IETF Logo Mail Archive

Re: [Masque] ECN & Flow IDs

Martin Duke <martin.h.duke@gmail.com> Sat, 03 April 2021 20:38 UTC

Return-Path: <martin.h.duke@gmail.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC7993A1428 for <masque@ietfa.amsl.com>; Sat, 3 Apr 2021 13:38:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kTRw7sgS4PLq for <masque@ietfa.amsl.com>; Sat, 3 Apr 2021 13:37:58 -0700 (PDT)
Received: from mail-il1-x130.google.com (mail-il1-x130.google.com [IPv6:2607:f8b0:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E71DE3A141E for <masque@ietf.org>; Sat, 3 Apr 2021 13:37:57 -0700 (PDT)
Received: by mail-il1-x130.google.com with SMTP id c18so656825iln.7 for <masque@ietf.org>; Sat, 03 Apr 2021 13:37:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=psUnqzBBBUpPYdCnr6dcmboxl3Gl13QBWVCPL1REc3c=; b=ohc+ZgMMrdf6tW74l8tFs1J2bHYwqosFKm+tS0AmNh195ZeuzC/OHtrV7c+lFZvEFb Jt/m6yDxF8bVYJGw7BIokC8eDd61NvgN4KX/6EBLtGkCNfmNIDyPP7SU9Hqz0mM03pFy 7JgP/yAZsmkV8GzYXJtESXaJMBDiezNvFKd4bkRWeSIz6M88ZDmO0KuTBQrRR/OxpC9c BEoxOVtLFkUS4WNxyhqw2F/CCHr8EMswfUNExVWbFAXX9GAk1+BqYyZL/z2WL2/gZ9g6 fq/0wJRcYuLklrzAApjGzsCzq8MO8NqOQMvvXyK+BUZG7Ikxlv9JnB90Ta6uHuE+KfyV z8qA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=psUnqzBBBUpPYdCnr6dcmboxl3Gl13QBWVCPL1REc3c=; b=Af3h45QaelkfnEBVy8KItIuiLfjenOCm7RuejvBbEMNTff+mKM+Q8LMIJtL//tGF3R 56x/skI0Vr5AgSX5pYg+cKtPL8BGZr4Bxh/29lNkUq2qwQlnp6Wc/orKHwYbpJTNHbne UAslrma2pk9SZfl10RDWuqfn5eYnQJqJcVVtpoftQuPfIr1MByUBfKmZIqIa4cvkvI24 P2VpPs56cuneOy4K0kLKm875wXplY1SaA0zH+WsOW6gx3ND5BElbtuJxVUJ23oNoR1Lw BJQgM7abXODLjYi+G16JbijWv5PjUR8SfeoGABpgKHS3FXiLQxtquYSnUmfhCn+SLU/O zuLQ==
X-Gm-Message-State: AOAM530zd+pMcXzgJqMO1gGqIHVEcEeJbp5FO3Ix3s481UAfvxz/BfnH oXOO2PfDXa1dVP/mz5Whl2KclDA1/ixJz1Zz6Ik=
X-Google-Smtp-Source: ABdhPJwJXeFgeFGkjjEFGqCxd+ku4Bv8BgpCko/M9mrb7r0WfDsaJRHhkMx68CogNHG3ZFcj/XHx9A5I8aNozFgu1Z0=
X-Received: by 2002:a05:6e02:e84:: with SMTP id t4mr4340387ilj.249.1617482276345; Sat, 03 Apr 2021 13:37:56 -0700 (PDT)
MIME-Version: 1.0
References: <CAM4esxRmjWr-y-9-KAJmmKvGdONpPufgAbubUhPu_KaS1_Md9Q@mail.gmail.com> <CAPDSy+6go4xh4E55220upECkrept1Yb15diVhC8e3HEWsz52fQ@mail.gmail.com> <CAHbWFkTLC-VdZOX6yTTR9UAy37UZ8R8_t-pWtH=z0rdBZoV4Tg@mail.gmail.com>
In-Reply-To: <CAHbWFkTLC-VdZOX6yTTR9UAy37UZ8R8_t-pWtH=z0rdBZoV4Tg@mail.gmail.com>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Sat, 03 Apr 2021 13:37:39 -0700
Message-ID: <CAM4esxTX8dtptAQ3szrzfCCiKYC3-_w=sai948=mvhhcdPiJyw@mail.gmail.com>
To: Alex Chernyakhovsky <achernya@google.com>
Cc: David Schinazi <dschinazi.ietf@gmail.com>, MASQUE <masque@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000831a3705bf1770ca"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/uoMutauYpgCI7P8GdRNCBPvtle8>
Subject: Re: [Masque] ECN & Flow IDs
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Apr 2021 20:38:03 -0000

There's a problem with ECN (and anything else) that is both an extension
and implies a different datagram format: IIUC, you are likely to add 1RTT
of latency.

