IETF Logo Mail Archive

Re: [Masque] ECN & Flow IDs

Alex Chernyakhovsky <achernya@google.com> Thu, 08 April 2021 23:36 UTC

Return-Path: <achernya@google.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0C663A21A6 for <masque@ietfa.amsl.com>; Thu, 8 Apr 2021 16:36:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.598
X-Spam-Level:
X-Spam-Status: No, score=-17.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hjFNVoXTMltf for <masque@ietfa.amsl.com>; Thu, 8 Apr 2021 16:36:52 -0700 (PDT)
Received: from mail-vs1-xe31.google.com (mail-vs1-xe31.google.com [IPv6:2607:f8b0:4864:20::e31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE7993A21A5 for <masque@ietf.org>; Thu, 8 Apr 2021 16:36:51 -0700 (PDT)
Received: by mail-vs1-xe31.google.com with SMTP id e16so1467414vsu.0 for <masque@ietf.org>; Thu, 08 Apr 2021 16:36:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ZMlz7PQ2qEYM9wARPI98+L29vaLirNWQgLEtIZh1jeQ=; b=CM62E7T+5nqflONluvRO6SXpaj/JGFuyUtI0VZUNNfVSE4pyNjzFQeu7ROxVk+1s43 RuO39rfL1peD64fR0r98TOm3ZgrikeesM/IIUe6SFxMS5ZEW+xvXgw1/pyn8EDfBPmaw 2n2X2sNdT2W8MHJWc76AB7Zzwo5JVx3pLZ/FrIlBEZsUBegpjuhd1YXdnjEc7NSZY7Qi ZpNYBUkIrExhta+Vp9A5HcOkhjc37BrMmR+ZIoBQ8Axkf1fW1IBlot2BQzCqDT02H7AO youlu9S270jef1zDvLEe45PsvKQyAEWViNHpvI3tzOEaFKHvGHN/Tcw9a1kDcUBfJOi4 3Z1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZMlz7PQ2qEYM9wARPI98+L29vaLirNWQgLEtIZh1jeQ=; b=ZDcF1OfEOaJbo6wV6ckhM8XW3xQBVKWU266kMls9lIpkry9BZZeS+OZd5e+UnNSZ9E dMiEg22s3HvJ73aMFHGk2IdgGtN5UQtXB0tnoBl1Uz40JWqdZH9kuwP/gOvcmjKcxVqB tP1tjUfDLinvZDKz1rtuIik+MNs8M4qNP6cM9WLUBpUGtwdXmd1MQ6DfpAjUESsMR7AJ PRWjKAT8WPJ4qSU4ipkeai2tgB2kNI9lLqZCl5Ay6mqVNtS66fisEU1GU+pW1dKrEGm1 tIhNseprtOKBc8ParnWJQWTDNrarJ1YVDc09kodGHOlgzn5FfivTe5NJfTJ2Pbvsaoos 2Rnw==
X-Gm-Message-State: AOAM533n5/DGqvwlAteI8YzV2yRVEyP6a860R5Qh9vYtWS+gP/8Rasof QU7kVZbVYfAad6+W1YKGZNgs4f34KOc4BXfzUl5eng==
X-Google-Smtp-Source: ABdhPJwMBoZ3i2Cj6ZS4tN0wzHx+9k0M/gEGzJNuctLwVUPqHUx1rA7RqtpfLNQqqoh5qQzFuX0CwlsnYcnoeLN/FUk=
X-Received: by 2002:a05:6102:1274:: with SMTP id q20mr8859490vsg.6.1617925009665; Thu, 08 Apr 2021 16:36:49 -0700 (PDT)
MIME-Version: 1.0
References: <CAM4esxRmjWr-y-9-KAJmmKvGdONpPufgAbubUhPu_KaS1_Md9Q@mail.gmail.com> <CAPDSy+6go4xh4E55220upECkrept1Yb15diVhC8e3HEWsz52fQ@mail.gmail.com> <BBA47C7D-FBEC-419D-9BED-2D998EF526B0@ericsson.com> <CAM4esxTR1Y8oS0UpPu2_5cnDT_tnLTM-VbknCJDyWEz=JbyUKQ@mail.gmail.com> <CAHbWFkRGTDraYPQrNHMiOM5Cg=opJvFT7hs2cWA=vd+=hKQBBw@mail.gmail.com> <CAM4esxS9ivD5Dux_T2UYrVO5a7VF=D6C-t9LM-3tmxdwvY_8UQ@mail.gmail.com> <CAHbWFkRL1N=tLYoWAP4xwYPVymbrpTVciLwwESHNELDrprVhcg@mail.gmail.com> <CAM4esxSd6JmX-9a=0xPzAEHPEmxB4KFJFgkKL2edUfNf3KwDYQ@mail.gmail.com>
In-Reply-To: <CAM4esxSd6JmX-9a=0xPzAEHPEmxB4KFJFgkKL2edUfNf3KwDYQ@mail.gmail.com>
From: Alex Chernyakhovsky <achernya@google.com>
Date: Thu, 08 Apr 2021 19:36:37 -0400
Message-ID: <CAHbWFkTAvYLT9T9g1xO5JSJyfMeOTpyZ7tDwbVAT55=L78wB5w@mail.gmail.com>
To: Martin Duke <martin.h.duke@gmail.com>
Cc: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>, David Schinazi <dschinazi.ietf@gmail.com>, MASQUE <masque@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000079d01505bf7e85d0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/NduOolqqSNMxxEmY_6brKaI7TdQ>
Subject: Re: [Masque] ECN & Flow IDs
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Apr 2021 23:36:57 -0000

