IETF Logo Mail Archive

Re: [conex] byte vs packet counting

Bob Briscoe <bob.briscoe@bt.com> Mon, 21 November 2011 23:14 UTC

Return-Path: <bob.briscoe@bt.com>
X-Original-To: conex@ietfa.amsl.com
Delivered-To: conex@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74DBF11E80D5 for <conex@ietfa.amsl.com>; Mon, 21 Nov 2011 15:14:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.149
X-Spam-Level:
X-Spam-Status: No, score=-3.149 tagged_above=-999 required=5 tests=[AWL=0.450, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VMEU7Es+CObb for <conex@ietfa.amsl.com>; Mon, 21 Nov 2011 15:14:49 -0800 (PST)
Received: from smtp3.smtp.bt.com (smtp3.smtp.bt.com [217.32.164.138]) by ietfa.amsl.com (Postfix) with ESMTP id 1C3DF11E8119 for <conex@ietf.org>; Mon, 21 Nov 2011 15:14:48 -0800 (PST)
Received: from i2kc06-ukbr.domain1.systemhost.net ([193.113.197.70]) by smtp3.smtp.bt.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 21 Nov 2011 23:14:46 +0000
Received: from cbibipnt05.iuser.iroot.adidom.com ([147.149.196.177]) by i2kc06-ukbr.domain1.systemhost.net with Microsoft SMTPSVC(6.0.3790.4675); Mon, 21 Nov 2011 23:14:46 +0000
Received: From bagheera.jungle.bt.co.uk ([132.146.168.158]) by cbibipnt05.iuser.iroot.adidom.com (WebShield SMTP v4.5 MR1a P0803.399); id 1321917285937; Mon, 21 Nov 2011 23:14:45 +0000
Received: from MUT.jungle.bt.co.uk ([10.215.131.152]) by bagheera.jungle.bt.co.uk (8.13.5/8.12.8) with ESMTP id pALNEhvZ013554; Mon, 21 Nov 2011 23:14:43 GMT
Message-Id: <201111212314.pALNEhvZ013554@bagheera.jungle.bt.co.uk>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Mon, 21 Nov 2011 23:14:31 +0000
To: John Leslie <john@jlc.net>
From: Bob Briscoe <bob.briscoe@bt.com>
In-Reply-To: <20111121203356.GG22465@verdi>
References: <201111171402.pAHE26tB006646@bagheera.jungle.bt.co.uk> <CAH56bmBhg6VpDMKye+GO_=gN-MAjskTMaAznhYSJm3N4R6Zjtg@mail.gmail.com> <CAH56bmD2fh3sm4mozh17K2C+K0Pxyw7vRvykCo9Xt-jeEP36ZQ@mail.gmail.com> <201111201956.pAKJuJSQ007421@bagheera.jungle.bt.co.uk> <20111120214012.GE22465@verdi> <201111202327.pAKNRJPT008060@bagheera.jungle.bt.co.uk> <20111121203356.GG22465@verdi>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Scanned-By: MIMEDefang 2.56 on 132.146.168.158
X-OriginalArrivalTime: 21 Nov 2011 23:14:46.0309 (UTC) FILETIME=[5BF91D50:01CCA8A3]
Cc: ConEx IETF list <conex@ietf.org>
Subject: Re: [conex] byte vs packet counting
X-BeenThere: conex@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Congestion Exposure working group discussion list <conex.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/conex>, <mailto:conex-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/conex>
List-Post: <mailto:conex@ietf.org>
List-Help: <mailto:conex-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/conex>, <mailto:conex-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Nov 2011 23:14:50 -0000

John,

At 20:33 21/11/2011, John Leslie wrote:
>Bob Briscoe <bob.briscoe@bt.com> wrote:
> >
> > But audit is about checking one stream of signals against another.
>
>    "Audit" tends to imply sampling and verifying an approximate match
>of things sampled. I'm afraid we've been a bit too vague about the
>sampling ratio...

[BB]: You're thinking of random audit. There is no implication of 
randomness or sampling in the word audit alone AFAIK.


> > It is a factual function, not a policy-related function.
>
>    Umm... the sampling is somewhat policy-related...

[BB]: This debate is over whether we must define /what/ is being 
audited. Sampling is about /how/: we all agree that ConEx docs should 
not constrain the 'how'.


> > Without audit, ConEx information is unreliable for policing,
>
>    Actually, I don't agree with this. It's perfectly reasonable to
>design a policing function based on allowances, without reference to
>the accuracy of congestion prediction/responses.

