IETF Logo Mail Archive

[EToSat] Encrypted Transports over Satellite

"Border, John" <John.Border@hughes.com> Mon, 11 February 2019 20:54 UTC

Return-Path: <prvs=094587a670=john.border@hughes.com>
X-Original-To: etosat@ietfa.amsl.com
Delivered-To: etosat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03F42126D00 for <etosat@ietfa.amsl.com>; Mon, 11 Feb 2019 12:54:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hughes.com header.b=h87rrZRG; dkim=pass (1024-bit key) header.d=hughes.com header.b=zl+qTcCu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L09CKFj6sx3l for <etosat@ietfa.amsl.com>; Mon, 11 Feb 2019 12:54:55 -0800 (PST)
Received: from mx0b-00115402.pphosted.com (mx0b-00115402.pphosted.com [148.163.153.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EA07129AA0 for <etosat@ietf.org>; Mon, 11 Feb 2019 12:54:54 -0800 (PST)
Received: from pps.filterd (m0118427.ppops.net [127.0.0.1]) by mx0b-00115402.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x1BKpcUl005068 for <etosat@ietf.org>; Mon, 11 Feb 2019 20:54:54 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hughes.com; h=from : to : subject : date : message-id : content-type : mime-version; s=3152018; bh=DfDpOosv4EAeKwiFX973Cc9A8FBQdU1gRnEvZ7ZX1O0=; b=h87rrZRGekLbaIM4xVXSjdmHBTzQhxQhez4a33gU4F/80C7SnitfnpQta3vnn8gcu7xn b59Y7NJwg+FnSuTzLUgsejYz3/YNl6cRvQUj2G0IyZtNvnZwKXQLx+Ha4T8xmXIW6/MA rLYmqk/lOJLwGmgVAZGtvQaxhbCS26pKAFblDTKJBxLXsJixXvbIHvkQcFlkgqKWD1ZV Wv887+McyVwEBLmHZ5YDLyR8MQCflMzbmylkXNBBnwdwKgDA+Ookdc0R4rvoDWUNWHg4 YXAJzlBxnJQKUkKfpvSPLP4vFSVhjgQozHJf9DZi10XcUDhiy9sOGdrS9BCua90Q1YpK Zw==
Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1nam02lp2050.outbound.protection.outlook.com [104.47.36.50]) by mx0b-00115402.pphosted.com with ESMTP id 2qkeyp0jfk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <etosat@ietf.org>; Mon, 11 Feb 2019 20:54:53 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hughes.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DfDpOosv4EAeKwiFX973Cc9A8FBQdU1gRnEvZ7ZX1O0=; b=zl+qTcCuL2lCP/7bJM0PVBHnbUpe9ufVas5tar2GuYAu8eCXhu1UaSpP0eh3m8M2YMdE9hDOTY0VQdKCm//iT5GCzhbafYZ08GRXBvkNyW0J2CS60eoicSrm7R6FsGhOm0K+62+kvpghR6ARGDvgHkPBXZ+Sn2Hfe5i907rwt38=
Received: from BL0PR11MB3394.namprd11.prod.outlook.com (10.167.240.87) by BL0PR11MB3060.namprd11.prod.outlook.com (20.177.204.218) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1601.17; Mon, 11 Feb 2019 20:54:51 +0000
Received: from BL0PR11MB3394.namprd11.prod.outlook.com ([fe80::35fb:c251:97d8:f696]) by BL0PR11MB3394.namprd11.prod.outlook.com ([fe80::35fb:c251:97d8:f696%4]) with mapi id 15.20.1601.023; Mon, 11 Feb 2019 20:54:51 +0000
From: "Border, John" <John.Border@hughes.com>
To: "etosat@ietf.org" <etosat@ietf.org>
Thread-Topic: Encrypted Transports over Satellite
Thread-Index: AdStwn9cxk94o1e3TE+I7gNvu70/5w==
Date: Mon, 11 Feb 2019 20:54:51 +0000
Message-ID: <BL0PR11MB3394718981522F9B5BFE951F90640@BL0PR11MB3394.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [139.85.223.11]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BL0PR11MB3060; 6:hKCdsA8jwN/HMH+hZi5UCAThJPAxQgVNBsusIDy42ZJOsx9YyuEyS65vzuCBOIyBcuuwLviW30okSTMjdItG4TVaIVNKBvmi12KlwJoGSvqnmBeVr7ocKTgXQmr4iehi2SZYWEBXZ3WxWO9NiEElDrC2WAyK/hktWAYS/Qdx6gZHz+QI8FAXu90JNai4G6HFbetwFRkEPD8vMDsDsdjcJqaCrZFGgvSanujC3JuRcBJnA432O9Ns8+hJP6gQ0qWadm7tr69KfiMinIOkkxlHBnfclDrPGz7ixrExuXW/t9Lelh7VGTqVBcRnIIiWM9bG5i12DJQs6Woo2gINaX8GXmevDWLy/D1zh+spLpEuwDayAKPX8NwwfAIv5387iyopczxfMfaYPmFY4vhgLgKnmJHMuL7x94p+NGjX4E6qbEq9/5gCPfsK+tdFaYgaE73RIhb20xyVH6PoPs65AoAIaw==; 5:no9OubYPWUNchq9IziC1wGkDM0fuIXBDopFeN9cY7lczLkaoTSfykiO8DicPPXpahU/zfeJ9WXx8Sfiko645RSl8PviNnaiFAdULtvO5zmDzABBBtZosl4rPR5Bvslq97FlTk3ZMmwfqXb+ieWre/RTOWTt6ulDvhhBjxLB8SDhQn3rElTiNSPn6L9r8c792/rN2LbFeh+UNp+7rM1UerA==; 7:oKaDpb/H/5oM554F7ua9z9yrVRH2xEu8OJpQNQ1JjtHAWZay1jA4Vd/BRdZmmA6ym3Ml2BZ8jqnz/HQUjhrd3FG9GsK95Hic/5QpphT6dqF2klyybwwLswxE2apLPQ23f90a/UHV9Hrj3vCOwrqWag==
