IETF Logo Mail Archive

Re: [Masque] ECN & Flow IDs

Martin Duke <martin.h.duke@gmail.com> Thu, 15 April 2021 16:03 UTC

Return-Path: <martin.h.duke@gmail.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EAE93A2512 for <masque@ietfa.amsl.com>; Thu, 15 Apr 2021 09:03:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2xXofuo2xM_D for <masque@ietfa.amsl.com>; Thu, 15 Apr 2021 09:03:19 -0700 (PDT)
Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com [IPv6:2607:f8b0:4864:20::d30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A23213A2517 for <masque@ietf.org>; Thu, 15 Apr 2021 09:03:19 -0700 (PDT)
Received: by mail-io1-xd30.google.com with SMTP id a9so13881287ioc.8 for <masque@ietf.org>; Thu, 15 Apr 2021 09:03:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Y1xt9rQ+9MyCnbH0AWZlpFTrF3qSa4TturCoCtvYSz0=; b=fFad+fl752TLQmwI8nY+5+EZ6KfDOWaYPOSuJuqa8G6g/QA11eOfYzbQilU6WZrcyN o9AvgPORs7QP88lnf31dYBwWpxf1Vyi2VWIJSX+OaSBRB7WC+GPBtvK11WylCVvfdTBH rV/uupOvMEtrOS/J7uWE9v3/R/zTU7Elt9Tv9Cdq8mePuzFHw74TyCiGhGXTC1E+adDv 92pTMDrpcJUC+y7F3QUripofspSx834p2GNrMHoZJbRQ/iUy5y7Uarf8g63HvFb70sbw J71H9CQ3IJhg+r/6ZmWm0xnekHiaYqWN5cTBbWAMGY+9gJcqLjnXn8HJpFhZJPaLVpg2 FNUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Y1xt9rQ+9MyCnbH0AWZlpFTrF3qSa4TturCoCtvYSz0=; b=lGgyBiEmhBFoySfSR3ex5BwNIFBqFdxBkWM5WFA/U9g1Ui/7isk/k2C8ya6CrnmVYh DbH5bSHEB3HHfLxN9y4FIbWzTDrYcKBOGCcrXQXCycHdupA845srL/AuA/tJwXuBN9e0 /WWgUUuaWNTAB8es7G7niIxrCZbc6WkXO3pTQwB371txvP1HoP39lxCj0g7jK17AV9oD 6c9z8vrA94iBhdvSyKxVYUj6rsvMK1HL3pgrp/OQAjVZ9Thnuz7F3WdoZCMyB5QD1BHH 84vZOLuS7q70+DNPWN373aGmixyP6/TwLLsCCBIXs2dcJcCOUfaCbqBs71RDwR8cnPls d5dg==
X-Gm-Message-State: AOAM533bHa9QjdgwK3sSdIxRUgSCXgnhHJ+MV2mIJjNMlLYnN3kjgFhu 5x2a75YQgASUrdV8ONSgv+5D4da3nVDoTPi0hOA=
X-Google-Smtp-Source: ABdhPJzDtqDCieSxqwrCXv658M+rqbw5wvsfW9S1/G068q2N+Bv1YalBSvuI84aUknlsrT7I1WG7CnZ4uvT/IpsowZE=
X-Received: by 2002:a05:6638:329e:: with SMTP id f30mr3591099jav.121.1618502596906; Thu, 15 Apr 2021 09:03:16 -0700 (PDT)
MIME-Version: 1.0
References: <CAM4esxRmjWr-y-9-KAJmmKvGdONpPufgAbubUhPu_KaS1_Md9Q@mail.gmail.com> <CAPDSy+6go4xh4E55220upECkrept1Yb15diVhC8e3HEWsz52fQ@mail.gmail.com> <BBA47C7D-FBEC-419D-9BED-2D998EF526B0@ericsson.com> <CAM4esxTR1Y8oS0UpPu2_5cnDT_tnLTM-VbknCJDyWEz=JbyUKQ@mail.gmail.com> <CAHbWFkRGTDraYPQrNHMiOM5Cg=opJvFT7hs2cWA=vd+=hKQBBw@mail.gmail.com> <CAM4esxS9ivD5Dux_T2UYrVO5a7VF=D6C-t9LM-3tmxdwvY_8UQ@mail.gmail.com> <CAHbWFkRL1N=tLYoWAP4xwYPVymbrpTVciLwwESHNELDrprVhcg@mail.gmail.com> <CAM4esxSd6JmX-9a=0xPzAEHPEmxB4KFJFgkKL2edUfNf3KwDYQ@mail.gmail.com> <CAHbWFkTAvYLT9T9g1xO5JSJyfMeOTpyZ7tDwbVAT55=L78wB5w@mail.gmail.com>
In-Reply-To: <CAHbWFkTAvYLT9T9g1xO5JSJyfMeOTpyZ7tDwbVAT55=L78wB5w@mail.gmail.com>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Thu, 15 Apr 2021 09:02:38 -0700
Message-ID: <CAM4esxQ4YsDpioC5P8Bk63ytOM+PS6yqVTuGrAHxNQf5tY_ebg@mail.gmail.com>
To: Alex Chernyakhovsky <achernya@google.com>
Cc: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>, David Schinazi <dschinazi.ietf@gmail.com>, MASQUE <masque@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005b54a405c005005a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/_YHGTfoUrA1n-ugShurYtpqYars>
Subject: Re: [Masque] ECN & Flow IDs
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Apr 2021 16:03:24 -0000

