rfc9643v2.txt | rfc9643.txt | |||
---|---|---|---|---|
skipping to change at line 99 ¶ | skipping to change at line 99 ¶ | |||
conjunction with the configuration defined for higher level protocols | conjunction with the configuration defined for higher level protocols | |||
that depend on TCP (e.g., SSH, TLS, etc.). Examples of higher level | that depend on TCP (e.g., SSH, TLS, etc.). Examples of higher level | |||
protocol configuration designed to be used in conjunction with this | protocol configuration designed to be used in conjunction with this | |||
configuration are in [RFC9644] and [RFC9645]. | configuration are in [RFC9644] and [RFC9645]. | |||
The modules focus on three different types of base TCP parameters | The modules focus on three different types of base TCP parameters | |||
that matter for TCP-based applications: First, the modules cover | that matter for TCP-based applications: First, the modules cover | |||
fundamental configuration of a TCP client or TCP server application, | fundamental configuration of a TCP client or TCP server application, | |||
such as addresses and port numbers. Second, a reusable grouping | such as addresses and port numbers. Second, a reusable grouping | |||
enables modification of application-specific parameters for TCP | enables modification of application-specific parameters for TCP | |||
connections, such as use of TCP keep-alives. And third, client | connections, such as use of TCP keepalives. And third, client | |||
configuration for traversing proxies is included as well. In each | configuration for traversing proxies is included as well. In each | |||
case, the modules have a very narrow scope and focus on a minimum set | case, the modules have a very narrow scope and focus on a minimum set | |||
of required parameters. | of required parameters. | |||
Please be advised that while this document presents support for some | Please be advised that while this document presents support for some | |||
TCP proxy techniques, there are other TCP proxy techniques that are | TCP proxy techniques, there are other TCP proxy techniques that are | |||
not part of this document but could be added by augmenting the YANG | not part of this document but could be added by augmenting the YANG | |||
module. | module. | |||
1.1. Relation to Other RFCs | 1.1. Relation to Other RFCs | |||
skipping to change at line 209 ¶ | skipping to change at line 209 ¶ | |||
terms of its features and groupings. | terms of its features and groupings. | |||
2.1.1. Model Scope | 2.1.1. Model Scope | |||
This document presents a common "grouping" statement for basic TCP | This document presents a common "grouping" statement for basic TCP | |||
connection parameters that matter to applications. It is "common" in | connection parameters that matter to applications. It is "common" in | |||
that this grouping is used by both the "ietf-tcp-client" and "ietf- | that this grouping is used by both the "ietf-tcp-client" and "ietf- | |||
tcp-server" modules. In some TCP stacks, such parameters can also | tcp-server" modules. In some TCP stacks, such parameters can also | |||
directly be set by an application using system calls, such as the | directly be set by an application using system calls, such as the | |||
sockets API. The base YANG data model in this document focuses on | sockets API. The base YANG data model in this document focuses on | |||
modeling TCP keep-alives. This base model can be extended as needed. | modeling TCP keepalives. This base model can be extended as needed. | |||
2.1.2. Features | 2.1.2. Features | |||
The following diagram lists all the "feature" statements defined in | The following diagram lists all the "feature" statements defined in | |||
the "ietf-tcp-common" module: | the "ietf-tcp-common" module: | |||
Features: | Features: | |||
+-- keepalives-supported | +-- keepalives-supported | |||
The diagram above uses syntax that is similar to but not defined in | The diagram above uses syntax that is similar to but not defined in | |||
skipping to change at line 245 ¶ | skipping to change at line 245 ¶ | |||
grouping tcp-common-grouping: | grouping tcp-common-grouping: | |||
+-- keepalives! {keepalives-supported}? | +-- keepalives! {keepalives-supported}? | |||
+-- idle-time? uint16 | +-- idle-time? uint16 | |||
+-- max-probes? uint16 | +-- max-probes? uint16 | |||
+-- probe-interval? uint16 | +-- probe-interval? uint16 | |||
Comments: | Comments: | |||
* The "keepalives" node is a "presence" container so that the | * The "keepalives" node is a "presence" container so that the | |||
mandatory descendant nodes do not imply that keep-alives must be | mandatory descendant nodes do not imply that keepalives must be | |||
configured. | configured. | |||
* The "idle-time", "max-probes", and "probe-interval" nodes have the | * The "idle-time", "max-probes", and "probe-interval" nodes have the | |||
common meanings. Please see the YANG module in Section 2.3 for | common meanings. Please see the YANG module in Section 2.3 for | |||
details. | details. | |||
2.1.4. Protocol-Accessible Nodes | 2.1.4. Protocol-Accessible Nodes | |||
The "ietf-tcp-common" module defines only "grouping" statements that | The "ietf-tcp-common" module defines only "grouping" statements that | |||
are used by other modules to instantiate protocol-accessible nodes. | are used by other modules to instantiate protocol-accessible nodes. | |||
Thus, this module, when implemented, does not itself define any | Thus, this module, when implemented, does not itself define any | |||
protocol-accessible nodes. | protocol-accessible nodes. | |||
2.1.5. Guidelines for Configuring TCP Keep-Alives | 2.1.5. Guidelines for Configuring TCP Keepalives | |||
Network stacks may include keep-alives in their TCP implementations, | Network stacks may include keepalives in their TCP implementations, | |||
although this practice is not universally implemented. If keep- | although this practice is not universally implemented. If keepalives | |||
alives are included, [RFC9293] mandates that the application MUST be | are included, [RFC9293] mandates that the application MUST be able to | |||
able to turn them on or off for each TCP connection and that they | turn them on or off for each TCP connection and that they MUST | |||
MUST default to off. | default to off. | |||
Keep-alive mechanisms exist in many protocols. Depending on the | Keepalive mechanisms exist in many protocols. Depending on the | |||
protocol stack, TCP keep-alives may only be one out of several | protocol stack, TCP keepalives may only be one out of several | |||
alternatives. Which mechanism(s) to use depends on the use case and | alternatives. Which mechanism(s) to use depends on the use case and | |||
application requirements. If keep-alives are needed by an | application requirements. If keepalives are needed by an | |||
application, it is RECOMMENDED that the liveness check happens only | application, it is RECOMMENDED that the liveness check happens only | |||
at the protocol layers that are meaningful to the application. | at the protocol layers that are meaningful to the application. | |||
A TCP keep-alive mechanism SHOULD only be invoked in server | A TCP keepalive mechanism SHOULD only be invoked in server | |||
applications that might otherwise hang indefinitely and consume | applications that might otherwise hang indefinitely and consume | |||
resources unnecessarily if a client crashes or aborts a connection | resources unnecessarily if a client crashes or aborts a connection | |||
during a network failure [RFC9293]. TCP keep-alives may consume | during a network failure [RFC9293]. TCP keepalives may consume | |||
significant resources both in the network and in endpoints (e.g., | significant resources both in the network and in endpoints (e.g., | |||
battery power). In addition, frequent keep-alives risk network | battery power). In addition, frequent keepalives risk network | |||
congestion. The higher the frequency of keep-alives, the higher the | congestion. The higher the frequency of keepalives, the higher the | |||
overhead. | overhead. | |||
Given the cost of keep-alives, parameters have to be configured | Given the cost of keepalives, parameters have to be configured | |||
carefully: | carefully: | |||
