IETF Logo Mail Archive

Re: [QUIC] Network Path Requirements for QUIC

"Matt Miller (mamille2)" <mamille2@cisco.com> Mon, 20 June 2016 16:04 UTC

Return-Path: <mamille2@cisco.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D73212D1DC for <quic@ietfa.amsl.com>; Mon, 20 Jun 2016 09:04:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.947
X-Spam-Level:
X-Spam-Status: No, score=-15.947 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1tAvIaiqSCtX for <quic@ietfa.amsl.com>; Mon, 20 Jun 2016 09:04:34 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6546F12D0CE for <quic@ietf.org>; Mon, 20 Jun 2016 09:04:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9845; q=dns/txt; s=iport; t=1466438674; x=1467648274; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=4OUKJVDmckpB5lQOB6NhIGFjDjn8lKqTCxJrHAhAetg=; b=M2VznSh67sSlSk+WrXUxzn/KGm6bvu4jZFtMkOkDOVi6NUcgw+o/AP9B wAdRTSuoK/pclf7drZtfw1nYvVEVbHeHrcwlLpQCCS9AH0KaRJijUOK4Q BUBRHL9WSA0OJosWw/3vxE2RHDmLaj5OVhntxyat97PnQ/gBlftAn2eyW k=;
X-Files: signature.asc : 496
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ABAgCqE2hX/4sNJK1dgz5WfQa6ZoF6FwuFdQKBNDgUAQEBAQEBAWUnhEsBAQEDAQEBAQsVQggBCwULAgEIDgoqAgInCyUCBAENBQ4NiA0IDrBGkDYBAQEBAQEBAQEBAQEBAQEBAQEBAQEOCQWIHoFTgQOEKoMXK4IvBYgUkGACAYMtgWqJEo8ij3YBHjaCCByBTG6JSX8BAQE
X-IronPort-AV: E=Sophos;i="5.26,499,1459814400"; d="asc'?scan'208";a="116974823"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 20 Jun 2016 16:04:26 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id u5KG4QsJ014809 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 20 Jun 2016 16:04:26 GMT
Received: from xch-aln-002.cisco.com (173.36.7.12) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Mon, 20 Jun 2016 11:04:26 -0500
Received: from xch-aln-002.cisco.com ([173.36.7.12]) by XCH-ALN-002.cisco.com ([173.36.7.12]) with mapi id 15.00.1104.009; Mon, 20 Jun 2016 11:04:26 -0500
From: "Matt Miller (mamille2)" <mamille2@cisco.com>
To: Brian Trammell <ietf@trammell.ch>, Jana Iyengar <jri@google.com>
Thread-Topic: [QUIC] Network Path Requirements for QUIC
Thread-Index: AQHRxmpT3QkIi+dpe0ejS5V80mQ1GJ/po2CAgAAH8YCAAActAIAABYCAgACvEICAAPrsAIAARVKAgADPTICAADWaAIAABwgAgAASL4CAAh+tgIACKpUAgAHSJoA=
Date: Mon, 20 Jun 2016 16:04:26 +0000
Message-ID: <40E3E4E2-322C-4B97-9F22-3FEBFE7D6039@cisco.com>
References: <D8376C9E-FD28-4FE3-B40A-D2BD58D2B4B7@cisco.com> <9D5D60A1-869C-495A-8C2A-7BEAAE93D2B3@cisco.com> <DM2PR0301MB0655F1B2DC19EC23BEA36BE4A8540@DM2PR0301MB0655.namprd03.prod.outlook.com> <D96C08FC-916F-4130-9FEE-114264CA5FDA@cisco.com> <CA+9kkMDm0UYq71LVWRG9jFRy2Be-gmF16jvONusZNBhuDew0WQ@mail.gmail.com> <A61CC0ED-5FA5-47C9-AA3B-B3D429D7CA20@cisco.com> <CAGD1bZYSpXVoyUJwd=3oNVxRk1Agc=jjJiEr2wuH18FHhsx9hg@mail.gmail.com> <B9E3E345-235D-476C-8079-4E5AB0564A9E@cisco.com> <CAGD1bZa1DODT4hSOogeVLwd_vc__ydX82tcTTRqA3fhSMPuDOA@mail.gmail.com> <DC0D9145-DB82-462B-B765-AA6245E6050B@cisco.com> <CY1PR0301MB06492D878878FA2D71803B67A8560@CY1PR0301MB0649.namprd03.prod.outlook.com> <36A34F1E-7673-4A5D-9263-DCE246276C85@cisco.com> <AA57AD2E-6634-4460-8D78-09482DD6C5B0@trammell.ch> <CAGD1bZZ=hAY=dy0w=Y=aCdg11vcfvrkeJ2iVAxSPX4PnZKYzvw@mail.gmail.com> <785139E5-B347-4B4E-AD62-C44F2D67BE06@trammell.ch>
In-Reply-To: <785139E5-B347-4B4E-AD62-C44F2D67BE06@trammell.ch>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-pgp-agent: GPGMail 2.6b2
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.129.24.65]
Content-Type: multipart/signed; boundary="Apple-Mail=_AB6B548F-214E-4E41-BCE9-32E73C7DF4E0"; protocol="application/pgp-signature"; micalg="pgp-sha512"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/4o39I02OgKvNRcZHJvBxAE0Jv2s>
Cc: Christian Huitema <huitema@microsoft.com>, "quic@ietf.org" <quic@ietf.org>, "Joe Hildebrand (jhildebr)" <jhildebr@cisco.com>
Subject: Re: [QUIC] Network Path Requirements for QUIC
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list to discuss QUIC standardization <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jun 2016 16:04:36 -0000

