QUIC Invariants and QUIC-LB

Martin Duke <martin.h.duke@gmail.com> Wed, 20 May 2020 23:28 UTC

Return-Path: <martin.h.duke@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id F27453A090A for <quic@ietfa.amsl.com>; Wed, 20 May 2020 16:28:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id HenbY1Ta2Ili for <quic@ietfa.amsl.com>; Wed, 20 May 2020 16:28:21 -0700 (PDT)
Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com [IPv6:2607:f8b0:4864:20::d2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F33B3A0902 for <quic@ietf.org>; Wed, 20 May 2020 16:28:21 -0700 (PDT)
Received: by mail-io1-xd2b.google.com with SMTP id c16so5312623iol.3 for <quic@ietf.org>; Wed, 20 May 2020 16:28:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=Cp+fvqhd64YyZ0fWt/Vr4v2SJRottVmFC1mDss3UCC8=; b=G3l4Xd437t6EaKc8OJHq0NI4wNNksWvvRB6mEjCeIWvJ9WNI6c6zcNGgYi/ukcJwpE oXKWj/mHLgmydwgYGFLz4x135zkcuLwkwFIVK8LCX8WuhTToZjpd4R4OBBqp0ws0dM/i wnHyRqWhEiYowkoHYdMm9F5zvJov+A4zVp1GfAlkVm+7Qx1nLdl1efnqE+7+6msnAduV Iy2tCs61F2aMDHJsQYZd/T2X8Ey/zNvyJGRc5ZdWc0pkFVu/xMUTVnR/j68AgudIjMLE db9ItuZlYS6UWlJ4AKdZWt7cw95HVv8Ko1xngjA6wo8PSO4zbBeoUpxhFsQh84vtEzw3 G9fg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Cp+fvqhd64YyZ0fWt/Vr4v2SJRottVmFC1mDss3UCC8=; b=ey/XfZVfuYqH99kVhOfLzr751fzWv3wAf4ar5SKVeat9D55bRSwSdq0EBWws08ZEDa bO7CiRgkaHnvuQM91CsFR5K2IiJMgciVSZMSAQlKhlbx9zpLEMnPMPTtoJSobuFgk1O7 WAGc14TIo5Do85q/cyRgj4DGNkwKiQHG5ALjJrW6JuFBrhsK6N6EWnj9XEhB/e467fRN DBS1jbx4usqMbDDbXiIz2HSxqLrKzu6GcWIdMvacjBgOy2Y4LJvWIk52AV7fkM2skELE S5IuD7eQr5vPijrZ9SG1SD0ojVpbBIOATIonbAO/F8rNRylnor25aodjylhOrokXnJMw s3LQ==
X-Gm-Message-State: AOAM533hh+D+ZSw6HRQDtSaocg5G3ZhCIWDas9UNfZqp/uZR1XML2gXA oJ/GV54hyReoaHqBW+mhsUZWKhL06+1e6BXRfNQkGjXhYOM=
X-Google-Smtp-Source: ABdhPJy/msLCD/oW16ZZYcFd/jSn6WMnmhFKMSXjVEfcj8NdLkdXHTteCGTJh6pbz/MAJQtybT4E2Pl9zbGB3uWO4Q0=
X-Received: by 2002:a6b:d10b:: with SMTP id l11mr5459986iob.51.1590017300042; Wed, 20 May 2020 16:28:20 -0700 (PDT)
MIME-Version: 1.0
From: Martin Duke <martin.h.duke@gmail.com>
Date: Wed, 20 May 2020 16:28:09 -0700
Message-ID: <CAM4esxTW2rWTAuLfbNuLYocefoMUwUzKzUre+2brFiHC9HZZTw@mail.gmail.com>
Subject: QUIC Invariants and QUIC-LB
To: IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005b1ab805a61cc060"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/CFw7koLfIoGiwAfgdPM9NVFmPPg>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 May 2020 23:28:23 -0000

TL;DR We are trying to make QUIC-LB as independent of QUIC version as
possible, but there are a few gaps in the invariants that make that harder.
If any of these are oversights, it would be great to add it to the

A few draft versions ago we did a pass on QUIC-LB to make it truly
QUIC-version invariant, except for the Retry Services portion.

After a little more thought, I added this section to the draft:
which describes a bunch of QUIC behaviors that are not explicitly described
in the invariants draft, but that if changed might cause QUIC-LB not to be
fully robust to new versions. An obvious one is a version that described a
maximum CID length too small for some of the encodings.

A more subtle one is the handling of "non-compliant CIDs" (Sec 4). These
are CIDs that are (1) too short for the configured algorithm, (2) fail
authentication, or (3) don't map to a valid server ID. In v1, these will
only occur in the client's first flight of Initial and 0RTT packets. The
rules we have for version-independent LBs to process packets with
non-compliant CIDs are as follows:
* if a short header, drop it.
* if a long header, use any hash algorithm that will consistently get you
the same result over short time scales (i.e. a couple of RTTs, by which
time a server-generated CID will be in use)
Compliant CIDs are always processed using the decoding in the spec.

There are some assumptions baked into this advice.
(1) Short headers never contain client-generated CIDs. [QUIC-LB servers
will always provide new CIDs when given the opportunity, but a new version
could have short 0RTT headers or something]
(2) Use of client-generated DCIDs is limited to a few RTTs at most (any
more and you run the risk of the number of servers changing in this
interval, which will generally cause the hash to get a different result)
(3) There's a bunch of stuff that remains constant in the packet headers
over this short interval. I probably need to tighten up the language on
what is a suitable input for the LB's hash, but in v1 you're currently safe
using some combination of Client IP, Client Port, SCID, and DCID. If there
of these that we're willing to lock down in the invariants, I could rewrite
the guidance accordingly.

For example, if the invariants could include a statement like "A client
will use no more than one DCID that it didn't receive from the server",
that would simplify the problem space.


I'm fine with having this text in the QUIC-LB draft, if need be, but if
there are things that should be in the invariants but we didn't think about
them, that would be even better.