IETF Logo Mail Archive

Re: [Masque] ECN & Flow IDs

David Schinazi <dschinazi.ietf@gmail.com> Sun, 04 April 2021 21:18 UTC

Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86E9B3A1AC7 for <masque@ietfa.amsl.com>; Sun, 4 Apr 2021 14:18:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uK1cxVHvZuOn for <masque@ietfa.amsl.com>; Sun, 4 Apr 2021 14:18:47 -0700 (PDT)
Received: from mail-pg1-x52c.google.com (mail-pg1-x52c.google.com [IPv6:2607:f8b0:4864:20::52c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 336DD3A1ABB for <masque@ietf.org>; Sun, 4 Apr 2021 14:18:47 -0700 (PDT)
Received: by mail-pg1-x52c.google.com with SMTP id k8so6964568pgf.4 for <masque@ietf.org>; Sun, 04 Apr 2021 14:18:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0JVs/dvrltpsMMFXArYzbEnavPW7o0ciuNirRyOI4bo=; b=vGDKvMZiZ/KZB7vC2raLfjVVib7/NBWY9ZWb8HmsdMTQmWwsSG7/EfamxH4xFXar+Z IslxTegb1KEDv6A++5TtKky2FqPz5iV6LUnJL120/hJGLVSMRNZYazavIZR7xC84+d1V BnTmaKiLQk/Bb/ne6mHmKbbjUEaP4t/CEQ51Op16VlCRekszrHUqQxLtwsaUcjxii6WK NxAbRDUm1jIsqmgIbhrlEyJUSFksat8/3c8fWbUQLu1lWHXzuQn1zNUE3TWcx408hfc1 ZDOho+ODn6LHjshMMktyM54bcq5tt6ABT/mOlRAkXpoiKz+0ID6/a5CA6XOgWSC+j7ax 2vQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0JVs/dvrltpsMMFXArYzbEnavPW7o0ciuNirRyOI4bo=; b=Kd9xpLi3FUR9mD664fQiMzK+rBH53dMd8rddLk0fP93Btt7LuDPsNeTUVsv7LBnNPp VS/ByFf19zYegylhAs3IG/dAKwHwx89uzuUJjWJK1UiyKtuRR02m5lztKo/7kVEXivUH vMjuqw7oGv0MJnVzC+jmTFwjjyCoC7Kau/cOkyuUDIZRKizrbkRTKOeNuPSmDd58sPJC 2Wi7rwwyR7Op4AJZnugqJoxlisTPKtpuuo4+Djv/LPQ9KJleGbzQZVQNOpIYEUYUjyi0 QGGrnne5hFNAyBpaUj0sEGYLCg0R2PJRhfUYYrDKS3SDTvHJu8/JxNn8Le3/b0dx4INv C50g==
X-Gm-Message-State: AOAM531hXaO5Hq1i4dfd6nT2pcd1l1aoCMd8kHOZkVEC103zhKqjftr/ eCJ05DDvmeNfllxUwrh1sUwYC8vf/0BCuaVixms=
X-Google-Smtp-Source: ABdhPJzfRtvsyrCYeixtD5gA/kzXd5ABTt3EAuaiXq8xCqLyYlAe8NTQEcbXKF5P5lwHagJTKbhJ5lXImWYnnCIjjHw=
X-Received: by 2002:a65:47ca:: with SMTP id f10mr20741117pgs.206.1617571126082; Sun, 04 Apr 2021 14:18:46 -0700 (PDT)
MIME-Version: 1.0
References: <CAM4esxRmjWr-y-9-KAJmmKvGdONpPufgAbubUhPu_KaS1_Md9Q@mail.gmail.com> <CAPDSy+6go4xh4E55220upECkrept1Yb15diVhC8e3HEWsz52fQ@mail.gmail.com> <CAHbWFkTLC-VdZOX6yTTR9UAy37UZ8R8_t-pWtH=z0rdBZoV4Tg@mail.gmail.com> <CAM4esxTX8dtptAQ3szrzfCCiKYC3-_w=sai948=mvhhcdPiJyw@mail.gmail.com>
In-Reply-To: <CAM4esxTX8dtptAQ3szrzfCCiKYC3-_w=sai948=mvhhcdPiJyw@mail.gmail.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Sun, 04 Apr 2021 14:18:35 -0700
Message-ID: <CAPDSy+7H224GLSn+7FxS8GdfPuAj_Gi72aXi_bdvfZH5FLcg_w@mail.gmail.com>
To: Martin Duke <martin.h.duke@gmail.com>
Cc: Alex Chernyakhovsky <achernya@google.com>, MASQUE <masque@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005e7d9905bf2c2081"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/YxR6lFZZIG1zHcUbhvBm3YnrDeU>
Subject: Re: [Masque] ECN & Flow IDs
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Apr 2021 21:18:52 -0000

Martin, your understanding matches mine. I think using RFC3168-style ECN
(where the client's first flight isn't ECN-Capable) seems like a decent
solution here.