Hi Alex,

Thanks for clarifying. IIUC one objective of David's design is to not
advertise MASQUE capabilities quite so explicitly, which is a drawback of a
SETTINGS-based mechanism.

On Thu, Apr 8, 2021, 16:36 Alex Chernyakhovsky <achernya@google.com> wrote:

> Hi Martin,
>
> Yes, I was imagining that the presence if this extension is negotiated,
> possibly by way of SETTINGS. Any
>
> Sincerely,
> -Alex
>
> On Thu, Apr 8, 2021 at 4:29 PM Martin Duke <martin.h.duke@gmail.com>
> wrote:
>
>> Hi Alex,
>>
>> I'm not sure what you mean by "sending the 1RTT value" but IIUC you're
>> proposing that the proxy drops all payloads if it doesn't understand the
>> extension? How would it know when DATAGRAMs transfer from the extension
>> format to the non-extension format?
>>
>> Or are you saying this would be a connection-level capability negotiated
>> by SETTINGS or something?
>>
>> On Thu, Apr 8, 2021 at 7:29 AM Alex Chernyakhovsky <achernya@google.com>
>> wrote:
>>
>>> Hi Martin,
>>>
>>> There's a few issues with your example, which is namely that step (4)
>>> should not occur. The extension needs to be pre-declared, or else the proxy
>>> does as you describe and we have undefined behavior. I instead was
>>> imagining a header (or some other signalling mechanism) that says "we want
>>> to use ecn extension" and when the proxy gets its first payload after that
>>> header, it drops it because it doesn't know about the extension and replies
>>> back that it doesn't support it. The client then has to send the 1RTT
>>> value. You end up with the same behavior as David's draft.
>>>
>>> of course, we can also fix this more explicitly in the CONNECT-UDP draft
>>> by creating another stream-chunk type for UDP packet with additional data
>>> for extensions in addition to the packet. Then all a proxy has to know is
>>> there's data it doesn't support, and it just doesn't read and act upon it
>>> when sending the packet payload.
>>>
>>> Sincerely,
>>> -Alex
>>>
>>> On Wed, Apr 7, 2021 at 2:21 PM Martin Duke <martin.h.duke@gmail.com>
>>> wrote:
>>>
>>>> Alex,
>>>>
>>>> Maybe I'm missing something obvious, but here's an example.
>>>>
>>>> Let's say that the "ecn" extension means the first octet of the
>>>> datagram after the flow ID is the ToS byte.
>>>>
>>>> 1. The client sends a CONNECT-UDP request with the "ecn" extension
>>>> 2. The client sends a datagram with the second byte reflecting the ToS.
>>>> 3. The proxy does not understand the ecn extension and ignores it
>>>> 4. The datagram arrives; the proxy sends a UDP packet with the ToS byte
>>>> as the first byte of payload.
>>>> 5. The client receives the response without the "ecn" extension and
>>>> stops sending the ToS byte.
>>>>
>>>> In #4 we're going to have some weird undefined behavior.
>>>>
>>>> Compare this to David's draft
>>>>
>>>> 1. The client sends a CONNECT-UDP (flowID = 12) request with the "ecn"
>>>> extension (flowID = 16 for ECT(0))
>>>> 2. The client sends a datagram with flowID = 16
>>>> 3. The proxy does not understand the ecn extension and ignores it
>>>> 4. The datagram arrives; the proxy drops flowID 16 because it doesn't
>>>> know what that is
>>>> 5. The client receives the response without the "ecn" extension and
>>>> stops sending flowID 16.
>>>>
>>>> packet losses aren't great, but are better than undefined behavior.
