Re: [Masque] ECN & Flow IDs
Martin Duke <martin.h.duke@gmail.com> Thu, 15 April 2021 16:03 UTC
Return-Path: <martin.h.duke@gmail.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EAE93A2512 for <masque@ietfa.amsl.com>; Thu, 15 Apr 2021 09:03:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2xXofuo2xM_D for <masque@ietfa.amsl.com>; Thu, 15 Apr 2021 09:03:19 -0700 (PDT)
Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com [IPv6:2607:f8b0:4864:20::d30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A23213A2517 for <masque@ietf.org>; Thu, 15 Apr 2021 09:03:19 -0700 (PDT)
Received: by mail-io1-xd30.google.com with SMTP id a9so13881287ioc.8 for <masque@ietf.org>; Thu, 15 Apr 2021 09:03:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Y1xt9rQ+9MyCnbH0AWZlpFTrF3qSa4TturCoCtvYSz0=; b=fFad+fl752TLQmwI8nY+5+EZ6KfDOWaYPOSuJuqa8G6g/QA11eOfYzbQilU6WZrcyN o9AvgPORs7QP88lnf31dYBwWpxf1Vyi2VWIJSX+OaSBRB7WC+GPBtvK11WylCVvfdTBH rV/uupOvMEtrOS/J7uWE9v3/R/zTU7Elt9Tv9Cdq8mePuzFHw74TyCiGhGXTC1E+adDv 92pTMDrpcJUC+y7F3QUripofspSx834p2GNrMHoZJbRQ/iUy5y7Uarf8g63HvFb70sbw J71H9CQ3IJhg+r/6ZmWm0xnekHiaYqWN5cTBbWAMGY+9gJcqLjnXn8HJpFhZJPaLVpg2 FNUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Y1xt9rQ+9MyCnbH0AWZlpFTrF3qSa4TturCoCtvYSz0=; b=lGgyBiEmhBFoySfSR3ex5BwNIFBqFdxBkWM5WFA/U9g1Ui/7isk/k2C8ya6CrnmVYh DbH5bSHEB3HHfLxN9y4FIbWzTDrYcKBOGCcrXQXCycHdupA845srL/AuA/tJwXuBN9e0 /WWgUUuaWNTAB8es7G7niIxrCZbc6WkXO3pTQwB371txvP1HoP39lxCj0g7jK17AV9oD 6c9z8vrA94iBhdvSyKxVYUj6rsvMK1HL3pgrp/OQAjVZ9Thnuz7F3WdoZCMyB5QD1BHH 84vZOLuS7q70+DNPWN373aGmixyP6/TwLLsCCBIXs2dcJcCOUfaCbqBs71RDwR8cnPls d5dg==
X-Gm-Message-State: AOAM533bHa9QjdgwK3sSdIxRUgSCXgnhHJ+MV2mIJjNMlLYnN3kjgFhu 5x2a75YQgASUrdV8ONSgv+5D4da3nVDoTPi0hOA=
X-Google-Smtp-Source: ABdhPJzDtqDCieSxqwrCXv658M+rqbw5wvsfW9S1/G068q2N+Bv1YalBSvuI84aUknlsrT7I1WG7CnZ4uvT/IpsowZE=
X-Received: by 2002:a05:6638:329e:: with SMTP id f30mr3591099jav.121.1618502596906; Thu, 15 Apr 2021 09:03:16 -0700 (PDT)
MIME-Version: 1.0
References: <CAM4esxRmjWr-y-9-KAJmmKvGdONpPufgAbubUhPu_KaS1_Md9Q@mail.gmail.com> <CAPDSy+6go4xh4E55220upECkrept1Yb15diVhC8e3HEWsz52fQ@mail.gmail.com> <BBA47C7D-FBEC-419D-9BED-2D998EF526B0@ericsson.com> <CAM4esxTR1Y8oS0UpPu2_5cnDT_tnLTM-VbknCJDyWEz=JbyUKQ@mail.gmail.com> <CAHbWFkRGTDraYPQrNHMiOM5Cg=opJvFT7hs2cWA=vd+=hKQBBw@mail.gmail.com> <CAM4esxS9ivD5Dux_T2UYrVO5a7VF=D6C-t9LM-3tmxdwvY_8UQ@mail.gmail.com> <CAHbWFkRL1N=tLYoWAP4xwYPVymbrpTVciLwwESHNELDrprVhcg@mail.gmail.com> <CAM4esxSd6JmX-9a=0xPzAEHPEmxB4KFJFgkKL2edUfNf3KwDYQ@mail.gmail.com> <CAHbWFkTAvYLT9T9g1xO5JSJyfMeOTpyZ7tDwbVAT55=L78wB5w@mail.gmail.com>
In-Reply-To: <CAHbWFkTAvYLT9T9g1xO5JSJyfMeOTpyZ7tDwbVAT55=L78wB5w@mail.gmail.com>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Thu, 15 Apr 2021 09:02:38 -0700
Message-ID: <CAM4esxQ4YsDpioC5P8Bk63ytOM+PS6yqVTuGrAHxNQf5tY_ebg@mail.gmail.com>
To: Alex Chernyakhovsky <achernya@google.com>
Cc: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>, David Schinazi <dschinazi.ietf@gmail.com>, MASQUE <masque@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005b54a405c005005a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/_YHGTfoUrA1n-ugShurYtpqYars>
Subject: Re: [Masque] ECN & Flow IDs
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Apr 2021 16:03:24 -0000
