IETF Logo Mail Archive

Re: [Masque] ECN & Flow IDs

David Schinazi <dschinazi.ietf@gmail.com> Thu, 15 April 2021 16:44 UTC

Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05AA53A268A for <masque@ietfa.amsl.com>; Thu, 15 Apr 2021 09:44:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uusf9Eii_uva for <masque@ietfa.amsl.com>; Thu, 15 Apr 2021 09:44:54 -0700 (PDT)
Received: from mail-pj1-x102e.google.com (mail-pj1-x102e.google.com [IPv6:2607:f8b0:4864:20::102e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B52D3A268B for <masque@ietf.org>; Thu, 15 Apr 2021 09:44:54 -0700 (PDT)
Received: by mail-pj1-x102e.google.com with SMTP id il9-20020a17090b1649b0290114bcb0d6c2so14761047pjb.0 for <masque@ietf.org>; Thu, 15 Apr 2021 09:44:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0XLY/kfV4G6bDLCV7EhoyYT0c7uByj3nScGo8bhred0=; b=fW0n9rdPTeGFJNnz8jX3i3urAbEdPMyRtGyjdvXjpDs7uKGeyJ33whblIC24KzCvTT ZLR+ozwM9SF8LLhmMQAtDv6+l24/qw+nB7YCNaLv+2o9xuN2HNTfceOwJ8ADX0LFDURF ZgJgQqPYiqYEztcGFgcDAfqBij3OuuxOntOxS2zCZIBZsdv9nHrcIPo3vOW2d7pj/V4B MTWBzKdjqi66Tau7vWWqGjva6yx55narfw9gqt4xKgvKgqfCreRE94J5tTz733V4ovXg js2QGj6p6cc00rYaaAybu0YXBlh2VjTVXcYqYUvCnJoDqSCiZVXAXKDyRbcT6aYs1iy7 OUWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0XLY/kfV4G6bDLCV7EhoyYT0c7uByj3nScGo8bhred0=; b=Xfe4tWKn2c6wmpyKIjo7oVoHZu+olztDT3CgueIlvOHXM3fRoscWwMZfmWxytF/Nh7 /7PdWrsemAqD8+TtHXsM+wLs9504x72Y1hzvbV3/z8zKmlgX5TXahEUtsEmFrWYaNQ5x Hi4+ePfA7EBBue6I0Z9UzTQA6NCuUr4JEGerCTA9LAiMJJBuW0ib9IhXmRBalCIFtQoz 7y1oAGI00MRmy5N/gLT57LwrzvghIOrazsYmTB/HTf6h110lZnAUsSjEN8nv0OqYdino TQMtQwR9M51BnmTSdsH1bxS1kdUhxmJZyRBvQdHpAvBCjAhPoe1ufK8xPx7+qs/hPZq4 z50Q==
X-Gm-Message-State: AOAM532/5AJob51ri1YbdzAL9AiMOfuuPDI8VILxbnRB8WXHCeGR/sBv TMZaOqkdeFwMDStOULzNSZ2JGZ1C3uZxgrtvbTA=
X-Google-Smtp-Source: ABdhPJxyXQwDX9D7nyvlTzyNNN1mTdTtokdw+wAYjV1KQFmqqaz7seeua6pPIkMzybCF6W17VnhRskxzi1NBJQ6hvDw=
X-Received: by 2002:a17:90b:390f:: with SMTP id ob15mr4833743pjb.100.1618505093131; Thu, 15 Apr 2021 09:44:53 -0700 (PDT)
MIME-Version: 1.0
References: <CAM4esxRmjWr-y-9-KAJmmKvGdONpPufgAbubUhPu_KaS1_Md9Q@mail.gmail.com> <CAPDSy+6go4xh4E55220upECkrept1Yb15diVhC8e3HEWsz52fQ@mail.gmail.com> <BBA47C7D-FBEC-419D-9BED-2D998EF526B0@ericsson.com> <CAM4esxTR1Y8oS0UpPu2_5cnDT_tnLTM-VbknCJDyWEz=JbyUKQ@mail.gmail.com> <CAHbWFkRGTDraYPQrNHMiOM5Cg=opJvFT7hs2cWA=vd+=hKQBBw@mail.gmail.com> <CAM4esxS9ivD5Dux_T2UYrVO5a7VF=D6C-t9LM-3tmxdwvY_8UQ@mail.gmail.com> <CAHbWFkRL1N=tLYoWAP4xwYPVymbrpTVciLwwESHNELDrprVhcg@mail.gmail.com> <CAM4esxSd6JmX-9a=0xPzAEHPEmxB4KFJFgkKL2edUfNf3KwDYQ@mail.gmail.com> <CAHbWFkTAvYLT9T9g1xO5JSJyfMeOTpyZ7tDwbVAT55=L78wB5w@mail.gmail.com> <CAM4esxQ4YsDpioC5P8Bk63ytOM+PS6yqVTuGrAHxNQf5tY_ebg@mail.gmail.com>
In-Reply-To: <CAM4esxQ4YsDpioC5P8Bk63ytOM+PS6yqVTuGrAHxNQf5tY_ebg@mail.gmail.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Thu, 15 Apr 2021 09:44:41 -0700
Message-ID: <CAPDSy+4SiDYQLybeTwiFKM0QmMcUdC+tY+=s325Ea2rjWBP-Sg@mail.gmail.com>
To: Martin Duke <martin.h.duke@gmail.com>
Cc: Alex Chernyakhovsky <achernya@google.com>, Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>, MASQUE <masque@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000024b06c05c0059516"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/yjSwj02fzSruQujrjsGWm-ROufQ>
Subject: Re: [Masque] ECN & Flow IDs
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Apr 2021 16:44:59 -0000

