IETF Logo Mail Archive

Re: Hardware acceleration and packet number encryption

Jana Iyengar <jri.ietf@gmail.com> Thu, 29 March 2018 00:03 UTC

Return-Path: <jri.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29F931289B0 for <quic@ietfa.amsl.com>; Wed, 28 Mar 2018 17:03:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id omW1eyuiq6mK for <quic@ietfa.amsl.com>; Wed, 28 Mar 2018 17:03:44 -0700 (PDT)
Received: from mail-wr0-x243.google.com (mail-wr0-x243.google.com [IPv6:2a00:1450:400c:c0c::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24ABC1205F0 for <quic@ietf.org>; Wed, 28 Mar 2018 17:03:44 -0700 (PDT)
Received: by mail-wr0-x243.google.com with SMTP id m13so3780730wrj.5 for <quic@ietf.org>; Wed, 28 Mar 2018 17:03:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=9pYaGUs8erVcEW+sHphpEXWJt1VdoCyei6sAUI74+Ro=; b=IVpPoEwOePz1Do9SdTye2CZ/6VdN42kw6wM3vxacSHDu8Dgz0ypzDxk3kNvQmlPEZP LZGbPvLCdXzC5+B3BfiLQF8kjP/CNRY/IQFlDPJtFRBD/P+dtFOTz1lulJxYJx2J9TS3 +rDbI8m5ldJufHyUrwCxbzNlnSPyIPo3pl8vVvFzXEyzCSnjFG8iKRmhvSKMARDNLEXp ZAwjVD8d4Fq2d5HDKQ9q0JS4LHBf2bbskhZw5OZeg5U4b6aeS6UioA0ygdBBLpNPagGT Yqg8aMgY3DWnhMsUcbSm5EwkiIVUCj8RLzJ4VBa6cIXoCiX2Dtf4AIIloHIctVKNC67k 6mgg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=9pYaGUs8erVcEW+sHphpEXWJt1VdoCyei6sAUI74+Ro=; b=NSzi61CNv8mFW5mh4upS8TeFvKsO4GJ7sytp/FSWRSBW/Ndz0vsKwasIOn57eaVMx/ l62/vs88u4d9IphTZtC4b0xP2PmbnUhrJHQHS+FStiJ2SuHALN/IHhevK9qmp4mQIPin cIT0/SQI+hFIV/mBjsZ60LO/yBZhxCGv2hz1yFs8FTEBoalbqRwNijxNG/l30bfgISfS svcUAJ8+fjYJpb6Yo9zpJZ/FfzluY0yFrSWGdtxzhuRHV/yPLajjMIiRu6Vlt7JjQMkC 8BqAmG58LdWwHypD1XFl9sKHAh21/sVT8qpxk7AG1+2IhVcnD4i2GoCxkn0aNP+WnRf2 EQ1A==
X-Gm-Message-State: AElRT7Gf0rsemZyt6mNdT7YWw5BN7ez4w3b482cifVy9LrJLda8/eKN4 yb/B4whGwgPH7NjzyYuGHkbuK76rILMYUWBFPrp9BA==
X-Google-Smtp-Source: AIpwx4/hgPikfVBJWS2D9QJ+EG+jQQOBgqSK+FEHUgMoq098AwNtAvzFvRNB6NTa4ty96egXWEvoQPwT8MNioihL3Ts=
X-Received: by 10.223.184.188 with SMTP id i57mr4549270wrf.105.1522281822614; Wed, 28 Mar 2018 17:03:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.195.199 with HTTP; Wed, 28 Mar 2018 17:03:42 -0700 (PDT)
In-Reply-To: <d8e35569-e939-4064-9ec4-2cccfba2f341@huitema.net>
References: <7fd34142-2e14-e383-1f65-bc3ca657576c@huitema.net> <F9FCC213-62B9-437C-ADF9-1277E6090317@gmail.com> <CABcZeBM3PfPkqVxPMcWM-Noyk=M2eCFWZw2Eq-XytbHM=0T9Uw@mail.gmail.com> <CAN1APdfjuvd1eBWCYedsbpi1mx9_+Xa6VvZ3aq_Bhhc+HN67ug@mail.gmail.com> <CABcZeBMtQBwsAF85i=xHmWN3PuGRkJEci+_PjS3LDXi7NgHyYg@mail.gmail.com> <1F436ED13A22A246A59CA374CBC543998B5CCEFD@ORSMSX111.amr.corp.intel.com> <CABcZeBNfPsJtLErBn1=iGKuLjJMo=jEB5OLxDuU7FxjJv=+b=A@mail.gmail.com> <1F436ED13A22A246A59CA374CBC543998B5CDAD4@ORSMSX111.amr.corp.intel.com> <BBB8D1DE-25F8-4F3D-B274-C317848DE872@akamai.com> <CAN1APdd=47b2eXkvMg+Q_+P254xo4vo-Tu-YQu6XoUGMByO_eQ@mail.gmail.com> <CAKcm_gMpz4MpdmrHLtC8MvTf5uO9LjD915jM-i2LfpKY384O2w@mail.gmail.com> <HE1PR0702MB3611A67E764EE1C7D1644FAD84AD0@HE1PR0702MB3611.eurprd07.prod.outlook.com> <d8e35569-e939-4064-9ec4-2cccfba2f341@huitema.net>
From: Jana Iyengar <jri.ietf@gmail.com>
Date: Thu, 29 Mar 2018 01:03:42 +0100
Message-ID: <CACpbDccqKoF-Y1poHMN2cLOK9GOuvtMTPsF-QEen3b30kUo9bg@mail.gmail.com>
Subject: Re: Hardware acceleration and packet number encryption
To: Christian Huitema <huitema@huitema.net>
Cc: QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="f403045fa4c848f87e056881db7a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/GA1WFhF-mHT6yxRMH6OGuNyk128>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Mar 2018 00:03:47 -0000

