IETF Logo Mail Archive

Re: Is "Version Greasing" a new benfit or a new obstacle?

G Fairhurst <gorry@erg.abdn.ac.uk> Sat, 13 April 2019 11:03 UTC

Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDBC712007A for <quic@ietfa.amsl.com>; Sat, 13 Apr 2019 04:03:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id URNHoDRtumhF for <quic@ietfa.amsl.com>; Sat, 13 Apr 2019 04:03:52 -0700 (PDT)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [IPv6:2001:630:42:150::2]) by ietfa.amsl.com (Postfix) with ESMTP id B75CC120043 for <quic@ietf.org>; Sat, 13 Apr 2019 04:03:51 -0700 (PDT)
Received: from G-MacBook.local (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id C7A401B0007C; Sat, 13 Apr 2019 12:03:40 +0100 (BST)
Message-ID: <5CB1C214.4030501@erg.abdn.ac.uk>
Date: Sat, 13 Apr 2019 12:03:48 +0100
From: G Fairhurst <gorry@erg.abdn.ac.uk>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Roberto Peon <fenix@fb.com>
CC: Praveen Balasubramanian <pravb@microsoft.com>, Christian Huitema <huitema@huitema.net>, Ian Swett <ianswett@google.com>, Mikkel Fahnøe Jørgen sen <mikkelfj@gmail.com>, "quic@ietf.org" <quic@ietf.org>, "Border, John" <john.border@hughes.com>, Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>
Subject: Re: Is "Version Greasing" a new benfit or a new obstacle?
References: <5CADADDD.7010005@erg.abdn.ac.uk> <EBF1BF30-62A5-4659-8AEC-0D5B3F2D65C6@fb.com> <BL0PR11MB3394294313F8F54A3D0CF4A3902E0@BL0PR11MB3394.namprd11.prod.outlook.com> <CAN1APdcm0hnT_Mu7D7x5QM6pApOQw1RdWCBkgY16bd5YWNtFkA@mail.gmail.com> <9084B09D-5E13-49FA-BA93-0D7276CDE420@erg.abdn.ac.uk> <CAN1APdeSF0-_N=mb1xkoe_qLwoVqP+X9_Wawi=Zu__6wdHtbOQ@mail.gmail.com> <699E2135-A3CE-4D33-91F6-D3C96E66674F@ericsson.com> <CAN1APde2SO6fkNzyznbv2-xNuXkkuC=bN3p8xRgwmRAmsZxrgA@mail.gmail.com> <MW2PR2101MB104902B6BC7C67D8688EA852B6280@MW2PR2101MB1049.namprd21.prod.outlook.com> <MW2PR2101MB104996C29680DF7B79230C8CB6280@MW2PR2101MB1049.namprd21.prod.outlook.com> <CAKcm_gMwcwZ0VzK4vDt-sCQctHVrwOm9ekPPi3O3Y2UnRrZaBw@mail.gmail.com> <02f27c4e-2d1e-29ab-6891-236442436a3c@huitema.net> <9C6D92FF-7635-48BD-A65B-FAB4B544476D@fb.com> <MW2PR2101MB10498605DC0F1FC3905865F4B6280@MW2PR2101MB1049.namprd21.prod.outlook.com> <BDEE786D-9CCE-457F-946A-8CC195E3CDA8@fb.com>
In-Reply-To: <BDEE786D-9CCE-457F-946A-8CC195E3CDA8@fb.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/-I_aKe-rkpoNkEPcrlCpIuvvKXo>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Apr 2019 11:03:55 -0000

Bringing this thread back - to me it seems there has been lots of 
discussion about how "version greasing" can be added in various ways, 
and very little on what makes this necessary and worth the impact on the 
network.

I still don't do not see that the side effects are worse when the 
protocol requires the version to be unobfusticated (as in most other 
IETF transport protocols).

