[quicwg/base-drafts] Note that initial packets coalesced with other packets to make a 1200 byte UDP datagram could be split up by the network (#3317)

Eric Kinnear <notifications@github.com> Fri, 03 January 2020 17:17 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 990AA12008F for <quic-issues@ietfa.amsl.com>; Fri, 3 Jan 2020 09:17:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8
X-Spam-Level:
X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xRKbwuCSDaov for <quic-issues@ietfa.amsl.com>; Fri, 3 Jan 2020 09:17:46 -0800 (PST)
Received: from out-24.smtp.github.com (out-24.smtp.github.com [192.30.252.207]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6096120088 for <quic-issues@ietf.org>; Fri, 3 Jan 2020 09:17:45 -0800 (PST)
Date: Fri, 03 Jan 2020 09:17:45 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1578071865; bh=TvBza5mUoZLaCT/UZyMgSVju+ivX0F9xymlfJ1Ajmss=; h=Date:From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=nwLBHpHcwAuv7f754O7G57TIwmG4LXu7ZB36khtNNfWhUoRwUWbvLobWYRQ6Sx6Lt JhYREEO1zcaZpZzdRPzqcR/6tioOUfhuiJ5k8NlL+IKDHprN/khlsUmq8/J2FWOVgq Z2mYobdSl7nENLWAacY7jU5EOswqyMLPOhyHQkoA=
From: Eric Kinnear <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK6WSKW77HVPJMDLWON4DSU3TEVBNHHCA7KIGA@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3317@github.com>
Subject: [quicwg/base-drafts] Note that initial packets coalesced with other packets to make a 1200 byte UDP datagram could be split up by the network (#3317)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e0f773919966_40b73f92458cd9641257ae"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: erickinnear
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/pVAwv3Re0HpvqMhGV9ySSwD3vxk>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jan 2020 17:17:47 -0000

While considering https://github.com/quicwg/base-drafts/pull/2925#discussion_r356125209, @MikeBishop suggested that we might want to add some minor text around the discussion of coalescing initial packets to set expectations that the network could split up coalesced packets into separate datagrams which may no longer be 1200+ bytes.

For some history:
#1548 clarified that datagrams are padded to 1200 bytes, not necessarily the initial packets, #2519 added the requirement that not just initial-only datagrams are padded,  #2522 made it such that there are no exceptions to the padding requirement for datagrams containing initial packets.

The current state of things is that: 
- All datagrams containing an initial MUST be 1200+ bytes
- Other packets could be coalesced into the same datagram to reduce waste on the wire
- This limit MAY be enforced as a protocol violation

The current text is:
```
Clients MUST ensure that UDP datagrams containing Initial packets have UDP
payloads of at least 1200 bytes, adding padding to packets in the datagram as
necessary. Sending padded datagrams ensures that the server is not overly
constrained by the amplification restriction.
```

And 
```
A client MUST expand the payload of all UDP datagrams carrying Initial packets
to at least 1200 bytes, by adding PADDING frames to the Initial packet or by
coalescing the Initial packet (see {{packet-coalesce}}). Sending a UDP datagram
of this size ensures that the network path from the client to the server
supports a reasonable Maximum Transmission Unit (MTU).  Padding datagrams also
helps reduce the amplitude of amplification attacks caused by server responses
toward an unverified client address; see {{address-validation}}.

Datagrams containing Initial packets MAY exceed 1200 bytes if the client
believes that the Path Maximum Transmission Unit (PMTU) supports the size that
it chooses.

A server MAY send a CONNECTION_CLOSE frame with error code PROTOCOL_VIOLATION in
response to an Initial packet it receives from a client if the UDP datagram is
smaller than 1200 bytes. It MUST NOT send any other frame type in response, or
otherwise behave as if any part of the offending packet was processed as valid.
```

This generally seems reasonable, however we have some choices to make: 
Option 1, keep the current behavior: 
Consider the network changing this a failure, as we no longer establish >1200 byte connectivity for packets. Keep the enforcement, add an editorial note that the network could mess with these packets and cause the establishment to fail. Let these connections go.

Option 2, prevent this from failing the handshake: 
Remove the enforcement or add a note clarifying when you MAY *not* want to error out. This seems tricky as there's no way to tell that the network made the change vs. the remote endpoint. Rethink our assumptions about having >1200 byte connectivity for datagrams everywhere.

I would lean rather strongly towards Option 1.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/3317