IETF Logo Mail Archive

Re: [Masque] ECN & Flow IDs

Mirja Kuehlewind <mirja.kuehlewind@ericsson.com> Thu, 08 April 2021 08:53 UTC

Return-Path: <mirja.kuehlewind@ericsson.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8748A3A40DB for <masque@ietfa.amsl.com>; Thu, 8 Apr 2021 01:53:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.801
X-Spam-Level:
X-Spam-Status: No, score=-2.801 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JiOL5PMdoHXX for <masque@ietfa.amsl.com>; Thu, 8 Apr 2021 01:53:08 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60046.outbound.protection.outlook.com [40.107.6.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 330273A40DA for <masque@ietf.org>; Thu, 8 Apr 2021 01:53:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MC7uI4Hle8c/3o7xJB56nKG7GFoQEgsQ6sDyaE0uKXY8ljw/qEoZFu7/CbmCATJorK0cKCtapFNa86tJqhMKB6ar6NLLyhUpW6ScNqUrrl3uwVpi4JEC6Al7Uyh+dNqyTPwGPiLxonH1BNPqg3H6mW6u9Qc5uD4qdBqwLhTZHOhcJJMhZrM1FkrMGkm2bF+FYKPWw1vEfok0Ok4r4Wdqm4ioBnfvL7r67q77ENhjN4kTvQREhkTEBIFmmwbt9wvctwbUWfBocgA5BfuEOjtB+ChtSJ5tnYFcWQJCA/cym27hfvXhw8aQZrzLEZNYgjfpBr5d8H0iSh2cANZOr0kOgw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0m2QSHKMlpKGNry3fljqJymLOP/PUD3cmJWB8yGeAWM=; b=ct761crl3nW+5f4vsErYbLqNFa5Ss3wDCJ/1dOpA1BcEo5X8Y6IaZ4cjDizd9eO5lZFNxw3mK2Xm0ImzcrCw6bBaxoJmNW7qonFJzrj0vjhDtrrG3DZTne7+X4wqy6nGTbqO4o+xvhGTcpPhE+5VDKM6Kbx+uHuQWCfQA9P4Xk27inGVBSign/60kCaZ2X6injPSc1fgDNck/6DZ1HdwDeilb/7pa6A4/XwB4acP/nDnX4SbnVvxjq7fX0/rmvrQuu2sSYSaB07Z8gsE09jyWjwe/MtSfzCmubqMghjiCmAtLzQHryqu5m9t8Tlsam8ofuriJk8D6V8S73BnwXHnQA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0m2QSHKMlpKGNry3fljqJymLOP/PUD3cmJWB8yGeAWM=; b=IH8REO4aY3Inv/KiO+TXw0CPyc2TkirPII9nPgVrbQzdQz3g0LjCWDmka5dSYRUwdVVsE1/w3OzW8qd4pNC3wF1cCPdAXcXCLPt56+0WvoyKEGJclH3bRspUZQDXpjfqPZMvmNiJ2Gi6bd6sK0213mCz43UC7hQXF5rttT2pDyE=
Received: from AM0PR07MB3939.eurprd07.prod.outlook.com (2603:10a6:208:40::14) by AM9PR07MB7923.eurprd07.prod.outlook.com (2603:10a6:20b:2fc::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4020.8; Thu, 8 Apr 2021 08:53:03 +0000
Received: from AM0PR07MB3939.eurprd07.prod.outlook.com ([fe80::f5b3:5946:19c5:d8b8]) by AM0PR07MB3939.eurprd07.prod.outlook.com ([fe80::f5b3:5946:19c5:d8b8%6]) with mapi id 15.20.4020.018; Thu, 8 Apr 2021 08:53:03 +0000
From: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>
To: Martin Duke <martin.h.duke@gmail.com>, Alex Chernyakhovsky <achernya@google.com>
CC: David Schinazi <dschinazi.ietf@gmail.com>, MASQUE <masque@ietf.org>
Thread-Topic: [Masque] ECN & Flow IDs
Thread-Index: AQHXJbW1vTSBFeqDBkyrNFSyc8ns66qdQC0AgAw08oD//+AygIAADRUAgAAH5ICAARQWAA==
Date: Thu, 08 Apr 2021 08:53:03 +0000
Message-ID: <352BF0E2-C324-4BFB-9379-846541903636@ericsson.com>
References: <CAM4esxRmjWr-y-9-KAJmmKvGdONpPufgAbubUhPu_KaS1_Md9Q@mail.gmail.com> <CAPDSy+6go4xh4E55220upECkrept1Yb15diVhC8e3HEWsz52fQ@mail.gmail.com> <BBA47C7D-FBEC-419D-9BED-2D998EF526B0@ericsson.com> <CAM4esxTR1Y8oS0UpPu2_5cnDT_tnLTM-VbknCJDyWEz=JbyUKQ@mail.gmail.com> <CAHbWFkRGTDraYPQrNHMiOM5Cg=opJvFT7hs2cWA=vd+=hKQBBw@mail.gmail.com> <CAM4esxS9ivD5Dux_T2UYrVO5a7VF=D6C-t9LM-3tmxdwvY_8UQ@mail.gmail.com>
In-Reply-To: <CAM4esxS9ivD5Dux_T2UYrVO5a7VF=D6C-t9LM-3tmxdwvY_8UQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.45.21011103
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [2003:de:e740:2700:4df7:b0d:5924:864b]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e02cfc97-fe7e-48ff-e856-08d8fa6bb839
x-ms-traffictypediagnostic: AM9PR07MB7923:
