Re: [alto] AD review of draft-ietf-alto-incr-update-sse-19

[Mirja Kuehlewind <ietf@kuehlewind.net>]

Hi Richard,

Please see inline.

> On 17. Feb 2020, at 21:03, Y. Richard Yang <yry@cs.yale.edu> wrote:
> 
> Hi Mirja,
> 
> Thanks a lot for the ultra-fast response. Please see below.
> 
> On Mon, Feb 17, 2020 at 4:21 AM Mirja Kuehlewind <ietf@kuehlewind.net> wrote:
> Hi Richard,
> 
> Please see below.
> 
> > On 17. Feb 2020, at 05:44, Y. Richard Yang <yry@cs.yale.edu> wrote:
> > 
> > Hi Mirja,
> > 
> > Please see below.
> > 
> > On Fri, Feb 14, 2020 at 4:32 PM Mirja Kuehlewind <ietf@kuehlewind.net> wrote:
> > Hi authors,
> > 
> > I reviewed draft-ietf-alto-incr-update-sse in order to potentially get this document through the process before I step down as AD in March. I have a couple of technical questions below that I would some feedback about before we move on to IETF last call and some fully editorial point that can be updated anytime before final publication (e.g. also after IETF last call has ended).
> > 
> > However, I have one high level question that I would like to at least understand to justify it in the IESG before we moved on. Sorry that I have not raised this earlier in the working group but I realised it just now:
> > 
> > HTTP/2 (and HTTP/3) support multiplexing, why is a separate service needed for stream control, instead of just using a different stream on the same HTTP connection? 
> > Also note that I don’t find the justification, why HTTP/2 Server Push is not used, not very convincing and I’m afraid to get push-back from the ART ADs. Especially given the problems describes in section 9.5. However, we can give it a try. I think I would recommend to have the justification in section 13.1 earlier in the document, e.g. in section 3.
> > 
> > 
> > We are indeed designing an ALTO incremental based on HTTP/2 (/3). For now, we plan to clarify that the design is for earlier HTTP and move 13.1 to Sec. 3. How does this sound?
> 
> It’s okay.
> 
> 
> However as you are already working on a design for HTTP/2 or HTTP/3, would it be better to finish this work up now and specify it from the beginning over this more modern protocols? Or is there a goos reason why HTTP/1 support is needed?
> 
> Thanks. We will finish this work now, for HTTP/1/1.1, as it is mostly done and HTTP/1/1.1 is widely adopted. . HTTP/2 is definitely gaining momentum (https://w3techs.com/technologies/details/ce-http2 states 43.3% in Feb. 2020) and we will do the work during the next phase as soon as we are done with this one.

I don’t think that is a relevant number for alto because that's about Webservers already offering http/2. And I would assume an alto server is usually not co-located with another Webserver. For alto the most important question would be if the http sever implementation you are using is supporting http/2 and I think in terms of implementation most platforms do. So if you run an alto server and want to use SSE with http/2 you need to be willing to update you server; that’s it.

Anyway, I think you need a bit more justification in the draft why this is http/1.1 based.