* The default idle interval (leaf "idle-time") is two hours, i.e., | * The default idle interval (leaf "idle-time") is two hours, i.e., | |||
7200 seconds [RFC9293]. A lower value MAY be configured, but idle | 7200 seconds [RFC9293]. A lower value MAY be configured, but idle | |||
intervals SHOULD NOT be smaller than 15 seconds. Longer idle | intervals SHOULD NOT be smaller than 15 seconds. Longer idle | |||
intervals SHOULD be used when possible. | intervals SHOULD be used when possible. | |||
* The maximum number of sequential keep-alive probes that can fail | * The maximum number of sequential keepalive probes that can fail | |||
(leaf "max-probes") trades off responsiveness and robustness | (leaf "max-probes") trades off responsiveness and robustness | |||
against packet loss. ACK segments that contain no data are not | against packet loss. ACK segments that contain no data are not | |||
reliably transmitted by TCP. Consequently, if a keep-alive | reliably transmitted by TCP. Consequently, if a keepalive | |||
mechanism is implemented, it MUST NOT interpret failure to respond | mechanism is implemented, it MUST NOT interpret failure to respond | |||
to any specific probe as a dead connection [RFC9293]. Typically, | to any specific probe as a dead connection [RFC9293]. Typically, | |||
a single-digit number should suffice. | a single-digit number should suffice. | |||
* TCP implementations may include a parameter for the number of | * TCP implementations may include a parameter for the number of | |||
seconds between TCP keep-alive probes (leaf "probe-interval"). In | seconds between TCP keepalive probes (leaf "probe-interval"). In | |||
order to avoid congestion, the time interval between probes MUST | order to avoid congestion, the time interval between probes MUST | |||
NOT be smaller than one second. Significantly longer intervals | NOT be smaller than one second. Significantly longer intervals | |||
SHOULD be used. It is important to note that keep-alive probes | SHOULD be used. It is important to note that keepalive probes (or | |||
(or replies) can get dropped due to network congestion. Sending | replies) can get dropped due to network congestion. Sending | |||
further probe messages into a congested path after a short | further probe messages into a congested path after a short | |||
interval, without backing off timers, could cause harm and result | interval, without backing off timers, could cause harm and result | |||
in a congestion collapse. Therefore, it is essential to pick a | in a congestion collapse. Therefore, it is essential to pick a | |||
large, conservative value for this interval. | large, conservative value for this interval. | |||
2.2. Example Usage | 2.2. Example Usage | |||
This section presents an example showing the "tcp-common-grouping" | This section presents an example showing the "tcp-common-grouping" | |||
grouping populated with some data. | grouping populated with some data. | |||
The following example uses the XML [W3C.REC-xml-20081126] encoding. | ||||
<!-- The outermost element below doesn't exist in the data model. --> | <!-- The outermost element below doesn't exist in the data model. --> | |||
<!-- It simulates if the "grouping" were a "container" instead. --> | <!-- It simulates if the "grouping" were a "container" instead. --> | |||
<tcp-common xmlns="urn:ietf:params:xml:ns:yang:ietf-tcp-common"> | <tcp-common xmlns="urn:ietf:params:xml:ns:yang:ietf-tcp-common"> | |||
<keepalives> | <keepalives> | |||
<idle-time>7200</idle-time> | <idle-time>7200</idle-time> | |||
<max-probes>9</max-probes> | <max-probes>9</max-probes> | |||
<probe-interval>75</probe-interval> | <probe-interval>75</probe-interval> | |||
</keepalives> | </keepalives> | |||
</tcp-common> | </tcp-common> | |||
skipping to change at line 485 ¶ | skipping to change at line 487 ¶ | |||
+-- socks5-supported {proxy-connect}? | +-- socks5-supported {proxy-connect}? | |||
+-- socks5-gss-api {socks5-supported}? | +-- socks5-gss-api {socks5-supported}? | |||
+-- socks5-username-password {socks5-supported}? | +-- socks5-username-password {socks5-supported}? | |||
