Proposal: Increase QUIC Amplification Limit to 5x

Nick Banks <nibanks@microsoft.com> Tue, 30 July 2024 14:14 UTC

Return-Path: <nibanks@microsoft.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E038C14F5FC for <quic@ietfa.amsl.com>; Tue, 30 Jul 2024 07:14:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.252
X-Spam-Level:
X-Spam-Status: No, score=-7.252 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_RATIO_04=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iy5lfBKYVgg6 for <quic@ietfa.amsl.com>; Tue, 30 Jul 2024 07:14:41 -0700 (PDT)
Received: from DM1PR04CU001.outbound.protection.outlook.com (mail-centralusazon11020128.outbound.protection.outlook.com [52.101.61.128]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19350C14F5EC for <quic@ietf.org>; Tue, 30 Jul 2024 07:14:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=rUNdCQkaCSRtXQghj8Oxp+k6jVn438cvGRtml9TFuuOBiG+Jk5jKeAUhjkCC9ZKiZtZwbfibIWrrH03e87n1hyN2x8qcgVgJUF/JNjVPQ9WkYY5IIgX0u6Y/km91cIap/Pxvf2k6eXyjqwlzeUe6ZQwdtSsneVPHtA78FIbeGMWc8uczevY0PI6b0042dbV5AL6dAu3T+Hw/GJ1x9EwCHIjMM2XjjWpACs+I2a7B4vw5Cj3ZwyUCHDMMzLEtEHfVuGdrx2Lmlur4WvyeTnEC6G4Qy0QY2LWpedfDl5225/ue6FsSdKzkq3eawrIzY1+sSxX5kcEzRVFIPlKsoF+1rA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=h6DXEGXlCSUptxVw+mwFOF1a/Bz2aEKiktVEb5jW/5k=; b=smgBC7bKfTs3c+wHrIHlkSRPEe0hoY+TpQOpIjdumXU7yfm+iof4AXIh5NoAoWf8A4+3/sekg7BGJr7LT+xp1wu6O9/LSGjephHO8KP7PfNdnOz1TMPvqzFGFQkTBQkYfRLCCRRVeAMMopl1Q1aGany00bUMB1mTCC4KXfhewb8c987Tx8qQpmWKRXbEp7ZnhS6j0+3fhr4B9iey2e5r3U3nlEUZlBedckaGmyEX1PlhMbtUYx5g5GjB7nBUf/8Iz5wsQ9ZlzQ5sFS/+dIM0b6yz0DYcE9DI6rUPQwIOxqWReywR7r3OmzOEhFtp2sst4Bn8hWGZ1plPb9Nrzt9Ajg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=h6DXEGXlCSUptxVw+mwFOF1a/Bz2aEKiktVEb5jW/5k=; b=hI6wWVCwddPlmhiemcadBmy+9lgsBoY3akwganC4Vha7CKIf4owxU2anD/RfUCeTAulw95tDuVlh5dntQzIHEFutrqm5hUG3RFQaPXUJsBrSK/dLg/fiJygv15tTKKfHIWq/r3s+BvHhVqccZpNhMYNwJiXclvnOmWb9EMUqAPI=
Received: from BL1PR21MB3115.namprd21.prod.outlook.com (2603:10b6:208:393::15) by DS7PR21MB3454.namprd21.prod.outlook.com (2603:10b6:8:91::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7849.3; Tue, 30 Jul 2024 14:14:36 +0000
Received: from BL1PR21MB3115.namprd21.prod.outlook.com ([fe80::21cb:9db7:d2a6:f5e2]) by BL1PR21MB3115.namprd21.prod.outlook.com ([fe80::21cb:9db7:d2a6:f5e2%5]) with mapi id 15.20.7849.002; Tue, 30 Jul 2024 14:14:36 +0000
From: Nick Banks <nibanks@microsoft.com>
To: "quic@ietf.org" <quic@ietf.org>
Subject: Proposal: Increase QUIC Amplification Limit to 5x
Thread-Topic: Proposal: Increase QUIC Amplification Limit to 5x
Thread-Index: AdriijZ1pCmLiPsHR82ehJiwiMM47g==
Date: Tue, 30 Jul 2024 14:14:36 +0000
Message-ID: <BL1PR21MB31152570F4497EBE91B3AF9FB3B02@BL1PR21MB3115.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=970b8f3c-f88d-4551-a741-db6cb413f189;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2024-07-30T13:56:20Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BL1PR21MB3115:EE_|DS7PR21MB3454:EE_
x-ms-office365-filtering-correlation-id: 249f7b9a-2494-4076-fe4b-08dcb0a1f12c
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|376014|3613699012|38070700018;
x-microsoft-antispam-message-info: qxjSV32ey9lT5FzYVsqIrDe5gWr3cXm6GCovMFXS4C9Q2EehCzKWOwjUjnUUE7ydbtyD4lbIMNjSL/O3DRNMd2O/EAi2b4mlKZIxVTM8XsNzdaEYi4dmYP5DFfWZ43d6LiyCPuZfjR83xCroHAoXwuqdzwczIUGsWG6FCCeQRdpIHzEe1RKEy+QUsWdPMdLDDjf11uBcqDdhBlHrMpxAcaFBjnDi8XWAjRoZKmCpNvkGJDyggXo/YAFT/W1pLwi5QgHB8bOPLKStj/1AfIyr8y7QVPy4wUyFBnhhwqi3AL2PTUmmMl87RbGnYS31l03zLfwAWKp3FgqeXAV6t0dXKXAK3hL0KHPRo5Oocov67tj/GnV08PnsTOwrJxvNbiG034fR0fdVaT6d62jmbgrCl+Qw49hsLblyG+S5+iHi4Fhki1xUDFg2twbIE5BlJEEhRQUilzZ6/EcAR2b4RmmTGoKJzwWydQU1gMbWNqVz6Fd4gpipA7+culP6bd2xd7LXzT1nF8PnemuAs5Vmh3FfZo6DEyyLzOGtyBUxH/xOpY0t6D3hEFmkFKqj7CFR