To me it's clear this discussion needs to continue to happen, and needs to be in scope for the proposed WG.  To that end, I think Brian's suggested text does that and ought to be adopted.


--
- m&m

Matt Miller
Cisco Systems, Inc.

> On Jun 19, 2016, at 06:16, Brian Trammell <ietf@trammell.ch> wrote:
> 
> hi Jana,
> 
> (hatless, inline)
> 
>> On 18 Jun 2016, at 05:11, Jana Iyengar <jri@google.com> wrote:
>> 
>> 
>> Given that, would the following change to the charter (adding one sentence to the paragraph for focus area one) be acceptable?
>> 
>> OLD:
>> 
>> The first of these is the core transport work, which will describe the wire format, along with the mechanisms for connection establishment, stream multiplexing, data reliability, loss detection and recovery, congestion control, version negotiation, and options negotiation. Work on congestion control will describe use of an existing congestion controller as a default scheme for QUIC. QUIC is expected to support rapid iterability and experimentation, and this work will describe a versioning process that enables distributed experimentation with QUIC.
>> 
>> NEW:
>> 
>> The first of these is the core transport work, which will describe the wire format, along with the mechanisms for connection establishment, stream multiplexing, data reliability, loss detection and recovery, congestion control, version negotiation, and options negotiation. This work will consider deployability, manageability and diagnosability of the wire format, including how the wire format will be processed by devices on path. Work on congestion control will describe use of an existing congestion controller as a default scheme for QUIC. QUIC is expected to support rapid iterability and experimentation, and this work will describe a versioning process that enables distributed experimentation with QUIC.
>> 
>> 
>> Indeed, I would hope that manageability and diagnosability -- which includes enabling firewalls to keep state, and making it possible to differentiate attack traffic -- are requirements for any IETF transport protocol going forward.
>> 
>> I'm fine with adding this text. That said, I don't think this requirement that you mention for any IETF transport is clear. What state are we talking about?
> 
> The *bare minimum* here is perhaps best called "connection establishable": (1) what current practice (ab)uses SYN/ACK to mean (the server decided a given connection request was OK enough to continue) and (2) some indication that the entity that sent the first packet on an n-tuple can actually receive traffic on the source address it gave, roughly equivalent to the third ACK leg of the TCP 3WHS.
> 
> We should have a longer discussion about how much more state might be useful in the WG; that's what I hope to accomplish with my charter text proposal. But without at least this much being visible to on-path devices, QUIC will be largely incompatible with TCP-centric network management practice, which I'm afraid will come with negative consequences for deployment.
> 
>> I don't know of a clear definition of "attack traffic",
> 
> Heh. If I knew of one of *those*, that was always network visible and didn't rely on the evil bit, I'd be in a different business. :) But I think there are some basic signals a transport protocol can radiate toward devices on the path that makes it possible for such devices to reduce such traffic, as above.
> 
> Cheers,
> 
> Brian
> 
>> though I very much agree that network operators have to deal with this problem for UDP. Without concrete requirements, it's hard to define a solution in the transport.
>> 
>> - jana
>> 
>> The discussion below, I think, needs to happen in the WG. General guidance here can come from PLUS (and indeed, I see a lot of points raised in the SPUD-derived requirements document draft-trammell-spud-req in Joe's list below), but the detailed evaluation of these aspects of how the protocol will interact with devices on path in the specific case of QUIC are a matter for QUIC. I believe the suggestion above allows that work to happen.
>> 
>> 
>> Cheers,
>> 
>> Brian
>> 
>> 
