits, leaving 3 unallocated bits.  Whether this is a problem is
    debatable.  On the one hand, only half the original reserved bits
    have been consumed in 25 years of TCP use and so one possible
    viewpoint is that having only 3 bits remaining is not a problem.  On
    the other hand, it may be beneficial to be a little less
    conservative with bit allocations (e.g., on a "retransmit" bit as
    outlined in [LK00]) and therefore more bits would be useful.

    As has been discussed on the IETF discussion list [IETF05], some
    larger servers may be running out of port numbers due to the way
    port numbers are used by applications.  [She04] offers one possible
    mechanism for starting a connection on a well-known port and then
    migrating it to an ephemeral port, which could be a useful technique
    in more fully utilizing the available port space.  Others have
    (privately - as far as we know) suggested putting larger port
    numbers or connection identifiers in TCP's option space.  Finally,
    [Tou06b] specifies a "portnames" option for TCP whereby a string in
    the option space of a TCP SYN is used for demultiplexing, rather
    than depending on a well-known port number.  One of the benefits of
    this mechanism is to allow for the port space to be more fully
    utilized.

    Finally, two proposals have noted that TCP's option space may be
    dwindling---especially with regards to further evolution.  The
    header length encoded in TCP's standard header is a 4-bit field.
    The value carried in this field is the number of 32-bit words in

Expires: November 2006                                          [Page 2]

draft-allman-tcpx2-hack-00.txt                                  May 2006

    TCP's header (standard + options).  Therefore, the maximum size of a
    TCP header is 60 bytes (20 bytes of standard header and a maximum of
    40 bytes of options).  [Edd05] suggests negotiating the use of the
    first option as a larger replacement for the standard header length
    (with the standard field then being abandoned).  [Koh05] proposes
    using the unused code-points in the current header length field
    (because the minimum size of the TCP header is 20 bytes) to indicate
    larger headers (e.g., a length of "2" indicates a header size of 148
    bytes, 20 bytes of standard header and 128 bytes of option space).

    The proposal in this document is to allocate a new IP protocol
    number for a new version of TCP that is essentially the same as the
    current version [RFC793] except that the size of each standard field
    in the TCP header is doubled.  While the size of the header is
    changed, TCP's semantics are not changed.  The expectation is that
    current TCP implementations that process current 20-byte TCP headers
    will be able to process new 40-byte headers with only minimal
    changes to deal with the new size of each value.  The protocol
    logic, however, will remain identical.
    
    This document is not about specifying a "TCPng".  The functionality
    (or lack thereof) of TCP is not changed.  The intention is to simply
    give TCP some possibly breathing room.  The proposal is for
    pragmatic evolution, rather than principled engineering.

    Note: This document is clearly nowhere near as fully fleshed out as
    it would need to be to be published as an RFC.  Rather, this
    document is meant to capture the big picture idea to seed
    discussion.

    
























Expires: November 2006                                          [Page 3]

draft-allman-tcpx2-hack-00.txt                                  May 2006

2.  Specification

    A new IP protocol number, TCP-NEW, will indicate that TCP with a
    larger header will be used.  TCP stacks can then encode and decode
    the headers per this document or [RFC793] accordingly.  In the
    remainder of this document we will use "TCP" to refer to the
    [RFC793] standardized version of TCP and "TCPx2" to refer to the
    proposed new protocol.  The TCPx2 header is:

     0               1               2               3               
     0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Source Port Number (32 bits)                                  |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Destination Port Number (32 bits)                             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Sequence Number (64 bits)                                     |
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Acknowledgment Number (64 bits)                               |
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | HLen (8 bits) | Reserved1 (15 bits)         |N C E|U A P R S F|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Window Size (32 bits)                                         |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Reserved2 (16 bits)           | Checksum (16 bits)            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Urgent Pointer (32 bits)                                      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    
    The fields all have the same meaning as defined in [RFC793],
    [RFC3168] (for the "C" and "E" ECN flags) and [RFC3540] (for the "N"
    ECN nonce bit).

    The "Reserved1" is the larger version of TCP's traditional reserved
    bits field.  In addition, we have added one additional field to the
    header, denoted "Reserved2" above.  The standard 16-bit Internet
    checksum is still used with TCPx2 and therefore the extra space
    derived from doubling the TCP header is reserved for future use.
    Reserved2 could possibly be for a second 16-bit checksum or a new
    32-bit checksum that encompasses both the Checksum and the Reserved2
    fields.

    To Do: TCP's SACK option [RFC2018] will need extended such that it
        holds larger sequence numbers.

    To Think About: Whether there are other options that need altered to
        take into account the larger header fields.

3.  Advantages
    
    The main advantage of the proposal outlined above is that it is a
    straightforward change that addresses a myriad of issues that have

Expires: November 2006                                          [Page 4]

draft-allman-tcpx2-hack-00.txt                                  May 2006

    or may confront TCP.  This change does not represent a high-minded
    engineering design, but rather a pragmatic evolution of a widely
    used and entrenched protocol.