x-ms-office365-filtering-correlation-id: 978c65e4-6dbb-4f46-f846-08d690632b24
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605077)(2017052603328)(7153060)(7193020); SRVR:BL0PR11MB3060;
x-ms-traffictypediagnostic: BL0PR11MB3060:
x-microsoft-antispam-prvs: <BL0PR11MB3060C6D30B6727B66EDB826D90640@BL0PR11MB3060.namprd11.prod.outlook.com>
x-forefront-prvs: 0945B0CC72
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(346002)(376002)(366004)(136003)(396003)(189003)(199004)(486006)(478600001)(2906002)(53936002)(14454004)(25786009)(5640700003)(6436002)(66574012)(72206003)(476003)(2501003)(105586002)(2351001)(106356001)(6116002)(790700001)(66066001)(26005)(97736004)(186003)(316002)(68736007)(71200400001)(71190400001)(3480700005)(561924002)(6506007)(7696005)(3846002)(86362001)(102836004)(256004)(6916009)(14444005)(8936002)(8676002)(6306002)(81166006)(81156014)(1730700003)(54896002)(9686003)(55016002)(33656002)(99286004)(74316002)(7736002); DIR:OUT; SFP:1102; SCL:1; SRVR:BL0PR11MB3060; H:BL0PR11MB3394.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: hughes.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: Nn+DF+aU7AjdZERMdLi33kEk1P7TGXsqMplfojz4U4jldBv0O5re/uUYuEq7EQKfUHL66O9DoiA/2/4U72bpaIieEuYUKIbzfwKf2PdUJm9BylcNQ6gLQKwfopE5YUea2p0sMQ18Szy2Nfrtdu2BnmbucEjyAh6uz9qgQoZWmRfmdox/Z16HI/UrkKQXJ6HCS65yRbzaC7e0AxzB8r4iQapex/y9UDRSC5zZaAjl+th3UeAH4GKDqRyhw48w5BriVlAjfC8wYbZN7Ss5W87gYa17J9ih2N8W6pgtsirGkGgJz7dLhjhmNNZBPaeJDzQ1zRy0HUlNuThO9nELaX/6yHNjlVGnf8gDHBbtLoaEYhJnpF+bvGKZUkBlwKfF/C6arN7v2/uvhyuzbY+3Oj6OwKpcyjNsksqhEvO7H+mEHbQ=
Content-Type: multipart/alternative; boundary="_000_BL0PR11MB3394718981522F9B5BFE951F90640BL0PR11MB3394namp_"
MIME-Version: 1.0
X-OriginatorOrg: hughes.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 978c65e4-6dbb-4f46-f846-08d690632b24
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Feb 2019 20:54:51.7747 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0e1f3187-4610-4ce2-bad1-b92f4ba36ab3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR11MB3060
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-02-11_14:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=631 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1902110152
Archived-At: <https://mailarchive.ietf.org/arch/msg/etosat/pE1aWp26HhXStpfJt2WDHBPr2cE>
Subject: [EToSat] Encrypted Transports over Satellite
X-BeenThere: etosat@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "The EToSat list is a non-WG mailing list used to discuss performance implications of running encrypted transports such as QUIC over satellite." <etosat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/etosat>, <mailto:etosat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/etosat/>
List-Post: <mailto:etosat@ietf.org>
List-Help: <mailto:etosat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/etosat>, <mailto:etosat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Feb 2019 20:54:59 -0000