Comments: | Comments: | |||
* The "local-binding-supported" feature indicates that the server | * The "local-binding-supported" feature indicates that the server | |||
supports configuring local bindings (i.e., the local address and | supports configuring local bindings (i.e., the local address and | |||
local port) for TCP clients. | local port) for TCP clients. | |||
* The "tcp-client-keepalives" feature indicates that per socket TCP | * The "tcp-client-keepalives" feature indicates that TCP keepalive | |||
keepalive parameters are configurable for TCP clients on the | parameters are configurable for TCP clients on the server | |||
server implementing this feature. | implementing this feature. | |||
* The "proxy-connect" feature indicates the TCP client supports | * The "proxy-connect" feature indicates the TCP client supports | |||
connecting through TCP proxies. | connecting through TCP proxies. | |||
* The "socks4-supported" feature indicates the TCP client supports | * The "socks4-supported" feature indicates the TCP client supports | |||
Socks4-based proxies. | Socks4-based proxies. | |||
* The "socks4a-supported" feature indicates the TCP client supports | * The "socks4a-supported" feature indicates the TCP client supports | |||
Socks4a-based proxies. The difference between Socks4 and Socks4a | Socks4a-based proxies. The difference between Socks4 and Socks4a | |||
is that Socks4a enables the "remote-address" to be specified using | is that Socks4a enables the "remote-address" to be specified using | |||
skipping to change at line 608 ¶ | skipping to change at line 610 ¶ | |||
are used by other modules to instantiate protocol-accessible nodes. | are used by other modules to instantiate protocol-accessible nodes. | |||
Thus, this module, when implemented, does not itself define any | Thus, this module, when implemented, does not itself define any | |||
protocol-accessible nodes. | protocol-accessible nodes. | |||
3.2. Example Usage | 3.2. Example Usage | |||
This section presents two examples showing the "tcp-client-grouping" | This section presents two examples showing the "tcp-client-grouping" | |||
grouping populated with some data. This example shows a TCP client | grouping populated with some data. This example shows a TCP client | |||
configured to not connect via a proxy: | configured to not connect via a proxy: | |||
The following example uses the XML [W3C.REC-xml-20081126] encoding. | ||||
<!-- The outermost element below doesn't exist in the data model. --> | <!-- The outermost element below doesn't exist in the data model. --> | |||
<!-- It simulates if the "grouping" were a "container" instead. --> | <!-- It simulates if the "grouping" were a "container" instead. --> | |||
<tcp-client xmlns="urn:ietf:params:xml:ns:yang:ietf-tcp-client"> | <tcp-client xmlns="urn:ietf:params:xml:ns:yang:ietf-tcp-client"> | |||
<remote-address>www.example.com</remote-address> | <remote-address>www.example.com</remote-address> | |||
<remote-port>8443</remote-port> | <remote-port>8443</remote-port> | |||
<local-address>192.0.2.2</local-address> | <local-address>192.0.2.2</local-address> | |||
<local-port>12345</local-port> | <local-port>12345</local-port> | |||
<keepalives> | <keepalives> | |||
<idle-time>7200</idle-time> | <idle-time>7200</idle-time> | |||
<max-probes>9</max-probes> | <max-probes>9</max-probes> | |||
<probe-interval>75</probe-interval> | <probe-interval>75</probe-interval> | |||
</keepalives> | </keepalives> | |||
</tcp-client> | </tcp-client> | |||
This example shows a TCP client configured to connect via a proxy: | This example shows a TCP client configured to connect via a proxy. | |||
The following example uses the XML [W3C.REC-xml-20081126] encoding. | ||||
<!-- The outermost element below doesn't exist in the data model. --> | <!-- The outermost element below doesn't exist in the data model. --> | |||
<!-- It simulates if the "grouping" were a "container" instead. --> | <!-- It simulates if the "grouping" were a "container" instead. --> | |||
<tcp-client xmlns="urn:ietf:params:xml:ns:yang:ietf-tcp-client"> | <tcp-client xmlns="urn:ietf:params:xml:ns:yang:ietf-tcp-client"> | |||
