Refactor the section on connection termination #721
Conversation
martinthomson
added
-transport
editorial
draft-ietf-quic-transport.md
Outdated
| a graceful shutdown. The application protocol exchanges whatever messages that | ||
| are needed to cause both endpoints to agree to close the connection, after which | ||
| the connection is closed. A negotiated shutdown might not result in exchanging | ||
| messages that are visible to the transport. |
There was a problem hiding this comment.
I don't understand what QUIC mechanism this is discussing -- specifically, why is this a QUIC connection termination mechanism? It seems to suggest that the app can use its own signaling to determine when to shutdown, but what QUIC mechanism is used for shutdown?
There was a problem hiding this comment.
There isn't a mechanism, but the QUIC connection goes away.
Do I need to say that explicitly?
draft-ietf-quic-transport.md
Outdated
| attempt to send packets before the timeout. In this case, an endpoint might | ||
| choose to retain enough information to generate a CONNECTION_CLOSE. Endpoints | ||
| MAY instead rely on sending Public Reset in response to packets that arrive | ||
| after an idle timeout. |
There was a problem hiding this comment.
I don't think this advice is correct or adequate -- the time can be synchronized reasonably well. I would leave this subsection as is, if it needs to change in the future anyways.
There was a problem hiding this comment.
I disagree about synchronization. Say that I set a timeout of 10s. At 9.8s, one endpoint sends a packet. That packet gets lost somehow. Now we have a difference of opinion about when the connection started being "idle" that is almost as long as the timeout duration.
I agree that we might want to have a better or clearer description of how to synchronize these things, but I was aiming to just make it clear that there is a potential problem in synchronization and that a stateless reset is the fallback.
draft-ietf-quic-transport.md
Outdated
| generate. For instance, an implementation could exponentially increase the | ||
| number of packets that it receives before sending the packet containing | ||
| CONNECTION_CLOSE. Once enough time has passed to allow a peer to receive the | ||
| CONNECTION_CLOSE, an endpoint SHOULD discard per-connection state and MAY |
There was a problem hiding this comment.
The current text says idle_timeout period of time, since that's the amount of time after which we expect the peer to drop state anyways. Is there a reason to change that?
SImilarly, the current text recommends throttling responses, which is really important. I would argue for retaining that.
There was a problem hiding this comment.
If the idle timeout is 2 minutes, then that is far larger than the time you might wait to have the other side receive the close. Unreasonably so in my view. 2xRTT is probably adequate.
As for retaining text on throttling, that's right at the start of this paragraph:
Implementations SHOULD limit the number of CONNECTION_CLOSE messages they generate.
martinthomson
force-pushed
the
cleanup-close
branch
from
c2bc653
to
60546fe
Compare
|
Notes from editors chat: make the negotiated shutdown an "application shutdown" and explain that the application tells QUIC to die and then QUIC dies. When the application shutdown happens, then we need to talk about what happens to streams. Tie the CONNECTION_CLOSE case to the application shutdown case: you need to hang around for TIME_WAIT during which you acknowledge packets and nothing else really. 3*max(MIN_RTO, RTT) should be OK as a conservative start. |
|
I've introduced the notion of a "draining period" after close. This is like the TCP TIME_WAIT period, but what happens depends on how the connection was closed. On Jana's advice, I've used 3*max(MIN_RTO, RTT), recognizing that this is probably just a starting point and we can refine the exact value later. During the draining period, the baseline here is that the endpoint generates ACK frames, but nothing else. That's all we need for an application close (the success case). For an idle timeout, the text permits reviving of the connection if new packets are received. In immediate close, the text requires that the CONNECTION_CLOSE be sent, and permits re-sending the last packet to save on state space. @janaiyengar, can you check to see that I've captured the intent well-enough here? |
draft-ietf-quic-transport.md
Outdated
| immediately. A CONNECTION_CLOSE causes all open streams to immediately become | ||
| closed; open streams can be assumed to be implicitly reset. After receiving a | ||
| CONNECTION_CLOSE frame, endpoints MUST NOT send additional packets on that | ||
| connection. |
There was a problem hiding this comment.
What would be the harm in allowing the endpoint to ACK a CONNECTION_CLOSE frame/packet? It would allow for the side that initiated the close to safely, immediately end its draining period. The ACK wouldn't be required, but a useful signal if used.
There was a problem hiding this comment.
This probably falls under the above clause:
In all cases, it is possible to acknowledge packets that are received as normal, but other reactions might be preferrable depending on how the connection was closed.
However, that's in conflict with the MUST NOT in this paragraph.
There was a problem hiding this comment.
Yeah, that's an error. I think that the right answer here is to enter the draining period and to separate prohibit frames other than ACK, PADDING, and CONNECTION_CLOSE while in that state. I think that addresses the concerned @nibanks has raised about acknowledging a CONNECTION_CLOSE.
draft-ietf-quic-transport.md
Outdated
| @@ -1415,31 +1415,59 @@ TODO: see issue #161 | |||
| Connections should remain open until they become idle for a pre-negotiated | |||
| period of time. A QUIC connection, once established, can be terminated in one | |||
| of four ways: negotiated shutdown, idle timeout, immediate close, and a | |||
There was a problem hiding this comment.
This list still refers to "negotiated shutdown" while the subsections refer to "application close." Might want to align them.
draft-ietf-quic-transport.md
Outdated
| immediately. A CONNECTION_CLOSE causes all open streams to immediately become | ||
| closed; open streams can be assumed to be implicitly reset. After receiving a | ||
| CONNECTION_CLOSE frame, endpoints MUST NOT send additional packets on that | ||
| connection. |
There was a problem hiding this comment.
This probably falls under the above clause:
In all cases, it is possible to acknowledge packets that are received as normal, but other reactions might be preferrable depending on how the connection was closed.
However, that's in conflict with the MUST NOT in this paragraph.
draft-ietf-quic-transport.md
Outdated
| Different treatment is given to packets that are received while a connection is | ||
| in the draining period depending on how the connection was closed. In all | ||
| cases, it is possible to acknowledge packets that are received as normal, but | ||
| other reactions might be preferrable depending on how the connection was closed. |
There was a problem hiding this comment.
"preferable", not "preferrable"
martinthomson
added
design
|
This is what you get for trying to clean things up: they end up being substantial. |
|
Is there a scenario where the draining period can be truncated by sending ACK in response to CONNECTION_CLOSE and where CONNECTION_CLOSE is retransmitted if ACK is not received? |
|
If an endpoint receives an ACK for a CONNECTION_CLOSE, it still needs to handle more packets (it remains in its draining period) because packets that were sent before the ACK might still be in transit. Thus, the shortcut isn't really that useful here. Obviously the endpoint that acknowledges the CONNECTION_CLOSE won't send any more packets, but if its own packets are still in flight, then it might get a few more CONNECTION_CLOSE frames (as a result of packets sent before it acknowledged the CONNECTION_CLOSE). The only real trimming we might do is to have the endpoint that sends the CONNECTION_CLOSE stop sending more CONNECTION_CLOSE frames in response to receiving more packets. |
draft-ietf-quic-transport.md
Outdated
|
|
||
|
|
||
| ## Stateless Reset {#stateless-reset} | ||
| of four ways: negotiated shutdown, idle timeout, immediate close, and a |
There was a problem hiding this comment.
I think this comment got lost somewhere amongst the commits, so I'll re-add it: You have "negotiated shutdown" on this line, but "application close" on 1449. I think consistency would help.
draft-ietf-quic-transport.md
Outdated
| cases, it is possible to acknowledge packets that are received as normal, but | ||
| other reactions might be preferable depending on how the connection was closed. | ||
| An endpoint that is in a draining period MUST NOT send packets other than ACK, | ||
| PADDING, or CONNECTION_CLOSE. |
There was a problem hiding this comment.