    The proposal in this document mitigates all the issues discussed in
    Section 1.

    In addition, a simple doubling of the size of the TCP header will
    mitigate TCP's susceptibility to blind attacks [Tou06a] by making it
    more difficult for an attacker to guess valid port and sequence
    numbers to insert valid control or data packets into the stream.
    Note that this is a mitigation at best in that doubling the field
    sizes simply reduces the probabilities that any given blind attack
    packet will be considered valid and increases the amount of brute
    force needed to ensure a blind attack packet will succeed.  The
    proposal in this document neither aids nor hurts the security of TCP
    if an attacker can observe a connection.

    All fields in the header can revert to being self-described.  That
    is, previous knowledge is not required to interpret a given field's
    value.  This is in contrast to extensions like the Window Scale
    option whereby the negotiated scale factor is required to interpret
    every packet in the connection.

    Finally, this proposal keeps all TCP's standard information in a
    standard place in the header field, in contrast to extending fields
    using options.  This allows a TCP implementation (or middlebox,
    intrusion detection system (IDS), firewall, etc.) to quickly parse
    packets for needed information without digging through options to
    find key information.  For instance, a firewall attempting to match
    a port number or an IDS attempting to reassemble all packets from a
    given stream on-the-fly.
    
4.  Drawbacks

    Naturally, this proposal has drawbacks.  First, TCP implementations
    will have to be changed to understand TCPx2.  While we expect that
    this is straightforward, it will clearly take effort.  Second, for
    many common cases, TCP's current header is sufficient and using
    TCPx2 would simply use more overhead for the same work.  That said,
    the overhead of a 1500 byte IPv4/TCP packet with no TCP options is
    2.7%, while the overhead of an IPv4/TCPx2 packet is 4%---hardly a
    dramatic increase.  Finally, middleboxes such as firewalls would
    have to be updated to understand TCPx2 and to implement the desired
    local policy before the protocol would be viable for use.

5.  Transition

    Since hosts are simply augmenting current TCP implementations with
    TCPx2 the transition procedure is fairly straightforward.  A TCP
    that wishes to use TCPx2 simply sends the SYN in an IP packet with a
    TCPx2 header.  If that segment is not acknowledged with a SYN+ACK
    within a specified time period then the SYN is retransmitted using a
    standard TCP header (adjusting aspects of the SYN as necessary ---

Expires: November 2006                                          [Page 5]

draft-allman-tcpx2-hack-00.txt                                  May 2006

    e.g., reducing the initial sequence number from 64-bits to 32-bits).

    The timeout does not have to be based on the default RTO (3 seconds,
    from [RFC2988]).  As long as the host transmits a TCPx2 SYN and
    retransmits a TCP SYN, the retransmit is not taken as an indication
    of congestion and therefore the interval between the original and
    this single retransmission is not of large concern from a congestion
    control standpoint since this is a single retransmission.  Further,
    the retransmission is (at least in the near-term) more likely to be
    caused by a firewall, middlebox or host that does not understand
    TCPx2 than actual network congestion.  Note that subsequent
    retransmissions would be done using TCP with the default RTO and
    backoff as specified in [RFC2988].  Finally, we note that while
    waiting for 3 seconds to retransmit a TCPx2 SYN is likely
    unreasonable, implementers and operators should not make the
    interval too short such that the TCPx2's SYN and SYN+ACK are not
    given a chance to propagate across the network before
    retransmission.

    ICMP messages indicating TCPx2 is not supported can also be used to
    trigger an immediate retransmit of the SYN with TCP and without any
    congestion control action.

6.  Discussion    
    
    In discussions about this idea, some have suggested that rather than
    blindly doubling each header field, we carefully construct a new
    header format based on the needs of each header field.  Of
    particular note is that the doubling of the Window Size field (to 32
    bits) is not an actual doubling of the usable window given the
    wide-scale deployment of [RFC1323] which provides for 30-bit window
    sizes.  

    The notion presented in this document is admittedly a sleazy hack,
    as opposed to proper engineering.  However, it is *one* sleazy hack
    that copes with a number of disparate issues that will otherwise
    require multiple techniques to mitigate.  Therefore, it may be the
    pragmatic path to evolving a heavily used protocol.
    
7.  Security Considerations

    TCPx2 does not introduce any new security concerns to TCP since the
    protocol semantics remain unchanged.  As discussed in Section 3,
    TCPx2 can provide for a mild increase in the robustness to blind
    attacks.

    TCPx2 may allow traffic to circumvent firewalls that pass unknown
    protocols, but allow only specific uses of TCP.  Arguably, undefined
    protocols should not be passed and therefore this is not viewed as a
    large concern.

