Re: Redirection to Other IP Addresses

"Oliver, Wesley, Vodacom South Africa (External)" <Wesley.Oliver@vcontractor.co.za> Mon, 29 July 2019 07:39 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EC50120033 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 29 Jul 2019 00:39:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.651
X-Spam-Level:
X-Spam-Status: No, score=-0.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_VISITOURSITE=2, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dP4QVtCoDpO8 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 29 Jul 2019 00:39:32 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABC5C120018 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 29 Jul 2019 00:39:32 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1hs0Df-0003RL-Mx for ietf-http-wg-dist@listhub.w3.org; Mon, 29 Jul 2019 07:37:19 +0000
Resent-Date: Mon, 29 Jul 2019 07:37:19 +0000
Resent-Message-Id: <E1hs0Df-0003RL-Mx@frink.w3.org>
Received: from titan.w3.org ([2603:400a:ffff:804:801e:34:0:4c]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <Wesley.Oliver@vcontractor.co.za>) id 1hs0Dc-0003Qa-Fx for ietf-http-wg@listhub.w3.org; Mon, 29 Jul 2019 07:37:16 +0000
Received: from vbmtbmm003.vodacombusiness.co.za ([41.0.3.6]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <Wesley.Oliver@vcontractor.co.za>) id 1hs0DY-0001yS-Nb for ietf-http-wg@w3.org; Mon, 29 Jul 2019 07:37:15 +0000
Received: from ZAEXMBXPP02.vodacom.net (Not Verified[10.132.88.150]) by vbmtbmm003.vodacombusiness.co.za with Trustwave SEG (v7, 3, 6, 7949) id <B5d3ea24e0002>; Mon, 29 Jul 2019 09:37:51 +0200
Received: from ZAEXMBXTC02.vodacom.net (10.132.32.202) by ZAEXMBXPP02.vodacom.net (10.132.32.203) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 29 Jul 2019 09:36:40 +0200
Received: from ZAEXMBXTC02.vodacom.net ([fe80::802c:a284:2b10:ea9]) by ZAEXMBXTC02.vodacom.net ([fe80::802c:a284:2b10:ea9%20]) with mapi id 15.00.1473.005; Mon, 29 Jul 2019 09:36:41 +0200
From: "Oliver, Wesley, Vodacom South Africa (External)" <Wesley.Oliver@vcontractor.co.za>
To: Bin Ni <nibin@quantil.com>
CC: Julian Reschke <julian.reschke@gmx.de>, Ryan Hamilton <rch@google.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Thread-Topic: Redirection to Other IP Addresses
Thread-Index: AQHVQ4+F05kZVEbiIUelZ1rANpSBJabceSqAgAJjo4CAACHtAIAAgMgAgAAGnoCAAAtIAIAACNuAgAF9zwA=
Date: Mon, 29 Jul 2019 07:36:40 +0000
Message-ID: <45C10C32-DA87-4AE3-9082-DAAFD5D9C412@vcontractor.co.za>
References: <CAFifEMLOHp5=OqUXZbg_WKNQmNsTW3Bg5P4btJdX06CF=Wi2AA@mail.gmail.com> <d9b03ef6-9c8c-1eb2-7f74-014f9703475d@gmx.de> <CAJ_4DfQifbJJ7owfrgUUOqXimL-KQkb4-1f_Qp6+CMjhYC1bbg@mail.gmail.com> <CAFifEMJPZd9CGghi_MJ1Hrcq7TJNnkV6yH-EKtrrfaQmStS4Ug@mail.gmail.com> <b09ab672-f512-52bc-6c28-7df55919a846@gmx.de> <CAFifEM+TXtsxTt-NcH+hQomEAYZmMTW_kPxXvQB69eM4KgGf7g@mail.gmail.com> <d4d25ceb-09b5-72ff-6c36-7fdfc2796b15@gmx.de> <CAFifEMKff11nmJZgE1RGWT8qH6SKsO2tqWCF9vQsvF5=BMeQgg@mail.gmail.com>
In-Reply-To: <CAFifEMKff11nmJZgE1RGWT8qH6SKsO2tqWCF9vQsvF5=BMeQgg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: multipart/alternative; boundary="_000_45C10C32DA874AE39082DAAFD5D9C412vcontractorcoza_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Received-SPF: permerror client-ip=41.0.3.6; envelope-from=Wesley.Oliver@vcontractor.co.za; helo=vbmtbmm003.vodacombusiness.co.za
X-W3C-Hub-Spam-Status: No, score=-2.0
X-W3C-Hub-Spam-Report: AWL=0.061, BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, T_REMOTE_IMAGE=0.01, T_SPF_PERMERROR=0.01, W3C_NW=0.5
X-W3C-Scan-Sig: titan.w3.org 1hs0DY-0001yS-Nb 1205b4cf0842d53c8d78054a908f6115
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Redirection to Other IP Addresses
Archived-At: <https://www.w3.org/mid/45C10C32-DA87-4AE3-9082-DAAFD5D9C412@vcontractor.co.za>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/36857
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi,

