分享
 
 
 

RFC492 - Response to RFC467

王朝other·作者佚名  2008-05-31
窄屏简体版  字體: |||超大  

Network Working Group E. Meyer

Request for Comments: 492 MIT-Multics

NIC: 15357 18 April 1973

RESPONSE TO RFC467

Jerry Burchfiel and Ray Tomlinson of Bolt, Beranek, and Newman, Inc,

have issued a Network Request for Comments (#467) which proposes a

solution to two problems which have been annoying to Network users.

This document will briefly describe the problems and proposed

solutions, and offer comments and alternative suggestions.

BACKGROUND

To establish a data connection between two hosts through the network,

the Host-Host protocol requires that one host send a Request for

Connection and that the second Host reply affirmatively. If the

desired socket("port") at the target host is already in use, the

target host replies negatively. Once a connection is established,

data transmission may proceed, controlled by data allocation messages

dispatched by the host at the read end of the connection. The host

on the write side is constrained by protocol to send only as mUCh

data as has been permitted by the read side. If it exhausts the

allocation it must wait until a new data allocation control message

is received. Then it can send more.

One of the problems arises from the fact that messages apparently are

lost somewhere in the transmission path with a low but regular

frequency. If an allocate control message concerning an open

connection is lost, a situation can occur in which data transmission

over the connection ceases permanently. This can happen because the

host at the send side believes it has exhausted its allocation, and

sits holding back data to end because it is waiting for a new data

allocation message to come from the read side. However, the read

side has actually sent out the allocation, but it was lost. It

thinks that the send side may proceed and sits waiting for data to

come in over the connection. This is known as the "lost allocate"

phenomenon. However, similar symptoms can occur if a data message is

lost and the send side exhausts its allocation before a new

allocation is given by the read side. The send side waits for a new

allocation, but the read side has not received one of the data

messages and believes there is still some allocation left. In either

case, the result is a permanently blocked connection. This appears

to happen with enough regularity to be annoying to users who connect

typewriters to foreign hosts through the Network. When it happens,

the only current solution is to disconnect and to establish a new

connection.

The solution to this problem which RFC467 proposes is to establish a

pair of allocation-resetting control messages, one for use by the

send side (RCS) and the other for the read side (RCR). Whenever it

wishes, either side may initiate the allocation-resetting sequence by

setting its own allocation counter to zero and dispatching an RCS or

RCR control message to the other side. The host receiving it will

set its own allocation counter for that connection to zero and send

an RCR or RCS in reply. Now the allocations for both sides are in

synchronization (they are zero), and data transmission can begin

again when a new allocation is sent by the receive side. This

procedure is intended to be initiated whenever either side thinks the

connection has been quiescent for a suspiciously long time. The

actual specification of this control message pair in RFC467 is more

complex in that the pipeline between the two sides must be empty of

data messages before the send side may dispatch an RCS control

message.

The second problem arises when the host at one side of an open

connection crashes and purges its tables when it comes back up, while

the host at the other end of the connection does not notice that

anything has happened. (A similar situation occurs when the Network

path temporarily fails between the two hosts, but only one host

notices the failure and closes the connection.) If the host which

crashed attempts to re-establish the connection, the host at the

other end refuses to do so because the socket to which the connection

request is targeted is seemingly already involved in an open

connection. Given the idiosyncrasies of the terminal support

software of some systems, users at some consoles may be unable to

reconnect to the distant system they were connected with when the

local system supporting his terminal crashed. This can continue

indefinitely until the system which believes the original connections

to be still open resets its internal state. This is call the "half-

closed" phenomenon, and a solution is proposed in RFC467. The basic

principle of the RFC467 proposal is that the side which has the open

connection is able to detect an inconsistency whenever either side

performs communication regarding this connection. When it does, it

is supposed to silently (without regard to normal protocol) close the

connection and be ready to handle connection requests to the

previously connected port.

There are two types of interactions in which "half-closed"

inconsistency is uncovered. The first case occurs when the connected

side sends a message over a write connection. The side which has

lost the connection receives this as a data message which does not

correspond to an open connection and replies with an Error Report

control message. When the connected side receives it, it realizes

that the connection actually no longer exists and deletes it from its

own tables. The second case occurs when the host which has lost the

connection sends a connection request to the other host specifying

the same sockets as were involved in the previous connection. The

host receiving this request recognizes the inconsistency, because not

only is the local socket already connected, it is connected to the

same foreign socket as specified in the connection request. It

internally deletes its record of the connection, making the local

socket free, and responds to the connection request normally.

