In message
<201107272350(_dot_)p6RNodKa019978(_at_)fs4113(_dot_)wdf(_dot_)sap(_dot_)corp>,
Martin Rex writes
:
Mark Andrews wrote:
Dave Cridland writes:
Happy eyeballs - try everything as soon as you can, in parallel. Drop
everything else when one does.
More correctly it is try the first address and if that doesn't
connect in a short period (150...250ms) start a second connection
to the next address while continuing with the first. If you have
more that 2 address you do something similar for the next one (I
use 1/2 the original timeout, but that is a implementation detail).
You continue to use the address that works for that session. You
drop any other connections to other addresses that complete.
Happy eyeballs means that a clients reaction to congestion is
to perform an DoS attack, flood the network with additional
connection requests and hammer the server with many additional
half-open connections that will never actually get used.
It is not a DoS attack. The client is almost certainly going to
make those connection attempts anyway if the path is congested
enough to cause the first connection attempt to fail. The only
difference is the application gives up in 30 seconds rather than
60 or 90 seconds by doing the attempts serially.
While this might currently "improve" the end user experience
of clients, it simultaneously adds a deterrant to server operators
to announce IPv6 addresses (even multiple IP addresses -- they're
better of with IPv4 NAT if they have multiple servers at a single
location).
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka(_at_)isc(_dot_)org
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf