Re: [Plus] Blog post on quic and tou

Juho Snellman <> Fri, 09 December 2016 09:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D4DE012A285 for <>; Fri, 9 Dec 2016 01:05:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id PUaYuK7YWKgU for <>; Fri, 9 Dec 2016 01:05:37 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4001:c06::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B679B12A280 for <>; Fri, 9 Dec 2016 01:05:37 -0800 (PST)
Received: by with SMTP id p13so5500866ioi.0 for <>; Fri, 09 Dec 2016 01:05:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=vtdOpoM+ez1h8kPyGyk18EN1adLvyfnMkObPIr7Gwr0=; b=jqc3cz3rng8nltjcej3sb9MytdB4da/6hBFe8C4DZE8/cLHVw24Nozly6R3DvPnNNk 4wfR4VOasxaba2xSpNG6oChvjcE3VZKYyNoT76kWVmc41sYDj2KDUOTP4nKLrqILH04O sofN/KH0bNRTOHEbEVM5Rq8dN1bQB35Hst8cKEa2bjKT7SP1AH2lu2HjfbSPvfjFTON5 8P2mdvQmb/Slch/p3kPVUq3LGZNYOaLyVisHj9ftCl3bu9258BfFFR7w2JAYnKz28mQK yT3WYFR1vOge7abPPvH2ivrinnSPgktdwNSzQi9qIE8lg1heDm7K+VzO2/rHycJGSR9V huQg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=vtdOpoM+ez1h8kPyGyk18EN1adLvyfnMkObPIr7Gwr0=; b=CdJoZfZaYtXd7WfhvJKo8kobhwDdOEf0PdypheLgzr7Xx6mE9RWMe8KFDGiBLtb0JL 3cv6oJxq4xW2ItgbWvG7Ba/PYgmh8PwudrEGs0TeGYw3u9lyRLjeyr6Mh42kKSRQkaOV w4/YC+mzjuXP8tDyVEQ95LjnNg5WfiN8MHDRM4U8V//G31jdyY5ilXa+Qk8y08skzYvD ZOr99vWidG23ivtjU/8IVndChAFcM8ff5ePvx6fpjuth3JzgUp5/6kxB0iOFRvF7IB/g 4mxyobA/fR7t494JqB73pmA65dxlwccbF3yHyxwCSAfej0/NITJ2/4vavr1G/SEHeIRh KghQ==
X-Gm-Message-State: AKaTC03L5M6xtzxWH9EBPMjur2+39nCUoWZJ4AqRHVACf/SuaTB0aNIB/gbLgqfjetKhYu6KXD3IPHwOB1SyOg==
X-Received: by with SMTP id v140mr5792254itb.65.1481274337028; Fri, 09 Dec 2016 01:05:37 -0800 (PST)
MIME-Version: 1.0
Received: by with HTTP; Fri, 9 Dec 2016 01:05:36 -0800 (PST)
In-Reply-To: <>
References: <> <> <> <> <>
From: Juho Snellman <>
Date: Fri, 9 Dec 2016 10:05:36 +0100
X-Google-Sender-Auth: hyCFfxfAFfIe_4I-xC0b-5EBNLU
Message-ID: <>
To: Brian Trammell <>
Content-Type: multipart/alternative; boundary=001a1143ff7aac70830543360e28
Archived-At: <>
Cc: Jana Iyengar <>, =?UTF-8?Q?Mirja_K=C3=BChlewind?= <>,
Subject: Re: [Plus] Blog post on quic and tou
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion of a Path Layer UDP Substrate \(PLUS\) protocol for in-band management of in-network state for UDP-encapsulated transport protocols." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 09 Dec 2016 09:09:48 -0000


On 8 December 2016 at 21:40, Brian Trammell <> wrote:
> Note that this is a two-point measurement methodology, which requires a
> far more elaborate measurement infrastructure than a one-point methodology,
> which basically just needs wireshark. The infrastructure requirements for
> diagnosis of a particular problem given a particular wire image are also a
> point to consider in the tradeoff space. (Or, more cynically again, as
> someone who's spent a lot of time building measurement infrastructures,
> thank you for pointing out a business opportunity. :) )

With measurements from all points in the network the encryption becomes a
non-issue anyway; we'd simply match up the packets between the traces. So
exposing information that's only useful in a multi-point context doesn't
seem all that compelling to me.

My experience is that there's a huge difference in the amount of effort
needed to get a single point trace vs. multiple traces. The first one has
basically no lead time, and can be just part of normal operating procedure
when investigating a problem report. The second tends to require careful
coordination across multiple groups, often a lead time of several days, and
gets routinely botched when traffic isn't being routed exactly as expected.
(I'm not aware of any easy to use tools for doing multi-trace analysis
either. That'd of course change if such tools become a necessity instead of
a luxury).

A packet number + ack number would indeed be the most useful thing to
expose, since it gives downstream RTTs and upstream packet loss. It doesn't
really do much for downstream packet loss though, which is a pretty
important component. For that, I think you'd want one of the following (in
order of preference):

- All the nack blocks
- The latest nack block
- The number of nack blocks
- A "this packet is a retransmission" bit in data packets. (Though this
would have other uses than just monitoring).
- A "there is at least one nack block" bit (this is weak enough that you'd
probably need a lot of heuristics)

After packet numbers, acks, and some kind of a reliable nack signal,
diminishing returns start to kick in, at least for the purpose of finding
network level problems.

I wouldn't be quite as cynical about client / server problems as you were,
though :) It's not simply a way to close a case as "not my problem"; it's
that it's easier and faster to prove a specific component is the problem
than to prove that the network as a whole isn't.

> The problem that remains is that once middeboxes react to certain bits,
> deployment of changes to those bits requires herculean effort, as we see
> with TFO. But this is exactly the tradeoff -- every bit that is exposed may
> help the operator, but loses agility.
> Agree here completely. This isn't a "problem", rather it indicates a hard
> requirement to keep that wire image as minimal as possible.

Sure. When writing that post, I wasn't aware there was a discussion about
having more information outside the encryption envelope. So the contrast
was between "everything readable" vs. "nothing is readable". Of course I'd
always love to have more data available :) But if there's a sweet spot that
exposes just enough information, that'd be great.

Juho Snellman