[quicwg/base-drafts] Note that initial packets coalesced with other packets to make a 1200 byte UDP datagram could be split up by the network (#3317)
Eric Kinnear <notifications@github.com> Fri, 03 January 2020 17:17 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 990AA12008F for <quic-issues@ietfa.amsl.com>; Fri, 3 Jan 2020 09:17:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8
X-Spam-Level:
X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xRKbwuCSDaov for <quic-issues@ietfa.amsl.com>; Fri, 3 Jan 2020 09:17:46 -0800 (PST)
Received: from out-24.smtp.github.com (out-24.smtp.github.com [192.30.252.207]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6096120088 for <quic-issues@ietf.org>; Fri, 3 Jan 2020 09:17:45 -0800 (PST)
Date: Fri, 03 Jan 2020 09:17:45 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1578071865; bh=TvBza5mUoZLaCT/UZyMgSVju+ivX0F9xymlfJ1Ajmss=; h=Date:From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=nwLBHpHcwAuv7f754O7G57TIwmG4LXu7ZB36khtNNfWhUoRwUWbvLobWYRQ6Sx6Lt JhYREEO1zcaZpZzdRPzqcR/6tioOUfhuiJ5k8NlL+IKDHprN/khlsUmq8/J2FWOVgq Z2mYobdSl7nENLWAacY7jU5EOswqyMLPOhyHQkoA=
From: Eric Kinnear <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK6WSKW77HVPJMDLWON4DSU3TEVBNHHCA7KIGA@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3317@github.com>
Subject: [quicwg/base-drafts] Note that initial packets coalesced with other packets to make a 1200 byte UDP datagram could be split up by the network (#3317)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e0f773919966_40b73f92458cd9641257ae"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: erickinnear
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/pVAwv3Re0HpvqMhGV9ySSwD3vxk>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jan 2020 17:17:47 -0000
While considering https://github.com/quicwg/base-drafts/pull/2925#discussion_r356125209, @MikeBishop suggested that we might want to add some minor text around the discussion of coalescing initial packets to set expectations that the network could split up coalesced packets into separate datagrams which may no longer be 1200+ bytes. For some history: #1548 clarified that datagrams are padded to 1200 bytes, not necessarily the initial packets, #2519 added the requirement that not just initial-only datagrams are padded, #2522 made it such that there are no exceptions to the padding requirement for datagrams containing initial packets. The current state of things is that: - All datagrams containing an initial MUST be 1200+ bytes - Other packets could be coalesced into the same datagram to reduce waste on the wire - This limit MAY be enforced as a protocol violation The current text is: ``` Clients MUST ensure that UDP datagrams containing Initial packets have UDP payloads of at least 1200 bytes, adding padding to packets in the datagram as necessary. Sending padded datagrams ensures that the server is not overly constrained by the amplification restriction. ``` And ``` A client MUST expand the payload of all UDP datagrams carrying Initial packets to at least 1200 bytes, by adding PADDING frames to the Initial packet or by coalescing the Initial packet (see {{packet-coalesce}}). Sending a UDP datagram of this size ensures that the network path from the client to the server supports a reasonable Maximum Transmission Unit (MTU). Padding datagrams also helps reduce the amplitude of amplification attacks caused by server responses toward an unverified client address; see {{address-validation}}. Datagrams containing Initial packets MAY exceed 1200 bytes if the client believes that the Path Maximum Transmission Unit (PMTU) supports the size that it chooses. A server MAY send a CONNECTION_CLOSE frame with error code PROTOCOL_VIOLATION in response to an Initial packet it receives from a client if the UDP datagram is smaller than 1200 bytes. It MUST NOT send any other frame type in response, or otherwise behave as if any part of the offending packet was processed as valid. ``` This generally seems reasonable, however we have some choices to make: Option 1, keep the current behavior: Consider the network changing this a failure, as we no longer establish >1200 byte connectivity for packets. Keep the enforcement, add an editorial note that the network could mess with these packets and cause the establishment to fail. Let these connections go. Option 2, prevent this from failing the handshake: Remove the enforcement or add a note clarifying when you MAY *not* want to error out. This seems tricky as there's no way to tell that the network made the change vs. the remote endpoint. Rethink our assumptions about having >1200 byte connectivity for datagrams everywhere. I would lean rather strongly towards Option 1. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/issues/3317
- [quicwg/base-drafts] Note that initial packets co… Eric Kinnear
- Re: [quicwg/base-drafts] Note that initial packet… ekr
- Re: [quicwg/base-drafts] Note that initial packet… ianswett
- Re: [quicwg/base-drafts] Note that initial packet… Jana Iyengar
- Re: [quicwg/base-drafts] Note that initial packet… Christian Huitema
- Re: [quicwg/base-drafts] Note that initial packet… Eric Kinnear
- Re: [quicwg/base-drafts] Note that initial packet… Mark Nottingham
- Re: [quicwg/base-drafts] Note that initial packet… Jana Iyengar
- Re: [quicwg/base-drafts] Note that initial packet… Jana Iyengar