IETF Logo Mail Archive

Re: a proposed way forward was Re: Spin bit decision

Kazuho Oku <kazuhooku@gmail.com> Wed, 03 October 2018 13:32 UTC

Return-Path: <kazuhooku@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1A1A131270 for <quic@ietfa.amsl.com>; Wed, 3 Oct 2018 06:32:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oT12fsMTPEFk for <quic@ietfa.amsl.com>; Wed, 3 Oct 2018 06:32:21 -0700 (PDT)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21CD9131288 for <quic@ietf.org>; Wed, 3 Oct 2018 06:32:21 -0700 (PDT)
Received: by mail-lj1-x233.google.com with SMTP id 203-v6so5082212ljj.13 for <quic@ietf.org>; Wed, 03 Oct 2018 06:32:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=7c7zO6JAGDZaNLWq24+c/Jt3sM0VoiBm9JmhK3vf5nU=; b=am9J3kiEIEzC/tcynzdsZq3ghqndE0N2tEjbPAGcnbXcwlC856dc5SmGJUR2Gq4rkS q2zLUxFCMS32tHZLIDaMBW9vc3McLa4TVG53oRluBK2eigkYuJTDQPOwz430VRcFbzCl H8CBtGdvTwvQbuTXmjHWRIogmkWGaeCgn9bfYHxGWK4rSpKjs0fby7Hp9m7Rvo8LYz3N OEqERixdyGcbp9kg38cM8GlA2XMmrHYt+D26kpzhcjJLQQD3soBvXWEoStkgmL+CX57S vAi8NLRs0PbMe/T0nJCvtZXPi3b5NEZS7O7rlQ/O4IPXhBzi3Ph1+Rr4BAOKK9jPKle4 k9vw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=7c7zO6JAGDZaNLWq24+c/Jt3sM0VoiBm9JmhK3vf5nU=; b=fCC+aSP3jzKKYHGvFZ4sRSkV72M9XouiFxfPFOqrhJBup4cBCOJ9uZEL5/1DkkYYZY L6tsCfpkrG9JnSA5OBfQoAqT3OQxVE2O3BxSu1i+CRkXxXHZ9thEJ3uPFNDXJJjFziz0 YhovWB8vj0jGNLZ5kVV/U32nojmiIctP5p98WotGT0mYHjHwrNyYl+Z1f4HMDXCb9ic/ dqdGd1CDQdb/qDOYPCsIjk2Qv3t5n75p5MrtA4Yux3XL1hL/gBI/cSyx3ubQyD4IERTn laELyRbPdx/M+VEeFYGByNFHg8BeF6bOl1+deXhBUqW7s9J2P4JPfpVSPN2ltu66ZesO 4uTg==
X-Gm-Message-State: ABuFfohKRLb3p9gvmagwT+iAZTuXyY9IjZk5ajxcBCPCkc26w4p0LmAS VU8Jk/QWX4KIqLWM6IA1MI6x3ooC7teG5qN70XI=
X-Google-Smtp-Source: ACcGV63/Lrj8rJiO6ajDhm8E+gX9r6qdlD4XZ+rotsAXH8wGFwn9z0X8bv7Bx+1NA1dwRWnodOXMf4pls9Tuk42G6CI=
X-Received: by 2002:a2e:350e:: with SMTP id z14-v6mr1155099ljz.49.1538573539107; Wed, 03 Oct 2018 06:32:19 -0700 (PDT)
MIME-Version: 1.0
References: <14531_1538460420_5BB30B04_14531_237_4_c0f3a391-9897-80b0-575b-aa73edad0d52@orange.com> <9A63F295-5DC5-4992-9A9C-A98F72C8430D@eggert.org> <22440_1538469028_5BB32CA4_22440_292_2_8e00a462-2bbf-acf0-1195-74269a0c2fbd@orange.com> <3E3DBC15-FE42-47CF-AF7A-1F2597ED2390@eggert.org> <24019_1538484216_5BB367F8_24019_26_1_8e6b0d8e-78f0-56c7-e731-da2ff22cb194@orange.com> <08A9C80F-59E6-46EE-A4D4-1F78F5085CF7@eggert.org> <9737_1538485723_5BB36DDB_9737_147_1_82e0e028-b0e8-5e09-7bd5-e66db97c556a@orange.com> <E7479831-9594-444E-9545-A162E8D9B154@eggert.org> <32072_1538492813_5BB3898D_32072_266_1_8380ff40-29fe-269b-8ed7-4331c9e53f4d@orange.com> <MWHPR22MB0991D93D706031603B077BFCDAE80@MWHPR22MB0991.namprd22.prod.outlook.com> <CAKcm_gM+zAEwfimHsorsWprJgS7O++85EOjpQoNY0LviaQ+KNQ@mail.gmail.com> <45751C2A-9F6C-4447-8D70-11ABE8C07F8D@trammell.ch> <CANatvzzCvmbu=bN1C-UCzNaT6EUPVCMPwY53wyFNkKa4HQT00g@mail.gmail.com> <E32A1E8D-0FD7-47F3-B026-10D46E201D54@trammell.ch>
In-Reply-To: <E32A1E8D-0FD7-47F3-B026-10D46E201D54@trammell.ch>
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Wed, 03 Oct 2018 22:32:06 +0900
Message-ID: <CANatvzwrqcH6JZjaG=gtD3CCoPphkhx8RgRzkAKb2oKBJ9QU-w@mail.gmail.com>
Subject: Re: a proposed way forward was Re: Spin bit decision
To: Brian Trammell <ietf@trammell.ch>
Cc: Ian Swett <ianswett=40google.com@dmarc.ietf.org>, Lars Eggert <lars@eggert.org>, IETF QUIC WG <quic@ietf.org>, Mike Bishop <mbishop@evequefou.be>, Lili Peaudchien <alexandre.ferrieux@orange.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/F3W9r-kZqcJFgSCYyeBk5c8ySac>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Oct 2018 13:32:25 -0000