x-microsoft-antispam-prvs: <AM9PR07MB792364492488A26B1F047668F4749@AM9PR07MB7923.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: UzVx1403kJBfwwiUCXJDl7ZIEvNlh4GmMtrC64aX0RA2L0RoO5pQeuXFHX2baB6ucCsLP36U6innQkrM4HfuMVDnIjWs1F1vRuqHOd2g4fe8Tf0AlCLRvb6FqasPgSBWTfuGVGGJFfwnbt68BulE8XgjNwy9ROcuacrspVbw010Fc8DNXr9y7FhmY438PBJ27ZGnQ1XzsupRKJb66ct7l2n+rWzsqpWLBZvrhBX8KhuFpH4fTvhgnPfn76FYK/NV/o0NsazilFxKdY00ELvhBka+rMgCm+zcLfH7i4ARS54fd7eK0zC7eNKDuPXt4+7o+YCGBvRml2fhlrMiP22woIVVQPg5t8IO1l/2rbFD32KLbZdYK1eltCF3YoBNO8MBmEk6gVurhL8avBU5uFFnGZ0VRxIoz3sM2bBYLvfwTE/PEaQJNYTDtUJBRpCXGmf9SEoE+8Kl1+e0H5srb+IZ39tKtjZmErCqrH7OmtsilAZRtByH5qncQBGFs3ISYKq49XRVA8m0shDiYqQD7p0PGCjLKgtzfu/1Uoiw7ui+v0aYPUjb8kU0CW9z7+vCERbcrBfk96UBiyZR8cKN7fFSyEHMGWMwhmRBykwZhZAn+itvRdS9Ouf/dHYimtu+Q/t23MC94zLkWGU/Zg5SOHNCC9vQ4LFM7n7L20tuQfBlV8uZo4fUYXy4RdTmVcEwtTnS+9h8YEiDt9UdWWTUnR4yEbkjzhWdcrzXZcbGZ6NCPR+YpTm6v0E/Ot2/kfgI8cJJeUjnJwGvx8RG7DGMl+VFtA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR07MB3939.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(39860400002)(136003)(396003)(366004)(376002)(33656002)(5660300002)(36756003)(186003)(86362001)(8676002)(83380400001)(54906003)(44832011)(53546011)(6506007)(8936002)(478600001)(38100700001)(966005)(2906002)(71200400001)(66476007)(66556008)(64756008)(66446008)(66946007)(2616005)(6512007)(76116006)(6486002)(4326008)(110136005)(316002)(166002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: KSoR0+a80OLlHBifnSUcMTrE7vWM2Zzttqs5cKrOneTu/xf+mU+eWW9++pa0JAAsjoF0KgKIF13nD3mqfUvrpx/bV+lahRx4V+Lc/73ZnV406++a9QMMNJPBU+JAriqpBuLHF7+uv6MHP4gUIDKMEusFGduJYu3CNTwbXqqu2StQlmzm4QNbasjEwwNdDAWqyh7/bHLyLOZG7hFto6VZ3Q8Utz3KPMJBRJQNWE7GzTWdTOt+xOghrXxaEguuhqW7FuWbb8DAuMrKs0mhwiS/z1xZjuM7/opNU19DX/v9ZEz9+HlVF6tMiMWLC3U7HY9GIqKhHGxX3M9kUVdbCWZRPtG+Gpn0qzUcy4j5CAQ+kebsUxG3BP1cTbgKUn1c5Ds9rFlFNrYtZFtRgqNOiLZgWXBS8tGiJQATymZTKch18DKZ6MwK3dJY0KmATPCgfMkBDg6v5W+G7vto87azEAfyQ6ZCP85ARXIxCOtABWSK3bxScBNKQHdqu1mcJl+l8R3ovt2E6otf6whG2nXA/mOUGt2YmLSxV7z0czjau8fsG87aaWxU6hIOMMTR+4hpGuTcFX2PMSJscuEO+8Y4Y6Tz+IY7BctQKG3/zJiGIxQlIM1ZL+Wqvdtx/+dlOHB4oW1Vc7opo+DGjVWOlAwGRG8CJlqcQQKd3PXTb2sZ1QzggE9i7Qw4aJEQPa9OBCeczkXGQ+HFqTHdZvuCpOGEfIUjeNPWTXzLRJiPlnucKfMmAw0QnuY83WrKAiayb5UU8Z+gri4G8boFAUnXPNN7YOCEIWorfPf4iiZV2e+T00S6fgf3ZllQPukDqpkvn5b38T9/dBD13JS99oNr/yIWpRnbsgDbijf8pJY98U1CX2Acq+J7nanawxQHizhJl7KjHWt+Z55xc6HJ+Y/rFfAkaSivMebw5uDocxH6c4rLDszBNXkcR+raAG6lc7Q/FPHZlpvhLGC2UXJ+QiYPmfs3UnCX9ZYWVLMG1h2Fwi2D4MeZoEi5gsT3SMwT+YTNYYa5P8st7jtoVZsahhd6bdL2bE9dBS9Rx1ao13NnLuk+5qo46DVvsRlyr3G9rl2JoTT6HP6GjHpZ8MbqFjkOy0MpS+3hDSWuJdI7KNSRYpaTGJb0GcMWvYCu8y2cUFmqyHCugtVnZ1bjTHIunTRmiqhXne+CqdF4bt6hCm2vnPXRJZAFQWD6/0adNo+KZVkGt4Tq1jeUf8EaKu6v6KxuCAmOqARVDXGc4FPDVwRDZRQbgbr2dfGb0G0lMpE8VBrPc4LqUNBgWo/6hMRa/mhbsnQRRBOA3gG/SjCRWjJP0jBQ9HKzlkqPaRrbz9e8VN4+KmWrtzBhhgr5raLwkOYX/Ij/CtgLCjbu8IXF0EeH+gCeTlclIcOdc7bXb99E/1LDBm/LicZo
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_352BF0E2C3244BFB9379846541903636ericssoncom_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR07MB3939.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e02cfc97-fe7e-48ff-e856-08d8fa6bb839
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Apr 2021 08:53:03.1183 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: kXjuX/l5MUdwXGw09o6syXWlqM+//VFzfVfA36FevsENDFo6qwVf9M4HoIlDqQGvKj9BGWaxaL6sg/iuMfkMwmJSYBfc+bvmU2rK3wjRQl8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR07MB7923
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/s1k62JVbLYg6OrEmNpgP9S3SKfI>
Subject: Re: [Masque] ECN & Flow IDs
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Apr 2021 08:53:14 -0000

