draft-duke-quic-load-balancers-05.txt
Sowmini Varadhan <sowmini05@gmail.com> Mon, 28 October 2019 19:50 UTC
Return-Path: <sowmini05@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D794612006D for <quic@ietfa.amsl.com>; Mon, 28 Oct 2019 12:50:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.048
X-Spam-Level:
X-Spam-Status: No, score=0.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FSL_HELO_FAKE=1.797, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p8ttTKW2Spi0 for <quic@ietfa.amsl.com>; Mon, 28 Oct 2019 12:50:06 -0700 (PDT)
Received: from mail-qt1-x82d.google.com (mail-qt1-x82d.google.com [IPv6:2607:f8b0:4864:20::82d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C24F12004E for <quic@ietf.org>; Mon, 28 Oct 2019 12:50:06 -0700 (PDT)
Received: by mail-qt1-x82d.google.com with SMTP id z22so16387112qtq.11 for <quic@ietf.org>; Mon, 28 Oct 2019 12:50:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=u+UyLvGdzP8Y0PkN6x3iQzQy9k6eN942dzULXdAU4ms=; b=GVtBxTgYCmSPYt7zrFgYvOg4sPvFSvuImKXAMxvsVytolX/3m+DVkCdj/RASh2I/86 xHn/5AAAUAC+ImzonaLFvBZy6lSQoYiV/bNs3B3CssDBnxwbnwr7aNLrq0VRHJX3B0sV ST2r7dvQ/DFWTJxBAF9hZHmZQAXx3SYyxjMFU2+ZZseqCLgPGG+sWzEILcbM8hMa/yM8 9eFvLODkUFFxKmWhn8p5N+F6RIvAvZp74MxRd8goDFeCLmu945aDuAof95eaHwBYUQJb 1aq6iPix9cRcF+eQlmCHjlsIV2hMJXLVhPG6A4mKNsUnXS3wXf5uXCkjA2lvpthfG5xM ic2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=u+UyLvGdzP8Y0PkN6x3iQzQy9k6eN942dzULXdAU4ms=; b=LPm71kxZW0S7EQuZbqENbAVUCRgwdyAcFUrfNFPxOG81lK18Gdw1eMMn1GxIQGn3nk KFnY7lLlPizLX6YD53zmFrtcvXTlgx8S08abiGI5g7O+IPa56ZjzPiU77JK7O2+0ir98 uEbelfscsrnnZQcQJ/zNFx++rk9bjgUDIy7HY7k0VrWNn49DYLn1z6LiDpGV/6jxmbF/ T6Trknvw3opE7R6obTldUMBMf0z/XOkspCTN/AjSqcf+Hs4IVxq9fUDtuivjYeTv7asY 1MZPYTw4WuPqZKLGkkkf6i65L/S9w5LWjd2MDdJN+PeIlZoApDdeNAx44TDWZNQIfh8f 4dng==
X-Gm-Message-State: APjAAAXGaJ55Ivo6KsMHF0Mg6oH8TPgWY4GIylm8isg3m4gYv4XMdnS2 eJn6uXkpIQ1UccuIJtsUSisnAKOCjso=
X-Google-Smtp-Source: APXvYqwUqLW1K+l0NpW+Ma7dhr9OUsYaiLqqmRux465mrfCnAN3KBq2iyenvKjOzNgFInGZo25od/A==
X-Received: by 2002:aed:31c7:: with SMTP id 65mr142037qth.379.1572292204731; Mon, 28 Oct 2019 12:50:04 -0700 (PDT)
Received: from gmail.com (pool-74-104-133-20.bstnma.fios.verizon.net. [74.104.133.20]) by smtp.gmail.com with ESMTPSA id o3sm9677175qtf.84.2019.10.28.12.50.03 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 28 Oct 2019 12:50:03 -0700 (PDT)
Date: Mon, 28 Oct 2019 15:49:56 -0400
From: Sowmini Varadhan <sowmini05@gmail.com>
To: quic@ietf.org, martin.h.duke@gmail.com, nibanks@microsoft.com
Cc: sovaradh@microsoft.com
Subject: draft-duke-quic-load-balancers-05.txt
Message-ID: <20191028194956.GC420@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.9.4 (2018-02-28)
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/LzqHKQPr6KTM8g0OqaAoqgSyxCY>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2019 19:50:08 -0000
Hi Martin, Nick, I read through https://www.ietf.org/id/draft-duke-quic-load-balancers-05.txt and had a few comments and questions.. - (Editorial) s/encoding/encode at line 306 in Section 2.4 302 2.4. Load Balancer Chains 303 304 While it is possible to construct a scheme that supports multiple 305 low-state load balancers in the path, by using different parts of the 306 connection ID to encoding routing information for each load balancer, : - Section 3.2: Config rotation is one octet (per Section 3.3) and there are 2 bits for config rotation, so it is confusing when Section 3.2 says 361 received these, it MUST generate connection IDs with the config 362 rotation bits set to '0b11' and MUST use the "disable_migration" (0b11 is 2 bytes? In general, it would help to provide more context about what/when/how this can happen, and why it is needed) - Section 4 ("Routing Algorithms"). The 0-RTT can have application data. Given that Section 4 discusses an "alternate algorithm" for 0-RTT, is it possible that the data from 0-RTT gets routed differently than the remainder of the packet? - (Editorial) The third paragraph in Section 4.1.2 referes to a "figure below" that seems to be missing? I am referring to the lines below: 457 4.1.2. Server Actions : 468 The figure below clarifies the format. The first two bits are 469 reserved for config rotation. The server can assign the next 6 bit : - General editorial comment: missing a defintions section for acronyms like SCID and token. I realize that the Normative reference here is [QUIC-TRANSPORT] but it may be helpful to include a cheat-sheet of the main concepts like Initial, 0-RTT, Retry, SCID, Token (to name a few) - Section 4.3.1 refers to "token". Is this the token from the Initial? From the Retry? The LB is just a service in the middle, between the 2 quic endpoints, so it would help to explain which token to use. To be clear, I am referring to: 604 The load balancer decrypts the server ID using 128-bit AES Electronic 605 Codebook (ECB) mode, much like QUIC header protection. The nonce 606 octets are padded to 16 octets using the as many of the first octets 607 of the token as necessary. AES-ECB encrypts this nonce using its key 608 to generate a mask which it applies to the encrypted server id. - Editorial: s/decrypts/encrypts in second paragraph of Section 4.3.2: 631 4.3.2. Server Actions : 640 The server decrypts the server ID using 128-bit AES Electronic 641 Codebook (ECB) mode, much like QUIC header protection. The nonce - Section 5: this one was particularly hard for me to read. I think it would help if this section of the draft hsd a top-level discussion on why this is needed (i.e., what are the sort of things that can go wrong if it is not there? Also, in Figure 5, why do we need to encode ODCIL and ODCID in the Retry token, given that they are already there in the Retry packet itself?) --Sowmini
- draft-duke-quic-load-balancers-05.txt Sowmini Varadhan
- Re: draft-duke-quic-load-balancers-05.txt Martin Duke
- Re: draft-duke-quic-load-balancers-05.txt Sowmini Varadhan
- Re: draft-duke-quic-load-balancers-05.txt Martin Duke
- Re: draft-duke-quic-load-balancers-05.txt Sowmini Varadhan