<remote-address>www.example.com</remote-address> | <remote-address>www.example.com</remote-address> | |||
<remote-port>8443</remote-port> | <remote-port>8443</remote-port> | |||
<local-address>192.0.2.2</local-address> | <local-address>192.0.2.2</local-address> | |||
<local-port>12345</local-port> | <local-port>12345</local-port> | |||
<proxy-server> | <proxy-server> | |||
skipping to change at line 730 ¶ | skipping to change at line 736 ¶ | |||
feature local-binding-supported { | feature local-binding-supported { | |||
description | description | |||
"Indicates that the server supports configuring local | "Indicates that the server supports configuring local | |||
bindings (i.e., the local address and local port) for | bindings (i.e., the local address and local port) for | |||
TCP clients."; | TCP clients."; | |||
} | } | |||
feature tcp-client-keepalives { | feature tcp-client-keepalives { | |||
description | description | |||
"Per socket TCP keepalive parameters are configurable for | "TCP keepalive parameters are configurable for | |||
TCP clients on the server implementing this feature."; | TCP clients on the server implementing this feature."; | |||
reference | reference | |||
"RFC 9293: Transmission Control Protocol (TCP)"; | "RFC 9293: Transmission Control Protocol (TCP)"; | |||
} | } | |||
feature proxy-connect { | feature proxy-connect { | |||
description | description | |||
"Indicates the TCP client supports connecting through | "Indicates the TCP client supports connecting through | |||
TCP proxies."; | TCP proxies."; | |||
} | } | |||
skipping to change at line 1038 ¶ | skipping to change at line 1044 ¶ | |||
This grouping is presented in the following subsection. | This grouping is presented in the following subsection. | |||
4.1.2.1. The "tcp-server-grouping" Grouping | 4.1.2.1. The "tcp-server-grouping" Grouping | |||
The following tree diagram [RFC8340] illustrates the "tcp-server- | The following tree diagram [RFC8340] illustrates the "tcp-server- | |||
grouping" grouping: | grouping" grouping: | |||
grouping tcp-server-grouping: | grouping tcp-server-grouping: | |||
+-- local-bind* [local-address] | +-- local-bind* [local-address] | |||
| +-- local-address? inet:ip-address | | +-- local-address inet:ip-address | |||
| +-- local-port? inet:port-number | | +-- local-port? inet:port-number | |||
+---u tcpcmn:tcp-common-grouping | +---u tcpcmn:tcp-common-grouping | |||
Comments: | Comments: | |||
* The "local-address" node, which is mandatory, may be configured as | * The "local-address" node, which is mandatory, may be configured as | |||
an IPv4 address, an IPv6 address, or a wildcard value. | an IPv4 address, an IPv6 address, or a wildcard value. | |||
* The "local-port" node is not mandatory, but its default value is | * The "local-port" node is not mandatory, but its default value is | |||
the invalid value "0", thus forcing the consuming data model to | the invalid value "0", thus forcing the consuming data model to | |||
skipping to change at line 1066 ¶ | skipping to change at line 1072 ¶ | |||
The "ietf-tcp-server" module defines only "grouping" statements that | The "ietf-tcp-server" module defines only "grouping" statements that | |||
are used by other modules to instantiate protocol-accessible nodes. | are used by other modules to instantiate protocol-accessible nodes. | |||
Thus, this module, when implemented, does not itself define any | Thus, this module, when implemented, does not itself define any | |||
protocol-accessible nodes. | protocol-accessible nodes. | |||
4.2. Example Usage | 4.2. Example Usage | |||
This section presents an example showing the "tcp-server-grouping" | This section presents an example showing the "tcp-server-grouping" | |||
grouping populated with some data. | grouping populated with some data. | |||
The following example uses the XML [W3C.REC-xml-20081126] encoding. | ||||
<!-- The outermost element below doesn't exist in the data model. --> | <!-- The outermost element below doesn't exist in the data model. --> | |||
<!-- It simulates if the "grouping" were a "container" instead. --> | <!-- It simulates if the "grouping" were a "container" instead. --> | |||
