Re: [Masque] ECN & Flow IDs
David Schinazi <dschinazi.ietf@gmail.com> Thu, 15 April 2021 16:44 UTC
Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05AA53A268A for <masque@ietfa.amsl.com>; Thu, 15 Apr 2021 09:44:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uusf9Eii_uva for <masque@ietfa.amsl.com>; Thu, 15 Apr 2021 09:44:54 -0700 (PDT)
Received: from mail-pj1-x102e.google.com (mail-pj1-x102e.google.com [IPv6:2607:f8b0:4864:20::102e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B52D3A268B for <masque@ietf.org>; Thu, 15 Apr 2021 09:44:54 -0700 (PDT)
Received: by mail-pj1-x102e.google.com with SMTP id il9-20020a17090b1649b0290114bcb0d6c2so14761047pjb.0 for <masque@ietf.org>; Thu, 15 Apr 2021 09:44:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0XLY/kfV4G6bDLCV7EhoyYT0c7uByj3nScGo8bhred0=; b=fW0n9rdPTeGFJNnz8jX3i3urAbEdPMyRtGyjdvXjpDs7uKGeyJ33whblIC24KzCvTT ZLR+ozwM9SF8LLhmMQAtDv6+l24/qw+nB7YCNaLv+2o9xuN2HNTfceOwJ8ADX0LFDURF ZgJgQqPYiqYEztcGFgcDAfqBij3OuuxOntOxS2zCZIBZsdv9nHrcIPo3vOW2d7pj/V4B MTWBzKdjqi66Tau7vWWqGjva6yx55narfw9gqt4xKgvKgqfCreRE94J5tTz733V4ovXg js2QGj6p6cc00rYaaAybu0YXBlh2VjTVXcYqYUvCnJoDqSCiZVXAXKDyRbcT6aYs1iy7 OUWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0XLY/kfV4G6bDLCV7EhoyYT0c7uByj3nScGo8bhred0=; b=Xfe4tWKn2c6wmpyKIjo7oVoHZu+olztDT3CgueIlvOHXM3fRoscWwMZfmWxytF/Nh7 /7PdWrsemAqD8+TtHXsM+wLs9504x72Y1hzvbV3/z8zKmlgX5TXahEUtsEmFrWYaNQ5x Hi4+ePfA7EBBue6I0Z9UzTQA6NCuUr4JEGerCTA9LAiMJJBuW0ib9IhXmRBalCIFtQoz 7y1oAGI00MRmy5N/gLT57LwrzvghIOrazsYmTB/HTf6h110lZnAUsSjEN8nv0OqYdino TQMtQwR9M51BnmTSdsH1bxS1kdUhxmJZyRBvQdHpAvBCjAhPoe1ufK8xPx7+qs/hPZq4 z50Q==
X-Gm-Message-State: AOAM532/5AJob51ri1YbdzAL9AiMOfuuPDI8VILxbnRB8WXHCeGR/sBv TMZaOqkdeFwMDStOULzNSZ2JGZ1C3uZxgrtvbTA=
X-Google-Smtp-Source: ABdhPJxyXQwDX9D7nyvlTzyNNN1mTdTtokdw+wAYjV1KQFmqqaz7seeua6pPIkMzybCF6W17VnhRskxzi1NBJQ6hvDw=
X-Received: by 2002:a17:90b:390f:: with SMTP id ob15mr4833743pjb.100.1618505093131; Thu, 15 Apr 2021 09:44:53 -0700 (PDT)
MIME-Version: 1.0
References: <CAM4esxRmjWr-y-9-KAJmmKvGdONpPufgAbubUhPu_KaS1_Md9Q@mail.gmail.com> <CAPDSy+6go4xh4E55220upECkrept1Yb15diVhC8e3HEWsz52fQ@mail.gmail.com> <BBA47C7D-FBEC-419D-9BED-2D998EF526B0@ericsson.com> <CAM4esxTR1Y8oS0UpPu2_5cnDT_tnLTM-VbknCJDyWEz=JbyUKQ@mail.gmail.com> <CAHbWFkRGTDraYPQrNHMiOM5Cg=opJvFT7hs2cWA=vd+=hKQBBw@mail.gmail.com> <CAM4esxS9ivD5Dux_T2UYrVO5a7VF=D6C-t9LM-3tmxdwvY_8UQ@mail.gmail.com> <CAHbWFkRL1N=tLYoWAP4xwYPVymbrpTVciLwwESHNELDrprVhcg@mail.gmail.com> <CAM4esxSd6JmX-9a=0xPzAEHPEmxB4KFJFgkKL2edUfNf3KwDYQ@mail.gmail.com> <CAHbWFkTAvYLT9T9g1xO5JSJyfMeOTpyZ7tDwbVAT55=L78wB5w@mail.gmail.com> <CAM4esxQ4YsDpioC5P8Bk63ytOM+PS6yqVTuGrAHxNQf5tY_ebg@mail.gmail.com>
In-Reply-To: <CAM4esxQ4YsDpioC5P8Bk63ytOM+PS6yqVTuGrAHxNQf5tY_ebg@mail.gmail.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Thu, 15 Apr 2021 09:44:41 -0700
Message-ID: <CAPDSy+4SiDYQLybeTwiFKM0QmMcUdC+tY+=s325Ea2rjWBP-Sg@mail.gmail.com>
To: Martin Duke <martin.h.duke@gmail.com>
Cc: Alex Chernyakhovsky <achernya@google.com>, Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>, MASQUE <masque@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000024b06c05c0059516"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/yjSwj02fzSruQujrjsGWm-ROufQ>
Subject: Re: [Masque] ECN & Flow IDs
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Apr 2021 16:44:59 -0000