I would like to suggest, that this not be a specific response code, like a
312 or 302. That it just be a response header, that gets checked by
Inteligent clients, would then always check for the new address and port on which to contact the server,
port may be a problem, because of port blocking.

One wants to be able to return the existing response, 200, 304, 404, and then tell the client that the next request must go to a different ip address.
This would allow load balancing system described below, to inject load balance Repsonse header, instead of having big load balancer in front of everything.. The orchestrator just communicates the load balancing information to each of the server instances.

The reason that it should just be that there is no round trip delay and that we can integrate
The load balancing orchestrator, building the histogram that takes the cache response headers into account,
Future re-hit load time into account, to ensure that you only phase shift the load and not fully spread the load.

I will find a document I was writing after I BBC gave a presentation at dev ops day in Cape Town, South Africa,
Were the have variable content expire headers, according to the load, however, one thing they never too into account,
Is that they will just be phase shift the load to a future time. So when that impulse peak load hit them phase shift that into the future, were
The same clients will hit them in the same density again and peak impulse.


https://docs.google.com/document/d/1gxqCXJH7jpB8apc4pO3C0wrTT9kulMfhlSFtHeG3KbM/edit?usp=sharing

For security reason, I was thinking that similar mechanism would be required to force clients by the time of there next Repsonse to re-auth,
Or the ability to dynamically update signing of jwt and similar tokens schemes, provide additional field, to delay the next request by, phase shift the request. When security on a system is compromised, then the ability to force all clients tokens to be refreshed instantaneously, would cause
A lot of load. All this would need to happen without the client knowing there was security issues, and close the window of opertunatity as quickly as possible, as people are going to freak out, if you force them to all re-login. SO cycling the encryption  and signing of keys very quickly would be good, as then required to break them again. Hopefully they not uses any pre compute hashing and GPUs to be able to crack things too fast.



Kind Regards,

Wesley Oliver


On 28 Jul 2019, at 10:50, Bin Ni <nibin@quantil.com<mailto:nibin@quantil.com>> wrote:

Got it.
I just did some tests to see how Chrome deals with 300 or 301 with "alt-svc" header.
It seems the browser does not retry the request with the alternate server.
So it looks "Alt-Svc", at least in its current form, does not meet my requirements.
I just modified my proposal to indicate this fact.
https://docs.google.com/document/d/1gtF6Nq3iPe44515BfsU18dAxfCYOvQaekiezK8FEHu0/edit?usp=sharing
I think another way is to extend the current "Alt-Svc": When combined with a special status code, say, 312,
the client should retry the current request with the suggested alternate server.

What do you think?

Thanks!

Bin



On Sun, Jul 28, 2019 at 1:18 AM Julian Reschke <julian.reschke@gmx.de<mailto:julian.reschke@gmx.de>> wrote:
On 28.07.2019 09:38, Bin Ni wrote:
> Hi Julian,
>
> So maybe the server can returns a 301 with no "location" header but a
> "alt-svc" header to
> force the client to go to that alternative service?

Again, alt-svc is just advisory.

> ...
Best regards, Julian


--

Bin Ni
VP of Engineering

[Quantil]
Connecting users with content...it's that simple.


Office: +1-888-847-9851<tel:(888)%20847-9851>



[Tweeter]<https://twitter.com/Team_Quantil>  [Google Plus] <https://plus.google.com/+Quantil_team/>   [Linked In] <https://www.linkedin.com/company/quantil>


The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to QUANTIL, INC. at 1919 S Bascom Ave #600, Campbell, CA 95008<https://maps.google.com/?q=1919+S+Bascom+Ave+%23600,+Campbell,+CA+95008&entry=gmail&source=g>;, or visit our website at www.quantil.com.<https://www.quantil.com/>



This e-mail is classified C2 - Vodacom Restricted - Information to be used inside Vodacom but it may be shared with authorised partners.

"This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this linkhttps://www.vodacom.co.za/vodacom/terms/email-acceptable-user-policy"