RE: [EXTERNAL] Re: HTTP Alternative Services Best Practices?

[Cory Nelson <Cory.Nelson@microsoft.com>]

Two questions I had while implementing Alt-Svc, and ended up looking at other implementations for guidance:

Is it valid to have Alt-Svc: clear followed by, on another line, more Alt-Svc to replace the old services?
Is it valid for an authority to extend their lease by sending an Alt-Svc for themselves?

Would be nice if spec could get updated to clarify these and other best practices.

From: Lucas Pardue <lucaspardue.24.7@gmail.com>
Sent: Tuesday, December 17, 2019 11:45 AM
To: Mike Bishop <mbishop@evequefou.be>
Cc: Ryan Hamilton <rch=40google.com@dmarc.ietf.org>; QUIC WG <quic@ietf.org>; HTTP Working Group <ietf-http-wg@w3.org>
Subject: [EXTERNAL] Re: HTTP Alternative Services Best Practices?

I agree with both of your points. IMHO there are a few patterns of deployment that likely benefit from different approaches to Alt-Svc usage. RFC7540 provides the toolkit but not everything is a hammer nor a nail.

In my original email I also neglected to mention the Alt-Used header or the "clear" special value, which may have different considerations applicable to different deployments. Is there much experience with these at Internet scale?

Lucas

On Tue, 17 Dec 2019, 19:27 Mike Bishop, <mbishop@evequefou.be<mailto:mbishop@evequefou.be>> wrote:
Saying that “persist=false would be deleterious” is a bit simplistic.  You wouldn’t use persist=false for your scenarios, true enough.  Persist=true is intended for alternatives that aren’t derived from the user’s network location, and therefore don’t need to be flushed when the network location changes.  (For example, this host also supports QUIC.)

However, there are other scenarios where it is location-dependent – a CDN routing you to a closer node because DNS or Anycast didn’t get you close enough, for example.  If you change networks, not only is the node you were directed to no longer your closest, it might actually be prohibited from serving users on other networks.

The right answer here is that you need to know which type of Alt-Svc you’re issuing.

From: QUIC <quic-bounces@ietf.org<mailto:quic-bounces@ietf.org>> On Behalf Of Ryan Hamilton
Sent: Monday, December 16, 2019 3:24 PM
To: Lucas Pardue <lucaspardue.24.7@gmail.com<mailto:lucaspardue.24.7@gmail.com>>
Cc: QUIC WG <quic@ietf.org<mailto:quic@ietf.org>>; HTTP Working Group <ietf-http-wg@w3.org<mailto:ietf-http-wg@w3.org>>
Subject: Re: HTTP Alternative Services Best Practices?

Thanks for raising this issue! I think documenting best practices/guidance would be a great idea. I think the Google servers advertise a 30 day expiration (because 24 hours is *really* short). Further, it turns out that Chrome implicitly assumes persist = true (because Chrome incorrectly doesn't implement persist = false). We have a bunch of deployment experience with this model which I think suggests that shorter ttls and persist = false would be have a deleterious impact on performance.

On Mon, Dec 16, 2019 at 4:02 AM Lucas Pardue <lucaspardue.24.7@gmail.com<mailto:lucaspardue.24.7@gmail.com>> wrote:
Hello QUIC and HTTP members,

HTTP Alternative Services (Alt-Svc) is specified in RFC 7838 which was published in 2016 [1].. Many of us are starting to use Alt-Svc and I wonder if its appearance of simplicity might cause some unintended effects on the Internet. In the 3 or so years since it was published, have any best practices emerged that might be useful to capture.

Major uses of Alt-Svc today in no particular order: switching to gQUIC (typically on the same port), switching to HTTP/3, Opportunistic Encryption (RFC 8164) [2], Opportunistic Onion (advertising .onion [3]), and traffic management by advertising alternatives with different destination IPs or network path characteristics..

Arguably, HTTP/3 will be the largest-scale deployed use case of Alt-Svc both in terms of advertisements and clients that take them up. Alt-Svc for this can be deceptively simple, which may lead to unexpected outcomes. For example, the minimal expression:

Alt-Svc: h3-24=":443"

invokes default values for parameters, "ma" is fresh for 24 hours and "persist" is false (i.e. clear alternative cache on network changes). One could imagine how this could cause bursts of activity at regular periods, or cascades due to end-user local conditions such as flocking or hopping.

Finally, the proposal for an HTTPSVC DNS record [4] might attract a different population of operator that is less familiar with the expected behaviour of Alt-Svc implementations.

Does anyone think it would be useful to share or document some guidance?

Cheers
Lucas

[1] https://tools.ietf.org/html/rfc7838<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc7838&data=02%7C01%7CCory.Nelson%40microsoft.com%7C77afde374a174f49929608d7832a0332%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637122088801114286&sdata=fVy2O5a31U%2BT41Qnp4TtAGbDyJr%2B8RZzfGoPYTkctIE%3D&reserved=0>
[2] https://tools.ietf.org/html/rfc8164<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc8164&data=02%7C01%7CCory.Nelson%40microsoft.com%7C77afde374a174f49929608d7832a0332%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637122088801123984&sdata=pHhXebysCX7H8ywUVRFn6du%2BUL46MyBV64hInK%2BOcAk%3D&reserved=0>
[3] https://tools.ietf.org/html/rfc7686<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc7686&data=02%7C01%7CCory.Nelson%40microsoft.com%7C77afde374a174f49929608d7832a0332%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637122088801123984&sdata=vobQdfgEayQ3MK%2FXzNB%2FFqtWmun7JFyfozBkFgJjAvs%3D&reserved=0>
[4] https://tools.ietf.org/html/draft-ietf-dnsop-svcb-httpssvc-01<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-dnsop-svcb-httpssvc-01&data=02%7C01%7CCory.Nelson%40microsoft.com%7C77afde374a174f49929608d7832a0332%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637122088801133979&sdata=o8dZyNm8YjM7ybwxLZRF7xpZyLpB5%2BLXjVbXgW1dgxI%3D&reserved=0>