Re: Priority implementation complexity (was: Re: Extensible Priorities and Reprioritization)

Yoav Weiss <yoav@yoav.ws> Mon, 15 June 2020 12:55 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8AB13A0D5D for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 15 Jun 2020 05:55:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.648
X-Spam-Level:
X-Spam-Status: No, score=-2.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yoav-ws.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zUMGU32L2h1d for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 15 Jun 2020 05:55:03 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B0633A0D5C for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 15 Jun 2020 05:55:03 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1jkob9-0003W8-8Z for ietf-http-wg-dist@listhub.w3.org; Mon, 15 Jun 2020 12:52:23 +0000
Resent-Date: Mon, 15 Jun 2020 12:52:23 +0000
Resent-Message-Id: <E1jkob9-0003W8-8Z@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <yoav@yoav.ws>) id 1jkob7-0003VM-TE for ietf-http-wg@listhub.w3.org; Mon, 15 Jun 2020 12:52:21 +0000
Received: from mail-lf1-x129.google.com ([2a00:1450:4864:20::129]) by titan.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <yoav@yoav.ws>) id 1jkob4-0001M0-VD for ietf-http-wg@w3.org; Mon, 15 Jun 2020 12:52:21 +0000
Received: by mail-lf1-x129.google.com with SMTP id d27so4883603lfq.5 for <ietf-http-wg@w3.org>; Mon, 15 Jun 2020 05:52:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yoav-ws.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YhD860bfb4+kXxMgxj7b6WtVaDclGtH+STcRSsUELRU=; b=Bg2tS+jpyLCGqJ+LOlCZpFKvOyD7QiyuCN7us4DpDQith6sUbdETgcIZNWMns0G3LU UgMInspTktdcSA6mMDTNssTm6S3nWS43OmLJIp0FHFVYzHxVKWA0MPYUQ7jOxJckz/O7 p01zuifmRc8+ZO6CkWZQrY9VlnU72of/eEZV0lNtU4XEUAguX3cKWt/0TZssfG93RvJp nk71ZOOVBXBmAznzVy3CXxM8WjG0OotNdmgNElqOTiu9FN1x/Ca/+Mcb/LSeXgpnYa6Z l2X04v8b5DgxzzePl1LcR7c0EteFTXPfPce6W4chBIln41DLJ5fD+KFVjp/uMgKtpqFx E8iQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YhD860bfb4+kXxMgxj7b6WtVaDclGtH+STcRSsUELRU=; b=SZNoIMT2fqb+1tsnVI3+SB0DbUYFwt+zQig/nB51Il0Q1Pp+vp7IN7JiXa6D40EqB+ 5+EZR+KRR8SOTkbpRON8kYAJs/wyN+7GdT4hyBdq0VtOUfnvYXUmhYPqMtrq74mrozqz Kp4ZEyYJJMJ4nGJ55UApd0KLjWGOMib3mPnZ9nsSzn7UD18zYxIvuA/nEY7kNXfJR26e gnsF06YP9BdrRc5F9NjBB3gz6xIiXIK2u/UttBY1QbwYpD+DabkkoA80+/lyF+6C8LtZ c5/GFaoiUWnaw/rTdjT4kaTsLTuo5X/gDfGkB7nIWeQ16qo2FH4FiTv5BBmSyKxVer7V NSYg==
X-Gm-Message-State: AOAM533t5/GVz/BJIOQvYtG1OQh7WjXjP2MgivO7JbOywx3jgjl2d6oq dr6s9/hE3wSt3i0N21c9TNIpxwGW+Zpjy+SglrNE2g==
X-Google-Smtp-Source: ABdhPJzo2mnuOOLEpPCO7FM2rmMT5hT/q71QWBUa5kRE2PLpyzGNDSn21WkijLKc1/bg9iTIUS/R3/5WQNml1X4nsss=
