Re: QUIC idle timeouts and path idle timeouts

Dan Wing <danwing@gmail.com> Wed, 24 July 2024 21:30 UTC

Return-Path: <danwing@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6352C151540 for <quic@ietfa.amsl.com>; Wed, 24 Jul 2024 14:30:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zWYe3OXf9GxJ for <quic@ietfa.amsl.com>; Wed, 24 Jul 2024 14:30:19 -0700 (PDT)
Received: from mail-pg1-x529.google.com (mail-pg1-x529.google.com [IPv6:2607:f8b0:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D72FC14F6A3 for <quic@ietf.org>; Wed, 24 Jul 2024 14:30:19 -0700 (PDT)
Received: by mail-pg1-x529.google.com with SMTP id 41be03b00d2f7-6c5bcb8e8edso188401a12.2 for <quic@ietf.org>; Wed, 24 Jul 2024 14:30:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721856618; x=1722461418; darn=ietf.org; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=3ub4oj52ZvfmJTMnP0IO+58iCqL5IDwJ+LANhgYgsQg=; b=Xzoc9ZZfsKchgQ5fcSqQ0gwixieV2mRAI2ovDF44nIKOnUXzutkhCluTDb0C5ITu+V DPJA2g0ZaQNLJnfwZMmc/lh8+/4qrZbxnZMs4IaQfKWdx8sM7wOs8rdYjadLGYRRZI32 /8R3Pd42w9phUOVN6NubrsOGb6WGKyx0MvcirXVStw5jivnrOeJkFIpPOmM2jd/7W0Fu nJTnf3brV2xFxIJLs9oIhwe08U+LCNUIH+Wn9lJ2zXnsVX57qfR7ZxVH7TGok76YvUlc 5V1fRVsHZx7R1QWs6Xkfb8m+qTcsV5rGMyA4PxF4g6ne/ZP0y13TLdEpwq2L6Al99u6s crHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721856618; x=1722461418; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=3ub4oj52ZvfmJTMnP0IO+58iCqL5IDwJ+LANhgYgsQg=; b=QbgD05JGgKwH2kZwe1D5YNycHGEpcRNk50Lqe4NltRQ1iqXzBrK4fFqHxU9qVcn/tX JU9pM7M9LWd91x6QrUl1BHgBmCh01AuiogRjkUFu8j9px9zY7QLgf2r7/SSMWTvuqjFt V1ogLS3OlmZmNaK9NM82b2wNMSWmkEU54GmOcnRLrxGbROmAkw5HmGJL2PpLxSd0fYfm TzH9Zz+3HmjvCxKuy2DrFMp03y+7D48kU1JQ8RC7UiwepKxMG0AaX/H2v4/gigSXaamS XzaVMhqDoWFMH/R0Oe3GjMc/78yQxxxeDjqwHwUQJQKutSYsD3XmiY70HKFce4jQWiTg TBSw==
X-Gm-Message-State: AOJu0YzmsfZKqiNzB91VFWtVIR961p70VJZRs/neYiAfl7IGpG4aKnkE gMqtGS7lXq5ugkTpDUHR/nVpQXIix+TkXz0wwm/ITwl5fHWlXRRll3lGlw==
X-Google-Smtp-Source: AGHT+IFAF9VchG+IMsWs6BZFwdmzocDHc027wTDKauZWHo2/XC/JXQ19hmtsFQMugAPd2lzHX1Ev5Q==
X-Received: by 2002:a05:6a20:9195:b0:1b6:d9fa:8be with SMTP id adf61e73a8af0-1c472c45a8bmr1636860637.40.1721856618152; Wed, 24 Jul 2024 14:30:18 -0700 (PDT)
Received: from smtpclient.apple ([47.208.219.53]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-70ead7120easm23572b3a.55.2024.07.24.14.30.17 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Jul 2024 14:30:17 -0700 (PDT)
From: Dan Wing <danwing@gmail.com>
Message-Id: <F308D2A8-CB97-4A94-BCC8-C637D3BE726A@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_A9D9E409-F9FC-4EC2-82BC-FDF16DC82DE9"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.600.62\))
Subject: Re: QUIC idle timeouts and path idle timeouts
Date: Wed, 24 Jul 2024 14:30:16 -0700
In-Reply-To: <c85efbc5-fac3-4ddf-9cb0-733ef5f855fd@app.fastmail.com>
To: Lucas Pardue <lucas@lucaspardue.com>
References: <c85efbc5-fac3-4ddf-9cb0-733ef5f855fd@app.fastmail.com>
X-Mailer: Apple Mail (2.3774.600.62)
Message-ID-Hash: IKT427OLBUTJJUNRKUOFLEU7PNS65PC4
X-Message-ID-Hash: IKT427OLBUTJJUNRKUOFLEU7PNS65PC4
X-MailFrom: danwing@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-quic.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: QUIC WG <quic@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/GpV3FpXEmJH89CV4q1Z4Kd4gqyI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Owner: <mailto:quic-owner@ietf.org>
List-Post: <mailto:quic@ietf.org>
List-Subscribe: <mailto:quic-join@ietf.org>
List-Unsubscribe: <mailto:quic-leave@ietf.org>

On Jul 24, 2024, at 11:24 AM, Lucas Pardue <lucas@lucaspardue.com> wrote:
> 
> Hi folks,
> 
> Wearing no hats.
> 
> There's been some chatter this week during IETF about selecting QUIC idle timeouts in the face of Internet paths that might have shorter timeouts, such as NAT.
> 
> This isn't necessarily a new topic, there's past work that's been done on measurements and attempts to capture that as in IETF documents. For example, Lars highlighted a study of home gateway characteristics from 2010 [1]. Then there's RFC 4787 [2], and our very own RFC 9308 [3]
> 
> There's likely other work that's happened in the meantime that has provided further insights.
> 
> All the discussion got me wondering whether there might be room for a QUIC extension that could hint at the path timeout to the peer. For instance, as a server operator, I might have a wide view of network characteristics that a client doesn't. Sending keepalive pings from the server is possible but it might not be in the client's interest to force it to ACK them, especially if there are power saving considerations that would be hard for the server to know. Instead, a hint to the peer would allow it to decide what to do. That could allow us to maintain a large QUIC idle timeouts as befitting of the application use case, but adapt to the needs of the path for improved connection reliability. 
> 
> Such an extension could hint for each and every path, and therefore a benefit to multipath, which has some addition path idle timeout considerations [4].
> 
> Thoughts?

The client has to send a message to keep firewalls or NATs from timing out UDP connections; it can't be kept alive solely from the server.

If, after a NAT (or firewall) timeout closes the mapping (or pinhole), a new QUIC message is initiated by the client, a NAT (or firewall) timeout is not harmful to a QUIC connection because of the connection-id, as you know. It might cost a round trip if the server decides it needs to be validated.  However, if in that same situation the new QUIC message is initiated by the server, it will be dropped because the NAT mapping or firewall pinhole is gone.  I believe that is the problematic use-case?  If so, would it be useful for the server to tell the client "I will want to send an unsolicited application message to you"?  The client could use that to keep the firewall pinhole or NAT mapping alive.

-d