Re: [quicwg/base-drafts] Specify IPv6 flow label for QUIC (#2348)
Martin Thomson <notifications@github.com> Mon, 21 January 2019 04:53 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CBBC12D84C for <quic-issues@ietfa.amsl.com>; Sun, 20 Jan 2019 20:53:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -12.553
X-Spam-Level:
X-Spam-Status: No, score=-12.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k9wS3M9WgkmE for <quic-issues@ietfa.amsl.com>; Sun, 20 Jan 2019 20:53:18 -0800 (PST)
Received: from out-15.smtp.github.com (out-15.smtp.github.com [192.30.254.198]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 062E812867A for <quic-issues@ietf.org>; Sun, 20 Jan 2019 20:53:18 -0800 (PST)
Date: Sun, 20 Jan 2019 20:53:17 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1548046397; bh=3ExwMDlWjlcZfAWdKxS5HPUQb3WODV+Q45yZjRpJqU8=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=jQX9yqK109JYwPwhLE6jktNL+7G+/czqnyCoUSk75ucOgcWN0dii4tU9NUC3hqguj 5XldHpoOMyJOE7jJoAl0YzbVTGaARqckt5CiHjEakjJst52BKXEmhFDxx2/GCw8hED wmQrLnaC79IJi+iY2LXXxy5uQSot0r6KEIkRWKWk=
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abbf67d87cb484f555a9f7f575de16c08debeb4b1092cf00000001185d123d92a169ce17e0dd5b@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2348/455948049@github.com>
In-Reply-To: <quicwg/base-drafts/issues/2348@github.com>
References: <quicwg/base-drafts/issues/2348@github.com>
Subject: Re: [quicwg/base-drafts] Specify IPv6 flow label for QUIC (#2348)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c45503d51259_60153f95120d45bc7832d0"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/F3SaLpz-xzt66bXvgczCWSu-gME>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2019 04:53:20 -0000
So the real problem here is that if we do have labels, we want to guarantee that we don't create linkability at the IP layer. The costs for forwarding in the network seem manageable, and the load balancer is supposed to know what connection IDs are and use those for consistently routing. Using the flow label for the first packet, assuming a stateful load balancer, as described in RFC 7098 seems fairly consistent with this. The stateless processing is made worse by virtue of having to find the connection ID, so much of the benefit there is lost for a purely stateless load balancer.
BTW, I don't like this statement in 7098:
> o SSL and HTTP proxies, if present, should forward the flow label
value towards the server. This usually has no performance
benefit, but it is consistent with the general model for the flow
label described in RFC 6437.
That's only really going to benefit traffic analysis, which isn't a great outcome. One advantage of terminating TLS is that there is some remixing and re-encryption of inbound and forwarded data. In any case, simple 1:1 mappings across this sort of proxy aren't always feasible as the proxy tends to route requests and not connections.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2348#issuecomment-455948049
- [quicwg/base-drafts] Specify IPv6 flow label for … Christian Huitema
- Re: [quicwg/base-drafts] Specify IPv6 flow label … Brian Trammell
- Re: [quicwg/base-drafts] Specify IPv6 flow label … Brian E Carpenter
- Re: [quicwg/base-drafts] Specify IPv6 flow label … Martin Thomson
- Re: [quicwg/base-drafts] Specify IPv6 flow label … Christian Huitema
- Re: [quicwg/base-drafts] Specify IPv6 flow label … Brian E Carpenter
- Re: [quicwg/base-drafts] Specify IPv6 flow label … Martin Thomson
- Re: [quicwg/base-drafts] Specify IPv6 flow label … Christian Huitema
- Re: [quicwg/base-drafts] Specify IPv6 flow label … Martin Thomson
- Re: [quicwg/base-drafts] Specify IPv6 flow label … ianswett
- Re: [quicwg/base-drafts] Specify IPv6 flow label … ianswett