Hi Martin,

Yes, I was imagining that the presence if this extension is negotiated,
possibly by way of SETTINGS. Any

Sincerely,
-Alex

On Thu, Apr 8, 2021 at 4:29 PM Martin Duke <martin.h.duke@gmail.com> wrote:

> Hi Alex,
>
> I'm not sure what you mean by "sending the 1RTT value" but IIUC you're
> proposing that the proxy drops all payloads if it doesn't understand the
> extension? How would it know when DATAGRAMs transfer from the extension
> format to the non-extension format?
>
> Or are you saying this would be a connection-level capability negotiated
> by SETTINGS or something?
>
> On Thu, Apr 8, 2021 at 7:29 AM Alex Chernyakhovsky <achernya@google.com>
> wrote:
>
>> Hi Martin,
>>
>> There's a few issues with your example, which is namely that step (4)
>> should not occur. The extension needs to be pre-declared, or else the proxy
>> does as you describe and we have undefined behavior. I instead was
>> imagining a header (or some other signalling mechanism) that says "we want
>> to use ecn extension" and when the proxy gets its first payload after that
>> header, it drops it because it doesn't know about the extension and replies
>> back that it doesn't support it. The client then has to send the 1RTT
>> value. You end up with the same behavior as David's draft.
>>
>> of course, we can also fix this more explicitly in the CONNECT-UDP draft
>> by creating another stream-chunk type for UDP packet with additional data
>> for extensions in addition to the packet. Then all a proxy has to know is
>> there's data it doesn't support, and it just doesn't read and act upon it
>> when sending the packet payload.
>>
>> Sincerely,
>> -Alex
>>
>> On Wed, Apr 7, 2021 at 2:21 PM Martin Duke <martin.h.duke@gmail.com>
>> wrote:
>>
>>> Alex,
>>>
>>> Maybe I'm missing something obvious, but here's an example.
>>>
>>> Let's say that the "ecn" extension means the first octet of the datagram
>>> after the flow ID is the ToS byte.
>>>
>>> 1. The client sends a CONNECT-UDP request with the "ecn" extension
>>> 2. The client sends a datagram with the second byte reflecting the ToS.
>>> 3. The proxy does not understand the ecn extension and ignores it
>>> 4. The datagram arrives; the proxy sends a UDP packet with the ToS byte
>>> as the first byte of payload.
>>> 5. The client receives the response without the "ecn" extension and
>>> stops sending the ToS byte.
>>>
>>> In #4 we're going to have some weird undefined behavior.
>>>
>>> Compare this to David's draft
>>>
>>> 1. The client sends a CONNECT-UDP (flowID = 12) request with the "ecn"
>>> extension (flowID = 16 for ECT(0))
>>> 2. The client sends a datagram with flowID = 16
>>> 3. The proxy does not understand the ecn extension and ignores it
>>> 4. The datagram arrives; the proxy drops flowID 16 because it doesn't
>>> know what that is
>>> 5. The client receives the response without the "ecn" extension and
>>> stops sending flowID 16.
>>>
>>> packet losses aren't great, but are better than undefined behavior.
>>>
>>> On Wed, Apr 7, 2021 at 10:53 AM Alex Chernyakhovsky <achernya@google.com>
>>> wrote:
