RFC relevance of different

As per Relevance of the word different, we have this rfc below:

Network Working Group X.
Request for Comments: 2873 Global
Category: Standards Track A.

V.
ACIRI/
E.
Exodus
June 2000

TCP Processing of the IPv4 Precedence

Status of this

This document specifies an Internet standards track protocol for
Internet community, and requests discussion and suggestions
improvements. Please refer to the current edition of the "
Official Protocol Standards" (STD 1) for the standardization
and status of this protocol. Distribution of this memo is unlimited

Copyright

Copyright (C) The Internet Society (2000). All Rights Reserved

This memo describes a conflict between TCP [RFC793] and
[RFC2475] on the use of the three leftmost bits in the TOS octet
an IPv4 header [RFC791]. In a network that contains DiffServ-
nodes, such a conflict can cause failures in establishing
connections or can cause some established TCP connections to be
undesirably. This memo proposes a modification to TCP for
the conflict

Because the IPv6 [RFC2460] traffic class octet does not have
defined meaning except what is defined in RFC 2474, and in
does not define precedence or security parameter bits, there is
conflict between TCP and DiffServ on the use of any bits in the IPv
traffic class octet

1.

In TCP, each connection has a set of states associated with it.
states are reflected by a set of variables stored in the TCP
Block (TCB) of both ends. Such variables may include the local
remote socket number, precedence of the connection, security

Xiao, et al. Standards Track [Page 1]

RFC 2873 TCP and the IPv4 Precedence Field June 2000

and compartment, etc. Both ends must agree on the setting of
precedence and security parameters in order to establish a
and keep it open

There is no field in the TCP header that indicates the precedence
a segment. Instead, the precedence field in the header of the
packet is used as the indication. The security level and
are likewise carried in the IP header, but as IP options rather
a fixed header field. Because of this difference, the problem
precedence discussed in this memo does not apply to them

TCP requires that the precedence (and security parameters) of
connection must remain unchanged during the lifetime of
connection. Therefore, for an established TCP connection
precedence, the receipt of a segment with different
indicates an error. The connection must be reset [RFC793, pp. 36, 37,
40, 66, 67, 71].

With the advent of DiffServ, intermediate nodes may modify
Differentiated Services Codepoint (DSCP) [RFC2474] of the IP
to indicate the desired Per-hop Behavior (PHB) [RFC2475, RFC2597,
RFC2598]. The DSCP includes the three bits formerly known as
precedence field. Because any modification to those three bits
be considered illegal by endpoints that are precedence-aware,
may cause failures in establishing connections, or may
established connections to be reset

2.

Segment: the unit of data that TCP sends to

Precedence Field: the three leftmost bits in the TOS octet of an IPv
header. Note that in DiffServ, these three bits may or may not
used to denote the precedence of the IP packet. There is
precedence field in the traffic class octet in IPv6.

TOS Field: bits 3-6 in the TOS octet of IPv4 header [RFC 1349].

MBZ field: Must Be

The structure of the TOS octet is depicted below

0 1 2 3 4 5 6 7
+-----+-----+-----+-----+-----+-----+-----+-----+
| PRECEDENCE | TOS | MBZ |
+-----+-----+-----+-----+-----+-----+-----+-----+

Xiao, et al. Standards Track [Page 2]

RFC 2873 TCP and the IPv4 Precedence Field June 2000

DS Field: the TOS octet of an IPv4 header is renamed
Differentiated Services (DS) Field by DiffServ

The structure of the DS field is depicted below

0 1 2 3 4 5 6 7
+---+---+---+---+---+---+---+---+
| DSCP | CU |
+---+---+---+---+---+---+---+---+

DSCP: Differentiated Service Code Point, the leftmost 6 bits in
DS field

CU: currently unused

Per-hop Behavior (PHB): a description of the externally
forwarding treatment applied at a differentiated services-
node to a behavior aggregate

3. Problem

The manipulation of the DSCP to achieve the desired PHB by DiffServ
capable nodes may conflict with TCP's use of the precedence field
This conflict can potentially cause problems for TCP
that conform to RFC 793. First, page 36 of RFC 793 states

If the connection is in any non-synchronized state (LISTEN, SYN
SENT, SYN-RECEIVED), and the incoming segment
something not yet sent (the segment carries an unacceptable ACK),
or if an incoming segment has a security level or
which does not exactly match the level and compartment
for the connection, a reset is sent. If our SYN has not
acknowledged and the precedence level of the incoming segment
higher than the precedence level requested then either raise
local precedence level (if allowed by the user and the system)
send a reset; or if the precedence level of the incoming
is lower than the precedence level requested then continue as
the precedence matched exactly (if the remote TCP cannot
the precedence level to match ours this will be detected in
next segment it sends, and the connection will be
then). If our SYN has been acknowledged (perhaps in this
segment) the precedence level of the incoming segment must
the local precedence level exactly, if it does not a reset
be sent

This leads to Problem #1: For a precedence-aware TCP module,
during TCP's synchronization process, the precedence fields of
SYN and/or ACK packets are modified by the intermediate nodes

Xiao, et al. Standards Track [Page 3]

RFC 2873 TCP and the IPv4 Precedence Field June 2000

resulting in the received ACK packet having a different
from the precedence picked by this TCP module, the TCP
cannot be established, even if both modules actually agree on
identical precedence for the connection

Then, on page 37, RFC 793 states

If the connection is in a synchronized state (ESTABLISHED, FIN
WAIT-1, FIN-WAIT-2, CLOSE-WAIT, CLOSING, LAST-ACK, TIME-WAIT),
security level, or compartment, or precedence which does
exactly match the level, and compartment, and
requested for the connection, a reset is sent and connection
to the CLOSED state

