Re: Questions about QUIC and Anycast
Martin Thomson <martin.thomson@gmail.com> Tue, 11 December 2018 00:41 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62E34131330 for <quic@ietfa.amsl.com>; Mon, 10 Dec 2018 16:41:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kbxnx45G1g3n for <quic@ietfa.amsl.com>; Mon, 10 Dec 2018 16:41:07 -0800 (PST)
Received: from mail-ot1-x329.google.com (mail-ot1-x329.google.com [IPv6:2607:f8b0:4864:20::329]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B5E0130FC2 for <quic@ietf.org>; Mon, 10 Dec 2018 16:41:07 -0800 (PST)
Received: by mail-ot1-x329.google.com with SMTP id k98so12396417otk.3 for <quic@ietf.org>; Mon, 10 Dec 2018 16:41:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GJw/lhFmH0dESevOICd+kXk9QFDWfW+jJ1IRIboDefc=; b=YH8PbMPQ4PpWwjP/LigRT5u5qp0glJmr9NXzCWKA5c09EB80DQWupT5JoGefpOpzAY P72Fc1ZaRgyOSmZ1+vuZme0SMe3zQFVuh1vHQFvQb1mq5TMMMbx85Dp3KWeZKXI0U5BX mAa6U14P1yMWlggWNyqveCHy6qJ7/CXyhdRc3315ppyeaZaDvmDFlsxcDWbe0aggCNts vmxsLnDePHNWdpowkeiuZ9itXA772HEuSglmzHWwbWEy12BZrJ47oa5XTEtvdH7Q0PDj eMUcwhH6AEjNNRxzv69Z35a1/u8DWCNaO4oAA6R6pva9h8aHpwCrEBVZVSb95Q3zT/rm MtXA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GJw/lhFmH0dESevOICd+kXk9QFDWfW+jJ1IRIboDefc=; b=V6hrg3bkklhAlEdxeDZamEnWf/DlHqp1EoKIXvww0hMzGxTifTsXPcheFDLd5OaWyl zICqYqghEERXdbC9ZypBUPTzNuph9mnsLsYkDFOlDIziGRXurq0Z78kgtKQG6PRVPkMs bkKWn18JzHu1ISU2RLULxk1AAS9ufSJsYLwlA2CHbHEaliEFNWm9xzjFsfcAdYNLCsZw Zj8Mr25HjGGOXk6iQmouNYofmk5GdVcgDMfy/aZjlUHkU/0ryp25K4I3gIP+xb/7AgMq 1zke03Plt+jlTN4nI3f8vO2e4+t1tqFwzw/db5CCOkDt5ui1GFCj32KkRTrOXTli0AjX TESw==
X-Gm-Message-State: AA+aEWaD0vKP6HKKlO6W0TNahkOTbJa6PZi9+Jh7fOvMTNJV+fd2Tsx7 3WwaitpqkWQ/kvPBKRN182pIs2V8oa/Pk/XF6Z7bfEns
X-Google-Smtp-Source: AFSGD/UzCiIRaZPGBHFaFROAnK3Ybeyo7Jo1ndn/8v6Rd254FR5obDgNda+NNDHHp2EdrPQHPQa5CVvbP59Q7at/hy4=
X-Received: by 2002:a9d:7c86:: with SMTP id q6mr10954521otn.257.1544488866268; Mon, 10 Dec 2018 16:41:06 -0800 (PST)
MIME-Version: 1.0
References: <CAP-guGVPd-_YkfaGAk+dmi9TJGQ8n-RozbM0ea4wC7hDoU7Xhg@mail.gmail.com>
In-Reply-To: <CAP-guGVPd-_YkfaGAk+dmi9TJGQ8n-RozbM0ea4wC7hDoU7Xhg@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 11 Dec 2018 11:40:55 +1100
Message-ID: <CABkgnnWBm1=+8FMhbqD2662uybTaYHF4aBR4QyAqJDGdU+Qo7w@mail.gmail.com>
Subject: Re: Questions about QUIC and Anycast
To: bill@herrin.us
Cc: QUIC WG <quic@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/QhB8NSoWy2PKzeTD8awz8quBFBs>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Dec 2018 00:41:09 -0000
Thanks for the questions Bill, I'll provide some short answers. Others might be able to expand a little. On Tue, Dec 11, 2018 at 11:18 AM William Herrin <bill@herrin.us> wrote: > Question 1: Did I miss anything? Do the QUIC authors envision any > additional ways of supporting Anycast-routed servers? The two methods you describe are what I understand to be the primary mechanisms. You might find that connection ID-based routing (your second option) to be necessary though for the reasons discussed below... > Question 2: Which packet contains the server preferred address? In practice, taking some of the less-used exchanges (Retry, Version Negotiation, a TLS HelloRetryRequest) out of the picture, the server will often include the value in the first flight of packets it sends. However, that can be a couple of round trips away from the end of the handshake, because the handshake is multiple packets and might need to be repaired due to packet loss. > Can the client start > trying to use the preferred address with its second packet or does it > have to wait? The client has to wait, because - until the handshake is complete - it can't authenticated the preferred address value provided by the server. Also, validation of the path to that address likely takes time. That basically forces the server to use connection IDs to ensure continuity. A server might rely on the route being stable for the duration of the handshake, though that would rely more on having timely termination of the connection; keeping in mind that our best mechanism, stateless reset, probably isn't viable at this point. > Is it allowed to continue using the non-preferred > address and, if so, will it fail over to attempting the preferred > address if its communication fails in some way (no response or > rejection from the server at the non-preferred address)? Yes, a client can choose to ignore the preferred address. And yes, I believe that the working group understands the implications of this. If someone didn't and finds this distressing, yell. > Question 3: What picks the connection ID? Does the API allow the > application software to influence the selection of connection ID in > any way? The server picks connection IDs that the client puts in packets. That selection really has to be done in consultation with load balancers or the folks managing routing configurations. There's work on a protocol for managing this: https://tools.ietf.org/html/draft-duke-quic-load-balancers-03 > Question 4: Is the connection ID inside or outside the encrypted > portion of the packet? The value is unencrypted, but it is authenticated. So it can be read, but not changed. > Question 5: Fragmentation needed / Packet Too Big messages originate > from an intermediate router that often has.a different return path > than the route taken by packets from the endpoint. How is QUIC > intended to deal with packet too big messages which arrive at a > different node in the Anycast cluster than the one which sent the > overlarge packet? The details of how to deal with PTB messages is in https://quicwg.org/base-drafts/draft-ietf-quic-transport.html#packet-size We realize that there is a limitation here: the PTB message won't contain the connection ID selected by the server, so it can get misrouted. Kazuho suggested using a dummy packet with a long header on PMTUD probes for that reason (those packets can be skipped and contain both connection IDs), but I don't think that we've agreed to formalize that technique, so there might be some privacy implications we haven't considered.
- Questions about QUIC and Anycast William Herrin
- Re: Questions about QUIC and Anycast Martin Thomson
- RE: Questions about QUIC and Anycast Lubashev, Igor
- Re: Questions about QUIC and Anycast William Herrin
- Re: Questions about QUIC and Anycast Martin Thomson