> 
>  
> >  
> > And one more request before we move on, please add the actual Content-Length values to the examples and confirm that you did run the examples though a syntax checker!
> > 
> > 
> > Yes. All fixed.
> 
> Thanks!
> 
> >  
> > 
> > Here are my other technical questions/comments:
> > 
> > 1) In section 3.2.1
> > "This document adopts
> >    the JSON merge patch message format to encode incremental changes,
> >    but uses a different HTTP method, i.e., it uses POST instead of
> >    PATCH.”
> > I don’t quite understand this sentence. As you use SSE, I guess you are using neither POST nor PATCH. The point here is that SSE has a quite different communication model than otherwise in HTTP, so I’m not sure what this statement actually tells me.
> > 
> > 
> > Excellent review. We have revised the paragraph to be the following:
> > 
> > "JSON merge patch is intended to allow applications to update server resources by sending only incremental changes. <xref target="RFC7396"/> defines the encoding of incremental changes (called JSON merge patch objects)  to be used by the HTTP PATCH method <xref target="RFC5789"/>. This document adopts from <xref target="RFC7396"/> only the JSON merge patch object encoding and does not use the HTTP PATCH method.”
> 
> Much better. Thanks!
> 
> > 
> > The goal of the revision above is to call out explicitly what we adopt---JSON merge objects. What do you think?
> >  
> > 2) Why is the multipart content-type supported if in [RFC7285], each "resource is encoded as a single JSON object" (as you state in section 5.2)?
> > In relation to this question, I have to say that I find it also rather inappropriate for an RFC that section 8.1 shows a "non-standard ALTO service” in the example. 
> > Further I was surprised to see this line in section 8.5:
> > "event: multipart/related;boundary=...”
> > This doesn’t seem to be sufficiently specified in the draft…? Can you please further explain in the draft.
> > 
> > 
> > We are taking a pass across the document to clarify multipart, on both motivation and full specification. A high-level guidance that we need is the following: all existing (i.e., published) ALTO resources have a single JSON object, but the extension, path vector (PV), is best handled by using multipart, to avoid complex consistency handling: a resource consisting of two related JSON objects. Hence, the SSE is revised to handle this. The "non-standard ALTO service example" is based on PV but PV has not been published and we do not want to create document dependency to slow down the finish of SSE. How about the following two options: (1) we remove the "non-standard example"; (2) we make clear that SSE can be used by both current ALTO services and potential future services, and we label the "non-standard" as just one example?
> 
> I would propose to actually reference to the path vector draft. Just saing that is exists and using it in a (non-normative) examples, does not create a normative reference.
> 
> 
> OK. Sounds good and will do now.
>  
> >  
> > 3) section 5.3:
> > "The server MUST send a control update message
> >         with an URI as the first event in an update stream. “
> > I missed this statement on first read. I think it’s not great to have this as port of the message format definition. I would proposed to move this to the beginning of section 5 and also add some more text on the general message flow. I know this is described (non-normatively) in section 4, however, section 4 does rather describe the function and services provided and not really the concrete message flow.
> > 
> > 
> > Excellent suggestion. We will move it to the beginning of Sec. 5 with a concrete global message flow specification, with the following new starting paragraph of Sec. 5:
> > 
> > "        We now define the details of ALTO SSE. This section starts with the specification 
> >         of the global message flow (<xref target="ALTO.SSE.MessageFlow"/>), and then specifies the details of the data update messages (<xref target="ALTO.SSE.UpdateEvents"/>)
> >         and the control update messages (<xref target="ALTO.SSE.ControlEvents"/>) respectively.”
> 
> Thanks! Sounds good.
> 
> >  
> > 4) In section 6.3 you say:
> >        "An
> >         alternative design of incremental-changes control is a more
> >         fine-grained control, by allowing a client to select the subset
> >         of incremental methods from the set announced in the server's
> >         capabilities (see Section Section 6.4).”
> > Does that mean that a client that wants to use incremental changes must support all methods implemented by the server? That seems to make deployment of new methods rather complicated.
> > 
> > 
> > Yes. To be precise, the server may use a subset of incremental encoding for a given resource. To allow "old" client to still proceed, the client can set the acceptance to be false. Here is a revision to try to clarify a bit more:
> > 
> >         If the "incremental-changes" field is "true",
> >         the update stream server MAY send incremental changes for this
> >         substream (assuming the update stream server supports
> >         incremental changes for that resource).  In this case, the
> >         client MUST support all incremental methods from the set
> >         announced in the server's capabilities for this resource; see Section Section 6.4
> >         for server's announcement of potential incremental methods.  If
> >         a client does not support all incremental methods from the set
> >         announced in the server's capabilities, the client can set
> >         "incremental-changes" to "false", and the update stream server
> >         then MUST NOT send incremental changes for that substream.
> 
> Thanks for the clarification. That’s good.  However, I was indirectly question if that is really the right design, rather than given the client also an option to indicate which of the methods it supports. Is there a reason why it’s design this was? Was that discussed in the group?
> 
> 
> It was discussed in the WG. 
> 
> A "standard negotiation" protocol is:
> A -> B: I support set SA
> B -> A: I pick subset SB \subset SA
> 
> The decision, after the discussion, was that the following design:
> S -> C (IRD): this SSE supports set S + full-replacement
> C -> S (in request): I accept S+full-replacement (true) or only full-replacement (false)
> 
> The discussion was that the server (1) has more information (for example, predict/know the set of potential changes, and hence predict either using merge patch or json patch is more efficient), and (2) is more likely to be the bottleneck (e.g., pushing updates to multiple clients). Hence the decision is to allow the server to make the choice to (1) more likely choose a more efficient encoding, and (2) sharing of the encoding overhead (if client C1 chooses encoding e1, and C2 chooses e2, then the server needs to compute both e1 and e2). Switching the design to the "standard negotiation" is a simple modification, and I am actually relatively open to this, but I do feel that the current design is simpler. The authors and others can sure discuss the issues during the weekly meeting. Any remaining comments? 