A few quick thoughts as I catch up on this thread.

I spent some time last week working through a design using multiple PN
spaces, and it is quite doable. I suspect we'll head towards multiple PN
spaces as we consider multipath in the future. That said, there is
complexity (as Christian notes). This complexity may be warranted when
doing multipath in v2 or later, but I'm not convinced that this is
necessary as a design primitive for QUICv1.

We may want to creatively use the PN bits in v2, say to encode a path ID
and a PN, for multipath. We want to retain flexibility in these bits going
into v2. We've used encryption to ensure that we don't lose flexibility
elsewhere in the header, and it follows that we should use PNE to retain
flexibility in these bits as well. (Simplicity of design is the other value
in using PNE, since handling migration linkability is non-trivial without
it.)

This leaves the question of HW acceleration being at loggerheads with the
design in PR #1079. First, I expect that the primary benefit of
acceleration will be in DC environments. Yes, there are some gains to be
had in serving the public Internet as well, but I'm unconvinced that this
is the driving use case for hardware acceleration. I understand that others
may disagree with me here.

AFAIK, QUIC has not been used in DC environments yet. I expect there are
other things in the protocol that we'd want to change as we gain experience
deploying QUIC in DCs. Spinning up a new version to try QUIC within DCs is
not only appropriate, I would recommend it. This allows for rapid
iterations internally, and the experience can drive subsequent changes to
QUIC. It's what *I* would do if I was to deploy QUIC inside a DC.

So, in short, I think we should go ahead with PR# 1079. This ensures that
future versions are guaranteed the flexibility to change the PN bits for
better support of HW acceleration or multipath or what-have-you.

- jana

On Mar 26, 2018 9:41 AM, "Christian Huitema" <huitema@huitema.net> wrote:


On 3/26/2018 8:20 AM, Swindells, Thomas (Nokia - GB/Cambridge) wrote:

Looking at https://en.wikipedia.org/wiki/AES_instruction_set#Intel_and_
AMD_x86_architecture it seems to imply a large range of server, desktop and
mobile chips all have a CPU instruction set available to do AES
acceleration and other similar operations (other instruction sets are also
available).

If we are considering the AES instructions then it looks like it is (or at
least will be in the near future) a sizeable proportion of the public
internet have it to be used.


Certainly, but that's not the current debate. PR #1079 is fully compatible
with use of the AES instructions. The issue of the debate is that the
mechanism in PR #1079 required double buffering, first encrypt the payload,
then use the result of the encryption to encrypt the PN. This is not an
issue in a software implementation that can readily access all bytes of the
packet from memory, but it may be an issue in some hardware implementations
that are designed to do just one pass over the data.


-- Christian Huitema

v2.23.0 | Report a Bug | By Email