X-Received: by 2002:a05:6512:7b:: with SMTP id i27mr13707768lfo.30.1592225525879; Mon, 15 Jun 2020 05:52:05 -0700 (PDT)
MIME-Version: 1.0
References: <CALGR9obRjBSADN1KtKF6jvFVzNS1+JzaS0D0kCVKHKkd4sn+MQ@mail.gmail.com> <459C86F8-A989-4EF4-84DC-3568FF594F36@apple.com> <CANatvzwSpSHd7kZD-4tyMGkBJDdCBi6r_pLBvnaT8rrQy6SBHQ@mail.gmail.com> <CACMu3treK0m2mbpw9FebOjOcEed0bW-DbLbryHJH1DWAHoz+9g@mail.gmail.com> <CALGR9oZgE7ZfXdoYdUh9LUYC1fi8fMUyyTpvmV3GF7Z6Oxgg1g@mail.gmail.com> <20200609144428.GC22180@lubuntu> <CAJV+MGyuhxx=P6kZKktuREeq5pipZjxmwWP4jE_Sxhj_+krU2Q@mail.gmail.com> <CANatvzx_eg84V7UefOtSF+NHGHnTg7h-9n5bsRZRXxBqsaOkfQ@mail.gmail.com> <CACj=BEip6+7AunFsD=6qM5rsgrTfg6bRctOMu1gOe-KVjAW7Dw@mail.gmail.com> <CANatvzyv03VH9=+J=M2yY0EwCXp7HMWsXYaXOE=WYGDKBHdaVA@mail.gmail.com> <2C53D8AF-EFA8-42A3-9666-955A054468DB@greenbytes.de> <CACj=BEic2qzMXEfcsKS9CYnowChc-kMRjH66d3uKs+pqTz9Fug@mail.gmail.com> <4E0E8032-A903-46A2-A131-F1F4DE3CC037@greenbytes.de> <CACj=BEjOC-8S38U36Jw+Yb7yH_BZjxBkeLE6dLWH=8VMyBW80Q@mail.gmail.com> <ECF2C350-5D53-4E3B-9AAC-2F7E3FD4B528@greenbytes.de> <CACj=BEh53ZWj1UV6tNDaWPiuHbmbVmkYimu_rdYcYm06dZJAAQ@mail.gmail.com> <CAJV+MGzesbFRZFGK5SUM70HJrx3fdJ8AAGGqmwqDQhrL3eFmUw@mail.gmail.com>
In-Reply-To: <CAJV+MGzesbFRZFGK5SUM70HJrx3fdJ8AAGGqmwqDQhrL3eFmUw@mail.gmail.com>
From: Yoav Weiss <yoav@yoav.ws>
Date: Mon, 15 Jun 2020 14:51:49 +0200
Message-ID: <CACj=BEiVPfOPGPuSu-tx5AovWwvTEwjCTqEooMq2muEteHZLAw@mail.gmail.com>
To: Patrick Meenan <patmeenan@gmail.com>
Cc: Bence Béky <bnc@chromium.org>, HTTP Working Group <ietf-http-wg@w3.org>, Kazuho Oku <kazuhooku@gmail.com>, Lucas Pardue <lucaspardue.24.7@gmail.com>, Stefan Eissing <stefan.eissing@greenbytes.de>
Content-Type: multipart/alternative; boundary="000000000000df674d05a81ee403"
Received-SPF: pass client-ip=2a00:1450:4864:20::129; envelope-from=yoav@yoav.ws; helo=mail-lf1-x129.google.com
X-W3C-Hub-Spam-Status: No, score=-8.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1jkob4-0001M0-VD 5886b54bcefe77a9b59c49bcecd48eae
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Priority implementation complexity (was: Re: Extensible Priorities and Reprioritization)
Archived-At: <https://www.w3.org/mid/CACj=BEiVPfOPGPuSu-tx5AovWwvTEwjCTqEooMq2muEteHZLAw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37767
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Mon, Jun 15, 2020 at 2:10 PM Patrick Meenan <patmeenan@gmail.com> wrote:

> Even without a priority tree it is likely that the H3 extensible
> priorities structure would cause not-yet-started responses to need to be
> scheduled ahead of in-flight responses. The urgency value is effectively a
> parent/child relationship.