>>>>
>>>> On Wed, Apr 7, 2021 at 10:53 AM Alex Chernyakhovsky <
>>>> achernya@google.com> wrote:
>>>>
>>>>> Hi Martin,
>>>>>
>>>>> What's stopping the client from opportunistically sending the packet
>>>>> with the extension in the same flight as requesting the extension? Then
>>>>> you'd at-best get the expected behavior and at-worst fall back to the
>>>>> 1RTT penalty.
>>>>>
>>>>> Sincerely,
>>>>> -Alex
>>>>>
>>>>> On Wed, Apr 7, 2021 at 1:07 PM Martin Duke <martin.h.duke@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Again, adding two bits to the datagram payload is not "simple enough"
>>>>>> if it's an extension.
>>>>>>
>>>>>> If it's part of the CONNECT-UDP standard, then sure.
>>>>>>
>>>>>> Otherwise, there is ambiguity in processing an H3 DATAGRAM frame sent
>>>>>> by the client before receiving the response from the server. The client can
>>>>>> send not-ECT or eat the 1RTT latency penalty.
>>>>>>
>>>>>> With flow IDs, the proxy will simply drop the datagram, incurring a
>>>>>> 1RTT penalty only if it doesn't support the extension.
>>>>>>
>>>>>> On Wed, Apr 7, 2021 at 10:00 AM Mirja Kuehlewind <
>>>>>> mirja.kuehlewind@ericsson.com> wrote:
>>>>>>
>>>>>>> Hi David, hi all,
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> to also add to your question about multiple flow IDs. I guess we
>>>>>>> kind of agree that we don’t want flow ID for ECN information, as adding two
>>>>>>> bits is simple enough, however, then it is actually not fully clear to me
>>>>>>> why multiple flow IDs per connect request are needed. You briefly mentioned
>>>>>>> other extension below, however, not all, or only very few information,
>>>>>>> require per-packet information (as it was used for the ECN example). If you
>>>>>>> want to actually send multiple flows/connections to the same server you,
>>>>>>> can always send multiple connect requests. That’s slightly more overhead at
>>>>>>> connection establishment but not much, and I would say it’s architecturally
>>>>>>> more clean and therefore also simpler.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Mirja
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> *From: *Masque <masque-bounces@ietf.org> on behalf of David
>>>>>>> Schinazi <dschinazi.ietf@gmail.com>
>>>>>>> *Date: *Wednesday, 31. March 2021 at 02:36
>>>>>>> *To: *Martin Duke <martin.h.duke@gmail.com>
>>>>>>> *Cc: *MASQUE <masque@ietf.org>
>>>>>>> *Subject: *Re: [Masque] ECN & Flow IDs
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> The trivial other approach to solving ECN would be to prefix the UDP
>>>>>>> payload with a type byte that contains the two ECN bits and 6 unused bits.
>>>>>>>
>>>>>>> That would definitely work, and therefore I don't think ECN is a
>>>>>>> good example to use as a discussion starter for how flow IDs are managed.
>>>>>>>
>>>>>>> I wrote that draft to test out the extensibility of the CONNECT-UDP
>>>>>>> design, I'm not planning on moving it forward at this time.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> More conceptually, the main question is whether we allow one
>>>>>>> client-initiated bidirectional stream to map to multiple datagram flow IDs.
>>>>>>>
>>>>>>> The approach I've taken is to say yes: that allows us to reuse the