>>>> I heard two common requirements, "marking the beginning and end of a flow," because that helps firewalls and load balancers manage resource, and "assessing consent," because that helps differentiating between regular traffic and attack traffic. Is there more?
>>> 
>>> If you want the processing to be efficient (and not ossify something unintended), being able to separate QUIC traffic from non-QUIC UDP traffic easily would be useful.  Otherwise, path devices are likely to grab whatever version number they see as the discriminant.
>>> 
>>> If “marking the beginning of a flow” also includes being able to tell easily which side intended to initiate the conversation, then that’s fine.
>>> 
>>> The protocol needs to ensure that a path element can associate further traffic on a QUIC connection with the beginning of the flow.
>>> 
>>> There probably needs to be recommendations for time-outs, particularly around the end of the flow.
>>> 
>>> The protocol doc needs to describe what happens with associated ICMP.
>>> 
>>> The protocol needs to say what happens when a network or host receives a QUIC packet it wasn’t expecting.
>>> 
>>> We need to think about return routability.
>>> 
>>> The protocol needs to keep in mind that state will be generated in the network, so that as we add multi-path extensions (for example), we don’t just start sending traffic on a new path without first starting a new flow.
>>> 
>>> It is possible that we might want to describe what a load balancer should do when it drops QUIC state due to a timeout (or when it is *about* to drop state).  We might want it to send a hint to one or both of the endpoints, to avoid having to diagnose mid-stream black holes.  Some load TCP load balancers send RSTs in both directions in this case, for example.
>>> 
>>> We should analyze the known attacks on TCP (at least) to ensure that QUIC is not immediately vulnerable to the sorts of things we’ve already fixed over the last 40 years.
>>> 
>>> There are probably a couple of others, and I’m open to modifying the list as people see fit.  Alternately, if we can find a way to describe these kind of discussions in a way that does not bring in the explicit path communication bits that we explored in SPUD, I think the charter would be easier to understand.
>>> 
>>>>> QUIC will not be able to be deployed on some networks, such as the
>>>>> one I'm on right now, unless we describe the changes that are necessary
>>>>> for the network devices that are currently blocking it.
>>>> 
>>>> There are such networks. But there also are networks today that block outgoing TCP connections, because of some policy considerations. We don't change TCP for that. We simply accept that these networks are making a tradeoff. They care so much about some of their policies that they are willing to forego some of the value of the Internet. That's probably fine. Over time, the cost/advantage balance of the tradeoff will change, and the policies will probably evolve.
>>> 
>>> Are you saying that people will want QUIC so much that they will open their firewalls up to all UDP traffic in both directions?  Or that the terrible timing-based heuristics we have for generic UDP will be enough for a large enterprise?  Or that the current protocol description, without discussion and analysis, should be presumed to be perfect in this regard?
>>> 
>>> For once, we have a chance to do some thoughtful engineering before a protocol is fully specified to consider how it will be deployed, baking decades of learning into the design.  I think the approach that the TLS working group has been doing on TLS 1.3 to consider attack vectors, backward-compatibility, etc. is a model for what is needed from a protocol of QUIC’s potential impact.
>>> 
>>> --
>>> Joe Hildebrand
>>> 
>>> _______________________________________________
>>> QUIC mailing list
>>> QUIC@ietf.org
>>> https://www.ietf.org/mailman/listinfo/quic
>> 
>> 
>> _______________________________________________
>> QUIC mailing list
>> QUIC@ietf.org
>> https://www.ietf.org/mailman/listinfo/quic
>> 
>> 
> 
> _______________________________________________
> QUIC mailing list
> QUIC@ietf.org
> https://www.ietf.org/mailman/listinfo/quic

v2.23.0 | Report a Bug | By Email