IETF Logo Mail Archive

Re: Opsdir last call review of draft-ietf-quic-manageability-14

Mirja Kuehlewind <mirja.kuehlewind@ericsson.com> Mon, 21 February 2022 13:03 UTC

Return-Path: <mirja.kuehlewind@ericsson.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 908533A105F; Mon, 21 Feb 2022 05:03:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.676
X-Spam-Level:
X-Spam-Status: No, score=-2.676 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l0IIBFIz0nU7; Mon, 21 Feb 2022 05:03:26 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on0610.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0c::610]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61F573A105E; Mon, 21 Feb 2022 05:03:25 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M+fm+BV11ZvBNIr2pqwdoIYOks/pWbWWbYfzOQBq1kvvoKxkpP0Ig7V5gSPxPZSFwM6ywTnF4e5xGBwfsYkPWn/LR5NW37aVof1zp/lLabN1GR8/OqDRZ3kvU/i+okpSD0eoWG4adg5ymDJ+zXv9EYVlfz3Na6NzxfqLVoSEaBXA06X1J2kNxz/3u75Xo7uSOisYAdqQv1mAjiiFvfNguckkrsB9F85HF/h8blNvexCV1TIQlrarOX2sKInoc9VtAUW6eAXyY7U6Hai3kPfXH+Xv620inP4Ek7pV5tq21uyQ2lhcb/jFVO6Taw2FtIWKuiO+pKaicas9CXLOFU7Xcg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=l7NZIa737PZ2pAN8bJc0kvRcTMrYK86KsstFND/HH4s=; b=T3+oVEa8cO9S/mxeC6IQhCA6qazGcY6CI6Q+mAYpmuS8GBxvurb3TqlsEngfbklwTkUpQPpqhHBOgNH+sdsGfHPjY9d8I3I40Cz3mHG/53IA4YuPzvIFF/ZC0HSQsq1PkRRHUSDO7yToJrtwbchrLvQuZrCDkZitlyw6Xpc8wHJ0PJbfsX3wCGB0lYLoO+zyLA93SxO4ZAWcmOLa15y6CihKHkGV4eVOaqL9HIue+mhcppcro7AmIq3RljFZ7Ncs6pe97vxQww5/nvNMKFWF2lV/Q32xrVq29NZeXh6xOierjC9/lF3mWPLUVBPpPvh1WKukCbLNUAXuMFNqgO0N2A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l7NZIa737PZ2pAN8bJc0kvRcTMrYK86KsstFND/HH4s=; b=p/XS2f7X8mbxWtyIGDJaD62Cc9nJPpuBkrpdrAgTA9MnKm9R+h4dtmBGWFT4hN3YG2+x7G7MoP1wLa7rqW/cxWqUuL4obmAELqCntWgziELCd6XxHYI8EwW4gYKFCS4ZvRitsbJ4Qd6hbhBcbU4a+IivAlQ/VwkntvQKCp4Syjk=
Received: from PAXPR07MB7806.eurprd07.prod.outlook.com (2603:10a6:102:13a::19) by DB6PR0701MB2470.eurprd07.prod.outlook.com (2603:10a6:4:61::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.19; Mon, 21 Feb 2022 13:03:21 +0000
Received: from PAXPR07MB7806.eurprd07.prod.outlook.com ([fe80::2c5e:2cdd:a91a:e68d]) by PAXPR07MB7806.eurprd07.prod.outlook.com ([fe80::2c5e:2cdd:a91a:e68d%5]) with mapi id 15.20.5017.021; Mon, 21 Feb 2022 13:03:20 +0000
From: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>
To: "MORTON JR., AL" <acmorton@att.com>