You can't use SETTINGS for negotiating CONNECT-UDP extensions because SETTINGS are per-hop and methods are end-to-end. David On Thu, Apr 15, 2021 at 9:03 AM Martin Duke <martin.h.duke@gmail.com> wrote: > Hi Alex, > > Thanks for clarifying. IIUC one objective of David's design is to not > advertise MASQUE capabilities quite so explicitly, which is a drawback of a > SETTINGS-based mechanism. > > On Thu, Apr 8, 2021, 16:36 Alex Chernyakhovsky <achernya@google.com> > wrote: > >> Hi Martin, >> >> Yes, I was imagining that the presence if this extension is negotiated, >> possibly by way of SETTINGS. Any >> >> Sincerely, >> -Alex >> >> On Thu, Apr 8, 2021 at 4:29 PM Martin Duke <martin.h.duke@gmail.com> >> wrote: >> >>> Hi Alex, >>> >>> I'm not sure what you mean by "sending the 1RTT value" but IIUC you're >>> proposing that the proxy drops all payloads if it doesn't understand the >>> extension? How would it know when DATAGRAMs transfer from the extension >>> format to the non-extension format? >>> >>> Or are you saying this would be a connection-level capability negotiated >>> by SETTINGS or something? >>> >>> On Thu, Apr 8, 2021 at 7:29 AM Alex Chernyakhovsky <achernya@google.com> >>> wrote: >>> >>>> Hi Martin, >>>> >>>> There's a few issues with your example, which is namely that step (4) >>>> should not occur. The extension needs to be pre-declared, or else the proxy >>>> does as you describe and we have undefined behavior. I instead was >>>> imagining a header (or some other signalling mechanism) that says "we want >>>> to use ecn extension" and when the proxy gets its first payload after that >>>> header, it drops it because it doesn't know about the extension and replies >>>> back that it doesn't support it. The client then has to send the 1RTT >>>> value. You end up with the same behavior as David's draft. >>>> >>>> of course, we can also fix this more explicitly in the CONNECT-UDP >>>> draft by creating another stream-chunk type for UDP packet with additional >>>> data for extensions in addition to the packet. Then all a proxy has to know >>>> is there's data it doesn't support, and it just doesn't read and act upon >>>> it when sending the packet payload. >>>> >>>> Sincerely, >>>> -Alex >>>> >>>> On Wed, Apr 7, 2021 at 2:21 PM Martin Duke <martin.h.duke@gmail.com> >>>> wrote: >>>> >>>>> Alex, >>>>> >>>>> Maybe I'm missing something obvious, but here's an example. >>>>> >>>>> Let's say that the "ecn" extension means the first octet of the >>>>> datagram after the flow ID is the ToS byte. >>>>> >>>>> 1. The client sends a CONNECT-UDP request with the "ecn" extension >>>>> 2. The client sends a datagram with the second byte reflecting the ToS. >>>>> 3. The proxy does not understand the ecn extension and ignores it >>>>> 4. The datagram arrives; the proxy sends a UDP packet with the ToS >>>>> byte as the first byte of payload. >>>>> 5. The client receives the response without the "ecn" extension and >>>>> stops sending the ToS byte. >>>>> >>>>> In #4 we're going to have some weird undefined behavior. >>>>> >>>>> Compare this to David's draft >>>>> >>>>> 1. The client sends a CONNECT-UDP (flowID = 12) request with the "ecn" >>>>> extension (flowID = 16 for ECT(0)) >>>>> 2. The client sends a datagram with flowID = 16 >>>>> 3. The proxy does not understand the ecn extension and ignores it >>>>> 4. The datagram arrives; the proxy drops flowID 16 because it doesn't >>>>> know what that is >>>>> 5. The client receives the response without the "ecn" extension and >>>>> stops sending flowID 16. >>>>> >>>>> packet losses aren't great, but are better than undefined behavior. >>>>> >>>>> On Wed, Apr 7, 2021 at 10:53 AM Alex Chernyakhovsky < >>>>> achernya@google.com> wrote: >>>>> >>>>>> Hi Martin, >>>>>> >>>>>> What's stopping the client from opportunistically sending the packet >>>>>> with the extension in the same flight as requesting the extension? Then >>>>>> you'd at-best get the expected behavior and at-worst fall back to the >>>>>> 1RTT penalty. >>>>>> >>>>>> Sincerely, >>>>>> -Alex >>>>>> >>>>>> On Wed, Apr 7, 2021 at 1:07 PM Martin Duke <martin.h.duke@gmail.com> >>>>>> wrote: >>>>>> >>>>>>> Again, adding two bits to the datagram payload is not "simple >>>>>>> enough" if it's an extension. >>>>>>> >>>>>>> If it's part of the CONNECT-UDP standard, then sure. >>>>>>> >>>>>>> Otherwise, there is ambiguity in processing an H3 DATAGRAM frame >>>>>>> sent by the client before receiving the response from the server. The >>>>>>> client can send not-ECT or eat the 1RTT latency penalty. >>>>>>> >>>>>>> With flow IDs, the proxy will simply drop the datagram, incurring a >>>>>>> 1RTT penalty only if it doesn't support the extension. >>>>>>> >>>>>>> On Wed, Apr 7, 2021 at 10:00 AM Mirja Kuehlewind < >>>>>>> mirja.kuehlewind@ericsson.com> wrote: >>>>>>> >>>>>>>> Hi David, hi all, >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> to also add to your question about multiple flow IDs. I guess we >>>>>>>> kind of agree that we don’t want flow ID for ECN information, as adding two >>>>>>>> bits is simple enough, however, then it is actually not fully clear to me >>>>>>>> why multiple flow IDs per connect request are needed. You briefly mentioned >>>>>>>> other extension below, however, not all, or only very few information, >>>>>>>> require per-packet information (as it was used for the ECN example). If you >>>>>>>> want to actually send multiple flows/connections to the same server you, >>>>>>>> can always send multiple connect requests. That’s slightly more overhead at >>>>>>>> connection establishment but not much, and I would say it’s architecturally >>>>>>>> more clean and therefore also simpler. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Mirja >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *From: *Masque <masque-bounces@ietf.org> on behalf of David >>>>>>>> Schinazi <dschinazi.ietf@gmail.com> >>>>>>>> *Date: *Wednesday, 31. March 2021 at 02:36 >>>>>>>> *To: *Martin Duke <martin.h.duke@gmail.com> >>>>>>>> *Cc: *MASQUE <masque@ietf.org> >>>>>>>> *Subject: *Re: [Masque] ECN & Flow IDs >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> The trivial other approach to solving ECN would be to prefix the >>>>>>>> UDP payload with a type byte that contains the two ECN bits and 6 unused >>>>>>>> bits. >>>>>>>> >>>>>>>> That would definitely work, and therefore I don't think ECN is a >>>>>>>> good example to use as a discussion starter for how flow IDs are managed. >>>>>>>> >>>>>>>> I wrote that draft to test out the extensibility of the CONNECT-UDP >>>>>>>> design, I'm not planning on moving it forward at this time. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> More conceptually, the main question is whether we allow one >>>>>>>> client-initiated bidirectional stream to map to multiple datagram flow IDs. >>>>>>>> >>>>>>>> The approach I've taken is to say yes: that allows us to reuse the >>>>>>>> flow ID multiplexing logic to encode additional information in the flow ID. >>>>>>>> >>>>>>>> You could build something isomorphic to this where you say no and >>>>>>>> have one flow ID per stream, and then add a second varint right after the >>>>>>>> flow ID. >>>>>>>> >>>>>>>> Since datagrams have to fit in a QUIC packet, adding more >>>>>>>> varints eats into available datagram MTU which makes me prefer the multiple >>>>>>>> flow IDs per stream approach. >>>>>>>> >>>>>>>> Both are pretty much equivalent in terms of implementation >>>>>>>> complexity: either way you need a hash table mapping from a varint to what >>>>>>>> that varint means. >>>>>>>> >>>>>>>> There is more complexity in how you convey that mapping (right now >>>>>>>> this is done using parameters on the Datagram-Flow-Id header), but I don't >>>>>>>> think >>>>>>>> >>>>>>>> requiring one flow ID per stream solves any of that >>>>>>>> complexity, you'll still need a way to convey extension information. The >>>>>>>> ECN example is so simple that >>>>>>>> >>>>>>>> it doesn't require sending much extension information, but if you >>>>>>>> look further at enabling optional IP header compression in CONNECT-IP, then >>>>>>>> you'll want >>>>>>>> >>>>>>>> a way to associate a varint with which IP addresses you're >>>>>>>> compressing. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> I think the question we have to answer becomes: do we want MASQUE >>>>>>>> protocols to be extensible? Our options are: >>>>>>>> >>>>>>>> - disallow extensibility and slightly simplify the protocol >>>>>>>> >>>>>>>> - allow extensibility via multiple flow IDs per stream, and deal >>>>>>>> with the slight complexity >>>>>>>> >>>>>>>> - allow extensibility with a single flow ID per stream, and deal >>>>>>>> with the slight complexity >>>>>>>> >>>>>>>> Personally, I feel strongly that we should allow extensibility. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> David >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Tue, Mar 30, 2021 at 3:40 PM Martin Duke < >>>>>>>> martin.h.duke@gmail.com> wrote: >>>>>>>> >>>>>>>> Hello MASQUE, >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> At IETF 110 there was a lot of good discussion challenging the >>>>>>>> foundations of the CONNECT-UDP framework, including the relationship >>>>>>>> between streams and Flow-IDs. While CONNECT-UDP happens to use flow IDs >>>>>>>> somewhat incidentally, the real action with the controversial >>>>>>>> multiple-flow-id-per-CONNECT happens in David's (unadopted) ECN draft: >>>>>>>> https://datatracker.ietf.org/doc/draft-schinazi-masque-connect-udp-ecn/ >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Leading up to the interim, it would be great if one of the >>>>>>>> detractors of the flow-id mapping submitted their own approach to solve >>>>>>>> ECN. This would help to illuminate the tradeoffs. Speaking as an >>>>>>>> individual, I am also hoping to move the ECN work forward and having >>>>>>>> another design would help to do that. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>>> Martin >>>>>>>> >>>>>>>> -- >>>>>>>> Masque mailing list >>>>>>>> Masque@ietf.org >>>>>>>> https://www.ietf.org/mailman/listinfo/masque >>>>>>>> >>>>>>>> -- >>>>>>> Masque mailing list >>>>>>> Masque@ietf.org >>>>>>> https://www.ietf.org/mailman/listinfo/masque >>>>>>> >>>>>>
- [Masque] ECN & Flow IDs Martin Duke
- Re: [Masque] ECN & Flow IDs David Schinazi
- Re: [Masque] ECN & Flow IDs Alex Chernyakhovsky
- Re: [Masque] ECN & Flow IDs Martin Duke
- Re: [Masque] ECN & Flow IDs David Schinazi
- Re: [Masque] ECN & Flow IDs Mirja Kuehlewind
- Re: [Masque] ECN & Flow IDs Mirja Kuehlewind
- Re: [Masque] ECN & Flow IDs Martin Duke
- Re: [Masque] ECN & Flow IDs David Schinazi
- Re: [Masque] ECN & Flow IDs Alex Chernyakhovsky
- Re: [Masque] ECN & Flow IDs Martin Duke
- Re: [Masque] ECN & Flow IDs Mirja Kuehlewind
- Re: [Masque] ECN & Flow IDs Mirja Kuehlewind
- Re: [Masque] ECN & Flow IDs Alex Chernyakhovsky
- Re: [Masque] ECN & Flow IDs David Schinazi
- Re: [Masque] ECN & Flow IDs Mirja Kuehlewind
- Re: [Masque] ECN & Flow IDs Martin Duke
- Re: [Masque] ECN & Flow IDs Alex Chernyakhovsky
- Re: [Masque] ECN & Flow IDs Martin Duke
- Re: [Masque] ECN & Flow IDs David Schinazi