Hi Alex, Thanks for clarifying. IIUC one objective of David's design is to not advertise MASQUE capabilities quite so explicitly, which is a drawback of a SETTINGS-based mechanism. On Thu, Apr 8, 2021, 16:36 Alex Chernyakhovsky <achernya@google.com> wrote: > Hi Martin, > > Yes, I was imagining that the presence if this extension is negotiated, > possibly by way of SETTINGS. Any > > Sincerely, > -Alex > > On Thu, Apr 8, 2021 at 4:29 PM Martin Duke <martin.h.duke@gmail.com> > wrote: > >> Hi Alex, >> >> I'm not sure what you mean by "sending the 1RTT value" but IIUC you're >> proposing that the proxy drops all payloads if it doesn't understand the >> extension? How would it know when DATAGRAMs transfer from the extension >> format to the non-extension format? >> >> Or are you saying this would be a connection-level capability negotiated >> by SETTINGS or something? >> >> On Thu, Apr 8, 2021 at 7:29 AM Alex Chernyakhovsky <achernya@google.com> >> wrote: >> >>> Hi Martin, >>> >>> There's a few issues with your example, which is namely that step (4) >>> should not occur. The extension needs to be pre-declared, or else the proxy >>> does as you describe and we have undefined behavior. I instead was >>> imagining a header (or some other signalling mechanism) that says "we want >>> to use ecn extension" and when the proxy gets its first payload after that >>> header, it drops it because it doesn't know about the extension and replies >>> back that it doesn't support it. The client then has to send the 1RTT >>> value. You end up with the same behavior as David's draft. >>> >>> of course, we can also fix this more explicitly in the CONNECT-UDP draft >>> by creating another stream-chunk type for UDP packet with additional data >>> for extensions in addition to the packet. Then all a proxy has to know is >>> there's data it doesn't support, and it just doesn't read and act upon it >>> when sending the packet payload. >>> >>> Sincerely, >>> -Alex >>> >>> On Wed, Apr 7, 2021 at 2:21 PM Martin Duke <martin.h.duke@gmail.com> >>> wrote: >>> >>>> Alex, >>>> >>>> Maybe I'm missing something obvious, but here's an example. >>>> >>>> Let's say that the "ecn" extension means the first octet of the >>>> datagram after the flow ID is the ToS byte. >>>> >>>> 1. The client sends a CONNECT-UDP request with the "ecn" extension >>>> 2. The client sends a datagram with the second byte reflecting the ToS. >>>> 3. The proxy does not understand the ecn extension and ignores it >>>> 4. The datagram arrives; the proxy sends a UDP packet with the ToS byte >>>> as the first byte of payload. >>>> 5. The client receives the response without the "ecn" extension and >>>> stops sending the ToS byte. >>>> >>>> In #4 we're going to have some weird undefined behavior. >>>> >>>> Compare this to David's draft >>>> >>>> 1. The client sends a CONNECT-UDP (flowID = 12) request with the "ecn" >>>> extension (flowID = 16 for ECT(0)) >>>> 2. The client sends a datagram with flowID = 16 >>>> 3. The proxy does not understand the ecn extension and ignores it >>>> 4. The datagram arrives; the proxy drops flowID 16 because it doesn't >>>> know what that is >>>> 5. The client receives the response without the "ecn" extension and >>>> stops sending flowID 16. >>>> >>>> packet losses aren't great, but are better than undefined behavior. >>>> >>>> On Wed, Apr 7, 2021 at 10:53 AM Alex Chernyakhovsky < >>>> achernya@google.com> wrote: >>>> >>>>> Hi Martin, >>>>> >>>>> What's stopping the client from opportunistically sending the packet >>>>> with the extension in the same flight as requesting the extension? Then >>>>> you'd at-best get the expected behavior and at-worst