[e2e] Can we revive T/TCP ?
Joe Touch
touch at ISI.EDU
Mon Mar 27 07:13:21 PST 2006
Hi, Michael,
Michael Welzl wrote:
> Hi all,
>
> Thanks for the many answers to my question - in particular,
> of course, Bob's answer.
>
> Let me explain what I had in mind when I asked about T/TCP.
> I work on network improvements for the Grid - where people
> invoke procedure calls using SOAP over HTTP, yet have an
> interest in performance (I know that this is at odds :-) ).
> The delay of these function calls (which is apparently the result
> of SOAP processing more than anything else, but connection
> setup can also take a while if nodes are very far from each other -
> which, for instance, is true for some nodes in the EGEE Grid)
> limits the parallelization granularity in Grids - reducing it would
> be a real win in my opinion.
If that's the case, it would be useful to reexamine the whole of the
stack that's causing the problem, rather than trying to fix it at the
most ubiquitous and otherwise stable (for the rest of the Internet) layer.
> In a Grid, nodes are (or can be) authenticated. Using IPSec
> is an option. There are lots of short function calls. So, I figured:
> why is it necessary to set up connections at all before doing
> the call?
IPsec sets up security associations between endpoints, not connections.
The larger issue is that you have multiple layers of connections that
are working against - rather than with - each other.
If you're doing short function calls, then why do you need TCP? If you
want congestion control, have you considered DCCP? Or SCTP?
...
> - exactly my thinking. So skipping the handshake would make sense
> in such an environment, right?
So would skipping shared state on a per-exchange basis. ;-)
> To me, there's just one open question. When all nodes authenticate
> themselves in a Grid, why don't they just set up and maintain TCP
> connections to each other forever? The UTO draft could help here.
>
> I've been told (by Grid people) that this is completely impossible
> because it's a big security problem. I fail to see why, and nobody
> ever explained it to me.
If they use IPsec, it'd be useful to understand the security problem
that persistent TCP connections present.
Joe
More information about the end2end-interest
mailing list