You can't use SETTINGS for negotiating CONNECT-UDP extensions because
SETTINGS are per-hop and methods are end-to-end.

David

On Thu, Apr 15, 2021 at 9:03 AM Martin Duke <martin.h.duke@gmail.com> wrote:

> Hi Alex,
>
> Thanks for clarifying. IIUC one objective of David's design is to not
> advertise MASQUE capabilities quite so explicitly, which is a drawback of a
> SETTINGS-based mechanism.
>
> On Thu, Apr 8, 2021, 16:36 Alex Chernyakhovsky <achernya@google.com>
> wrote:
>
>> Hi Martin,
>>
>> Yes, I was imagining that the presence if this extension is negotiated,
>> possibly by way of SETTINGS. Any
>>
>> Sincerely,
>> -Alex
>>
>> On Thu, Apr 8, 2021 at 4:29 PM Martin Duke <martin.h.duke@gmail.com>
>> wrote:
>>
>>> Hi Alex,
>>>
>>> I'm not sure what you mean by "sending the 1RTT value" but IIUC you're
>>> proposing that the proxy drops all payloads if it doesn't understand the
>>> extension? How would it know when DATAGRAMs transfer from the extension
>>> format to the non-extension format?
>>>
>>> Or are you saying this would be a connection-level capability negotiated
>>> by SETTINGS or something?
>>>
>>> On Thu, Apr 8, 2021 at 7:29 AM Alex Chernyakhovsky <achernya@google.com>
>>> wrote:
>>>
>>>> Hi Martin,
>>>>
>>>> There's a few issues with your example, which is namely that step (4)
>>>> should not occur. The extension needs to be pre-declared, or else the proxy
>>>> does as you describe and we have undefined behavior. I instead was
>>>> imagining a header (or some other signalling mechanism) that says "we want
>>>> to use ecn extension" and when the proxy gets its first payload after that
>>>> header, it drops it because it doesn't know about the extension and replies
>>>> back that it doesn't support it. The client then has to send the 1RTT
>>>> value. You end up with the same behavior as David's draft.
>>>>
>>>> of course, we can also fix this more explicitly in the CONNECT-UDP
>>>> draft by creating another stream-chunk type for UDP packet with additional
>>>> data for extensions in addition to the packet. Then all a proxy has to know
>>>> is there's data it doesn't support, and it just doesn't read and act upon
>>>> it when sending the packet payload.
>>>>
>>>> Sincerely,
>>>> -Alex
>>>>
>>>> On Wed, Apr 7, 2021 at 2:21 PM Martin Duke <martin.h.duke@gmail.com>
>>>> wrote:
>>>>
>>>>> Alex,
>>>>>
>>>>> Maybe I'm missing something obvious, but here's an example.
>>>>>
>>>>> Let's say that the "ecn" extension means the first octet of the
>>>>> datagram after the flow ID is the ToS byte.
>>>>>
>>>>> 1. The client sends a CONNECT-UDP request with the "ecn" extension
>>>>> 2. The client sends a datagram with the second byte reflecting the ToS.
>>>>> 3. The proxy does not understand the ecn extension and ignores it
>>>>> 4. The datagram arrives; the proxy sends a UDP packet with the ToS
>>>>> byte as the first byte of payload.
>>>>> 5. The client receives the response without the "ecn" extension and
>>>>> stops sending the ToS byte.
>>>>>
>>>>> In #4 we're going to have some weird undefined behavior.
>>>>>
>>>>> Compare this to David's draft
>>>>>
>>>>> 1. The client sends a CONNECT-UDP (flowID = 12) request with the "ecn"
>>>>> extension (flowID = 16 for ECT(0))
>>>>> 2. The client sends a datagram with flowID = 16
>>>>> 3. The proxy does not understand the ecn extension and ignores it
>>>>> 4. The datagram arrives; the proxy drops flowID 16 because it doesn't
>>>>> know what that is