CC: "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-quic-manageability.all@ietf.org" <draft-ietf-quic-manageability.all@ietf.org>, "quic@ietf.org" <quic@ietf.org>, "ops-dir@ietf.org" <ops-dir@ietf.org>
Subject: Re: Opsdir last call review of draft-ietf-quic-manageability-14
Thread-Topic: Opsdir last call review of draft-ietf-quic-manageability-14
Thread-Index: AdggNpsvC4XiX/liSmSPxtbxuobGvgG9Sw6A
Date: Mon, 21 Feb 2022 13:03:20 +0000
Message-ID: <D82872C2-4C79-45AB-92F1-9F27B324ADE0@ericsson.com>
References: <CH0PR02MB7980CA04E5EADBF6D25AD8F2D3319@CH0PR02MB7980.namprd02.prod.outlook.com>
In-Reply-To: <CH0PR02MB7980CA04E5EADBF6D25AD8F2D3319@CH0PR02MB7980.namprd02.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.48.21041102
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9c3cbfde-5dd4-4aca-90a2-08d9f53a8946
x-ms-traffictypediagnostic: DB6PR0701MB2470:EE_
x-microsoft-antispam-prvs: <DB6PR0701MB2470831B808FBB9BC9D52026F43A9@DB6PR0701MB2470.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: laSoZyveqSFVlKcP3GGH6cMYpNEYvs+Vh+EIRb2Rv4JiVtqCoshZr+x1zRZj5kZ1wsHadDbGBqle3uqNNoVHOxmoZaiXHhR/5obhYMMqms9H5qixVWIpbPhVS4tBEAwoyjPDemo9ZHPUJ8Kn1hWz/ru8k5Ooaj5BbPxSk++IM77eqgi99mq1Fi62vHc9jyTrbN6Pf5h8CzMs/BFbz1Io3XJcAy+6PPSubINKpL47OgeQF+P4AwtKsibIEWATE4wR44MoCOOVj5x9wW3SQmXJXi7XDOFENtOqeijwJe1qOzewavrLkjTfUnhSDu+JrBh46V9h/0S29rPV9JAnL4wIujLCuLQ1b4ipYEovSV9BaKUgbqM+y/j5Ww1sPisN9zaYFH9Kn5FW5QdYnudr5c0IfyI4wlWW6t684owueNwRYRt61E7b14HX9OBgwdozhgo5IKyeMbSwTJMBoDh5sfg6hn9Saj75EKiYSlPZUUvjfoBVNuhF+gP2cac+jdTKsfEnqEGI/O8r1a/fjCmevgA6EgKB/+hmedcDKtVD62vIJsJ27xC78r24b55wMzOSyFXazaR3y7At5D2pidlzSRl4RZGBoxVr73i4oVC5sAeQpoBpsabxnbthV3AcH/e2B+SBtnFxC0ltaCpoYqfF5r20RZpjci+bRtVl62kTfn9s+8SJ0oSEdXVDq4GWzzuh3mDMX4+gocnUZ44YLMBW3wtAP4Hy3/NANp3rz0/p+2zw4PLMJjXqyn6hLTGPDJnM/DWszEjG0LyrOeSQhxQWf+stvNkZwfJwoeqYyRWOSDuvSwsEK/cm+/q6DsZV1+iEHaV8XT5EWXDsWVnsUwCetzoXCmXhKtbhEpwzMO9hY/9NH3w=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PAXPR07MB7806.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(122000001)(66476007)(91956017)(66556008)(4326008)(8676002)(38070700005)(76116006)(38100700002)(66946007)(5660300002)(64756008)(66446008)(86362001)(30864003)(2906002)(44832011)(8936002)(82960400001)(186003)(2616005)(6486002)(966005)(71200400001)(33656002)(6506007)(6512007)(508600001)(36756003)(316002)(6916009)(54906003)(83380400001)(66574015)(45980500001)(579004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: qOtWX0U9UHfkHWSFjaT4uxp7mkGk748mRfejvV53zNC229eXTtT8vDcrafTadhTilSfqmutgmT1rYU9G0wk/hxnxcNxJETDOz4N9y3xyo5Z9URSB51yYbvOstCIuXv0RIq/9YyDPhb94CRyX68w8j/gBEQOTuGB8GPHiF2hBi3tml3sPmGUmAKjSlPVtICIEvyB9AsndZU2YOpwKPpfRa9zaXvcxbe/WLnu0j4YjQVGe4T+59ZQ03l4ogWzV1VcGSuq++nuWW2vxc+E31w0Hc5vKBoOW6+EyjG2aVC6kBNpse8IFOa1/2sF8oxMvHUF1Kkd/vjgvEmoMYkH/5gc/E1B/vjp21u/LSI6X/pVw/umg2UL4RQlmhKfnABf9pcU0vxaUzgKWI03H5ZnWkjLLfmGt7RZQzTIMjGa9T9U5CufZI/q2AghjLfjl0G7W97ExiyroM26/rX6doEAxpj1SegFQbC1DKIjPyUpqYgLIf6WkkGw2cWttCR9A/1CJz5cNK19FNDuWKw+0U3HMpYlK0yws02O40oqyxyFRSjGQDmETIubDlKD3dZZRnbvjvP4GFBHkwNx5rnNE/MN13R30RKYd0R+D7MjyKXJVycaMFMJGAPomVmLu0Dt4BMg838aRha+tmlk/WS1jkMYUgmRmei+yzC/L12d4NY7WGjEc8PkMB9eK6tHOyUUaMdWuJg/FxZmba+ChoRlMfCn3HusROhC0xVlMb58P/NhTHm37RUosrqMYr+eNOcRvrF0/UmgGDGyCyvzhyrWhafxlfjb2o6Ujx+YsJKKy072qu56wq0GDtlIFmRddDIlppnJw3FKiykjZ8T4eF4Hk9puoWLO1bvA5bcGMhCVd42SUxwT+APg5fEtwj4usJWfBb+Z8kbhMnlSTh6fEFH3tU+bUwDPMqg26FcoKS1JjuwwVDhAb3MDfabz7j+qHDmuuLRFjlpWcVAXMDE0O688aQwJGi4raB/1bXnT0dOTgxjB+DpLiuEMoSZnJDk5+Wfwl4ZV5Jt+HSeBqaD71lKj8uPag4RigKJcEeZ4qNWYSBIZAQJZ7W3BIPysEhVHANLZh2k40qO1LZ6zA3gulJaFq15K1FT4/Fj1QI2sJOgPFPvKaaYsyo2pdhnk7/i38CpZM3tNzVRQa8rnm2QKg8O31d5M2w3NCLYkOIpqBq8/+ai476+ST2rZytHa/kMiJpAOvYawdrmfHTNWdxG3MZaS3x8t6DcFNYuFXqSgfnPhP3z8rMjdb7RFNTkdLskgWmCM/R4lLMRxats2xh0GJ/21A1upy331OATxGgA/mY7e/EY45TbFMN3XmF8JB6hUBDgclGLXoJwEUqpz6/irkp4SzOW4uaGQTp9gD8/mNd57TC+UvH0MmnMmr25oOAhTXfk9HOPRciEErMST4qK83RhdAW1pPc+ML+k3w4A6nyllqDhbv59TruU/aWWxgmQp3zSsrdcIFu7e7t8p7rPHPQiMhG/v5IcyEJZX2OgybcCRn1lOQoWs2GZF3jZNxQtNJxNDAjNU2YiUQdKFtmQE89faD7ERJM1iLpT+3d9TFJ9jIFR4My+QptDopSOizjP+z9EQ2SeOFhsreTDnDakjdxB3rGLmizmH4hwpq8pv0UTMEsizZqG4ism7HLgXLWDyJy4qRvtQLZqLdFLEidz76N26i4edW8EhON9ArCYCaZNPP5lo6gTUZmQM396PAgWskUJseyW8wynddYUXNw0Ql8guarbUxgvYPqE9i9Hbe/U8oKD2juCMdcBo=
Content-Type: text/plain; charset="utf-8"
Content-ID: <6C4723D18FCB98469A828873B1B01B8A@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PAXPR07MB7806.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9c3cbfde-5dd4-4aca-90a2-08d9f53a8946
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Feb 2022 13:03:20.8709 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: yW16/qgFhfMgNkN+w+++bxALa7sUYEuQoMF2FFSE5zsrLa3lgsjM3Ws3EfR0wnsMcVme8bkI8Mfc6Qv7uUGFmmoCwIGwzOM9w5ukIw49UZg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0701MB2470
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/QkkXxFJWIM9LFAAXk7bOvEHF8to>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Feb 2022 13:03:32 -0000