For example, with ECN, say there was just an "ecn" header field that mean
the first byte was the TOS byte. If the server doesn't understand the
extension, then datagrams that arrive before the response will be
incorrectly parsed. It is therefore unsafe to send packets before the
capability if fully negotiated.

With David's design, datagrams with ECT(0) are simply dropped by the proxy,
because it doesn't have a mapping for the flow ID. To avoid loss, the
client can simply send Not-ECT until it gets a response. This isn't a great
outcome, but far better than always having to withhold the first flight.

Am I misunderstanding how this would work in practice?

On Tue, Mar 30, 2021 at 7:31 PM Alex Chernyakhovsky <achernya@google.com>
wrote:

> I don't think ECN is a good example for discussing datagram flow IDs. I
> have a github issue (
> https://github.com/ietf-wg-masque/draft-ietf-masque-h3-datagram/issues/35)
> out to remove the ECN example. (I much prefer passing the ECN information
> in the datagram payload, prefixed ahead of the packet as David describes).
>
> In addition to the issues that David describes, I think we should also
> consider whether the Datagram-Flow-Id header is a list separately from
> whether we allow a 1:many mapping between streams and datagram flow IDs. (I
> would like to make sure we do not have a many:many or many:1 mapping where
> multiple streams are responsible for multiple datagram flow IDs)
>
> Sincerely
> -Alex
>
> On Tue, Mar 30, 2021 at 8:36 PM David Schinazi <dschinazi.ietf@gmail.com>
> wrote:
>
>> The trivial other approach to solving ECN would be to prefix the UDP
>> payload with a type byte that contains the two ECN bits and 6 unused bits.
>> That would definitely work, and therefore I don't think ECN is a good
>> example to use as a discussion starter for how flow IDs are managed.
>> I wrote that draft to test out the extensibility of the CONNECT-UDP
>> design, I'm not planning on moving it forward at this time.
>>
>> More conceptually, the main question is whether we allow one
>> client-initiated bidirectional stream to map to multiple datagram flow IDs.
>> The approach I've taken is to say yes: that allows us to reuse the flow
>> ID multiplexing logic to encode additional information in the flow ID.
>> You could build something isomorphic to this where you say no and have
>> one flow ID per stream, and then add a second varint right after the flow
>> ID.
>> Since datagrams have to fit in a QUIC packet, adding more varints eats
>> into available datagram MTU which makes me prefer the multiple flow IDs per
>> stream approach.
>> Both are pretty much equivalent in terms of implementation complexity:
>> either way you need a hash table mapping from a varint to what that varint
>> means.
>> There is more complexity in how you convey that mapping (right now this
>> is done using parameters on the Datagram-Flow-Id header), but I don't think
>> requiring one flow ID per stream solves any of that complexity, you'll
>> still need a way to convey extension information. The ECN example is so
>> simple that
>> it doesn't require sending much extension information, but if you look
>> further at enabling optional IP header compression in CONNECT-IP, then
>> you'll want
>> a way to associate a varint with which IP addresses you're compressing.
>>
>> I think the question we have to answer becomes: do we want MASQUE
>> protocols to be extensible? Our options are:
>> - disallow extensibility and slightly simplify the protocol
>> - allow extensibility via multiple flow IDs per stream, and deal with the
>> slight complexity
>> - allow extensibility with a single flow ID per stream, and deal with the
>> slight complexity
>> Personally, I feel strongly that we should allow extensibility.
>>
>> David
>>
>>
>> On Tue, Mar 30, 2021 at 3:40 PM Martin Duke <martin.h.duke@gmail.com>
>> wrote:
>>
>>> Hello MASQUE,
>>>
>>> At IETF 110 there was a lot of good discussion challenging the
>>> foundations of the CONNECT-UDP framework, including the relationship
>>> between streams and Flow-IDs. While CONNECT-UDP happens to use flow IDs
>>> somewhat incidentally, the real action with the controversial
>>> multiple-flow-id-per-CONNECT happens in David's (unadopted) ECN draft:
>>> https://datatracker.ietf.org/doc/draft-schinazi-masque-connect-udp-ecn/
>>>
>>> Leading up to the interim, it would be great if one of the detractors of
>>> the flow-id mapping submitted their own approach to solve ECN. This would
>>> help to illuminate the tradeoffs. Speaking as an individual, I am also
>>> hoping to move the ECN work forward and having another design would help to
>>> do that.
>>>
>>> Thanks,
>>> Martin
>>> --
>>> Masque mailing list
>>> Masque@ietf.org
>>> https://www.ietf.org/mailman/listinfo/masque
>>>
>> --
>> Masque mailing list
>> Masque@ietf.org
>> https://www.ietf.org/mailman/listinfo/masque
>>
>

v2.23.0 | Report a Bug | By Email