COMMENTS AND ALTERNATIVE PROPOSALS

The Project MAC Computer Systems Research Division opposes both

protocol change proposals in this RFC. We have moderate opposition

to the proposal to handle half-closed connections because it fails to

consider all ASPects of the problem and it further complicates the

protocol, but very strong opposition to the proposal for allocation

resynchronization because it attacks a symptom, not the disease, and

furthermore tends to mask diagnosis of a potentially very serious

network problem.

RFC467 proposes the addition of two control messages, Reset

Connection by Sender (RCS) and Reset Connection by Receiver (RCR)

whose sole purpose is to resynchronize the allocation counters at

both ends of a connection. In this way the "lost allocate"

phenomenon, in which allocate (ALL) control messages somehow are lost

in transmission so that the sending side is unable to continue

transmitting data is solved. If it were truly a "lost allocate"

problem, this would be viable solution. However, I feel that this is

really a "lost message" problem, in which messages of all kinds are

being lost in transmission, which is much more serious. ALL messages

may be very frequent in communications with some hosts and these may

be the ones most often lost, but if messages are actually lost in the

network, it may also be data messages that are being lost, which

would provide similar symptoms. A lost message in a Telnet

connection can be detected and overcome by the human user, but an

undetected lost message from the middle of a transmitted file can

have disastrous consequences, especially because the invalid file, if

ever detected, can perhaps not be corrected. Because this "solution"

tends to paper over the immediate problem and to propagate it to a

point far removed in both space and time at which it appears as an

incomprehensible disaster, it should be strongly opposed.

The real problem appears to be the random undetected loss of messages

somewhere in the transmission path. A true solution to this problem

is either a) to eliminate the cause of undetected loss of messages,

or b) to move to a new protocol which is designed to cope with an

unreliable physical transmission path. Either of these solutions is

some distance away. A proposed interim solution which modifies the

existing GVB and RET commands and which has the additional feature of

simplifying them somewhat is outlined below.

A receiving host may at an arbitrary time issue a Give-Back

allocation (GVB) control message for a connection.

8 8 8 8

+-------+-------+--------+--------+

GVB link f =255 f =255

m b

+-------+-------+--------+--------+

The format of this GVB message is the same as that currently defined,

except that the fraction fields f(m) and f(b) are required to all 1s.

This is designed to provide a measure of upward compatibility. A

host operating under the modified protocol will ignore the fraction

fields, but under the current protocol this message means return

everything. A sending host which receives a GVB control message

immediately ceases transmission on the specified link. When the RFNM

from the last message transmitted is received (indicating an empty

pipeline), the sending host issues a Return Allocation (RET) control

message, returning the remaining allocation.

8 8 16 32

+------+------+-----------+-----------+

RET link msg space bit space

+------+------+-----------+-----------+

The modified RET command has the same format as that currently

defined. The two differences are that it can not be sent until data

transmission ceases and the last RFNM is received, and that it must

return all remaining allocation for the send link (i.e., the

allocation counters are set to zero).

When the host on the read side of the connection receives the RET

message, the allocation counters at the send side are zero and the

pipeline is empty. Therefore, if no error has occurred during the

connection, the allocation returned in the RET message should be the

same as the allocation in the counters of the read side of the

connection. If so, the read side can proceed to send a new

allocation secure in the knowledge that no message has been lost. If

the two sets of values do not agree, some error in the transmitted

data may have occurred. What to do in that case is a local host

option. Some hosts may choose to close the connection, while others

may choose to resume transmission by sending a new allocation to the

sending side. I feel that as a minimum a host should send a message

indicating the error both to the user and to some human being at the

host responsible for monitoring network performance.

This modified control message pair is capable of both its originally

intended function,and of detecting errors and resynchronizing

allocations (if desired) when initiated by the receiving side. I

feel that the inability of this scheme to initiate allocation

checking from either side is only a minor disadvantage which is more

than compensated for by its positive features: this scheme gives

positive indication that an error has occurred (the proposed RCS/RCR

method conceals errors), and this minor change to the protocol may

mean a correspondingly minor change to NCP's.