Okay, maybe add some more explanation in the draft.
> 
>  
> >  
> > 5) section 6.6:
> > "The update stream server MUST close the stream without
> >       sending any events.”
> > What does "close the stream" actually mean? Close the HTTP/TCP connection?
> > 
> > 
> > Excellent catch. It should not be simply close the connection. We will clarify all such error handling cases.
> 
> Thanks! Yes, please double-check the rest of the document to be more clear about connection establishment and closure.
> 
> 
> WIll do.
>  
> >  
> > 6) One question related to section 6.8: Please note that TCP also provides a Keep-alive function. Is there any explanation in [SSE] why that is not used or recommended (sorry didn’t had time t look this up in [SSE] myself and could find anything quick)?
> > 
> > 
> > My understanding is that TCP keep alive may be off or can be quite long: I just checked my Mac and got:
> > %sysctl -A | grep net.inet.tcp.*keep
> > net.inet.tcp.keepidle: 7200000
> > net.inet.tcp.keepintvl: 75000
> > net.inet.tcp.keepinit: 75000
> > net.inet.tcp.keepcnt: 8
> > net.inet.tcp.always_keepalive: 0
> > 
> > Let us dig a bit more and fix the final version.
> 
> These parameters are also configurable. However, it really depends on the network you are in. If there is a NAT with short timers of not. Usually the default TCP values should covers to most common cases.
> > 
> >  
> > 7) section 9.2:
> >   "However, if the ALTO client does not receive
> >    the expected updates, the ALTO client MUST close the update stream
> >    connection, discard the dependent resources, and reestablish the
> >    update stream.”
> > Why is this a MUST requirement?
> > 
> > 
> > Very good point. We gave two approaches, and this sentence is for the second approach: first update the 
> > base (e.g., network map), mark the dependent (e.g., cost map) as invalid, and wait for the dependent to be
> > updated. If the dependent update does not arrive, the system will be in an invalid state. Since the base 
> > has already been updated (committed, using a database term), there is no rollback possible unless we also rollback
> > the base. This sentence gives only a simple transaction-based approach. Let me clarify a bit more.
> 
> So the the idea is that the establishment will send you the full map, right? However, it still seems like a client decision to do that or e.g. just give up; a MUST requirement seems a bit to strong.
> 
> 
> Yes. After close, which is indeed a client decision, and re-establishment, the server will send the full dependent of the dependent to allow recovery. I agree that MUST is a bit strong. A client with a higher level of patience can indeed wait. Let us change to "MAY choose”.

Or SHOULD is fine as well. Maybe rather add a bit more explanation when it might be appropriate to not re-connect


> I will also add that such timeout has the traditional transport timeout caveat, too quick timeout can lead to attack to the server. How does this sound?

That’s actually a really good point, about the timeout. Please add. I guess the timeout should actually be a SHOULD or even MUST. 


>  
> We will send in a new version with all the changes by mid this week (Thursday the lastest), if you see the approaches as we discussed are OK.

That would be great. I think you can just go ahead and submit the new version to the datatracker, so I can start IETF last call right away (if everything is okay).