Nit: These aren't packets, they're frames.
draft-ietf-quic-transport.md
Outdated
|
|
||
| Once the draining period has ended, an endpoint SHOULD discard per-connection | ||
| state. This results in new packets on the connection being discarded. An | ||
| endpoint MAY use a stateless reset in response to any further incoming packets. |
draft-ietf-quic-transport.md
Outdated
| An endpoint sends a CONNECTION_CLOSE frame to terminate the connection | ||
| immediately. A CONNECTION_CLOSE causes all open streams to immediately become | ||
| closed; open streams can be assumed to be implicitly reset. After receiving a | ||
| CONNECTION_CLOSE frame, endpoints immediately enter a draining period. |
There was a problem hiding this comment.
Endpoints presumably enter a draining period after sending a CONNECTION_CLOSE as well, no?
draft-ietf-quic-transport.md
Outdated
| An endpoint that sends a CONNECTION_CLOSE frame SHOULD respond to any packet | ||
| that it receives in the draining period with another packet containing a | ||
| CONNECTION_CLOSE frame. To reduce the state that an endpoint maintains in this | ||
| case, they MAY send the exact same packet. However, endpoints SHOULD limit the |
There was a problem hiding this comment.
they => it, since it's a single endpoint
|
@janaiyengar, this really needs your review. |
Roni noticed this, and some in the text that ekr added about it being RST-like. That text I haven't changed on the expectation that we will merge #721.
|
section 5.7 "A QUIC endpoint MUST NOT reuse a packet number within the same
|
|
Another question for stateless reset "After the Stateless Reset Token, the endpoint pads the message with an arbitrary number of octets containing random values." is it the endpoint or the server? |
|
the endpoint is the server in this case as only the server generates
stateless reset and could pad it.
…On Tue, Sep 5, 2017 at 9:44 AM, Roni Even ***@***.***> wrote:
Another question for stateless reset "After the Stateless Reset Token, the
endpoint pads the message with an arbitrary number of octets containing
random values." is it the endpoint or the server?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#721 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAP5s7GJDaYfaMnLNGGdcfk9E4eWmzGGks5sfVBHgaJpZM4O0OWB>
.
|
|
the text should say server since the term endpoint is client or server |
draft-ietf-quic-transport.md
Outdated
| were lost. | ||
|
|
||
| The draining period persists for three times the maximum of minimum RTO | ||
| (kMinRTOTimeout) or the round trip time (smoothed_rtt), see {{QUIC-RECOVERY}} |
There was a problem hiding this comment.
I'm sorry if I mis-spoke, I would simply say "three times the RTO, see {{QUIC-RECOVERY}}." The RTO value is basically a max(minRTO, f(smoothed_rtt, rtt_variance)), and 3 times the RTO value allows for two consecutive timeout periods.
draft-ietf-quic-transport.md
Outdated
| The draining period persists for three times the maximum of minimum RTO | ||
| (kMinRTOTimeout) or the round trip time (smoothed_rtt), see {{QUIC-RECOVERY}} | ||
| for descriptions of these values. During this period, new packets can be | ||
| attributed to the correct connection and acknowledged, but the connection is no |
There was a problem hiding this comment.
nit: remove phrase "attributed to the correct connection and". Seems unnecessary.
draft-ietf-quic-transport.md
Outdated
| (kMinRTOTimeout) or the round trip time (smoothed_rtt), see {{QUIC-RECOVERY}} | ||
| for descriptions of these values. During this period, new packets can be | ||
| attributed to the correct connection and acknowledged, but the connection is no | ||
| longer considered active and usable. |
There was a problem hiding this comment.
nit: instead of "the connection is no longer considered active and usable", how about "no new data or retransmittable packets may be sent on the connection"? The allowable frames are elucidated below, so I'd be happy with just "no new data may be sent on the connection."
There was a problem hiding this comment.
I went with the latter. I'm trying really hard not to say that anything is retransmittable, packets or frames. I want to keep reinforcing the idea that it's the contents of frames (the data or signal) that is retransmitted.
draft-ietf-quic-transport.md
Outdated
|
|
||
| Note: | ||
|
|
||
| : Allowing retransmision of a packet contradicts other advice in this document |
There was a problem hiding this comment.
typo: retransmision --> retransmission
This makes progress toward #61, but doesn't actually commit to a particular design. It still needs fleshing out with details of how long to wait around and so forth, but I hope that it's a reasonable start.
Closes #733, #748, #328, #177. Maybe more.