IETF Logo Mail Archive

Re: [Masque] ECN & Flow IDs

Martin Duke <martin.h.duke@gmail.com> Thu, 08 April 2021 20:29 UTC

Return-Path: <martin.h.duke@gmail.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1428E3A1B5E for <masque@ietfa.amsl.com>; Thu, 8 Apr 2021 13:29:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3ZKbmy9PrpR2 for <masque@ietfa.amsl.com>; Thu, 8 Apr 2021 13:29:02 -0700 (PDT)
Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4EC7B3A1B58 for <masque@ietf.org>; Thu, 8 Apr 2021 13:29:02 -0700 (PDT)
Received: by mail-io1-xd32.google.com with SMTP id v26so3607001iox.11 for <masque@ietf.org>; Thu, 08 Apr 2021 13:29:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pflVAyG//dq3vtrk3isbk4RqmEV8Jb+KH2avT/xiJqA=; b=VXDhsu6JdqyK+rrHm8YvP1vHbNbrmxnU5DBRxb9JBQXopfNj/vdqns9+757rVEfYtK oQWJ4UU+WuFsKFn+2e/MyKqLlM3rsGE98Mq+n/Pk/g3BB+TfQyhNRqlZEcOwqToAByl0 lCdoPg06gkBh18ETMF+vLhLJ+Sv8xS4XIOaOnzYEgO69cEGxBZxB7qA2u45HiktwjwqD NhKlDpRJKboPi3S1rGxraAvGJI37aX8NMbDUZm/hq0mzWurgvgDNu3ACHZEE7FbPtdhc gThFBPjtwW+Qfp/J+amN7oXCZ43C7hSyoErf/AcbNYg016bUwireJH/vmIRXxHmdTEiH ag7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pflVAyG//dq3vtrk3isbk4RqmEV8Jb+KH2avT/xiJqA=; b=RV8RVBZxS9qsMgG4/JKgPJSJS3X05apri/i89rKx8hXOdj0thpbn2I5l3sxZ764OlK PPoRdb4YYGCO7YfgPYXpAP2G+yEGd2QeyOd+K091xnTzPP9KVSbZNY2F9cbK2tvHVhp6 M/aL35mj5R+aZugJ5zJeyBgR//FppaGPxfdkw8CJGBQr3jzHsCd3C1b88XYbHOXzsnie 6CaKg/itqSE+CJ2TREpnIdnXI7v5Oms3XhGC4ibVqR+b2hT1I4E8jFFEVBsHOgc9M8gv EsWPkn7+VvtI0O9Rz2WKCuHjYnaFSA1J1SgbJWd7LOVKJq4MjRPOA8bAb55n7qfmfuYD DNEg==
X-Gm-Message-State: AOAM532VkJV0skYuYydmwu5oL0hY8suTRiE9XBMea3jgRKcAlnrVfImb /LOahzBu+IDqEifo5kpdqTKMBKYxNdkdG6mXR8s=
X-Google-Smtp-Source: ABdhPJypdHesvoMmT6pP0a8taipJ3RBFhwSLNsKtj/qJuAIICaVdaTbk+6ePUMyypUph1+fRYMPVBN2earvYvgOM2as=
X-Received: by 2002:a05:6602:2094:: with SMTP id a20mr8435759ioa.19.1617913740698; Thu, 08 Apr 2021 13:29:00 -0700 (PDT)
MIME-Version: 1.0
References: <CAM4esxRmjWr-y-9-KAJmmKvGdONpPufgAbubUhPu_KaS1_Md9Q@mail.gmail.com> <CAPDSy+6go4xh4E55220upECkrept1Yb15diVhC8e3HEWsz52fQ@mail.gmail.com> <BBA47C7D-FBEC-419D-9BED-2D998EF526B0@ericsson.com> <CAM4esxTR1Y8oS0UpPu2_5cnDT_tnLTM-VbknCJDyWEz=JbyUKQ@mail.gmail.com> <CAHbWFkRGTDraYPQrNHMiOM5Cg=opJvFT7hs2cWA=vd+=hKQBBw@mail.gmail.com> <CAM4esxS9ivD5Dux_T2UYrVO5a7VF=D6C-t9LM-3tmxdwvY_8UQ@mail.gmail.com> <CAHbWFkRL1N=tLYoWAP4xwYPVymbrpTVciLwwESHNELDrprVhcg@mail.gmail.com>
In-Reply-To: <CAHbWFkRL1N=tLYoWAP4xwYPVymbrpTVciLwwESHNELDrprVhcg@mail.gmail.com>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Thu, 08 Apr 2021 13:28:49 -0700
Message-ID: <CAM4esxSd6JmX-9a=0xPzAEHPEmxB4KFJFgkKL2edUfNf3KwDYQ@mail.gmail.com>
To: Alex Chernyakhovsky <achernya@google.com>
Cc: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>, David Schinazi <dschinazi.ietf@gmail.com>, MASQUE <masque@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000caa63f05bf7be56f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/lWXUTNfvYC3oCjlqT18rAKarRZQ>
Subject: Re: [Masque] ECN & Flow IDs
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Apr 2021 20:29:07 -0000

Hi Alex,

I'm not sure what you mean by "sending the 1RTT value" but IIUC you're
proposing that the proxy drops all payloads if it doesn't understand the
extension? How would it know when DATAGRAMs transfer from the extension
format to the non-extension format?

Or are you saying this would be a connection-level capability negotiated by
SETTINGS or something?

On Thu, Apr 8, 2021 at 7:29 AM Alex Chernyakhovsky <achernya@google.com>
wrote:

> Hi Martin,
>
> There's a few issues with your example, which is namely that step (4)
> should not occur. The extension needs to be pre-declared, or else the proxy
> does as you describe and we have undefined behavior. I instead was
> imagining a header (or some other signalling mechanism) that says "we want
> to use ecn extension" and when the proxy gets its first payload after that
> header, it drops it because it doesn't know about the extension and replies
> back that it doesn't support it. The client then has to send the 1RTT
> value. You end up with the same behavior as David's draft.
>
> of course, we can also fix this more explicitly in the CONNECT-UDP draft
> by creating another stream-chunk type for UDP packet with additional data
> for extensions in addition to the packet. Then all a proxy has to know is
> there's data it doesn't support, and it just doesn't read and act upon it
> when sending the packet payload.
>
> Sincerely,
> -Alex
>
> On Wed, Apr 7, 2021 at 2:21 PM Martin Duke <martin.h.duke@gmail.com>
> wrote:
>
>> Alex,
>>
>> Maybe I'm missing something obvious, but here's an example.
>>
>> Let's say that the "ecn" extension means the first octet of the datagram
>> after the flow ID is the ToS byte.
>>
>> 1. The client sends a CONNECT-UDP request with the "ecn" extension
>> 2. The client sends a datagram with the second byte reflecting the ToS.
>> 3. The proxy does not understand the ecn extension and ignores it
>> 4. The datagram arrives; the proxy sends a UDP packet with the ToS byte
>> as the first byte of payload.
>> 5. The client receives the response without the "ecn" extension and stops
>> sending the ToS byte.
>>
>> In #4 we're going to have some weird undefined behavior.
>>
>> Compare this to David's draft
>>
>> 1. The client sends a CONNECT-UDP (flowID = 12) request with the "ecn"
>> extension (flowID = 16 for ECT(0))
>> 2. The client sends a datagram with flowID = 16
>> 3. The proxy does not understand the ecn extension and ignores it
>> 4. The datagram arrives; the proxy drops flowID 16 because it doesn't
>> know what that is
>> 5. The client receives the response without the "ecn" extension and stops
>> sending flowID 16.
>>
>> packet losses aren't great, but are better than undefined behavior.
>>
>> On Wed, Apr 7, 2021 at 10:53 AM Alex Chernyakhovsky <achernya@google.com>
>> wrote:
>>
>>> Hi Martin,
>>>
>>> What's stopping the client from opportunistically sending the packet
>>> with the extension in the same flight as requesting the extension? Then
>>> you'd at-best get the expected behavior and at-worst fall back to the
>>> 1RTT penalty.
>>>
>>> Sincerely,
>>> -Alex
>>>
>>> On Wed, Apr 7, 2021 at 1:07 PM Martin Duke <martin.h.duke@gmail.com>
>>> wrote:
>>>
>>>> Again, adding two bits to the datagram payload is not "simple enough"
>>>> if it's an extension.
>>>>
>>>> If it's part of the CONNECT-UDP standard, then sure.
>>>>
>>>> Otherwise, there is ambiguity in processing an H3 DATAGRAM frame sent
>>>> by the client before receiving the response from the server. The client can
>>>> send not-ECT or eat the 1RTT latency penalty.
>>>>
>>>> With flow IDs, the proxy will simply drop the datagram, incurring a
>>>> 1RTT penalty only if it doesn't support the extension.
>>>>
>>>> On Wed, Apr 7, 2021 at 10:00 AM Mirja Kuehlewind <
>>>> mirja.kuehlewind@ericsson.com> wrote:
>>>>
>>>>> Hi David, hi all,
>>>>>
>>>>>
>>>>>
>>>>> to also add to your question about multiple flow IDs. I guess we kind
>>>>> of agree that we don’t want flow ID for ECN information, as adding two bits
>>>>> is simple enough, however, then it is actually not fully clear to me why
>>>>> multiple flow IDs per connect request are needed. You briefly mentioned
>>>>> other extension below, however, not all, or only very few information,
>>>>> require per-packet information (as it was used for the ECN example). If you
>>>>> want to actually send multiple flows/connections to the same server you,
>>>>> can always send multiple connect requests. That’s slightly more overhead at
>>>>> connection establishment but not much, and I would say it’s architecturally
>>>>> more clean and therefore also simpler.
>>>>>
>>>>>
>>>>>
>>>>> Mirja
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *From: *Masque <masque-bounces@ietf.org> on behalf of David Schinazi <
>>>>> dschinazi.ietf@gmail.com>
>>>>> *Date: *Wednesday, 31. March 2021 at 02:36
>>>>> *To: *Martin Duke <martin.h.duke@gmail.com>
>>>>> *Cc: *MASQUE <masque@ietf.org>
>>>>> *Subject: *Re: [Masque] ECN & Flow IDs
>>>>>
>>>>>
>>>>>
>>>>> The trivial other approach to solving ECN would be to prefix the UDP
>>>>> payload with a type byte that contains the two ECN bits and 6 unused bits.
>>>>>
>>>>> That would definitely work, and therefore I don't think ECN is a good
>>>>> example to use as a discussion starter for how flow IDs are managed.
>>>>>
>>>>> I wrote that draft to test out the extensibility of the CONNECT-UDP
>>>>> design, I'm not planning on moving it forward at this time.
>>>>>
>>>>>
>>>>>
>>>>> More conceptually, the main question is whether we allow one
>>>>> client-initiated bidirectional stream to map to multiple datagram flow IDs.
>>>>>
>>>>> The approach I've taken is to say yes: that allows us to reuse the
>>>>> flow ID multiplexing logic to encode additional information in the flow ID.
>>>>>
>>>>> You could build something isomorphic to this where you say no and have
>>>>> one flow ID per stream, and then add a second varint right after the flow
>>>>> ID.
>>>>>
>>>>> Since datagrams have to fit in a QUIC packet, adding more varints eats
>>>>> into available datagram MTU which makes me prefer the multiple flow IDs per
>>>>> stream approach.
>>>>>
>>>>> Both are pretty much equivalent in terms of implementation complexity:
>>>>> either way you need a hash table mapping from a varint to what that varint
>>>>> means.
>>>>>
>>>>> There is more complexity in how you convey that mapping (right now
>>>>> this is done using parameters on the Datagram-Flow-Id header), but I don't
>>>>> think
>>>>>
>>>>> requiring one flow ID per stream solves any of that complexity, you'll
>>>>> still need a way to convey extension information. The ECN example is so
>>>>> simple that
>>>>>
>>>>> it doesn't require sending much extension information, but if you look
>>>>> further at enabling optional IP header compression in CONNECT-IP, then
>>>>> you'll want
>>>>>
>>>>> a way to associate a varint with which IP addresses you're compressing.
>>>>>
>>>>>
>>>>>
>>>>> I think the question we have to answer becomes: do we want MASQUE
>>>>> protocols to be extensible? Our options are:
>>>>>
>>>>> - disallow extensibility and slightly simplify the protocol
>>>>>
>>>>> - allow extensibility via multiple flow IDs per stream, and deal with
>>>>> the slight complexity
>>>>>
>>>>> - allow extensibility with a single flow ID per stream, and deal with
>>>>> the slight complexity
>>>>>
>>>>> Personally, I feel strongly that we should allow extensibility.
>>>>>
>>>>>
>>>>>
>>>>> David
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Tue, Mar 30, 2021 at 3:40 PM Martin Duke <martin.h.duke@gmail.com>
>>>>> wrote:
>>>>>
>>>>> Hello MASQUE,
>>>>>
>>>>>
>>>>>
>>>>> At IETF 110 there was a lot of good discussion challenging the
>>>>> foundations of the CONNECT-UDP framework, including the relationship
>>>>> between streams and Flow-IDs. While CONNECT-UDP happens to use flow IDs
>>>>> somewhat incidentally, the real action with the controversial
>>>>> multiple-flow-id-per-CONNECT happens in David's (unadopted) ECN draft:
>>>>> https://datatracker.ietf.org/doc/draft-schinazi-masque-connect-udp-ecn/
>>>>>
>>>>>
>>>>>
>>>>> Leading up to the interim, it would be great if one of the detractors
>>>>> of the flow-id mapping submitted their own approach to solve ECN. This
>>>>> would help to illuminate the tradeoffs. Speaking as an individual, I am
>>>>> also hoping to move the ECN work forward and having another design would
>>>>> help to do that.
>>>>>
>>>>>
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Martin
>>>>>
>>>>> --
>>>>> Masque mailing list
>>>>> Masque@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/masque
>>>>>
>>>>> --
>>>> Masque mailing list
>>>> Masque@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/masque
>>>>
>>>

v2.23.0 | Report a Bug | By Email