This leads to Problem #2: For a precedence-aware TCP module, if
precedence field of a received segment from an established
connection has been changed en route by the intermediate nodes so
to be different from the precedence specified during the
setup, the TCP connection will be reset

Each of problems #1 and #2 has a mirroring problem. They cause
connections that must be reset according to RFC 793 not to be reset

Problem #3: A TCP connection may be established between two
modules that pick different precedence, because the precedence
of the SYN and ACK packets are modified by intermediate nodes
resulting in both modules thinking that they are in agreement for
precedence of the connection

Problem #4: A TCP connection has been established normally by
TCP modules that pick the same precedence. But in the middle of
data transmission, one of the TCP modules changes the precedence
its segments. According to RFC 793, the TCP connection must be reset
In a DiffServ-capable environment, if the precedence of the
is altered by intermediate nodes such that it retains the
value when arriving at the other TCP module, the connection will
be reset

4. Proposed Modification to

The proposed modification to TCP is that TCP must ignore
precedence of all received segments. More specifically

(1) In TCP's synchronization process, the TCP modules at both
must ignore the precedence fields of the SYN and SYN ACK packets.
TCP connection will be established if all the conditions specified
RFC 793 are satisfied except the precedence of the connection

Xiao, et al. Standards Track [Page 4]

RFC 2873 TCP and the IPv4 Precedence Field June 2000

(2) After a connection is established, each end sends segments
its desired precedence. The precedence picked by one end of the
connection may be the same or may be different from the
picked by the other end (because precedence is ignored
connection setup time). The precedence fields may be changed by
intermediate nodes too. In either case, the precedence of
received packets will be ignored by the other end. The TCP
will not be reset in either case

Problems #1 and #2 are solved by this proposed modification.
#3 and #4 become non-issues because TCP must ignore the precedence
In a DiffServ-capable environment, the two cases described
problems #3 and #4 should be allowed

5. Security

A TCP implementation that terminates a connection upon receipt of
segment with an incorrect precedence field, regardless of
correctness of the sequence numbers in the segment's header, poses
serious denial-of-service threat, as all an attacker must do
terminate a connection is guess the port numbers and then send
segments with different precedence values; one of them is certain
terminate the connection. Accordingly, the change to TCP
proposed in this memo would yield a significant gain in terms of
TCP implementation's resilience

On the other hand, the stricter processing rules of RFC 793
principle make TCP spoofing attacks more difficult, as the
must not only guess the victim TCP's initial sequence number,
also its precedence setting

Finally, the security issues of each PHB group are addressed in
PHB group's specification [RFC2597, RFC2598].

6.

Our thanks to Al Smith for his careful review and comments

Xiao, et al. Standards Track [Page 5]

RFC 2873 TCP and the IPv4 Precedence Field June 2000

7.

[RFC791] Postel, J., "Internet Protocol", STD 5, RFC 791,
1981.

[RFC793] Postel, J., "Transmission Control Protocol", STD 7,
793, September 1981.

[RFC1349] Almquist, P., "Type of Service in the Internet
Suite", RFC 1349, July 1992.

[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998.

[RFC2474] Nichols, K., Blake, S., Baker, F. and D. Black, "
of the Differentiated Services Field (DS Field) in the IPv
and IPv6 Headers", RFC 2474, December 1998.

[RFC2475] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z.
W. Weiss, "An Architecture for Differentiated Services",
RFC 2475, December 1998.

[RFC2597] Heinanen, J., Baker, F., Weiss, W. and J. Wroclawski
"Assured Forwarding PHB Group", RFC 2587, June 1999.

[RFC2598] Jacobson, V., Nichols, K. and K. Poduri, "An
Forwarding PHB", RFC 2598, June 1999.

Xiao, et al. Standards Track [Page 6]

RFC 2873 TCP and the IPv4 Precedence Field June 2000

8. Authors'

Xipeng
Global
141 Caspian
Sunnyvale, CA 94089

Phone: +1 408-543-4801
EMail: xipeng@gblx.

Alan
iVMG, Inc
112 Falkirk
Sunnyvale, CA 94087

Phone: +1 408-749-7084
EMail: alan@ivmg.

Edward
Exodus
2650 San Tomas
Santa Clara, CA 95051

Phone: +1 408-346-1544
EMail: edc@explosive.

Vern
ACIRI/
1947 Center
Suite 600
Berkeley, CA 94704-1198

Phone: +1 510-666-2882
EMail: vern@aciri.

Xiao, et al. Standards Track [Page 7]

RFC 2873 TCP and the IPv4 Precedence Field June 2000

9. Full Copyright

Copyright (C) The Internet Society (2000). All Rights Reserved

This document and translations of it may be copied and furnished
others, and derivative works that comment on or otherwise explain
or assist in its implementation may be prepared, copied,
and distributed, in whole or in part, without restriction of
kind, provided that the above copyright notice and this paragraph
included on all such copies and derivative works. However,
document itself may not be modified in any way, such as by
the copyright notice or references to the Internet Society or
Internet organizations, except as needed for the purpose
developing Internet standards in which case the procedures
copyrights defined in the Internet Standards process must
followed, or as required to translate it into languages other
English

The limited permissions granted above are perpetual and will not
revoked by the Internet Society or its successors or assigns

This document and the information contained herein is provided on
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE

Funding for the RFC Editor function is currently provided by
Internet Society

Xiao, et al. Standards Track [Page 8]

if you see any problems within the linking, don't worry be happy,
this is version 0.1 of the Relevance System and you gotta expect some crappy subroutines sometimes,
just be content we did not write this in Java, which would have made this "bigger and better" HAHAHHA.

RFC documents can be found at I.E.T.F.

Relevance System Copyright © 2002 Spectrum WorldResearch
other technical nosh by ServerMasters Corporation
collaboration of BobX