Hi Martin,

yes this is a problem that needs solving but I don’t think it’s unsolvable. It all depends on how exactly the negotiation works, e.g. the client could propose a flow ID with the connect request, however, if the proxy, does not accepted the proposed parameters it could select a different flow ID in its reply (and ignore all datagram with the old flow ID).

Mirja



From: Martin Duke <martin.h.duke@gmail.com>
Date: Wednesday, 7. April 2021 at 20:22
To: Alex Chernyakhovsky <achernya@google.com>
Cc: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>, David Schinazi <dschinazi.ietf@gmail.com>, MASQUE <masque@ietf.org>
Subject: Re: [Masque] ECN & Flow IDs

Alex,

Maybe I'm missing something obvious, but here's an example.

Let's say that the "ecn" extension means the first octet of the datagram after the flow ID is the ToS byte.

1. The client sends a CONNECT-UDP request with the "ecn" extension
2. The client sends a datagram with the second byte reflecting the ToS.
3. The proxy does not understand the ecn extension and ignores it
4. The datagram arrives; the proxy sends a UDP packet with the ToS byte as the first byte of payload.
5. The client receives the response without the "ecn" extension and stops sending the ToS byte.

In #4 we're going to have some weird undefined behavior.

Compare this to David's draft

1. The client sends a CONNECT-UDP (flowID = 12) request with the "ecn" extension (flowID = 16 for ECT(0))
2. The client sends a datagram with flowID = 16
3. The proxy does not understand the ecn extension and ignores it
4. The datagram arrives; the proxy drops flowID 16 because it doesn't know what that is
5. The client receives the response without the "ecn" extension and stops sending flowID 16.

packet losses aren't great, but are better than undefined behavior.

On Wed, Apr 7, 2021 at 10:53 AM Alex Chernyakhovsky <achernya@google.com<mailto:achernya@google.com>> wrote:
Hi Martin,

What's stopping the client from opportunistically sending the packet with the extension in the same flight as requesting the extension? Then you'd at-best get the expected behavior and at-worst fall back to the 1RTT penalty.