    

    

Expires: November 2006                                          [Page 6]

draft-allman-tcpx2-hack-00.txt                                  May 2006

8.  IANA Considerations

    The proposal in this document calls for IANA to allocate a new IP
    protocol number for TCPx2.

Acknowledgments
    
    This document was fueled by fumes from Sherwin-Williams.  The author
    benefited from useful discussions with Sally Floyd, Janardhan
    Iyengar, Mike O'Dell, Shawn Ostermann, Vern Paxson and Scott
    Shenker.

Normative References

    [RFC793] J. Postel, Transmission Control Protocol, RFC 793,
        September 1981.

    [RFC2018] M. Mathis, J. Mahdavi, S. Floyd, A. Romanow. TCP Selective
        Acknowledgment Options, RFC 2018, October 1996.

    [RFC3168] K.K. Ramakrishnan, S. Floyd, and D. Black.  The Addition
        of Explicit Congestion Notification (ECN) to IP, RFC 3168,
        September 2001.
    
    [RFC3540] N. Spring, D. Wetherall, and D. Ely.  Robust Explicit
        Congestion Notification (ECN) Signaling with Nonces, RFC 3540,
        June 2003.

Informative References
    
    [Edd05] W. Eddy.  Extending the Space Available for TCP Options, May
        2005.  Internet-Draft draft-eddy-tcp-loo-03.txt (expired, cited
        for acknowledgment purposes).

    [IETF05] Email thread "Port numbers and IPv6" on IETF discussion
        list, July 2005.

    [Koh04] E. Kohler.  Extended Option Space for TCP, September 2004.
        Internet-Draft draft-kohler-tcpm-extopt-00.txt (expired, cited
        for acknowledgment purposes).

    [LK00] R. Ludwig, R. H. Katz.  The Eifel Algorithm: Making TCP
        Robust Against Spurious Retransmissions.  ACM Computer
        Communication Review, 30(1), January 2000.
    
    [MAF05] A. Medina, M. Allman, S. Floyd.  Measuring the Evolution of
        Transport Protocols in the Internet. ACM Computer Communication
        Review, 35(2), April 2005.

    [RFC1323] V. Jacobson, R. Braden, D. Borman.  TCP Extensions for
        High Performance, RFC 1323, May 1992.

    [RFC2988] V. Paxson, M. Allman. Computing TCP's Retransmission
        Timer, RFC 2988, November 2000.

Expires: November 2006                                          [Page 7]

draft-allman-tcpx2-hack-00.txt                                  May 2006


    [She04] T. Shepard.  Reassign Port Number Option for TCP, July 2004.
        Internet-Draft draft-shepard-tcp-reassign-port-number-00.txt
        (expired, cited for acknowledgment purposes).

    [Tou06a] J. Touch.  Defending TCP Against Spoofing Attacks, February
        2006.  Internet-Draft draft-ietf-tcpm-tcp-antispoof-03.txt (work
        in progress).

    [Tou06b] J. Touch.  A TCP Option for Port Names, April 2006.
        Internet-Draft draft-touch-tcp-portnames-00.txt (work in
        progress).

Authors' Addresses

    Mark Allman
    ICIR / ICSI
    1947 Center Street
    Suite 600
    Berkeley, CA 94704-1198
    Phone: +1 440 235 1792
    EMail: mallman@icir.org
    http://www.icir.org/mallman/

Intellectual Property Statement

    The IETF takes no position regarding the validity or scope of any
    Intellectual Property Rights or other rights that might be claimed
    to pertain to the implementation or use of the technology described
    in this document or the extent to which any license under such
    rights might or might not be available; nor does it represent that
    it has made any independent effort to identify any such rights.
    Information on the procedures with respect to rights in RFC
    documents can be found in BCP 78 and BCP 79.

    Copies of IPR disclosures made to the IETF Secretariat and any
    assurances of licenses to be made available, or the result of an
    attempt made to obtain a general license or permission for the use
    of such proprietary rights by implementers or users of this
    specification can be obtained from the IETF on-line IPR repository
    at http://www.ietf.org/ipr.

    The IETF invites any interested party to bring to its attention any
    copyrights, patents or patent applications, or other proprietary
    rights that may cover technology that may be required to implement
    this standard.  Please address the information to the IETF at
    ietf-ipr@ietf.org.

Disclaimer of Validity

    This document and the information contained herein are provided on
    an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
    REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
    INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR

Expires: November 2006                                          [Page 8]

draft-allman-tcpx2-hack-00.txt                                  May 2006

    IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
    THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
    WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Copyright Statement

    Copyright (C) The Internet Society (2006).  This document is subject
    to the rights, licenses and restrictions contained in BCP 78, and
    except as set forth therein, the authors retain all their rights.

Acknowledgment

    Funding for the RFC Editor function is currently provided by the
    Internet Society.









































Expires: November 2006                                          [Page 9]