[e2e] Receiving RST on a MD5 TCP connection.
Tapan Karwa
tapankarwa at yahoo.com
Fri Jul 1 11:45:41 PDT 2005
> TCP doesn't focus on cleaning up old state. This
> should happen just fine in background.
Consider the 2 cases:
1) NOT using TCP-MD5 for BGP.
2) Using TCP-MD5 for BGP.
If I were "not" using MD5 and YY reboots, comes up and
chooses a different port (65002), XX would not know
that YY has rebooted and it would continue to send a
segment on the old connection i.e. on port 65001 to
YY. YY would respond with an RST and XX would happily
accept it and close the old connection. This is
because segments in either direction dont need to have
the MD5 digest and so the RST from YY is valid for XX
and it will accept it. So, this is the case when I am
not using MD5 and things work fine even when YY
reboots.
The problem case is when I "am" using MD5 and YY
reboots and comes up again. XX doesnt know about it
and XX sends segments "with" the MD5 digest and YY
responds with RSTs "without" the MD5 digest. Thats
when the old connection will stick around until XX has
tried 12 retransmissions since its going to ignore the
RSTs without the MD5 digest from YY. The RFC for
TCP-MD5 says this is a problem but does not recommend
any solution.
Maybe its ok to let the old connection stick around
until XX is done retransmitting and gives up.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the end2end-interest
mailing list