0ZQ4HxZcDV9uZCmPPXkrGZPTMpW0x3jAzoei+YrJS8oV+TyPYA4BSUazWZddm66tXBhJc+/JKCD3shcip4Fr88U/kKWjrbAbmBJD1C9EnS4cBfigwooTMf/058zD3Gk9xy4XAptSr3EW3cDRej6fujGV9CAi4W9E4fxKHAmq9WPuXbblS/H6z37lRPaQdq3ffUypSY6/lgmo90An/C0BF6NbgdCeujJTK9KbNK9rXVkMWr2e3e7jk8SfJy/7dO4sg5QnfLnIH7+txXHTO+1jjlr9KlcN3dCoGH0bwDLUxHl0w8Z7uld0ZpR71eH+PJiWMgN1foZ0ddCEtCDprA+1Lu5IIJYFKFk7Vw2T6mVXNfUj19+em5MNnoocS4hpmOFnfDi6CcbZv6qSLzmCaROF4PyLity5rmJJnPpXn0G24JHWBmATNnxVVvRTXkVSWcqiyD8X71MxcP5H6kXeFWHvEWlWK3IvkSFaEROtFpfk1K8g7lBIa/FQYJ8NvlktZnfbLyRCX4RQ74XMhuaMd1yVhNIkNQ3WQvBw0ixqZE5b0gS6gDnvR5jURpN1nTZAi1XV/JkYhUwZ+X0WUaOpwIEvhkbcMRO4giGNsfyPLhuq6nR3Z9AcTF+RY7moqcKywj8cHJw3Fw9BWNutMWkzbppHA023peaz0CXQVEgqyB4cRjGgDC+713EP92T3xjMrPYUEp0Ixs4ACvAbAPtqaGTYdoZBh905hR8hrmkC0LzPM5/SbHoj4mHEYfzgpSP9ZNXElxyrBPsCdBjgIwumIHEw8ScYzThaWvP24CNeUD6850WhZV6O3p49GYLA/1rhBHyX8MzxbUvn00JAKnz/zkJSY/KCUig==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BL1PR21MB3115.namprd21.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(3613699012)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 56tWQpDbDEmHf5yMo+/gkAarrTrhdHotpFt81LsvW+1ktnWiLD5TIW+LSB2ADXYReDNhqA1iRz2ael/qp5Nmxz8k60Bin7u2UYvJNX7quWqWObJTXHj80G00yD+VT/gMLf859dlCYiggiY39H4Rc9FnsOJsGjSlMjZHLBNOtb8Nx4B8xVtDjgnCufOMCHT9KhabPPLZ/44OlX2DSlqee+9TIZUt6iJQVGPYOANPTGF293kULbHzL0OqrpIR9DglQ8PvpfHk7UeAoMWXlJMZHHVUy4iP7uL4eOaGMZfcj7yMwHibMrWHtmtr25XccAFH9182fL8ERUNwBAKkgzQkb+N/G0b8xIQjiEa4mjUcwsQgNJjIY38swJf77iAEpzS07kkJngujO3mzTLCyGetFO3ZD8ON7+DRfBpeMGEalSCKlRtE8RjA/2DqqPJdySTW1PYo4shkVjU5FpQvlgwVIerEQwofSHepnfHR1uvzqZCzFN1Vbx8R5+8fKe+kUfGTNlWGZFwUNlfISVQCX0qMHNKU6jciq7HVz62diNJ90Ryjef/YqaTa3vr8wEmrKE6VQtYWms7j8Xi2i96IBpixYYabmn3Vl2XGJdPaNgJhHRCNlxSg0H+DVa36daQmcSGDf1Jp7bhyN7TGHDfg7DanDVPqHikLvO58ucTQh7Pc57xwVEIEvC7NNgTrY/yON50Ilapz4AY5B6BGpbxv6ZE2yBkTTFgNTvGaz0f5TUw+BGzm/NfsQBw1dDr4hGrcXFI543tUh/oDyHvHMks/+NT8lTk/VRpGbuPsaArR8BY0viMTMBsOH1vUl3r2Yu5L7cyXnc8W+W0j0cADnfIAiHlCPYe+yzQklLmSPZlIQA1Uc+47qtvGn+3E/BaQ13gS8BvcamX6OOCQMBwcyiqptsrakIMO8udPDB68X6mPhkbJhS+3vyIT9kGM8ik9ToyaIHORcCUsdAqY+HzvfrcDfKuJYI1QqjYyctRPlGLu6KRFpGNDsoDVQDK34tdH3tultRRktELH6H0eeXgf+r6G5/+uItCp8nACbemGkCzdKNspL9q7lnEcU2StRaImlOR8uZWQRLM+FdXr8wb4wVwtjH71vyj5G+KenEZigmM9QdLZQdNaS1UpWarB6fOt/fl/xV7PB9PKq6RjGGbhp6zJ+9ehoh1VHIypwTQvBiv8ReiQ4Rv0jhTGVkgqnprXASkiJdHV6TLHNKUZoP9YHLnEcBFJqFVQb7fHeOBOIBjMVSZ1vSJTeWxlCA0Bo0mTkLMzide4OoZxEjTMozZIcalUtN5oaHsbL98OWI0ztB7DaWrZ+sw4lyi6MVC8xCQbJD9wGR3QAzH0VQKJ9NZMfH7yIRisnDh6rIj5vNNB2dX5EkZoaiQ5xPrhQMXstDcY7HZggkeu8wID6eynua/yixsEGv7LzfNuclsynL9dfZ/eljrZqsBZls5q+ab0NGxwWSUKd6SE7elpgu4Fn4MVO3xdz4z0+KUqzObGXlFwKV2VRzT06mpTjLT1y8C08MzEe4nEmzomNeXIvEAXrzcGP1DemfPgUBdkgB2kcOEISAY0RLitFhR+/wcE4mXoh0dpl2NHsgOQqhpHiptJug5tBl+LufWKSZaxRVkb0n1Euax5PEHYAYWqu7mAxKNbPu2zoSjuI8Y/bf
Content-Type: multipart/related; boundary="_005_BL1PR21MB31152570F4497EBE91B3AF9FB3B02BL1PR21MB3115namp_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL1PR21MB3115.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 249f7b9a-2494-4076-fe4b-08dcb0a1f12c
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jul 2024 14:14:36.1732 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wVVkjdfGviIpbYT/l6QgnlcZhbbFPxJbuHcTHQLKdcjZsSf4s00gOyrKD8eXodGa2O+f4L4lm0s6ayYB3SNUoQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR21MB3454
Message-ID-Hash: KNQMXNIJDDRGPXTRAPV2T2CDD5BN4ZNX
X-Message-ID-Hash: KNQMXNIJDDRGPXTRAPV2T2CDD5BN4ZNX
X-MailFrom: nibanks@microsoft.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-quic.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/Qc1C-TP3tsvQ1i_-uEDSIU3iH0c>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Owner: <mailto:quic-owner@ietf.org>
List-Post: <mailto:quic@ietf.org>
List-Subscribe: <mailto:quic-join@ietf.org>
List-Unsubscribe: <mailto:quic-leave@ietf.org>