fall back to the >>>>> 1RTT penalty. >>>>> >>>>> Sincerely, >>>>> -Alex >>>>> >>>>> On Wed, Apr 7, 2021 at 1:07 PM Martin Duke <martin.h.duke@gmail.com> >>>>> wrote: >>>>> >>>>>> Again, adding two bits to the datagram payload is not "simple enough" >>>>>> if it's an extension. >>>>>> >>>>>> If it's part of the CONNECT-UDP standard, then sure. >>>>>> >>>>>> Otherwise, there is ambiguity in processing an H3 DATAGRAM frame sent >>>>>> by the client before receiving the response from the server. The client can >>>>>> send not-ECT or eat the 1RTT latency penalty. >>>>>> >>>>>> With flow IDs, the proxy will simply drop the datagram, incurring a >>>>>> 1RTT penalty only if it doesn't support the extension. >>>>>> >>>>>> On Wed, Apr 7, 2021 at 10:00 AM Mirja Kuehlewind < >>>>>> mirja.kuehlewind@ericsson.com> wrote: >>>>>> >>>>>>> Hi David, hi all, >>>>>>> >>>>>>> >>>>>>> >>>>>>> to also add to your question about multiple flow IDs. I guess we >>>>>>> kind of agree that we don’t want flow ID for ECN information, as adding two >>>>>>> bits is simple enough, however, then it is actually not fully clear to me >>>>>>> why multiple flow IDs per connect request are needed. You briefly mentioned >>>>>>> other extension below, however, not all, or only very few information, >>>>>>> require per-packet information (as it was used for the ECN example). If you >>>>>>> want to actually send multiple flows/connections to the same server you, >>>>>>> can always send multiple connect requests. That’s slightly more overhead at >>>>>>> connection establishment but not much, and I would say it’s architecturally >>>>>>> more clean and therefore also simpler. >>>>>>> >>>>>>> >>>>>>> >>>>>>> Mirja >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> *From: *Masque <masque-bounces@ietf.org> on behalf of David >>>>>>> Schinazi <dschinazi.ietf@gmail.com> >>>>>>> *Date: *Wednesday, 31. March 2021 at 02:36 >>>>>>> *To: *Martin Duke <martin.h.duke@gmail.com> >>>>>>> *Cc: *MASQUE <masque@ietf.org> >>>>>>> *Subject: *Re: [Masque] ECN & Flow IDs >>>>>>> >>>>>>> >>>>>>> >>>>>>> The trivial other approach to solving ECN would be to prefix the UDP >>>>>>> payload with a type byte that contains the two ECN bits and 6 unused bits. >>>>>>> >>>>>>> That would definitely work, and therefore I don't think ECN is a >>>>>>> good example to use as a discussion starter for how flow IDs are managed. >>>>>>> >>>>>>> I wrote that draft to test out the extensibility of the CONNECT-UDP >>>>>>> design, I'm not planning on moving it forward at this time. >>>>>>> >>>>>>> >>>>>>> >>>>>>> More conceptually, the main question is whether we allow one >>>>>>> client-initiated bidirectional stream to map to multiple datagram flow IDs. >>>>>>> >>>>>>> The approach I've taken is to say yes: that allows us to reuse the >>>>>>> flow ID multiplexing logic to encode additional information in the flow ID. >>>>>>> >>>>>>> You could build something isomorphic to this where you say no and >>>>>>> have one flow ID per stream, and then add a second varint right after the >>>>>>> flow ID. >>>>>>> >>>>>>> Since datagrams have to fit in a QUIC packet, adding more >>>>>>> varints eats into available datagram MTU which makes me prefer the multiple >>>>>>> flow IDs per stream approach. >>>>>>> >>>>>>> Both are pretty much equivalent in terms of implementation >>>>>>> complexity: either way you need a hash table mapping from a varint to what >>>>>>> that varint means. >>>>>>> >>>>>>> There is