Re: Questions about QUIC and Anycast
William Herrin <bill@herrin.us> Tue, 18 December 2018 18:47 UTC
Return-Path: <bill@herrin.us>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6A551200B3 for <quic@ietfa.amsl.com>; Tue, 18 Dec 2018 10:47:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.107
X-Spam-Level:
X-Spam-Status: No, score=-1.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RDNS_NONE=0.793, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wulLa32WDdwb for <quic@ietfa.amsl.com>; Tue, 18 Dec 2018 10:47:23 -0800 (PST)
Received: from magic.dirtside.com (unknown [199.33.225.68]) by ietfa.amsl.com (Postfix) with ESMTP id A9AB7130EF9 for <quic@ietf.org>; Tue, 18 Dec 2018 10:47:23 -0800 (PST)
Received: from minoc.dirtside.com (minoc.dirtside.com [199.33.225.67] (may be forged)) by magic.dirtside.com (8.14.3/) with ESMTP id wBIIlHKh011990 for <quic@ietf.org>; Tue, 18 Dec 2018 13:47:18 -0500
X-Really-To: <quic@ietf.org>
Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com [209.85.215.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by minoc.dirtside.com (Postfix) with ESMTPSA id B3206EC16A for <quic@ietf.org>; Tue, 18 Dec 2018 13:47:17 -0500 (EST)
Received: by mail-pg1-f172.google.com with SMTP id d72so8202976pga.9 for <quic@ietf.org>; Tue, 18 Dec 2018 10:47:17 -0800 (PST)
X-Gm-Message-State: AA+aEWaeuFs8//DYJNZly/5wbhs18orYXnMen0yzQsjJ7r2moKtI6Jpi KHoMrF+ENbGm8XcQKfYjgXpJApwM6CUnjnTyTEs=
X-Google-Smtp-Source: AFSGD/XwURd9t/ILa8acMmrajK/QMdUlqR3WVClwuzbcZqHQAIK0KlmEnzZIkz0ZvKlhl0NAUo1b+/yXvGsClxcN6JI=
X-Received: by 2002:a63:801:: with SMTP id 1mr16507935pgi.275.1545158836621; Tue, 18 Dec 2018 10:47:16 -0800 (PST)
MIME-Version: 1.0
References: <CAP-guGVPd-_YkfaGAk+dmi9TJGQ8n-RozbM0ea4wC7hDoU7Xhg@mail.gmail.com> <CABkgnnWBm1=+8FMhbqD2662uybTaYHF4aBR4QyAqJDGdU+Qo7w@mail.gmail.com>
In-Reply-To: <CABkgnnWBm1=+8FMhbqD2662uybTaYHF4aBR4QyAqJDGdU+Qo7w@mail.gmail.com>
From: William Herrin <bill@herrin.us>
Date: Tue, 18 Dec 2018 10:47:05 -0800
X-Gmail-Original-Message-ID: <CAP-guGUpwLb5mQrF-sB0gmUggyUsfCPrqNYbUkqdujQUsJDGzQ@mail.gmail.com>
Message-ID: <CAP-guGUpwLb5mQrF-sB0gmUggyUsfCPrqNYbUkqdujQUsJDGzQ@mail.gmail.com>
Subject: Re: Questions about QUIC and Anycast
To: martin.thomson@gmail.com
Cc: quic@ietf.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Checker: magic.dirtside.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/4f4X7oGcOuQgPr6MNJ8XvaTRarM>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Dec 2018 18:47:26 -0000
Thanks Martin, Igor: I appreciate your insight. This leads me to a couple of additional questions. On Mon, Dec 10, 2018 at 4:41 PM Martin Thomson <martin.thomson@gmail.com> wrote: > On Tue, Dec 11, 2018 at 11:18 AM William Herrin <bill@herrin.us> wrote: > > Question 3: What picks the connection ID? Does the API allow the > > application software to influence the selection of connection ID in > > any way? > > The server picks connection IDs that the client puts in packets. That > selection really has to be done in consultation with load balancers or > the folks managing routing configurations. How does short header versus long header impact this? Can the server instruct the client to use the full destination connection ID in both headers so that the full connection ID is available to a middlebox in every packet? > > Question 2: Which packet contains the server preferred address? > > In practice, taking some of the less-used exchanges (Retry, Version > Negotiation, a TLS HelloRetryRequest) out of the picture, the server > will often include the value in the first flight of packets it sends. > However, that can be a couple of round trips away from the end of the > handshake, because the handshake is multiple packets and might need to > be repaired due to packet loss. Hmm. I'm curious what the reasoning is here. TLS would have to satisfy the same cryptography regardless of which address is used, would it not? Presumably the client could return to the original address upon failed communication with the preferred address, including a failure to negotiate TLS. How does requiring the TLS negotiation to complete before attempting the preferred address end up enhancing security in the bigger picture? Does the preferred address have another use case besides load balancing? The load balancing process could be stateless if it could rely on the client shifting to the preferred address on packet #2. It seems to me that making the load balancing process stateless, especially in the anycasted CDN case, would be a big win if it could be done securely. Regards, Bill Herrin -- William Herrin ................ herrin@dirtside.com bill@herrin.us Dirtside Systems ......... Web: <http://www.dirtside.com/>
- Questions about QUIC and Anycast William Herrin
- Re: Questions about QUIC and Anycast Martin Thomson
- RE: Questions about QUIC and Anycast Lubashev, Igor
- Re: Questions about QUIC and Anycast William Herrin
- Re: Questions about QUIC and Anycast Martin Thomson