Gorry


On 12/04/2019, 17:41, Roberto Peon wrote:
>
> I’m not sure that I agree there—there is no need to have it 
> standardized so long as the LB is involved in picking it. Each LB 
> system can choose whatever it wants. Thus, every LB **deployment** 
> could use a different scheme with different grease. Every LB 
> deployment could change the scheme it uses pseudo-randomly or 
> according to the lunar calendar, etc.
>
> Because there is a dynamic (and controlling) component (namely the 
> part of the LB system which vends and then later routes CIDs), there 
> is no need for anything else.
>
> -=R
>
> *From: *Praveen Balasubramanian <pravb@microsoft.com>
> *Date: *Friday, April 12, 2019 at 9:28 AM
> *To: *Roberto Peon <fenix@fb.com>, Christian Huitema 
> <huitema@huitema.net>, Ian Swett <ianswett@google.com>
> *Cc: *"Gorry (erg)" <gorry@erg.abdn.ac.uk>, Mirja Kuehlewind 
> <mirja.kuehlewind@ericsson.com>, Mikkel Fahnøe Jørgensen 
> <mikkelfj@gmail.com>, "quic@ietf.org" <quic@ietf.org>, "Border, John" 
> <john.border@hughes.com>
> *Subject: *RE: Is "Version Greasing" a new benfit or a new obstacle?
>
> Re. Encoding in CID. Then it needs to be standardized and if it is 
> standardized what’s the point in greasing? Let’s not ignore the 
> smaller services who use the cloud i.e. people deploying say NGINX web 
> servers in AWS, Azure or GCP. Not every QUIC deployment is a large 
> first party service which controls all aspects how LB and DDoS are 
> done. In public clouds LB and DDoS protection are network functions 
> (services) and are middleboxes under a completely different 
> administrative domain.
>
> Christian, this is about source address validation by the middlebox. 
> This is how it works for TCP (think SYN cookies) and we need to have 
> parity for QUIC. When under attack, short header packets will be 
> dropped for addresses that have not been validated, but this is the 
> same for non-SYN packets for TCP. I don’t understand how invariants 
> can be used here. If we don’t have parity for DoS protection in 
> network then QUIC traffic will be rate limited which is going to be 
> really bad for performance. FWIW there is already DoS traffic that 
> looks like QUIC.
>
> *From:* Roberto Peon <fenix@fb.com>
> *Sent:* Friday, April 12, 2019 9:16 AM
> *To:* Christian Huitema <huitema@huitema.net>; Ian Swett 
> <ianswett@google.com>; Praveen Balasubramanian <pravb@microsoft.com>
> *Cc:* Gorry (erg) <gorry@erg.abdn.ac.uk>; Mirja Kuehlewind 
> <mirja.kuehlewind@ericsson.com>; Mikkel Fahnøe Jørgensen 
> <mikkelfj@gmail.com>; quic@ietf.org; Border, John <john.border@hughes.com>
> *Subject:* Re: Is "Version Greasing" a new benfit or a new obstacle?
>
> For any large deployment, I suspect they’ll need LB.
>
> For most kinds of LB-ing, I’d expect the LB system to either directly 
> or indirectly be involved in choosing/vending connection IDs.
>
> If it is involved in vending/choosing connection IDs, it can encode 
> version information into the CID.
>
> -=R
>
> *From: *Christian Huitema <huitema@huitema.net 
> <mailto:huitema@huitema.net>>
> *Date: *Friday, April 12, 2019 at 9:13 AM
> *To: *Ian Swett <ianswett=40google.com@dmarc.ietf.org 
> <mailto:ianswett=40google.com@dmarc.ietf.org>>, Praveen 
> Balasubramanian <pravb=40microsoft.com@dmarc.ietf.org 
> <mailto:pravb=40microsoft.com@dmarc.ietf.org>>
> *Cc: *"Gorry (erg)" <gorry@erg.abdn.ac.uk 
> <mailto:gorry@erg.abdn.ac.uk>>, Roberto Peon <fenix@fb.com 
> <mailto:fenix@fb.com>>, Mirja Kuehlewind 
> <mirja.kuehlewind@ericsson.com 
> <mailto:mirja.kuehlewind@ericsson.com>>, Mikkel Fahnøe Jørgensen 
> <mikkelfj@gmail.com <mailto:mikkelfj@gmail.com>>, "quic@ietf.org 
> <mailto:quic@ietf.org>" <quic@ietf.org <mailto:quic@ietf.org>>, 
> "Border, John" <john.border@hughes.com <mailto:john.border@hughes.com>>
> *Subject: *Re: Is "Version Greasing" a new benfit or a new obstacle?
>
> On 4/12/2019 8:57 AM, Ian Swett wrote:
>
>     *From:* Praveen Balasubramanian
>     *...*
>
>     Version greasing will create problems for DDoS protection. The
>     DDoS protection middlebox will have to treat all traffic with
>     unknown version numbers as plain old QUIC and rate limit it. Any
>     solution that requires per connection state to track version
>     numbers doesn’t scale. Especially in the cloud scenario customers
>     bring their own web servers so this makes any opt-out solution not
>     good enough. So I do think this is an obstacle for many deployments.
>
> Don't we have an example of middle-box ossification just there?
>
> Praveen's example points to the perils of the "shortest path" approach 
> to middle-box design. Taking the shortest path means finding something 
> that works now, and once you have found it deploy it without worry 
> about consequences -- which very often include ossification. If the 
> DDOS protection box looks for "QUIC versions that it knows" and just 
> rate limits the other types of packets, then the box will by design 
> prevent deployment of versions that it does not know.
>
> I assume that big organizations like Azure will update their 
> protections once a new version is out, but the experience shows that 
> many other organizations don't. And even when they do, the focus on 
> published versions will block experimenting with new versions, not to 
> mention interfering with other features like connection migration. I 
> take Praveen's example as an argument why we should in fact 
> standardize version greasing, precisely to avoid this "shortest path 
> middle-box design".
>
> In the case of DDOS protection, I will point out that DDOS protection 
> also needs to work with short header packets, which do not carry any 
> version number. In order to avoid DDOS by short header packets, the 
> boxes have to be able to distinguish between packets that belong to 
> authorized connections and packets that don't. And if you do that, 
> then you don't really need to look at the version numbers, you can 
> simply rely on the invariants.
>
> -- Christian Huitema
>

v2.23.0 | Report a Bug | By Email