Thanks!
Mirja



> 
> Thank you so much!!
> 
> Richard
> 
> >  
> > 8) section 10.1:
> >   "To avoid these attacks on the update stream server, the server MAY
> >    choose to limit the number of active streams and reject new requests
> >    when that threshold is reached.”
> > This however should be a SHOULD rather than a MAY.
> > 
> > 
> > OK. Fixed.
> 
> Thanks.
> 
> >  
> > 9) Also section 10.1:
> >   "Therefore an update stream server may prefer to restrict update
> >    stream services to authorized clients, as discussed in Section 15 of
> >    [RFC7285].”
> > This should probably be also a normative MAY.
> > 
> > OK. Fixed.
> 
> Thanks.
> 
> >  
> > 10) section 10.2
> >   "Under overloading, the client may choose to remove the information
> >    resources with high update rates.”
> > Should also be MAY.
> > 
> > 
> > OK. Fixed.
> 
> Thanks.
> 
> >  
> > 11) Section 13.2 states that a stream can not be re-started. However this is not really mentioned explicitly in the body of the document. I think the text in 13.2 needs to be moved to somewhere earlier in the document and in addition clearly state what is the expected behaviour when a connection fails.
> > 
> > 
> > Yes. We are moving 13.1 to the front.
> 
> Great!
> 
> >  
> > 
> > And the editorial comments:
> > 
> > 0) Abstract: For an RFC the abstract is rather long. I’d suggest to simply remove the second paragraph (as it is repeated anyway in the intro).
> > 
> > 1) Please spell out IRD at first occurrence.
> > 
> > 2) This document uses a couple of times “we”. While it is not forbidden to do so, it rather uncommon for an RFC (as “we” is not fully clear and should rather refer to the wg as a whole than the authors only). In many cases “we” can be simply replaced by “in this section”. In other case “we” can basically simply be removed, like here in the intro:
> > 
> > OLD
> > "We intend that the mechanism can also
> >    support new ALTO services to be defined by future extensions…”
> > 
> > NEW
> > “The mechanism can also
> >    support new ALTO services to be defined by future extensions…”
> > 
> > 3) section 5.2:
> > “...encoded using multipart/related [RFC2387].”
> > Is the word "Content-type” missing here? This occurs several times in the document but not sure you say it that way...
> > 
> > 4) also section 5.2:
> > "Each component requiring the service of this document
> >    MUST be identified by a unique Content-ID to be defined in its
> >    defining document.”
> > I’m not sure I understand this sentence? What do you mean by “service of this document” and “to be defined in its defining document”? 
> > 
> > 5) section 5.2 nits:
> > "The encoding of a full replacement
> >    is defined its defining document (e.g., network and cost map messages
> >    by [RFC7285], and uses media type defined in that document.”
> > Missing ending brackets and s/media type/the media type/ or “media types defined in those documents”
> > 
> > 6) section 6.3:
> > "the resource-id of an ALTO resource, and MUST be in the
> >         update stream's "uses" list (Section 8.5.2 of Section 6.5)”
> > There is a broken reference here.
> > 
> > 7) section 6.3:
> > "The default value for "incremental-
> >         changes" is "true", so to suppress incremental changes, the ALTO
> >         client MUST explicitly set "incremental-changes" to "false”.”
> > This should be two sentences -> full-stop after “true”
> > 
> > 8) section 6.7.1:
> > “…to stop updates for one or more resources Section 7,…”
> > Missing bracket -> (Section 7)
> > 
> > 9) section 7:
> > "If the
> >    ALTO client and the stream control server the ALTO client MAY send
> >    multiple stream control requests to the stream control server using
> >    the same HTTP connection.”
> > There is something missing in this sentence…?
> > 
> > 10) Sec 8.3:
> > "POST /updates/streams/2718281828459" HTTP/1.1”
> > -> remove " after path
> > 
> > 11) It seems like section 11 should be earlier in this document, maybe somewhere as subsection in section6?
> > 
> > 
> > 
> > All the edits are fixed.
> 
> Great!
> 
> Thanks!
> Mirja
> 
> 
> >  
> > Thank you so much!
> > 
> > Thanks!
> > Mirja
> > 
> 
> 
> 
> -- 
> -- 
>  =====================================
> | Y. Richard Yang <yry@cs.yale.edu>   |
> | Professor of Computer Science       |
> | http://www.cs.yale.edu/~yry/        |
>  =====================================