Re: [aqm] Question re draft-baker-aqm-recommendations recomendation #2

[Dave Taht <dave.taht@gmail.com>]

On Tue, Apr 30, 2013 at 9:29 AM, Wesley Eddy <wes@mti-systems.com> wrote:
> On 4/29/2013 10:00 AM, Fred Baker (fred) wrote:
>> Do we generally agree with the recommendation of http://tools.ietf.org/html/draft-baker-aqm-recommendation-01#section-4.2? This is the question of signaling to an endpoint using both dropping and ECN.
>>
>
> I think there are two recommendations embedded at the end of the
> section:
>
> """
>    Hence, network communication to the host regarding the moderation of
>    its traffic flow SHOULD use an AQM algorithm to determine which
>    packets it should affect, and then implement that effect by marking
>    ECN-capable traffic "Congestion Experienced (CE)" or dropping non-
>    ECN-capable traffic.
>
>    Due to the possibility of abuse, the queue must also impose an upper
>    bound, so that even ECN-capable traffic experiences tail-drop
"drop"

if
>    necessary; this possibility, while equipment must design for the end
>    case, should in theory be very uncommon.
> """
>
> I'm basically good with both.

As soon as ECN markings are widely deployed and AQMs are widely
deployed that use it, attacks will use ECN marked packets. A
reflection attack like the recent DNS attacks for example, would do
more damage with ECN based AQMs than AQMs with ECN off.

> The second part (imposing an upper bound) might be worth expanding a
> bit.  I don't know what a reasonable upper bound is, for failing into
> a tail-drop mode,

No reason to specify "tail" drop here.

> and it smells like another knob to be configured,
> which we are hoping to avoid :).

It's not just a knob but another state to track in the AQM.

> So, there is a can of worms here.  Should the threshold be configurable?
> Should it be based on some margin computed from the queue depth, link
> rate, etc?  What should the defaults be?  What types of experiments
> would we do in order to test sensitivity of this parameter and tune it?

In the codel related experiments I found no operating point that made
sense for marking vs dropping other than equal. ECN marking at less
than the drop point resulted in ECN streams being outcompeted by drop
based tcp. ECN marking at more than resulted in the reverse.

I found some uses for ECN inside well protected networks on things
other than TCP, and for TCP at high rates, also inside well protected
networks.

Across the wild and wooly internet I do not have a lot of hope for
ECN. It has proved mildly useful on ingress into a network domain and
a hindrance on bandwidth limited egress, and in neither case copes
with the easy possibilities of abuse.

> I think all of these depend a bit on how the specific AQM works, and
> it's tough to say much concrete about it.
>
> --
> Wes Eddy
> MTI Systems
> _______________________________________________
> aqm mailing list
> aqm@ietf.org
> https://www.ietf.org/mailman/listinfo/aqm



-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html