David

On Sat, Apr 3, 2021 at 1:37 PM Martin Duke <martin.h.duke@gmail.com> wrote:

> There's a problem with ECN (and anything else) that is both an extension
> and implies a different datagram format: IIUC, you are likely to add 1RTT
> of latency.
>
> For example, with ECN, say there was just an "ecn" header field that mean
> the first byte was the TOS byte. If the server doesn't understand the
> extension, then datagrams that arrive before the response will be
> incorrectly parsed. It is therefore unsafe to send packets before the
> capability if fully negotiated.
>
> With David's design, datagrams with ECT(0) are simply dropped by the
> proxy, because it doesn't have a mapping for the flow ID. To avoid loss,
> the client can simply send Not-ECT until it gets a response. This isn't a
> great outcome, but far better than always having to withhold the
> first flight.
>
> Am I misunderstanding how this would work in practice?
>
> On Tue, Mar 30, 2021 at 7:31 PM Alex Chernyakhovsky <achernya@google.com>
> wrote:
>
>> I don't think ECN is a good example for discussing datagram flow IDs. I
>> have a github issue (
>> https://github.com/ietf-wg-masque/draft-ietf-masque-h3-datagram/issues/35)
>> out to remove the ECN example. (I much prefer passing the ECN information
>> in the datagram payload, prefixed ahead of the packet as David describes).
>>
>> In addition to the issues that David describes, I think we should also
>> consider whether the Datagram-Flow-Id header is a list separately from
>> whether we allow a 1:many mapping between streams and datagram flow IDs. (I
>> would like to make sure we do not have a many:many or many:1 mapping where
>> multiple streams are responsible for multiple datagram flow IDs)
>>
>> Sincerely
>> -Alex
>>
>> On Tue, Mar 30, 2021 at 8:36 PM David Schinazi <dschinazi.ietf@gmail.com>
>> wrote:
>>
>>> The trivial other approach to solving ECN would be to prefix the UDP
>>> payload with a type byte that contains the two ECN bits and 6 unused bits.
>>> That would definitely work, and therefore I don't think ECN is a good
>>> example to use as a discussion starter for how flow IDs are managed.
>>> I wrote that draft to test out the extensibility of the CONNECT-UDP
>>> design, I'm not planning on moving it forward at this time.
>>>
>>> More conceptually, the main question is whether we allow one
>>> client-initiated bidirectional stream to map to multiple datagram flow IDs.
>>> The approach I've taken is to say yes: that allows us to reuse the flow
>>> ID multiplexing logic to encode additional information in the flow ID.
>>> You could build something isomorphic to this where you say no and have
>>> one flow ID per stream, and then add a second varint right after the flow
>>> ID.
>>> Since datagrams have to fit in a QUIC packet, adding more varints eats
>>> into available datagram MTU which makes me prefer the multiple flow IDs per
>>> stream approach.
>>> Both are pretty much equivalent in terms of implementation complexity:
>>> either way you need a hash table mapping from a varint to what that varint
>>> means.
>>> There is more complexity in how you convey that mapping (right now this
>>> is done using parameters on the Datagram-Flow-Id header), but I don't think
>>> requiring one flow ID per stream solves any of that complexity, you'll
>>> still need a way to convey extension information. The ECN example is so
>>> simple that
>>> it doesn't require sending much extension information, but if you look
>>> further at enabling optional IP header compression in CONNECT-IP, then
>>> you'll want
>>> a way to associate a varint with which IP addresses you're compressing.
>>>
>>> I think the question we have to answer becomes: do we want MASQUE
>>> protocols to be extensible? Our options are:
>>> - disallow extensibility and slightly simplify the protocol
>>> - allow extensibility via multiple flow IDs per stream, and deal with
>>> the slight complexity
>>> - allow extensibility with a single flow ID per stream, and deal with
>>> the slight complexity
>>> Personally, I feel strongly that we should allow extensibility.
>>>
>>> David
>>>
>>>
>>> On Tue, Mar 30, 2021 at 3:40 PM Martin Duke <martin.h.duke@gmail.com>
>>> wrote:
>>>
>>>> Hello MASQUE,
>>>>
>>>> At IETF 110 there was a lot of good discussion challenging the
>>>> foundations of the CONNECT-UDP framework, including the relationship
>>>> between streams and Flow-IDs. While CONNECT-UDP happens to use flow IDs
>>>> somewhat incidentally, the real action with the controversial
>>>> multiple-flow-id-per-CONNECT happens in David's (unadopted) ECN draft:
>>>> https://datatracker.ietf.org/doc/draft-schinazi-masque-connect-udp-ecn/
>>>>
>>>> Leading up to the interim, it would be great if one of the detractors
>>>> of the flow-id mapping submitted their own approach to solve ECN. This
>>>> would help to illuminate the tradeoffs. Speaking as an individual, I am
>>>> also hoping to move the ECN work forward and having another design would
>>>> help to do that.
>>>>
>>>> Thanks,
>>>> Martin
>>>> --
>>>> Masque mailing list
>>>> Masque@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/masque
>>>>
>>> --
>>> Masque mailing list
>>> Masque@ietf.org
>>> https://www.ietf.org/mailman/listinfo/masque
>>>
>>

v2.23.0 | Report a Bug | By Email