[BB]: This assertion is missing one hugely important piece of 
context. ConEx information is volunteered by the sender.

As soon as the sender knows the info could be used against its 
interests, it has no reason to speak the truth. So the network will 
only use the sender's info for policing if it can verify its correctness.


> > monitoring or anything.
>
>    Oh, hardly: monitoring is the first function of research; it need
>not depend on any particular balance of the things monitored.

[BB]: As above. The situation changes drastically, as soon as 
monitored info might be used against the interests of the sender 
volunteering the information.

>
> > Imagine an Internet where it is undefined whether ConEx and
> > congestion signals should balance per packet or per byte. Then both
> > types of audit and both types of transport will be implemented.
>
>    So stipulated...
>
> > Let's assume some byte-based audit devices will discard traffic that
> > understates ConEx bytes. And some packet-based audit devices will
> > discard understatement in packets. Then these packet-balanced
> > auditors will drop byte-balanced transports. And vice-versa.
>
>    I don't agree. Knowing that some implementations count packets and
>others count bytes, it would be somewhat stupid to punish based upon
>your personal preference between these two.

[BB]: Then each type of audit function has to allow so much leeway 
that it opens a security hole the size of a bus. Even if byte-balance 
is the rule, audit security is balanced on a knife edge. Taking away 
this rule makes the security collapse.

I suggest you go away and implement your proposed audit function, or 
at least produce a pseudocode design, then evaluate its security and 
bring it to the list if it passes muster. I can assure you, there is 
absolutely no value in inventing piecemeal in this space. The value 
of the whole ConEx system depends on the integrity of the signals 
that audit assures. It's extremely tricky to get right.

There is value in brainstorming, but there is a time and place for 
such research. This ML is for standardisation. And we're late.


> > ConEx audit will become a machine for dropping large proportions of
> > packets.
>
>    I don't follow... how could "audit" be a "machine for dropping"
>anything?

[BB]: ...by the assumption above that operators use their audit 
devices to discard traffic that does not cross-check. As you yourself 
said, we cannot tell operators what to do or not to do. We have to 
assume many will discard non-compliant traffic.


> > Please explain how you propose to prevent this disaster if we leave
> > the byte-packet question open.
>
>    Actually, that's simplicity personified -- define ConEx marking
>with a byte-count field: if left blank the sender is byte-agnostic.

[BB]: OK, now you're switching to a different argument.

The integrity of this flag would then need to be protected, to 
prevent it being changed enroute (and so far ConEx integrity works 
without any crypto, implying no key management complexity).

(Give the list a little more time and I'm sure we will be able to 
think up a number of other security problems. Because the more 
flexibility, the larger the space of possible vulnerabilities.)

Flexibility is fine if it's needed, but the burden is on you to prove 
a choice between packet and byte balance is necessary.


>(Though, to tell truth, I believe such a field SHOULD be optional,
>and I see no particular reason we need it at all...)

So, that little excursion was just a waste of my time.


> > I am all for allowing flexibility in standards wherever possible, in
> > order to encourage diversity and innovation. There can certainly be
> > all sorts of implementations of the audit function, but we have to
> > minimally define whether audit is per byte or per packet - for
> > interoperability.
>
>    I'm quite happy to define it "per packet", for now...

You have to argue against the reasons given why this is the wrong choice.

The others in this discussion have all agreed that bytes is the 
correct choice. It is not sufficient to dismiss everyone else's 
arguments as irrelevant by calling them mathematical (I didn't see 
any explicit maths in the discussion, so perhaps you are objecting to 
the use of logical reasoning?).


> > Can we find some way of resolving this argument, rather than keep
> > revisiting it?
>
>    I believe _we_ could...

The only thing we agree on is that deployment must be possible.

The drafts on the table are deployable. They are based on 
implementation experience. What you're really objecting to is stating 
the goal as byte-balance, even if we allow some implementers to do it 
approximately as packet-balance. Instead you want us to say the goal 
should be packet-balance, purely because it's easier to implement (in 
the case of TCP). However, altho your argument is only over what we 
state the goal as, you're not prepared to have that argument, because 
you reject what you call 'mathematical' argument.

You have no implementation, no proposed design and you don't agree 
with arguing scientifically.

I think it's time to ask the chairs to intervene.


Bob


>--
>John Leslie <john@jlc.net>

________________________________________________________________
Bob Briscoe,                                BT Innovate & Design

v2.29.0 | Report a Bug | By Email | System Status