>>>>> 5. The client receives the response without the "ecn" extension and
>>>>> stops sending flowID 16.
>>>>>
>>>>> packet losses aren't great, but are better than undefined behavior.
>>>>>
>>>>> On Wed, Apr 7, 2021 at 10:53 AM Alex Chernyakhovsky <
>>>>> achernya@google.com> wrote:
>>>>>
>>>>>> Hi Martin,
>>>>>>
>>>>>> What's stopping the client from opportunistically sending the packet
>>>>>> with the extension in the same flight as requesting the extension? Then
>>>>>> you'd at-best get the expected behavior and at-worst fall back to the
>>>>>> 1RTT penalty.
>>>>>>
>>>>>> Sincerely,
>>>>>> -Alex
>>>>>>
>>>>>> On Wed, Apr 7, 2021 at 1:07 PM Martin Duke <martin.h.duke@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Again, adding two bits to the datagram payload is not "simple
>>>>>>> enough" if it's an extension.
>>>>>>>
>>>>>>> If it's part of the CONNECT-UDP standard, then sure.
>>>>>>>
>>>>>>> Otherwise, there is ambiguity in processing an H3 DATAGRAM frame
>>>>>>> sent by the client before receiving the response from the server. The
>>>>>>> client can send not-ECT or eat the 1RTT latency penalty.
>>>>>>>
>>>>>>> With flow IDs, the proxy will simply drop the datagram, incurring a
>>>>>>> 1RTT penalty only if it doesn't support the extension.
>>>>>>>
>>>>>>> On Wed, Apr 7, 2021 at 10:00 AM Mirja Kuehlewind <
>>>>>>> mirja.kuehlewind@ericsson.com> wrote:
>>>>>>>
>>>>>>>> Hi David, hi all,
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> to also add to your question about multiple flow IDs. I guess we
>>>>>>>> kind of agree that we don’t want flow ID for ECN information, as adding two
>>>>>>>> bits is simple enough, however, then it is actually not fully clear to me
>>>>>>>> why multiple flow IDs per connect request are needed. You briefly mentioned
>>>>>>>> other extension below, however, not all, or only very few information,
>>>>>>>> require per-packet information (as it was used for the ECN example). If you
>>>>>>>> want to actually send multiple flows/connections to the same server you,
>>>>>>>> can always send multiple connect requests. That’s slightly more overhead at
>>>>>>>> connection establishment but not much, and I would say it’s architecturally
>>>>>>>> more clean and therefore also simpler.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Mirja
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> *From: *Masque <masque-bounces@ietf.org> on behalf of David
>>>>>>>> Schinazi <dschinazi.ietf@gmail.com>
>>>>>>>> *Date: *Wednesday, 31. March 2021 at 02:36
>>>>>>>> *To: *Martin Duke <martin.h.duke@gmail.com>
>>>>>>>> *Cc: *MASQUE <masque@ietf.org>
>>>>>>>> *Subject: *Re: [Masque] ECN & Flow IDs
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> The trivial other approach to solving ECN would be to prefix the
>>>>>>>> UDP payload with a type byte that contains the two ECN bits and 6 unused
>>>>>>>> bits.
>>>>>>>>
>>>>>>>> That would definitely work, and therefore I don't think ECN is a
>>>>>>>> good example to use as a discussion starter for how flow IDs are managed.
>>>>>>>>
>>>>>>>> I wrote that draft to test out the extensibility of the CONNECT-UDP
>>>>>>>> design, I'm not planning on moving it forward at this time.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> More conceptually, the main question is whether we allow one
>>>>>>>> client-initiated bidirectional stream to map to multiple datagram flow IDs.
>>>>>>>>