>>>
>>>> Hi Martin,
>>>>
>>>> What's stopping the client from opportunistically sending the packet
>>>> with the extension in the same flight as requesting the extension? Then
>>>> you'd at-best get the expected behavior and at-worst fall back to the
>>>> 1RTT penalty.
>>>>
>>>> Sincerely,
>>>> -Alex
>>>>
>>>> On Wed, Apr 7, 2021 at 1:07 PM Martin Duke <martin.h.duke@gmail.com>
>>>> wrote:
>>>>
>>>>> Again, adding two bits to the datagram payload is not "simple enough"
>>>>> if it's an extension.
>>>>>
>>>>> If it's part of the CONNECT-UDP standard, then sure.
>>>>>
>>>>> Otherwise, there is ambiguity in processing an H3 DATAGRAM frame sent
>>>>> by the client before receiving the response from the server. The client can
>>>>> send not-ECT or eat the 1RTT latency penalty.
>>>>>
>>>>> With flow IDs, the proxy will simply drop the datagram, incurring a
>>>>> 1RTT penalty only if it doesn't support the extension.
>>>>>
>>>>> On Wed, Apr 7, 2021 at 10:00 AM Mirja Kuehlewind <
>>>>> mirja.kuehlewind@ericsson.com> wrote:
>>>>>
>>>>>> Hi David, hi all,
>>>>>>
>>>>>>
>>>>>>
>>>>>> to also add to your question about multiple flow IDs. I guess we kind
>>>>>> of agree that we don’t want flow ID for ECN information, as adding two bits
>>>>>> is simple enough, however, then it is actually not fully clear to me why
>>>>>> multiple flow IDs per connect request are needed. You briefly mentioned
>>>>>> other extension below, however, not all, or only very few information,
>>>>>> require per-packet information (as it was used for the ECN example). If you
>>>>>> want to actually send multiple flows/connections to the same server you,
>>>>>> can always send multiple connect requests. That’s slightly more overhead at
>>>>>> connection establishment but not much, and I would say it’s architecturally
>>>>>> more clean and therefore also simpler.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Mirja
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> *From: *Masque <masque-bounces@ietf.org> on behalf of David Schinazi
>>>>>> <dschinazi.ietf@gmail.com>
>>>>>> *Date: *Wednesday, 31. March 2021 at 02:36
>>>>>> *To: *Martin Duke <martin.h.duke@gmail.com>
>>>>>> *Cc: *MASQUE <masque@ietf.org>
>>>>>> *Subject: *Re: [Masque] ECN & Flow IDs
>>>>>>
>>>>>>
>>>>>>
>>>>>> The trivial other approach to solving ECN would be to prefix the UDP
>>>>>> payload with a type byte that contains the two ECN bits and 6 unused bits.
>>>>>>
>>>>>> That would definitely work, and therefore I don't think ECN is a good
>>>>>> example to use as a discussion starter for how flow IDs are managed.
>>>>>>
>>>>>> I wrote that draft to test out the extensibility of the CONNECT-UDP
>>>>>> design, I'm not planning on moving it forward at this time.
>>>>>>
>>>>>>
>>>>>>
>>>>>> More conceptually, the main question is whether we allow one
>>>>>> client-initiated bidirectional stream to map to multiple datagram flow IDs.
>>>>>>
>>>>>> The approach I've taken is to say yes: that allows us to reuse the
>>>>>> flow ID multiplexing logic to encode additional information in the flow ID.
>>>>>>