I have negative feelings regarding the solution to the "half-closed"

problem proposed in RFC467. To put additional burden on the RTS and

STR commands not only unduly complicates the protocol, but in some

sense can make operation less fail-safe and problems more obscure.

My main objection concerns the action to be taken when control

messages are received which conflict with the current state of the

receiving NCP. This proposal suggests that an NCP receiving an STR

or RTS for a socket it believes to be connected assume something

about the state of the foreign NCP (that the foreign NCP has closed

the connection) and automatically change its own state to agree with

the assumed state at the other end (close the connection at its end).

This may work fine if the assumption is correct and the

implementations are free from bugs. However, the following

situations could cause problems that are perhaps hard to diagnose: 1)

the foreign NCP has a bug which causes it to send an RTS or STR for a

connected socket, 2) the foreign NCP chooses to interpret the queuing

option of the current protocol as permitting RFC's to be sent for

already connected sockets, or 3) the local NCP has a bug which

erroneously causes it to regard RFC's coming from a different host or

from the particular foreign host but concerning a different foreign

socket as pertaining to the open connection attached to the target

socket.

A second objection is that this proposal does not cover all

possibilities. Two likely possibilities are: another socket (from

any host) attempts to connect to the socket involved in the dead

connection. Second, the host that lost a connection attached to one

of its read sockets makes another connection with different sockets,

but uses the same link number that implemented the previous

connection. The second case can be handled by additional

complications to the protocol. However, the first case is

symptomatically identical to the situation in which an RFCis issued

for a genuinely already-connected socket. It can not be handled

using this approach.

I believe that a more rigorous use of the existing Reset Host (RST)

control message would eliminate most of the causes of the "half-

closed" phenomenon; viz. one of the hosts involved in a connection

goes down without sending an RST when it comes back up; or the

network between the two hosts partitions, and only one host notes it.

If it were deemed necessary, a pair of Reset Link control commands to

reset an individual link could be added to the protocol to cope with

instance of the "half-closed" phenomenon due to other causes.

I'd like to set down here a number of principles which I think are at

least peripherally concerned with alleviating the "half-closed"

phenomenon. None of these is eXPlicitly stated in the current Host-

Host protocol document, but I believe that their enunciation would

tend to alleviate confusion caused by network and host failures.

1. A NCP which receives an Imp-to-Host message type 7 (Host Dead)

concerning a host should consider all connections or connection

attempts with that host as dead and should purge them from its

tables.

2. When after noting a foreign host as dead (by receiving a "Host

Dead" Imp-to-Host message), an NCP receives any message from

that host other than a Reset Host (RST) control message, it

should delete the message and respond with an RST. It should

respond normally to a received RST.

3. Two hosts must exchange the RST - RRP reset control message

pair prior to any other form of communications. An RST must

first be sent by an NCP wishing to start communications with a

foreign host if that host pair has not been previously reset

since the local NCP came up or it noted the foreign NCP as

down. Note that this does not require an NCP to send resets to

all other hosts each time it comes up.

4. An NCP which receives an Imp-to-Host message type 9 (Incomplete

Transmission) concerning a write link implementing an open

connection, may at its option make several tries to retransmit

the last message until a RFNM is received or the NCP gives up.

However, unless the message is eventually successfully

transmitted to the foreign host the NCP must abort the

connection, sending out a CLS control message. The successful

implementation of retransmission depends on the retransmitting

host to wait for a RFNM on a data link before sending a

subsequent message and on all hosts to be able to discard

messages which are not completely received.

5. An NCP which receives a message from a foreign host that seems

inconsistent with its current state should take no action to

modify that state. Rather it should send an ERR error control

message specifying the type of inconsistency and discard the

inconsistent message. An NCP receiving an ERR message should

log it for human inspection and is then allowed to silently

modify its internal state or send out control messages in order

to remove the inconsistency. (This is an extension of the

proposal in RFC467 that an NCP should delete a connection when

it receives an ERR message specifying that the link involved is

unknown.)

[This RFCwas put into machine readable form for entry]

[into the online RFCarchives by Helene Morin, Via Genie,12/1999]

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有