>

I wouldn't consider the inflight response dependent on the
not-yet-started one here, because the not-yet-started one doesn't need a
specific response to hold for it, it just needs *any* response to finish
(and free up a worker thread in the architecture Stefan outlined) in order
to be sent (with its appropriate priority).
So, it might be somewhat delayed, but won't be held back forever if a
specific response is a long sending one. (assuming the number of worker
thread is not very small)


> It's not as unbounded as H2 but if you churned through a bunch of
> reprioritizations with stalled streams you could cause issues for a server
> that didn't protect against it.
>
> Limiting the reprioritizations to "what stream to pick next" would help
> but wouldn't solve the long download problem.
>
> On Mon, Jun 15, 2020 at 7:44 AM Yoav Weiss <yoav@yoav.ws> wrote:
>
>>
>>
>> On Mon, Jun 15, 2020 at 1:18 PM Stefan Eissing <
>> stefan.eissing@greenbytes.de> wrote:
>>
>>>
>>> Stefan Eissing
>>>
>>> <green/>bytes GmbH
>>> Hafenweg 16
>>> <https://www.google.com/maps/search/Hafenweg+16+%0D%0A48155+M%C3%BCnster?entry=gmail&source=g>
>>> 48155 Münster
>>> <https://www.google.com/maps/search/Hafenweg+16+%0D%0A48155+M%C3%BCnster?entry=gmail&source=g>
>>> www.greenbytes.de
>>>
>>> > Am 15.06.2020 um 12:14 schrieb Yoav Weiss <yoav@yoav.ws>:
>>> >
>>> >
>>> >
>>> > On Mon, Jun 15, 2020 at 11:03 AM Stefan Eissing <
>>> stefan.eissing@greenbytes.de> wrote:
>>> >
>>> > > Am 15.06.2020 um 10:28 schrieb Yoav Weiss <yoav@yoav.ws>:
>>> > >
>>> > >
>>> > >
>>> > > On Mon, Jun 15, 2020 at 9:55 AM Stefan Eissing <
>>> stefan.eissing@greenbytes.de> wrote:
>>> > > > Am 11.06.2020 um 10:41 schrieb Kazuho Oku <kazuhooku@gmail.com>:
>>> > > >
>>> > > > That depends on how much clients would rely on reprioritization.
>>> Unlike H2 priorities, Extensible Priority does not have inter-stream
>>> dependencies. Therefore, losing *some* prioritization signals is less of an
>>> issue compared to H2 priorities.
>>> > > >
>>> > > > Assuming that reprioritization is used mostly for refining the
>>> initial priorities of a fraction of all the requests, I think there'd be
>>> benefit in defining reprioritization as an optional feature. Though I can
>>> see some might argue for not having reprioritization even as an optional
>>> feature unless there is proof that it would be useful.
>>> > >
>>> > >
>>> > > > We should decide if reprioritization is good or bad, based on as
>>> much data as we can pull, and make sure it's implemented only if we see
>>> benefits for it in some cases, and then make sure it's only used in those
>>> cases.
>>> > >
>>> > > When thinking about priority implementations, I recommend thinking
>>> about a H3 reverse proxy in front of a legacy H1 server. Assume limited
>>> memory, disk space and backend connections.
>>> > >
>>> > > (Re-)prioritization in H2 works well for flow control, among the
>>> streams that have response data to send. Priorities can play a part in
>>> server scheduling, but
>>> > > it's more tricky. By "scheduling" I mean that the server has to pick
>>> one among the opened streams for which it wants to compute a response for.
>>> This is often impossible to re-prioritize afterwards (e.g. suicidal for a
>>> server implementation).
>>> > >
>>> > > Can you expand on why it is "suicidal"?
>>> >
>>> > It is tricky to obey re-prioritizations to the letter, managing
>>> memory+backend connections and protecting the infrastructure against DoS
>>> attacks. The reality is that there are limited resources and a server is
>>> expected to protect those. It's a (pun intended) top priority.