more complexity in how you convey that mapping (right now >>>>>>> this is done using parameters on the Datagram-Flow-Id header), but I don't >>>>>>> think >>>>>>> >>>>>>> requiring one flow ID per stream solves any of that >>>>>>> complexity, you'll still need a way to convey extension information. The >>>>>>> ECN example is so simple that >>>>>>> >>>>>>> it doesn't require sending much extension information, but if you >>>>>>> look further at enabling optional IP header compression in CONNECT-IP, then >>>>>>> you'll want >>>>>>> >>>>>>> a way to associate a varint with which IP addresses you're >>>>>>> compressing. >>>>>>> >>>>>>> >>>>>>> >>>>>>> I think the question we have to answer becomes: do we want MASQUE >>>>>>> protocols to be extensible? Our options are: >>>>>>> >>>>>>> - disallow extensibility and slightly simplify the protocol >>>>>>> >>>>>>> - allow extensibility via multiple flow IDs per stream, and deal >>>>>>> with the slight complexity >>>>>>> >>>>>>> - allow extensibility with a single flow ID per stream, and deal >>>>>>> with the slight complexity >>>>>>> >>>>>>> Personally, I feel strongly that we should allow extensibility. >>>>>>> >>>>>>> >>>>>>> >>>>>>> David >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Tue, Mar 30, 2021 at 3:40 PM Martin Duke <martin.h.duke@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>> Hello MASQUE, >>>>>>> >>>>>>> >>>>>>> >>>>>>> At IETF 110 there was a lot of good discussion challenging the >>>>>>> foundations of the CONNECT-UDP framework, including the relationship >>>>>>> between streams and Flow-IDs. While CONNECT-UDP happens to use flow IDs >>>>>>> somewhat incidentally, the real action with the controversial >>>>>>> multiple-flow-id-per-CONNECT happens in David's (unadopted) ECN draft: >>>>>>> https://datatracker.ietf.org/doc/draft-schinazi-masque-connect-udp-ecn/ >>>>>>> >>>>>>> >>>>>>> >>>>>>> Leading up to the interim, it would be great if one of the >>>>>>> detractors of the flow-id mapping submitted their own approach to solve >>>>>>> ECN. This would help to illuminate the tradeoffs. Speaking as an >>>>>>> individual, I am also hoping to move the ECN work forward and having >>>>>>> another design would help to do that. >>>>>>> >>>>>>> >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> Martin >>>>>>> >>>>>>> -- >>>>>>> Masque mailing list >>>>>>> Masque@ietf.org >>>>>>> https://www.ietf.org/mailman/listinfo/masque >>>>>>> >>>>>>> -- >>>>>> Masque mailing list >>>>>> Masque@ietf.org >>>>>> https://www.ietf.org/mailman/listinfo/masque >>>>>> >>>>>
- [Masque] ECN & Flow IDs Martin Duke
- Re: [Masque] ECN & Flow IDs David Schinazi
- Re: [Masque] ECN & Flow IDs Alex Chernyakhovsky
- Re: [Masque] ECN & Flow IDs Martin Duke
- Re: [Masque] ECN & Flow IDs David Schinazi
- Re: [Masque] ECN & Flow IDs Mirja Kuehlewind
- Re: [Masque] ECN & Flow IDs Mirja Kuehlewind
- Re: [Masque] ECN & Flow IDs Martin Duke
- Re: [Masque] ECN & Flow IDs David Schinazi
- Re: [Masque] ECN & Flow IDs Alex Chernyakhovsky
- Re: [Masque] ECN & Flow IDs Martin Duke
- Re: [Masque] ECN & Flow IDs Mirja Kuehlewind
- Re: [Masque] ECN & Flow IDs Mirja Kuehlewind
- Re: [Masque] ECN & Flow IDs Alex Chernyakhovsky
- Re: [Masque] ECN & Flow IDs David Schinazi
- Re: [Masque] ECN & Flow IDs Mirja Kuehlewind
- Re: [Masque] ECN & Flow IDs Martin Duke
- Re: [Masque] ECN & Flow IDs Alex Chernyakhovsky
- Re: [Masque] ECN & Flow IDs Martin Duke
- Re: [Masque] ECN & Flow IDs David Schinazi