Sincerely,
-Alex

On Wed, Apr 7, 2021 at 1:07 PM Martin Duke <martin.h.duke@gmail.com<mailto:martin.h.duke@gmail.com>> wrote:
Again, adding two bits to the datagram payload is not "simple enough" if it's an extension.

If it's part of the CONNECT-UDP standard, then sure.

Otherwise, there is ambiguity in processing an H3 DATAGRAM frame sent by the client before receiving the response from the server. The client can send not-ECT or eat the 1RTT latency penalty.

With flow IDs, the proxy will simply drop the datagram, incurring a 1RTT penalty only if it doesn't support the extension.

On Wed, Apr 7, 2021 at 10:00 AM Mirja Kuehlewind <mirja.kuehlewind@ericsson.com<mailto:mirja.kuehlewind@ericsson.com>> wrote:
Hi David, hi all,

to also add to your question about multiple flow IDs. I guess we kind of agree that we don’t want flow ID for ECN information, as adding two bits is simple enough, however, then it is actually not fully clear to me why multiple flow IDs per connect request are needed. You briefly mentioned other extension below, however, not all, or only very few information, require per-packet information (as it was used for the ECN example). If you want to actually send multiple flows/connections to the same server you, can always send multiple connect requests. That’s slightly more overhead at connection establishment but not much, and I would say it’s architecturally more clean and therefore also simpler.

Mirja


From: Masque <masque-bounces@ietf.org<mailto:masque-bounces@ietf.org>> on behalf of David Schinazi <dschinazi.ietf@gmail.com<mailto:dschinazi.ietf@gmail.com>>
Date: Wednesday, 31. March 2021 at 02:36
To: Martin Duke <martin.h.duke@gmail.com<mailto:martin.h.duke@gmail.com>>
Cc: MASQUE <masque@ietf.org<mailto:masque@ietf.org>>
Subject: Re: [Masque] ECN & Flow IDs

The trivial other approach to solving ECN would be to prefix the UDP payload with a type byte that contains the two ECN bits and 6 unused bits.
That would definitely work, and therefore I don't think ECN is a good example to use as a discussion starter for how flow IDs are managed.
I wrote that draft to test out the extensibility of the CONNECT-UDP design, I'm not planning on moving it forward at this time.

More conceptually, the main question is whether we allow one client-initiated bidirectional stream to map to multiple datagram flow IDs.
The approach I've taken is to say yes: that allows us to reuse the flow ID multiplexing logic to encode additional information in the flow ID.
You could build something isomorphic to this where you say no and have one flow ID per stream, and then add a second varint right after the flow ID.
Since datagrams have to fit in a QUIC packet, adding more varints eats into available datagram MTU which makes me prefer the multiple flow IDs per stream approach.
Both are pretty much equivalent in terms of implementation complexity: either way you need a hash table mapping from a varint to what that varint means.
There is more complexity in how you convey that mapping (right now this is done using parameters on the Datagram-Flow-Id header), but I don't think
requiring one flow ID per stream solves any of that complexity, you'll still need a way to convey extension information. The ECN example is so simple that
it doesn't require sending much extension information, but if you look further at enabling optional IP header compression in CONNECT-IP, then you'll want
a way to associate a varint with which IP addresses you're compressing.

I think the question we have to answer becomes: do we want MASQUE protocols to be extensible? Our options are:
- disallow extensibility and slightly simplify the protocol
- allow extensibility via multiple flow IDs per stream, and deal with the slight complexity
- allow extensibility with a single flow ID per stream, and deal with the slight complexity
Personally, I feel strongly that we should allow extensibility.

David


On Tue, Mar 30, 2021 at 3:40 PM Martin Duke <martin.h.duke@gmail.com<mailto:martin.h.duke@gmail.com>> wrote:
Hello MASQUE,

At IETF 110 there was a lot of good discussion challenging the foundations of the CONNECT-UDP framework, including the relationship between streams and Flow-IDs. While CONNECT-UDP happens to use flow IDs somewhat incidentally, the real action with the controversial multiple-flow-id-per-CONNECT happens in David's (unadopted) ECN draft: https://datatracker.ietf.org/doc/draft-schinazi-masque-connect-udp-ecn/

Leading up to the interim, it would be great if one of the detractors of the flow-id mapping submitted their own approach to solve ECN. This would help to illuminate the tradeoffs. Speaking as an individual, I am also hoping to move the ECN work forward and having another design would help to do that.

Thanks,
Martin
--
Masque mailing list
Masque@ietf.org<mailto:Masque@ietf.org>
https://www.ietf.org/mailman/listinfo/masque
--
Masque mailing list
Masque@ietf.org<mailto:Masque@ietf.org>
https://www.ietf.org/mailman/listinfo/masque

v2.23.0 | Report a Bug | By Email