IETF Logo Mail Archive

Re: What to do about multipath in QUIC

Yanmei Liu <healing4d@gmail.com> Sun, 15 November 2020 23:25 UTC

Return-Path: <healing4d@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A64D23A1080 for <quic@ietfa.amsl.com>; Sun, 15 Nov 2020 15:25:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6oRJtB23wURd for <quic@ietfa.amsl.com>; Sun, 15 Nov 2020 15:25:04 -0800 (PST)
Received: from mail-oi1-x232.google.com (mail-oi1-x232.google.com [IPv6:2607:f8b0:4864:20::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87C093A107D for <quic@ietf.org>; Sun, 15 Nov 2020 15:25:04 -0800 (PST)
Received: by mail-oi1-x232.google.com with SMTP id m13so16924824oih.8 for <quic@ietf.org>; Sun, 15 Nov 2020 15:25:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=nV4r7uqwN3/ZiJkrNTKqxuj9ZJ+WdULv55cEIXn0RN0=; b=Z/SqcPypIh/WaScfKl3IspuHMWGz8hEWQOrO62vVuwvWfk6ILvofBdwGunwt0m8j1/ 4t9PZeRvctucfr+h1PvjjlFH/n2xiWoxJ4R4fE4fL0o6C1E6thxzevHfrnND5fzj4c3D IA+rcNqH9UFlWRv4K6vd0ZNs782HQt9hHW/in7nraZt1at77Yyh/TOgVW+qBIKMBjWIC HIdtZYsUwYGdxdxvpgTMyX1DIOffd/KJy/Jk4p4lG5Uj1M5hUKkW5Vn6BdYwjW9skCQe B1N7YxnjfYNzpm5eTZWA+5shGFzxazqnFMNfp0jGWA1AGJw4BznoDrwTK0shDbS4X8nS fMqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=nV4r7uqwN3/ZiJkrNTKqxuj9ZJ+WdULv55cEIXn0RN0=; b=uDXPE8NGe+zwOTOx4AnV3YqW77T6ZqgDeIJpPWcfo4G99eOGgT21chxsR8FPDUrBWo +f6yUm4LJPMYzKu8Jfh8MAN2/aXQl7FRoL2jqnL9kUiHcQk9ouVJNjUSrJZT7la1wRbT yGdTtW+tsNtcRWIr7i/fA+cWdtuu6u01BHnd8CB4Xm522VI7jodjRJznIdUMGendpSgZ KgZePV8n2WB3x66Rcl4Mlp3FNSSuU3zXZIe1po3RUzdBJN4S1VOWWaeV2YiPQjmFRHjT 11NyC3T4hB/AazAlicJEHiSSLmw94ilxUDTcoeNbsiWSwHR+hfCZ9V8Dl7rW3xlW93Oq P92g==
X-Gm-Message-State: AOAM533+Cny3ivlWhi+DnT+B5okNsU8ndk1pOWFOx2kPosagnqwTJqcb qz6/4x+K3j5F/hoYv5eobGY85KUzHsG3mG4aVtg=
X-Google-Smtp-Source: ABdhPJwWuFm4sewlUeCWyBpqIWxJHJxbCQ2SgloxK3T+jB7MJVkgaHfy9IxaAfmKDJY4KFmUN4jWdbxviOYTebjDzMU=
X-Received: by 2002:aca:ac8c:: with SMTP id v134mr8329231oie.128.1605482703773; Sun, 15 Nov 2020 15:25:03 -0800 (PST)
MIME-Version: 1.0
References: <538215d1-3b9e-4784-920d-03be4c3a503a.miaoji.lym@alibaba-inc.com> <CAN1APddB4JDo281L0USsU7FSiQxRNi-LaB8ZS0a9kLAgeNJwrw@mail.gmail.com> <54510017-fa91-555f-0219-0859d6686b74@huitema.net>
In-Reply-To: <54510017-fa91-555f-0219-0859d6686b74@huitema.net>
From: Yanmei Liu <healing4d@gmail.com>
Date: Mon, 16 Nov 2020 07:24:52 +0800
Message-ID: <CAMDWRAaSeC9Yd1DqzM9o5_CS5Kct0aNS_LUzty5YPO_5fBf4qw@mail.gmail.com>
Subject: Re: What to do about multipath in QUIC
To: Christian Huitema <huitema@huitema.net>
Cc: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>, Yanmei Liu <miaoji.lym@alibaba-inc.com>, quic <quic@ietf.org>, "Ma, Yunfei" <yunfei.ma@alibaba-inc.com>, "安勍(莳逸)" <anqing.aq@alibaba-inc.com>, "Liu, Hongqiang(洪强)" <hongqiang.liu@alibaba-inc.com>
Content-Type: multipart/alternative; boundary="00000000000040647905b42d926e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/9fpYJC3jmhmRYLE7Kw7jlJ9q9cA>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Nov 2020 23:25:07 -0000

