IETF Logo Mail Archive

[quicwg/base-drafts] Third ECN validation check and lost acknowledgments (#3778)

Martin Thomson <notifications@github.com> Thu, 18 June 2020 06:44 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFB003A0EA9 for <quic-issues@ietfa.amsl.com>; Wed, 17 Jun 2020 23:44:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.9
X-Spam-Level: *
X-Spam-Status: No, score=1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, GB_SUMOF=5, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SK_plKj2Cu6Y for <quic-issues@ietfa.amsl.com>; Wed, 17 Jun 2020 23:44:05 -0700 (PDT)
Received: from out-28.smtp.github.com (out-28.smtp.github.com [192.30.252.211]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 047113A0EA6 for <quic-issues@ietf.org>; Wed, 17 Jun 2020 23:44:04 -0700 (PDT)
Received: from github-lowworker-d93c4b6.va3-iad.github.net (github-lowworker-d93c4b6.va3-iad.github.net [10.48.17.47]) by smtp.github.com (Postfix) with ESMTP id 470708C0445 for <quic-issues@ietf.org>; Wed, 17 Jun 2020 23:44:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1592462644; bh=kYmlpeFBCPYooqPGeRbq+kWyLjUBBoXS4bo6YzVJwYE=; h=Date:From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=RwsGXeEif+cHisDV/NnpiV1jA34fuXywhzx0KSw7JeW/iW7zQj/orudq5ect3Z77W vTlkoVmUuCjkCdM5g/03V5X1Mf3rfxH/xr3kKcns34YTW5aLNsyfpTk2/j7k2ro+Xg a0M/D8bSBUU1ATtGzNOgrv8KmU8fWO+7ibYFFNbY=
Date: Wed, 17 Jun 2020 23:44:04 -0700
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJKZR5T5RLBT25RRQEXF463XDJEVBNHHCMNBG7Y@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/3778@github.com>
Subject: [quicwg/base-drafts] Third ECN validation check and lost acknowledgments (#3778)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5eeb0d3434bbc_12b43f97b64cd9607378db"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/z0WJYhTLX3WxfiMd6Zxj9pT_WD4>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2020 06:44:07 -0000

QUIC doesn't guarantee that every received packet will be acknowledged.  At the same time, ECN validation uses counts of every received packet.  The net effect of this is captured in this statement:

> An endpoint could miss acknowledgements for a packet when ACK frames are lost. It is therefore possible for the total increase in ECT(0), ECT(1), and CE counts to be greater than the number of packets acknowledged in an ACK frame. When this happens, and if validation succeeds, the local reference counts MUST be increased to match the counts in the ACK frame.
-- https://quicwg.org/base-drafts/draft-ietf-quic-transport.html#section-13.4.2.2-4

For example, if a sender sends 10 ECT-marked packets and all of them arrive, they might only receive acknowledgments for 8 of these.  The receiver will still report an increase of 10 for the corresponding markings.  The sender compensates for this error by allowing this deviation and using the new reference number for future packets.

Note that validation also depends on the receiver counting but not acknowledging a packet, then later changing its mind and acknowledging the packet.  We don't state this, but we shouldn't have to.

But that allowance only applies to the validation performed on the sum of ECT(0), ECT(1) and ECN-CE counts.  The validation for cross-marking of ECT(0) to ECT(1) or vice versa does not include this same protection.  Thus, failure to acknowledge a packet will probably result in ECN validation failing.

There are a few ways we might fix this.  We could just allow for an increase here too.  The net effect though is that we don't get to watch for cross-marking.  We don't get any protection against cross marking like this.  In other words, we can remove the check.

It might be better to limit the allowed increase by the total excess in the total.  That is, if `total_unaccounted = sum(ECT0+ECT1+ECN-CE) - newly_acknowledged.was_marked(ECT0 or ECT1)` then the check is `unaccounted_ect0 = sum(ECT0+ECN-CE) - newly_acknowledged.was_marked(ECT0); unaccounted_ect0 >= 0` and `unaccounted_ect1 = sum(ECT1+ECN-CE) - newly_acknowledged.was_marked(ECT1); unaccounted_ect1 >= 0`.

The combined check becomes `total_unaccounted <= unaccounted_ect0 + unaccounted_ect1 <= total_unaccounted + ECN-CE`.  That is, increases to ECT(X) + CE above what was newly acknowledged has to be represented in the total unaccounted value.   If all unaccounted packets were CE marked, then they will be unaccounted for twice in the individual counts.  If none of the unaccounted packets were CE marked, then they will be counted just once.

That suggests the following text for the third check:

> ECN validation fails if the sum of the increase in ECT(0) and ECT(1) counts, plus any increase in the ECN-CE count is less than the number of packets sent with the corresponding ECT codepoint.  This step is a more specific check for remarking to Not-ECT.

This third check is now more precise than the second check, so I would suggest removing the combined check that we have current as step 2.

A new combined check might detect remarking between ECT(0) and ECT(1):

> ECN validation fails if any unaccounted for increase in the sum of ECT(0) and ECN-CE counts, plus any unaccounted for increase in the sum of ECT(1) and ECN-CE counts, less any unaccounted for increase in the sum of the ECT(0), ECT(1), and ECN-CE counts is not between zero and the increase to the ECN-CE count.  This step might detect erroneous remarking from ECT(0) to ECT(1) (or vice versa) by the network.

And finally, because most stacks only apply one type of marking:

> An endpoint MAY also validate total counts based on the total number of packets that it sent with with a given marking.  ECN validation fails if any increase in ECT(0) or ECT(1) counts exceeds the total number of packets sent with the corresponding marking over the lifetime of the connection.  In particular, an endpoint that never uses a particular marking can fail validation when a count increases for that marking.  This step detects any erroneous network application of ECT(0) or ECT(1) markings.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/3778

v2.40.4 | Report a Bug | By Email | System Status