Re: Treatment of ICMP for PMTU

"Gorry (erg)" <gorry@erg.abdn.ac.uk> Thu, 28 June 2018 15:34 UTC

Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39FD3130DC8 for <quic@ietfa.amsl.com>; Thu, 28 Jun 2018 08:34:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UjuhMBduwcJE for <quic@ietfa.amsl.com>; Thu, 28 Jun 2018 08:34:07 -0700 (PDT)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [137.50.19.135]) by ietfa.amsl.com (Postfix) with ESMTP id 102C1130DC7 for <quic@ietf.org>; Thu, 28 Jun 2018 08:34:07 -0700 (PDT)
Received: from [10.237.55.4] (unknown [85.255.236.63]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id A2E4B1B00281; Thu, 28 Jun 2018 15:40:33 +0100 (BST)
Content-Type: multipart/alternative; boundary="Apple-Mail-D382A5B5-6B62-4A0B-B9A7-2E87E920C506"
Mime-Version: 1.0 (1.0)
Subject: Re: Treatment of ICMP for PMTU
From: "Gorry (erg)" <gorry@erg.abdn.ac.uk>
X-Mailer: iPhone Mail (15E216)
In-Reply-To: <CAN1APdeH5yQELW9wv4Oj=UtaVcC=zCNz6su8_R-hrB3T8_Yp2w@mail.gmail.com>
Date: Thu, 28 Jun 2018 16:40:27 +0200
Cc: Lucas Pardue <lucas.pardue@bbc.co.uk>, IETF QUIC WG <quic@ietf.org>, Martin Duke <martin.h.duke@gmail.com>, "Lubashev, Igor" <ilubashe@akamai.com>
Content-Transfer-Encoding: 7bit
Message-Id: <71164BBA-551D-4281-9E46-B4759401351E@erg.abdn.ac.uk>
References: <924fbd75dbcf4d62a9062570b0d2ba5a@ustx2ex-dag1mb5.msg.corp.akamai.com> <7CF7F94CB496BF4FAB1676F375F9666A3BB5B9DC@bgb01xud1012> <2f0e251a9b274272968a8b3053d3a3a5@ustx2ex-dag1mb5.msg.corp.akamai.com> <7CF7F94CB496BF4FAB1676F375F9666A3BB5BA29@bgb01xud1012> <4674cc2be90e4b5b9056cc63a0735664@ustx2ex-dag1mb5.msg.corp.akamai.com> <7CF7F94CB496BF4FAB1676F375F9666A3BB5BA9B@bgb01xud1012> <CAN1APdeH5yQELW9wv4Oj=UtaVcC=zCNz6su8_R-hrB3T8_Yp2w@mail.gmail.com>
To: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/4EM82o95194a_vNmlSsQInUhoHA>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jun 2018 15:34:11 -0000


> On 28 Jun 2018, at 12:07, Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> wrote:
> 
> I think QUIC needs a tunnel extension frame.
> 
>> On 28 June 2018 at 11.25.20, Lucas Pardue (lucas.pardue@bbc.co.uk) wrote:
>> 
>> Igor Lubashev wrote: 
>> 
>> >I think I see what you are talking about. 
>> > 
>> >At least the way it is specced in H2 and HTTP/QUIC, CONNECT proxies forward 
>> >data streams, not packets. Hence, MTU concept on a tunnel-stream is 
>> >meaningless. The text says it explicitly: "Note that the size and number of TCP 
>> >segments is not guaranteed to map predictably to the size and number of 
>> >HTTP DATA or QUIC STREAM frames." From the client's perspective there is 
>> >only one PMTU that is relevant -- the one to the proxy. The proxy will keep 
>> >tracks of the PMTUs to the CONNECT endpoints itself and will generate TCP 
>> >segments accordingly. 
>> 
>> Right, that's how I was seeing it. 
>> 
>> >Trying to design a CONNECT-like method to proxy an entire QUIC connection 
>> >over a single QUIC stream would create HOLB for QUIC packets to and from 
>> >the proxy. Some sort of a partially reliable QUIC stream could help here. 
>> 
>> Both you and Mikkel have identified HOL as something that needs more thought. Thanks. Mikkel's view is a little more extreme, to paraphrase "HOL is enough to make QUIC not QUIC". I've taken the view that it may be desirable to tunnel QUIC over TLS/TCP too (perhaps using HTTP/2 frames), so I view HOL avoidance as an optimisation rather than a requirement. Partial reliability (of streams, or of some new frame type) could help solve that puzzle. Now I think about it, a complimentary mitigation could be to reserve a set of tunnel-streams to provide some basic multiplexing. However, the complexity of that might not be worth it. 
>> 
>> >This proxying scheme would require an extension to CONNECT to open a 
>> >UDP/IP tunnel instead of a TCP/IP tunnel. That extension would also mandate 
>> >that HTTP/QUIC DATA frame corresponds to a UDP frame. I suspect that it 
>> >would be a very good idea for such a proxy to add a new frame for providing 
>> >ICMP-like explicit PMTU feedback to the sender (why leave the sender 
>> >guessing and probing, if the PMTU is already known to the proxy?). 
>> 
>> This is good feedback. Thanks! 
>> 
>> Kind regards 
>> Lucas 
>> 

And when you say:
“
for ICMP w/ on-path proof, I think it makes sense to allow a reduction in PMTU up to 1280.”  
- I agree the values could be trusted.
- what then also happens when PTB message indicated less than 1280, does the sender close the connection? Or ignore the message and wait to see if there is a timeout?

Gorry