Hi Christian and Lucas,

Thanks a lot for the advice :-)

> The use of AEAD is only safe if the same packet number is not reused
twice with the same key. If we use multiple packet number contexts, AEAD is
only safe if these contexts use different encryption keys. This requires
adding a key derivation procedure for the "sub connection", and also adding
ways to identify the relevant key in the incoming packets. This gets
complicated very quickly, especially if we want to keep the possibility of
using zero-length connection identifiers on the client side.
> I use a concept very similar to the sub-connection, but only as a way to
manipulate paths, so the client can instruct the server when paths ought to
be abandoned. Otherwise, I just keep track of which PN maps to which path.

We have tried to use the same packet number space in all the paths (or
sub-connections) before, and have found that it brought much complexity in
implementation for loss recovery.
In the meanwhile, the AEAD security problem mentioned above should be
solved. Another way to solve this problem is using different keys in
different paths, but it also brings much complexity in key derivation as
you have mentioned.

We have found a third solution in
https://tools.ietf.org/id/draft-huitema-quic-mpath-req-01.txt : create
nonces by mixing the IV with both the path specific connection ID and the
packet sequence number.
If we can mix Destination Connection ID in for each packet's AEAD nonce,
then it will be safe to use the same key in all the paths with different
packet number spaces.
But since QUIC-TLS has been in the last-call period, would it be able to
add this modification into QUIC-TLS?


Thanks,
Yanmei




On Fri, 13 Nov 2020 at 01:04, Christian Huitema <huitema@huitema.net> wrote:

>
> On 11/12/2020 3:10 AM, Mikkel Fahnøe Jørgensen wrote:
>
>   1. We think QUICv1 has already laid down the foundation to build a general-purpose multi-path since migration can be viewed as a special type of multi-path. Therefore, we think one should reuse the design of migration in QUIC-v1 as much as possible, along with the features such as PATH_CHALLENGE/PATH_RESPONSE for path challenge and address validation, and NEW_CONNECTION_ID/RETIRE_CONNECTION_ID for CID renegotiation of new path(which is called Sub-connection in our draft). Reusing these features of QUIC-v1 with small extensions has enabled us to get general-purpose multi-path features with very little efforts in
> Alibaba’s XQUIC(an implementation of QUIC-v1).
>
> Yes. That's a major investment in QUIC V1, and we should keep it.
>
>   2. We find that the simplest way to add a second path is to use a sub-connection. The concept of sub-connection is directly inherited from connection in QUIC-transport, defined as the logic session of each physical path. Similar to a connection, each sub-connection has its own packet number space for the purpose of loss detection and recovery.
>
>
> I did not want to do that in my own draft for a couple of reasons. The
> main one is the interaction with encryption.
>
> The use of AEAD is only safe if the same packet number is not reused twice
> with the same key. If we use multiple packet number contexts, AEAD is only
> safe if these contexts use different encryption keys. This requires adding
> a key derivation procedure for the "sub connection", and also adding ways
> to identify the relevant key in the incoming packets. This gets complicated
> very quickly, especially if we want to keep the possibility of using
> zero-length connection identifiers on the client side.
>
> I use a concept very similar to the sub-connection, but only as a way to
> manipulate paths, so the client can instruct the server when paths ought to
> be abandoned. Otherwise, I just keep track of which PN maps to which path.
>
>
>   3. To merge the gap between migration and the general-purpose multi-path, several new features need to be supported:
>   - (1) how to manage the lifecycles of individual sub-connections.
>   - (2) how to distinguish packets coming from different sub-connections.
>   - (3) how to co-operate with a multi-path scheduler.
>
> We would appreciate hearing any thoughts, comments and suggestions.
>
>
> I think we need more work on the "multi-path scheduler". We have heard of
> three application scenarios: maintaining the lowest RTT when sending voice
> segments (Apple Siri), avoiding buffering delays when playing music (Apple
> Music), and using two available links with equal preference (Ali Baba "high
> speed train"). I wish that we could distillate that into a couple of simple
> concepts.
>
> -- Christian Huitema
>
>

v2.23.0 | Report a Bug | By Email