IETF Logo Mail Archive

Re: Expected Client Response to SERVER_BUSY

Töma Gavrichenkov <ximaera@gmail.com> Wed, 20 February 2019 15:38 UTC

Return-Path: <ximaera@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E16D1228B7 for <quic@ietfa.amsl.com>; Wed, 20 Feb 2019 07:38:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pnv_eipBVN-X for <quic@ietfa.amsl.com>; Wed, 20 Feb 2019 07:38:48 -0800 (PST)
Received: from mail-yw1-xc41.google.com (mail-yw1-xc41.google.com [IPv6:2607:f8b0:4864:20::c41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A80A91200D8 for <quic@ietf.org>; Wed, 20 Feb 2019 07:38:47 -0800 (PST)
Received: by mail-yw1-xc41.google.com with SMTP id u200so9349747ywu.10 for <quic@ietf.org>; Wed, 20 Feb 2019 07:38:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=x4I3MNNKANJSV7ShHAApt3FtZ8gRy36F6hrHrbrCDeU=; b=LQ0HTCnYDwivganNvWE7AA/qM1LoAWr6z2+KJI7H+awcFFKxdbWnsUnNcchjpNxGnk kV0Cvw7tEcy47aVtV4klnFYCQTDkueCjDGGb6hBTrOViiyYfgqkKBO0dkY2l0jIF2GjS VYgVAilrn7MRoTk3EUhdq7/gaDTwHGA2zWxZMNQkZjhwKVuXSEdokXmGFQGHfB29CbkO FcnXTqxJqHNwGtCpnzWKHaKqh9c+UI8x7Z5bN/WeWQzP7kPFB8k8a/7Xd8w8+ARfe19u DJVgDxk9RRkJjnocQVE5cnWXPGOS7LPAHjn4OjRNqc8v4d28Va8hkUxvE0+QCpbs15X7 rvpA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=x4I3MNNKANJSV7ShHAApt3FtZ8gRy36F6hrHrbrCDeU=; b=Cx3BJ2N2MNpmA39jKnct4floXPfR0d4tjX5SDFLzHY4rmuyS7+ACXwj/atNGan57uk 2qgY08e3gHiYaM6dGWO2bAhdqX7r2CkCg9Ndex9LeVZIitepH8eDU+uuqKgtEcZ5OWjG fkaUCgzmQzsvtv7YdpzKru/2aRLr4Sxv9r2S5WPXVbEUnq7SDdX3/5e9bqBiT+9ovvwc 99wh9/vzZUNs0etn4sEpAnWeo9O2z2sy/nLfeP5gPh2JiLSMcopIQUrzosnRVj2SegM0 6HMRbwGNnURV3646bdNBuV7DVkbT09oiWzwJf05bqjEJi70hj0zEQBGiTvFTpMG22Skg f/3A==
X-Gm-Message-State: AHQUAuYttBP/sCxmvbc5DAr/QTVN0Tc3Mt9M7U5HbewbOm/P2FhyN+4F fn0hK6FOJSMnL1QH2An6MlnVmvlv9qdBuaGTW/o=
X-Google-Smtp-Source: AHgI3IY7hAtFE6LpzHdihtQGe9utEtF0TixyYgqqGVUOLkN3X1J2eQu0fL1ysi3CZaVBP1MpDqi9E93Y9qpxi+V3n/s=
X-Received: by 2002:a81:6b09:: with SMTP id g9mr17011427ywc.255.1550677126565; Wed, 20 Feb 2019 07:38:46 -0800 (PST)
MIME-Version: 1.0
References: <CY4PR21MB0854341128C64E450E7C2DA2B37C0@CY4PR21MB0854.namprd21.prod.outlook.com> <CAKcm_gPmQiMhzfXnkEB4u+X+84bCbL8FE3Lj3ZdPPQBBu+4uPg@mail.gmail.com> <1AF7E952-4542-4C40-8652-BFFBFA61784A@trammell.ch> <CAKcm_gN11=DcV2v-JrX+Ym88D7P1Ey3rDvYomTf1seemsWDSwA@mail.gmail.com> <CY4PR21MB0854D8F7383CDF72EEDAE9FBB37D0@CY4PR21MB0854.namprd21.prod.outlook.com> <CALZ3u+Zmau+167msd9+OGcU+V00+__yLK83ByNEqvWhm7yFORg@mail.gmail.com> <CY4PR21MB0854E1E9AAF564CD8B12305CB37D0@CY4PR21MB0854.namprd21.prod.outlook.com>
In-Reply-To: <CY4PR21MB0854E1E9AAF564CD8B12305CB37D0@CY4PR21MB0854.namprd21.prod.outlook.com>
From: Töma Gavrichenkov <ximaera@gmail.com>
Date: Wed, 20 Feb 2019 07:38:28 -0800
Message-ID: <CALZ3u+b_NqyrSAkqiuXnnVVL+T0XiExPDUP5JyuzvZVaXqHtCA@mail.gmail.com>
Subject: Re: Expected Client Response to SERVER_BUSY
To: Nick Banks <nibanks@microsoft.com>
Cc: Ian Swett <ianswett@google.com>, "Brian Trammell (IETF)" <ietf@trammell.ch>, IETF QUIC WG <quic@ietf.org>, Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/EBqAPTR3_-0CEIJ7UiyABSOl0EI>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Feb 2019 15:38:50 -0000

