From: Florian Westphal <fw@strlen.de>
To: David Miller <davem@davemloft.net>
Cc: fw@strlen.de, hagen@jauu.net, lars@netapp.com,
eric.dumazet@gmail.com, fontana@sharpeleven.org,
hannes@stressinduktion.org, glenn.judd@morganstanley.com,
dborkman@redhat.com, netdev@vger.kernel.org
Subject: Re: [PATCH net-next v2 2/5] net: tcp: add flag for ca to indicate that ECN is required
Date: Tue, 23 Sep 2014 11:11:05 +0200 [thread overview]
Message-ID: <20140923091105.GB13394@breakpoint.cc> (raw)
In-Reply-To: <20140922.163357.553905454314637491.davem@davemloft.net>
Hi Dave,
David Miller <davem@davemloft.net> wrote:
> From: Florian Westphal <fw@strlen.de>
> Date: Sat, 20 Sep 2014 23:29:19 +0200
>
> > From: Daniel Borkmann <dborkman@redhat.com>
> >
> > This patch adds a flag to TCP congestion algorithms that allows
> > for requesting to mark IPv4/IPv6 sockets with transport as ECN
> > capable, that is, ECT(0), when required by a congestion algorithm.
> >
> > It is currently used and needed in DataCenter TCP (DCTCP), as it
> > requires both peers to assert ECT on all IP packets sent - it
> > uses ECN feedback (i.e. CE, Congestion Encountered information)
> > from switches inside the data center to derive feedback to the
> > end hosts.
> >
> > Therefore, simply add a new flag to icsk_ca_ops. Note that DCTCP's
> > algorithm/behaviour slightly diverges from RFC3168, therefore this
> > is only (!) enabled iff the assigned congestion control ops module
> > has requested this. By that, we can tightly couple this logic really
> > only to the provided congestion control ops.
> >
> > Joint work with Florian Westphal and Glenn Judd.
> >
> > Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
> > Signed-off-by: Florian Westphal <fw@strlen.de>
> > Signed-off-by: Glenn Judd <glenn.judd@morganstanley.com>
>
> I don't think any administrator is going to be happy with this behavior.
>
> If he explicitly sets the tcp_ecn sysctl to zero, and then an
> unprivileged user can just start emitting ECN bits by selecting a
> different congestion control algorithm, that is unexpected.
>
> Please instead make datacenter TCP require ECN to be enabled.
Thanks for your feedback! We have actually thought about that for
quite a while before starting on the implementation, and concluded
that the behaviour is actually fine as is for three reasons:
1) DCTCP is very tighly coupled to the ECN machinery as described
in the paper. Not having ECN enabled and nevertheless allowing
DCTCP (if we would implement above feedback) would just make it
fallback to Reno, which would not be useful in the first place.
So an administrator would rather not load DCTCP to the available
congestion control modules in the first place in this case.
2) Right now an administrator can choose to use DCTCP only for a
particular process, and still avoid exposing ECN to the outside
world for every other process.
3) An unpriviledged user would not be able to use DCTCP *unless*
an administrator has explicitly allowed to use it. This is being
reflected since Stephen's commit ce7bc3bf15cb ("[TCP]: Restrict
congestion control choices.") where only Reno or the currently
compiled-in default choice is non-restricted.
If you nevertheless think that it is useful to include above feedback
to overcome your objection, we could just add a check for tcp_ecn
sysctl being set to 1 for the initialization of the congestion control
ops of the socket and otherwise fall back to Reno.
Thanks!
Daniel and Florian
next prev parent reply other threads:[~2014-09-23 9:11 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-20 21:29 [PATCH net-next v2 0/5] net: tcp: DCTCP congestion control algorithm Florian Westphal
2014-09-20 21:29 ` [PATCH net-next v2 1/5] net: tcp: assign tcp cong_ops when tcp sk is created Florian Westphal
2014-09-20 21:29 ` [PATCH net-next v2 2/5] net: tcp: add flag for ca to indicate that ECN is required Florian Westphal
2014-09-22 16:26 ` Stephen Hemminger
2014-09-22 20:11 ` Hagen Paul Pfeifer
2014-09-23 9:17 ` Daniel Borkmann
2014-09-22 20:33 ` David Miller
2014-09-23 9:11 ` Florian Westphal [this message]
2014-09-26 20:20 ` David Miller
2014-09-26 20:39 ` Daniel Borkmann
2014-09-20 21:29 ` [PATCH net-next v2 3/5] net: tcp: split ack slow/fast events from cwnd_event Florian Westphal
2014-09-20 21:29 ` [PATCH net-next v2 4/5] net: tcp: more detailed ACK events and events for CE marked packets Florian Westphal
2014-09-20 21:29 ` [PATCH net-next v2 5/5] net: tcp: add DCTCP congestion control algorithm Florian Westphal
2014-09-22 16:28 ` [PATCH net-next v2 0/5] net: tcp: " Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140923091105.GB13394@breakpoint.cc \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=dborkman@redhat.com \
--cc=eric.dumazet@gmail.com \
--cc=fontana@sharpeleven.org \
--cc=glenn.judd@morganstanley.com \
--cc=hagen@jauu.net \
--cc=hannes@stressinduktion.org \
--cc=lars@netapp.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.