Hello Folks,

We've had this discussion on Slack in the past, and I wanted to bring it here to get some additional feedback. As some of you know, I have a project on GitHub (microsoft/quicreach<https://github.com/microsoft/quicreach>) that is a simple ping-like reachability tool for QUIC, and I run a periodic action to test the top 5000 hostnames for QUIC-reachability and then breaks the handshake down by whether it (a) requires multiple round trips, (b) exceeds the specified amplification limit or (c) connects in 1-RTT under the limit. It produces this dashboard<https://microsoft.github.io/quicreach/>:

[cid:image001.png@01DAE268.3B37CDC0]

The main point in sending this email is to focus on the large percentage of servers that are ignoring the 3x amplification limit today, and what we should do (if anything) about that. I ran a quick experiment (PR<https://github.com/microsoft/quicreach/pull/243>) this morning to test how the breakdown would look if we had different amplification limits (3x<https://github.com/microsoft/quicreach/actions/runs/10161649574/job/28100572606#step:6:1>, 4x<https://github.com/microsoft/quicreach/actions/runs/10162466467/job/28103201648#step:6:1>, 5x<https://github.com/microsoft/quicreach/actions/runs/10162939158/job/28104656720#step:6:1>) and found that if we used a 5x limit we would find ourselves in a place where most servers are now under the limit.

[cid:image002.png@01DAE268.3B37CDC0]

So, my ask to the group is if we should more officially bless a 5x limit as 'Ok' for servers to use. This would more impact those servers that currently take multiple round trips because they are correctly enforcing the 3x limit on themselves, resulting in longer handshake times. If we say they can/should change their logic from 3x to 5x, then their handshake times will improve, and largely things will speed up for clients when using QUIC. Personally, I'd like to update MsQuic to use this new limit based on this data, but I wanted to get a feel from the group first.

Thanks,
- Nick

Sent from Outlook<http://aka.ms/weboutlook>