Re: handling a QUIC accept backlog

Martin Thomson <martin.thomson@gmail.com> Wed, 21 February 2018 23:50 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91080120724 for <quic@ietfa.amsl.com>; Wed, 21 Feb 2018 15:50:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cqi98lqUUZ6H for <quic@ietfa.amsl.com>; Wed, 21 Feb 2018 15:50:44 -0800 (PST)
Received: from mail-ot0-x22b.google.com (mail-ot0-x22b.google.com [IPv6:2607:f8b0:4003:c0f::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 901C91200E5 for <quic@ietf.org>; Wed, 21 Feb 2018 15:50:44 -0800 (PST)
Received: by mail-ot0-x22b.google.com with SMTP id k7so2387018otj.0 for <quic@ietf.org>; Wed, 21 Feb 2018 15:50:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=96dN6jIeYnt/mYmSEhqukualw/Mal7qBJXFKjmM+pO0=; b=rmJRFiDEr+YCovphZzBHs9ti+4rKYWgMA6wqSl4rj90aXHaO8J9WmZ4smyiua3wPQB WaFSSWoqRBvoTtAcOKw0E9bz1RvmuFc5fqsiL+PgJ7IHNXduUWmBA1F3u2/GdAFiDtFO O7OPchuemhsJOSilBJ1B3cXkMpiswNdZ8C5x3vOZn+qi9JxB/F4RMC8ndalg18mSgEGf /M+Pw6L8SRDLrxhONUzeDc19cZa0mziJe3zX7YJSyb0K7ZYkr29YKwKFqS/+Ccmtg1LF fyZFHuHMIkxX8W+b6ZWCXBtNpZKG2oh80TlJm9IRPGLlucEulYniKI5R5Jq4XnHnm4Dz M3mQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=96dN6jIeYnt/mYmSEhqukualw/Mal7qBJXFKjmM+pO0=; b=kwg6G50Delb4neYiUdPcoRZXC7rOnP+3JhTdIRyfRnewoIy5dCyZN6eFSmh81RctIo CSKcUm/wNYf3PoYgus4fjzokDT6Raxic4IayfNTSO9jW9HTcfTevaACdM+B0eDSa/DdT fGK6C069+xuAq5WocWuZTqLfmQSh29ADQoPTCs5fqT8XkkVGd0a6cgJrk4uFccBLsaQ/ fNvWyQ0k7fLAoNKDIj/NnwZ2XbWyAJooh3BIZlb65Z8/6eLXtqUAHeSuuK8OGYCHJJqW cXOQedJVFLhsNc0cFi6mafpMxW0CUjJ3FMND26GhiiW/FyBXyrY2SOya8XfyVWG+EWTy tASA==
X-Gm-Message-State: APf1xPA36bWvk3qC6J0nSpMsRrqkVUkCFeb8qJ7Y6VRSHvYkkLLWdHaz E8KTn8+gIhmBDCAOwXm00ycpna3wm3lQSpV8rgI=
X-Google-Smtp-Source: AH8x227n04LDUxknBrWgREDW611jofpu0FnV8R23RZNw66NYr05YD8gZW50oImH31Q6CDTdgYCLEJtsIUqjwXvwDgWg=
X-Received: by 10.157.0.74 with SMTP id 68mr3563421ota.392.1519257043795; Wed, 21 Feb 2018 15:50:43 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.16.85 with HTTP; Wed, 21 Feb 2018 15:50:43 -0800 (PST)
In-Reply-To: <0467B015-09FC-456D-BB6F-29B5F308C4E4@tik.ee.ethz.ch>
References: <CAOYVs2p=wdOMLxdMatoY4f=P3ZMCNOBHeg4-ep+dNJ8TRM7zEA@mail.gmail.com> <0467B015-09FC-456D-BB6F-29B5F308C4E4@tik.ee.ethz.ch>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 22 Feb 2018 10:50:43 +1100
Message-ID: <CABkgnnXAUkowNsuPQ7h=94DfcS02mHgSdSoqOFL_WG6G-2JeCw@mail.gmail.com>
Subject: Re: handling a QUIC accept backlog
To: Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
Cc: Marten Seemann <martenseemann@gmail.com>, QUIC WG <quic@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/6u064-HplohuCKLhNXS4-N2fV_4>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Feb 2018 23:50:46 -0000

Marten's question is a design one, I think.  But as an operational
practice, some additional documentation elsewhere could help.

I don't think that I had any expectation, but it seems like a good
idea to have some way that a server can signal "not now".  That
increases DoS risk (to the other discussion this week), but I think
that in terms of our agreed principle on trying to stop that sort of
attack, we shouldn't worry too much about that right now.

Dropping Initial packets works.  It's probably something to do in the
extreme case.
CONNECTION_CLOSE is probably better (better yet if we had an "I'm
overloaded" code, PR wanted).
Retry doesn't really work unless you think an extra round trip will
cool things down enough.
If you get to the point of receiving Handshake, then CONNECTION_CLOSE
is all you really have, but you probably want to avoid doing that
(because you already sunk a ton of effort into the first round of
Handshake messages).

Note that a server with too many connections can (and probably should)
use HTTP Alternative Services to shed load, but that won't necessarily
help in the short term.

On Thu, Feb 22, 2018 at 5:13 AM, Mirja Kühlewind
<mirja.kuehlewind@tik.ee.ethz.ch> wrote:
> Hi Martin,
>
> I think that could fit well in the applicability doc. If people agree, please go ahead and file an issue or a PR.
>
> As a general note, both the applicability and the manageability statements are outdated, as things are so much in move still and therefore we didn’t put effort in to sync up with every revision. As soon as things (especially around the wire image and handshake) have settle a bit more, we will do an update.
>
> Mirja
>
>
>
>> Am 21.02.2018 um 17:39 schrieb Marten Seemann <martenseemann@gmail.com>:
>>
>> When using a socket API for a QUIC server, it can happen that there are more incoming connections than the server can accepts at that moment. I imagine that a server will implement some sort of queue containing connections that have the handshake completed. Do we need any guidance on what should happen when that queue is full?
>>
>> There are multiple ways how a server could handle this situation:
>>
>>       • Drop all Initial packets.
>>       • Send a CONNECTION_CLOSE as a response to an Initial.
>>       • Reply with Retries to Initial packets, but drop Handshake packets.
>>       • Something more sophisticated?
>> Should we write anything about this in the spec, or is this something that implementations have to figure out for themselves without any guidance?
>>
>