>>>>>> You could build something isomorphic to this where you say no and
>>>>>> have one flow ID per stream, and then add a second varint right after the
>>>>>> flow ID.
>>>>>>
>>>>>> Since datagrams have to fit in a QUIC packet, adding more
>>>>>> varints eats into available datagram MTU which makes me prefer the multiple
>>>>>> flow IDs per stream approach.
>>>>>>
>>>>>> Both are pretty much equivalent in terms of implementation
>>>>>> complexity: either way you need a hash table mapping from a varint to what
>>>>>> that varint means.
>>>>>>
>>>>>> There is more complexity in how you convey that mapping (right now
>>>>>> this is done using parameters on the Datagram-Flow-Id header), but I don't
>>>>>> think
>>>>>>
>>>>>> requiring one flow ID per stream solves any of that
>>>>>> complexity, you'll still need a way to convey extension information. The
>>>>>> ECN example is so simple that
>>>>>>
>>>>>> it doesn't require sending much extension information, but if you
>>>>>> look further at enabling optional IP header compression in CONNECT-IP, then
>>>>>> you'll want
>>>>>>
>>>>>> a way to associate a varint with which IP addresses you're
>>>>>> compressing.
>>>>>>
>>>>>>
>>>>>>
>>>>>> I think the question we have to answer becomes: do we want MASQUE
>>>>>> protocols to be extensible? Our options are:
>>>>>>
>>>>>> - disallow extensibility and slightly simplify the protocol
>>>>>>
>>>>>> - allow extensibility via multiple flow IDs per stream, and deal with
>>>>>> the slight complexity
>>>>>>
>>>>>> - allow extensibility with a single flow ID per stream, and deal with
>>>>>> the slight complexity
>>>>>>
>>>>>> Personally, I feel strongly that we should allow extensibility.
>>>>>>
>>>>>>
>>>>>>
>>>>>> David
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Tue, Mar 30, 2021 at 3:40 PM Martin Duke <martin.h.duke@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>> Hello MASQUE,
>>>>>>
>>>>>>
>>>>>>
>>>>>> At IETF 110 there was a lot of good discussion challenging the
>>>>>> foundations of the CONNECT-UDP framework, including the relationship
>>>>>> between streams and Flow-IDs. While CONNECT-UDP happens to use flow IDs
>>>>>> somewhat incidentally, the real action with the controversial
>>>>>> multiple-flow-id-per-CONNECT happens in David's (unadopted) ECN draft:
>>>>>> https://datatracker.ietf.org/doc/draft-schinazi-masque-connect-udp-ecn/
>>>>>>
>>>>>>
>>>>>>
>>>>>> Leading up to the interim, it would be great if one of the detractors
>>>>>> of the flow-id mapping submitted their own approach to solve ECN. This
>>>>>> would help to illuminate the tradeoffs. Speaking as an individual, I am
>>>>>> also hoping to move the ECN work forward and having another design would
>>>>>> help to do that.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Martin
>>>>>>
>>>>>> --
>>>>>> Masque mailing list
>>>>>> Masque@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/masque
>>>>>>
>>>>>> --
>>>>> Masque mailing list
>>>>> Masque@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/masque
>>>>>
>>>>

v2.23.0 | Report a Bug | By Email