>>>>>>>> The approach I've taken is to say yes: that allows us to reuse the
>>>>>>>> flow ID multiplexing logic to encode additional information in the flow ID.
>>>>>>>>
>>>>>>>> You could build something isomorphic to this where you say no and
>>>>>>>> have one flow ID per stream, and then add a second varint right after the
>>>>>>>> flow ID.
>>>>>>>>
>>>>>>>> Since datagrams have to fit in a QUIC packet, adding more
>>>>>>>> varints eats into available datagram MTU which makes me prefer the multiple
>>>>>>>> flow IDs per stream approach.
>>>>>>>>
>>>>>>>> Both are pretty much equivalent in terms of implementation
>>>>>>>> complexity: either way you need a hash table mapping from a varint to what
>>>>>>>> that varint means.
>>>>>>>>
>>>>>>>> There is more complexity in how you convey that mapping (right now
>>>>>>>> this is done using parameters on the Datagram-Flow-Id header), but I don't
>>>>>>>> think
>>>>>>>>
>>>>>>>> requiring one flow ID per stream solves any of that
>>>>>>>> complexity, you'll still need a way to convey extension information. The
>>>>>>>> ECN example is so simple that
>>>>>>>>
>>>>>>>> it doesn't require sending much extension information, but if you
>>>>>>>> look further at enabling optional IP header compression in CONNECT-IP, then
>>>>>>>> you'll want
>>>>>>>>
>>>>>>>> a way to associate a varint with which IP addresses you're
>>>>>>>> compressing.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> I think the question we have to answer becomes: do we want MASQUE
>>>>>>>> protocols to be extensible? Our options are:
>>>>>>>>
>>>>>>>> - disallow extensibility and slightly simplify the protocol
>>>>>>>>
>>>>>>>> - allow extensibility via multiple flow IDs per stream, and deal
>>>>>>>> with the slight complexity
>>>>>>>>
>>>>>>>> - allow extensibility with a single flow ID per stream, and deal
>>>>>>>> with the slight complexity
>>>>>>>>
>>>>>>>> Personally, I feel strongly that we should allow extensibility.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> David
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, Mar 30, 2021 at 3:40 PM Martin Duke <
>>>>>>>> martin.h.duke@gmail.com> wrote:
>>>>>>>>
>>>>>>>> Hello MASQUE,
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> At IETF 110 there was a lot of good discussion challenging the
>>>>>>>> foundations of the CONNECT-UDP framework, including the relationship
>>>>>>>> between streams and Flow-IDs. While CONNECT-UDP happens to use flow IDs
>>>>>>>> somewhat incidentally, the real action with the controversial
>>>>>>>> multiple-flow-id-per-CONNECT happens in David's (unadopted) ECN draft:
>>>>>>>> https://datatracker.ietf.org/doc/draft-schinazi-masque-connect-udp-ecn/
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Leading up to the interim, it would be great if one of the
>>>>>>>> detractors of the flow-id mapping submitted their own approach to solve
>>>>>>>> ECN. This would help to illuminate the tradeoffs. Speaking as an
>>>>>>>> individual, I am also hoping to move the ECN work forward and having
>>>>>>>> another design would help to do that.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>>
>>>>>>>> Martin
>>>>>>>>
>>>>>>>> --
>>>>>>>> Masque mailing list
>>>>>>>> Masque@ietf.org
>>>>>>>> https://www.ietf.org/mailman/listinfo/masque
>>>>>>>>
>>>>>>>> --
>>>>>>> Masque mailing list
>>>>>>> Masque@ietf.org
>>>>>>> https://www.ietf.org/mailman/listinfo/masque
>>>>>>>
>>>>>>

v2.23.0 | Report a Bug | By Email