2018年10月3日(水) 16:58 Brian Trammell (IETF) <ietf@trammell.ch>:
>
> hi Kazuho,
>
> > On 3 Oct 2018, at 01:31, Kazuho Oku <kazuhooku@gmail.com> wrote:
> >
> > 2018年10月3日(水) 6:11 Brian Trammell (IETF) <ietf@trammell.ch>:
> >>
> >> hi Ian, all,
> >>
> >> Perhaps we can exploit the asymmetry inherent in QUIC (there are servers and clients), the spin bit (the server reflects, the client inverts), and the desire to participate or not (ISTM that most of the discussion we've had about opting out have focused on client opt-out, based either on the principle of the thing and/or a suspicion that the signal is useless) to resolve this discussion.
> >>
> >>
> >> A proposal:
> >>
> >> 1. Servers MUST reflect the spin value. Clients MAY treat an unambiguously detected non-reflected bit as a protocol error.
> >
> > I oppose to using MUST for the server, because some *servers* might
> > not be willing to expose the path RTT, for example when it is running
> > hidden behind a UDP proxy.
>
> s/MUST/SHOULD, unless.../ is an acceptable change, as long as we have a nice tight box around the unless.

My current thinking is that I would not oppose to having a simple
"SHOULD", which is IMO stronger than SHOULD with exceptions.

Regarding the "unless..." clause, I think all we can state is the
general rule; i.e. that an endpoint not willing to expose RTT needs to
opt-out from using spin bit. We could provide some examples of cases
where opting-out is desirable, but I do not think we could come up
with an exhaustive list of the cases.

> The tradeoff is that every caveat we put on the server-side reduces server-side deployment, which reduces the chances that a cooperating server and a cooperating client meet up.

I agree. Generally speaking, I think it is a good idea to specify a
tool that network operators can use for troubleshooting. And spin bit
looks simple enough to implement. Even for a person like me who does
not place Spin bit a high priority in his/her ToDo list, it is good to
have a mechanism that the person can run for help when facing trouble.

>
> I'm also quite sympathetic to Marten's argument that "server" and "client" are more arbitrary in P2P situations. However, the asymmetry of the spinbit is pretty far down the list of asymmetries (stream handling, handshake, TLS certs, etc) that I'd want to see optionally addressed in a QUIC version i2 (is this the terminology we're using now?)
>
> Backing off the MUST for now for such situations is IMO a good tradeoff, though, especially since we only need fractions of a percent of deployment to start seeing useful signal for baseline/anomaly measurement of large aggregates.
>
> > I also do not think that maintaining the spin-bit for each
> > "connection" works. My understanding is that it should be per-5-tuple
> > because multiple QUIC connections can be coalesced onto single UDP
> > port on both sides, and because it is impossible for an observer to
> > track the pair of CIDs identifying the same connection across CID
> > changes.
>
> Well, it should be per 5-tuple, but it should also change when CIDs change. Dumping state on any CID change is the easiest way I know to break linkability, and the most obvious way to do this when you have CID concurrency is to keep state per CID.

I am not sure if you need to dump the spin bit state when changing
CID, because it would be obvious to the observer that a flow (that
consists of multiple connections) continue running on the same
5-tuple.

As I have stated in my previous mail and on the GH issue, it is
practical for an observer to assume that QUIC connections sharing one
5-tuple are between two machines, even in case NAT or UDP proxy is
involved. That means that RTT does not change across CID changes, and
therefore to me it seems that resetting the spin bit state is
unnecessary.

Regarding breaking linkability when coalescing multiple QUIC
connections, my understanding is that the practical method is to
change CID for all the connections at once. Doing so would hide each
connection behind the anonymity set of N connections where N is the
number of connections being coalesced. I think that is the most we can
achieve.