Apologies for the primer (since the discussion has moved past this already) but I want to get some terminology into the record...

Geosynchronous Earth Orbit (GEO) satellites have an up to the satellite and back delay of ~250 milliseconds.  That does not include queueing, etc. in the satellite ground equipment.  Round trip time for a TCP or QUIC connection, in the best case, will be on the order of 600 milliseconds and can be considerably longer.    RTTs on this order of magnitude have significant performance implications.  These include:


  *   The maximum throughput of the connection is limited by the maximum window size which can be used by a connection.  If the window is smaller than the bandwidth delay product, the maximum connection speed is artificially limited.  In the case of the satellite, the delay portion is large.  But, with modern Internet over satellite technology, the bandwidth is also large.  25+ Mbps is a typical plan today with 200+ Mbps possible.  (200+ has been publicly demonstrated using TCP spoofing with our system.)  Some BDP examples:



     *   25 Mbps * 600 ms = 15,000,000 bits or 1,875,000 bytes or ~1460 1280 byte packets
     *   200 Mbps * 600 ms = 120,000,000 bits or 15,000,000 bytes or ~11700 1280 byte packets
     *   200 Mbps * 1.5 sec = 300,000,000 bits or 37,500,000 bytes or ~29000 1280 byte packets

TCP stacks can support large BDPs but are generally not tuned to provide windows this large.  So, TCP spoofing is used to compensate.  However, spoofing will not work for an encrypted transport (e.g. QUIC).  Our recent tests show that Version 43 of Google's QUIC will now cover the first case (with a maximum window of 2000) but does not come close to the second case.  (What does the current version of IETF QUIC support?  What is the default?)


  *   Slow start is also an issue when long latency.  For TCP, spoofing addresses this issue by splitting the connection into two or three parts.  This allows the transmit window to grow at terrestrial speeds on each side of the satellite link.  The common end to end approach is to use large initial windows.  And, this works even with encryption.  However, the values needed to handle GEO satellite latencies are much too large to just safely use all of the time.  So, some sort of learning algorithm is needed.  There is, of course, a relatively easy to use metric for it, the RTT.


  *   Packet loss recovery is another area where splitting the TCP connection into different parts helps.  Packets lost on the terrestrial links can be recovered at terrestrial latencies.  Packets lost on the satellite link can be recovered much more quickly by the link layer or PEP layer than they can end to end.  Again, encryption breaks this.  Enhanced error recovery at the link layer helps for the loss on the satellite link but doesn't help for the terrestrial links.  Another aspect of recovery is that terrestrial loss is highly likely to be congestion related but satellite loss is more likely to be transmission errors due to link conditions.  Transport slow down reaction to the latter unnecessarily reduces performance.  But, at the end points, the difference between the two is not easily distinguished.



John


P.S.  Originally, I was going to put in some stuff about NWCRG, PANRG and LOOPS solutions to address some of the above.  But, the list discussion is taking care of that.

v2.23.0 | Report a Bug | By Email