>>>>>>> flow ID multiplexing logic to encode additional information in the flow ID.
>>>>>>>
>>>>>>> You could build something isomorphic to this where you say no and
>>>>>>> have one flow ID per stream, and then add a second varint right after the
>>>>>>> flow ID.
>>>>>>>
>>>>>>> Since datagrams have to fit in a QUIC packet, adding more
>>>>>>> varints eats into available datagram MTU which makes me prefer the multiple
>>>>>>> flow IDs per stream approach.
>>>>>>>
>>>>>>> Both are pretty much equivalent in terms of implementation
>>>>>>> complexity: either way you need a hash table mapping from a varint to what
>>>>>>> that varint means.
>>>>>>>
>>>>>>> There is more complexity in how you convey that mapping (right now
>>>>>>> this is done using parameters on the Datagram-Flow-Id header), but I don't
>>>>>>> think
>>>>>>>
>>>>>>> requiring one flow ID per stream solves any of that
>>>>>>> complexity, you'll still need a way to convey extension information. The
>>>>>>> ECN example is so simple that
>>>>>>>
>>>>>>> it doesn't require sending much extension information, but if you
>>>>>>> look further at enabling optional IP header compression in CONNECT-IP, then
>>>>>>> you'll want
>>>>>>>
>>>>>>> a way to associate a varint with which IP addresses you're
>>>>>>> compressing.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I think the question we have to answer becomes: do we want MASQUE
>>>>>>> protocols to be extensible? Our options are:
>>>>>>>
>>>>>>> - disallow extensibility and slightly simplify the protocol
>>>>>>>
>>>>>>> - allow extensibility via multiple flow IDs per stream, and deal
>>>>>>> with the slight complexity
>>>>>>>
>>>>>>> - allow extensibility with a single flow ID per stream, and deal
>>>>>>> with the slight complexity
>>>>>>>
>>>>>>> Personally, I feel strongly that we should allow extensibility.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> David
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Mar 30, 2021 at 3:40 PM Martin Duke <martin.h.duke@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>> Hello MASQUE,
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> At IETF 110 there was a lot of good discussion challenging the
>>>>>>> foundations of the CONNECT-UDP framework, including the relationship
>>>>>>> between streams and Flow-IDs. While CONNECT-UDP happens to use flow IDs
>>>>>>> somewhat incidentally, the real action with the controversial
>>>>>>> multiple-flow-id-per-CONNECT happens in David's (unadopted) ECN draft:
>>>>>>> https://datatracker.ietf.org/doc/draft-schinazi-masque-connect-udp-ecn/
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Leading up to the interim, it would be great if one of the
>>>>>>> detractors of the flow-id mapping submitted their own approach to solve
>>>>>>> ECN. This would help to illuminate the tradeoffs. Speaking as an
>>>>>>> individual, I am also hoping to move the ECN work forward and having
>>>>>>> another design would help to do that.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> Martin
>>>>>>>
>>>>>>> --
>>>>>>> Masque mailing list
>>>>>>> Masque@ietf.org
>>>>>>> https://www.ietf.org/mailman/listinfo/masque
>>>>>>>
>>>>>>> --
>>>>>> Masque mailing list
>>>>>> Masque@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/masque
>>>>>>
>>>>>

v2.23.0 | Report a Bug | By Email