>
> That might be too far into the implementation weeds for the spec though... the language needs to be clear (and clearer than in my initial proposal, which is one reason that's a list message and not a PR ;) )
>
> > I have opened https://github.com/quicwg/base-drafts/issues/1828 to
> > track the issue.
>
> Thanks, will follow discussion there as well.
>
> Cheers,
>
> Brian
>
>
> >
> >> 2a. Clients SHOULD invert the spin value, unless [EDNOTE: someone other than me should write convincing reasons for non-implementation here], or the client has been configured not to spin, or to use some other client behavior.
> >>
> >> -OR-
> >>
> >> 2b. Clients set the spin bit value as they see fit, provided that this behavior is consistent per connection ID. In order to provide RTT information to the path, clients MAY invert the spin value (per reference to a separate RFC that looks a lot like draft-tsvwg-quic=spin, to be published by QUIC, TSVWG, or IPPM).
> >>
> >> 3. Servers and clients MUST NOT expose spin state from one Connection ID to another Connection ID.
> >>
> >>
> >> 1 is intended to drive deployment through server defaults. Yes, one can argue that the protocol error here is artificial (and the proposal explicitly acknowledges that through the client MAY error out), but the client can always opt out by clamping to a random value per CID.
> >>
> >> The 2a variant is essentially a 2119-compliant way of saying "we'd really like it if you implemented the spin bit", leaving the question of client defaults (opt in versus opt out) up to the client implementors.
> >>
> >> The 2b variant is designed to allow for future or parallel client-side behaviors other than spinning to support different measurement goals. For example, using the adaptive square wave proposed for on-path loss measurement (by either Mikkel or Kazuho, I believe) at the client with server reflection would allow accumulation of loss on the upstream as well as the downstream path, as well as upstream (toward the server) RTT measurement. Obviously, the set of these deployed in the wild would have to be kept small in order to allow a measurement device to heuristically determine which signal was in use given a spinbit stream.
> >>
> >> 3 prevents spin state from leaking across CIDs, reducing the (already tiny but nonzero) linkability surface.
> >>
> >> (Obviously, the above needs wordsmithing, but these are the broad lines.)
> >>
> >> Cheers,
> >>
> >> Brian
> >>
> >>> On 2 Oct 2018, at 19:13, Ian Swett <ianswett=40google.com@dmarc.ietf.org> wrote:
> >>>
> >>> One piece of information related to the above discussion is whether detecting who is and is not spinning is easy and reliable.
> >>>
> >>> One of my concerns is unintentional mis-use of the signal, and if it can't be detected reliably in a mixed environment, that means SHOULD is unwise and argues for either not including it or making it a MUST.
> >>>
> >>> On Tue, Oct 2, 2018 at 12:51 PM Mike Bishop <mbishop@evequefou.be> wrote:
> >>> I don’t think it’s a grim view, I think it’s a pragmatic view.  Our role is to specify the things which are fundamental to the protocol and have to happen for peers to interoperate.  Mis-using normative language for other things is an abuse of the process -- that's kind of the point of RFC 6919.
> >>>
> >>>
> >>>
> >>> RFC 2119 says:
> >>>
> >>> In particular, [normative language] MUST only be used where it is actually required for interoperation or to limit behavior which has potential for causing harm (e.g., limiting retransmisssions)  For example, they must not be used to try to impose a particular method on implementors where the method is not required for interoperability.
> >>>
> >>>
> >>>
> >>> Given that the spin bit is not “actually required for interoperation,” but is the very definition of “try to impose a particular method on implementors,” I’d say that RFC 2119 imperatives are unwarranted.
> >>>
> >>>
> >>>
> >>> -----Original Message-----
> >>> From: QUIC <quic-bounces@ietf.org> On Behalf Of alexandre.ferrieux@orange.com
> >>> Sent: Tuesday, October 2, 2018 8:05 AM
> >>> To: Lars Eggert <lars@eggert.org>
> >>> Cc: IETF QUIC WG <quic@ietf.org>
> >>> Subject: Re: Spin bit decision
> >>>
> >>>
> >>>
> >>> On 10/02/18 16:00, Lars Eggert wrote:
> >>>
> >>>>
> >>>
> >>>> The point I can't seem to be getting across is that irrespective of
> >>>
> >>>> what the WG decides to require, there is no penalty for individual
> >>>
> >>>> stacks at deployment time (or after) to do whatever they wish, since
> >>>
> >>>> the spin bit by design has no impact on protocol operation and interop.
> >>>
> >>>
> >>>
> >>> It is getting across, but it is a very grim view of the standardization process itself. Are there many examples of MUST in RFCs that turned out to be ignored by implementations just because they were not part of the core semantics and hence not enforced by other peers ?
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> _________________________________________________________________________________________________________________________
> >>>
> >>>
> >>>
> >>> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
> >>>
> >>>
> >>>
> >>> This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation.
> >>>
> >>> If you have received this email in error, please notify the sender and delete this message and its attachments.
> >>>
> >>> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> >>>
> >>> Thank you.
> >>>
> >>>
> >>>
> >>
> >
> >
> > --
> > Kazuho Oku
>


-- 
Kazuho Oku

v2.23.0 | Report a Bug | By Email