>>> >
>>> > Another priority topping the streams is the concept of fairness
>>> between connections. In Apache httpd, the resources to process h2 streams
>>> are foremost shared evenly between connections.
>>> >
>>> > That makes sense. Would re-prioritization of specific streams somehow
>>> require to change that?
>>> >
>>> > The share a connection gets is then allocated to streams based on
>>> current h2 priority settings. Any change after that will "only" affect the
>>> downstream DATA allocation.
>>> >
>>> > I *think* this makes sense as well, assuming that by "downstream" you
>>> mean "future". Is that what you meant? Or am I missing something?
>>> >
>>> > Also, the number of "active" streams on a connection is dynamic. It
>>> will start relatively small and grow if the connection is well behaving,
>>> shrink if it is not. That one of the reasons that Apache was only partially
>>> vulnerable to a single issue on the Netflix h2 cve list last year (the
>>> other being nghttp2).
>>> >
>>> > tl;dr
>>> >
>>> > By "suicidal" I mean a server failing the task of process thousands of
>>> connections in a consistent and fair manner.
>>> >
>>> > Apologies if I'm being daft, but I still don't understand how
>>> (internal to a connection) stream reprioritization impacts cross-connection
>>> fairness.
>>>
>>> *fails to imagine Yoav as being daft*
>>>
>> :)
>>
>> Thanks for outlining the server-side processing!
>>
>>
>>> A server with active connections and workers. For simplicity, assume
>>> that each ongoing request allocates a worker.
>>> - all workers are busy
>>> - re-prio arrives and makes a stream A, being processed, depend on a
>>> stream B which has not been assigned a worker yet.
>>>
>>
>> OK, I now understand that this can be concerning.
>> IIUC, this part is solved by with Extensible Priorities (because there's
>> no dependency tree).
>>
>> Lucas, Kazuho - can you confirm?
>>
>>
>>> - ideally, the server would freeze the processing of A and assign the
>>> resources to B.
>>> - however re-allocating the resources is often not possible  (Imagine a
>>> CGI process running or a backend HTTP/1.1 or uWSGI connection.)
>>> - the server can only suspend the worker or continue processing,
>>> ignoring the dependency.
>>> - a suspended worker is very undesirable and a possible victim of a
>>> slow-loris attack
>>> - To make this suspending less sever, the server would need to make
>>> processing of stream B very important. To unblock it quickly again. This is
>>> then where unfairness comes in.
>>>
>>> The safe option therefore is to continue processing stream A and ignore
>>> the dependency on B. Thus, priorities are only relevant:
>>> 1. when the next stream to process on a connection is selected
>>> 2. when size/number of DATA frames to send is allocated on a connection
>>> between all streams that want to send
>>>
>>> (Reality is often not quite as bad as I described: when static
>>> file/cache resources are served for example, a worker often just does the
>>> lookup, producing a file handle very quickly. A connection easily juggles a
>>> number of file handles to stream out according to priorities and stalling
>>> one file on another comes at basically no risk and cost.)
>>>
>>> Now, this is for H2 priorities. I don't know enough about QUIC
>>> priorities to have an opinion on the proposals. Just wanted to point out
>>> that servers see the world a little different than clients. ;)
>>>
>>
>> I checked and it seems like Chromium does indeed change the parent
>> dependency as part of reprioritization. If the scenario you outlined is a
>> problem in practice, we should discuss ways to avoid doing that with H2
>> priorities.
>>
>>
>>>
>>> Cheers, Stefan
>>>
>>>
>>> > >
>>> > >
>>> > > If we would do H2 a second time, my idea would be to signal
>>> priorities in the HTTP request in a connection header and use this in the
>>> H2 frame layer to allocate DATA space on the downlink. Leave out changing
>>> priorities on a request already started. Let the client use its window
>>> sizes if it feels the need.
>>> > >
>>> > > Cheers, Stefan (lurking)
>>> >
>>>
>>>