<tcp-server xmlns="urn:ietf:params:xml:ns:yang:ietf-tcp-server"> | <tcp-server xmlns="urn:ietf:params:xml:ns:yang:ietf-tcp-server"> | |||
<local-bind> | <local-bind> | |||
<local-address>192.0.2.2</local-address> | <local-address>192.0.2.2</local-address> | |||
<local-port>49152</local-port> | <local-port>49152</local-port> | |||
</local-bind> | </local-bind> | |||
<keepalives> | <keepalives> | |||
<idle-time>7200</idle-time> | <idle-time>7200</idle-time> | |||
skipping to change at line 1145 ¶ | skipping to change at line 1153 ¶ | |||
description | description | |||
"Initial version."; | "Initial version."; | |||
reference | reference | |||
"RFC 9643: YANG Groupings for TCP Clients and TCP Servers"; | "RFC 9643: YANG Groupings for TCP Clients and TCP Servers"; | |||
} | } | |||
// Features | // Features | |||
feature tcp-server-keepalives { | feature tcp-server-keepalives { | |||
description | description | |||
"Per socket TCP keepalive parameters are configurable for | "TCP keepalive parameters are configurable for | |||
TCP servers on the server implementing this feature."; | TCP servers on the server implementing this feature."; | |||
reference | reference | |||
"RFC 9293: Transmission Control Protocol (TCP)"; | "RFC 9293: Transmission Control Protocol (TCP)"; | |||
} | } | |||
// Groupings | // Groupings | |||
grouping tcp-server-grouping { | grouping tcp-server-grouping { | |||
description | description | |||
"A reusable grouping for configuring a TCP server. | "A reusable grouping for configuring a TCP server. | |||
skipping to change at line 1528 ¶ | skipping to change at line 1536 ¶ | |||
<https://www.rfc-editor.org/info/rfc9645>. | <https://www.rfc-editor.org/info/rfc9645>. | |||
[SOCKS] Koblas, D. and M. Koblas, "SOCKS", USENIX UNIX Security | [SOCKS] Koblas, D. and M. Koblas, "SOCKS", USENIX UNIX Security | |||
Symposium III, September 1992, <https://www.usenix.org/leg | Symposium III, September 1992, <https://www.usenix.org/leg | |||
acy/publications/library/proceedings/sec92/full_papers/ | acy/publications/library/proceedings/sec92/full_papers/ | |||
koblas.pdf>. | koblas.pdf>. | |||
[SOCKS_4A] Lee, Y., "SOCKS 4A: A Simple Extension to SOCKS 4 | [SOCKS_4A] Lee, Y., "SOCKS 4A: A Simple Extension to SOCKS 4 | |||
Protocol", <https://www.openssh.com/txt/socks4a.protocol>. | Protocol", <https://www.openssh.com/txt/socks4a.protocol>. | |||
[W3C.REC-xml-20081126] | ||||
Bray, T., Paoli, J., Sperberg-McQueen, C.M., Maler, E., | ||||
and F. Yergeau, "Extensible Markup Language (XML) 1.0 | ||||
(Fifth Edition)", World Wide Web Consortium | ||||
Recommendation REC-xml-20081126, November 2008, | ||||
<https://www.w3.org/TR/2008/REC-xml-20081126/>. | ||||
Acknowledgements | Acknowledgements | |||
The authors would like to thank the following for lively discussions | The authors would like to thank the following for lively discussions | |||
on list and in the halls (ordered by first name): Éric Vyncke, Joe | on list and in the halls (ordered by first name): Éric Vyncke, Joe | |||
Clarke, Jürgen Schönwälder, Ladislav Lhotka, Mallory Knodel, Martin | Clarke, Jürgen Schönwälder, Ladislav Lhotka, Mallory Knodel, Martin | |||
Duke, Michael Tüxen, Mohamed Boucadair, Nancy Cam-Winget, Nick | Duke, Michael Tüxen, Mohamed Boucadair, Nancy Cam-Winget, Nick | |||
Hancock, Per Andersson, Rob Wilton, Roman Danyliw, Tom Petch, and Wim | Hancock, Per Andersson, Rob Wilton, Roman Danyliw, Tom Petch, and Wim | |||
Henderickx. | Henderickx. | |||
Authors' Addresses | Authors' Addresses | |||
Kent Watsen | Kent Watsen | |||
Watsen Networks | Watsen Networks | |||
Email: kent+ietf@watsen.net | Email: kent+ietf@watsen.net | |||
Michael Scharf | Michael Scharf | |||
Hochschule Esslingen - University of Applied Sciences | Hochschule Esslingen | |||
University of Applied Sciences | ||||
Kanalstr. 33 | ||||
73728 Esslingen am Neckar | ||||
Germany | ||||
Email: michael.scharf@hs-esslingen.de | Email: michael.scharf@hs-esslingen.de | |||
End of changes. 25 change blocks. | ||||
30 lines changed or deleted | 49 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. |