I mean, yes, handling such a case explicitly totally makes sense. I
just wanted to point out that there's an additional use case when UDP
transmission just suddenly stops under an attack.

Note that a DDoS attack towards a QUIC server isn't the only possible
scenario, the other one being a DDoS towards a client. In the latter
scenario, given the not-so-likely-but-completely-possible case when a
newly discovered DDoS amplifying protocol would be using port 443/udp,
even selective blackholing won't help to preserve QUIC connectivity.
As a matter of fact, there's no way to handle it
transport-protocol-wise, but maybe adding a timeout-related suggestion
of a SHOULD CONSIDER style to the spec would be a good idea.

| Töma Gavrichenkov
| gpg: 2deb 97b1 0a3c 151d b67f 1ee5 00e7 94bc 4d08 9191
| mailto: ximaera@gmail.com
| fb: ximaera
| telegram: xima_era
| skype: xima_era
| tel. no: +7 916 515 49 58

On Wed, Feb 20, 2019 at 7:19 AM Nick Banks <nibanks@microsoft.com> wrote:
>
> I want to support something a bit more efficient than simple rate limiting and packet drops. The client might have relatively large timeout in that case before falling back to TCP. If possible, I want to be able to give an immediate indication that it should try to fallback.
>
> - Nick
>
> -----Original Message-----
> From: Töma Gavrichenkov <ximaera@gmail.com>
> Sent: Wednesday, February 20, 2019 7:04 AM
> To: Nick Banks <nibanks@microsoft.com>
> Cc: Ian Swett <ianswett@google.com>; Brian Trammell (IETF) <ietf@trammell.ch>; IETF QUIC WG <quic@ietf.org>; Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
> Subject: Re: Expected Client Response to SERVER_BUSY
>
> On Wed, Feb 20, 2019 at 6:50 AM Nick Banks <nibanks=40microsoft.com@dmarc.ietf.org> wrote:
> > It would be nice to have a way for the server to say “QUIC is
> > temporarily unavailable right now, please go use TCP instead.”
>
> One issue here is that under a DDoS attack an ISP would just apply selective blackholing or flow specification which would simply drop all the incoming UDP traffic to protect the last mile. Depends on the attack pattern somewhat, sometimes blackholing might be more granular, but all in all you should expect that.
>
> The only hope here is that a client would interpret response timeout in the same way as SERVER_BUSY.
>
> --
> Töma

v2.23.0 | Report a Bug | By Email