Hi Al,

see below again marked with [MK].

On 12.02.22, 20:05, "MORTON JR., AL" <acmorton@att.com> wrote:

    Hi Mirja, Thanks for your replies.

    I replied below: some concerns with assumptions about operators in a doc for operators, and TCP-f-something (use a single term) is still unresolved...

    Al
    > 
    >     2.4.  The QUIC Handshake
    > 
    >     ...
    > 
    >        Client                                    Server
    >          |                                          |
    >          +----Client Initial----------------------->|
    >          +----(zero or more 0RTT)------------------>|
    >          |                                          |
    >          |<-----------------------Server Initial----+
    >          |<---------(1RTT encrypted data starts)----+
    >          |                                          |
    >          +----Client Completion-------------------->|
    >          +----(1RTT encrypted data starts)--------->|
    >          |                                          |
    >          |<--------------------Server Completion----+
    >          |                                          |
    > 
    >        Figure 1: General communication pattern visible in the QUIC handshake
    > 
    >        As shown here, the client can send 0-RTT data as soon as it has sent
    >        its Client Hello, and the server can send 1-RTT data as soon as it
    >        has sent its Server Hello.  The Client Completion flight contains at
    >        least one Handshake packet and could also include an Initial packet.
    >        QUIC packets in separate contexts during the handshake can be
    >        coalesced (see Section 2.2) in order to reduce the number of UDP
    >        datagrams sent during the handshake.  QUIC packets can be lost and
    >        reordered, so packets within a flight might not be sent close in
    >        time, though the sequence of the flights will not change, because one
    >        flight depends upon the peer's previous flight.
    > 
    >     [acm]
    >     It's great to add some Not-Sunny-Day info in the description, thanks!
    >     But can you add a little more?  For example:
    >     Is it possible that network reordering can cause the handshake to fail?
    >     What rerodering extent (yes, that's a metric) would be required to cause
    >     failure or unnecessary retransmission? Lost packets would result in time-outs
    >     and retransmission, so what are the default time-outs? Is there a paper where
    >     some/all of the above have been investigated, that you could reference to save
    >     some work?
    > 
    > [MK] I don't think I have a good answer to these questions. However, I don't
    > think these questions are necessarily QUIC specific. Reordering in itself is
    > not a problem for the QUIC handshake, however, if some packets are also
    > delayed a lot and therefore detected as loss, it might get the handshake to
    > fail. How long you keep state to wait for delayed packets in mostly
    > implementation specific, however, as I said this is also not a unique problem
    > to the QUIC handshake.
    [acm] 
    You've partly answered the questions above, and with help from Gorry and Martin's replies let me suggest the following (mostly stuff I didn't know about QUIC yet):

    Whether packet reordering affects/can be observed on the handshake depends on the timeout period (which varies, but might be 10s or 30s in common cases), the constraints implemented in a server (whether to take on arbitrary state based on the first packet), and the extent of reordering incurred on the path. Reordering having sufficient extent might inferred as packet loss, as with any protocol.

[Mk] Okay I ended up with the following:

"Handshake packets can arrive out-of-order without impacting the handshake as
long as the reordering did not cause extensive delays which would be consider
as loss by either side. If QUIC packets get lost or reordered, packets belonging
to the same flight might not be observed in close in time, though the sequence
of the flights will not change, because one flight depends upon the peer's
previous flight."

[Mk] Does that work?

[MK] See also: https://github.com/quicwg/ops-drafts/pull/458/files

 

    > 
    > [MK] Further, this section in the draft really only explains what you have to
    > expect when you see QUIC traffic as a passive obverser. The reason why we
    > mention loss and reorder in this section, is really just to say, if you e.g.
    > want to detect the QUIC handshake as a passive on-path observer, you should
    > not expect it to always look exactly like this (as here might be reordering or
    > loss earlier in the network between the client and your observation point).
    [acm] 
    But "you should not expect it to always look exactly like this" is always part of the passive observation game. Next step, heuristics.

[Mk] Yes, that's true.

    > 
    >     ...
    > 
    >     2.8.  Version Negotiation and Greasing
    > 
    >     ...
    >        QUIC is expected to evolve rapidly, so new versions, both
    >        experimental and IETF standard versions, will be deployed on the
    >        Internet more often than with traditional Internet- and transport-
    >        layer protocols.  Using a particular version number to recognize
    >        valid QUIC traffic is likely to persistently miss a fraction of QUIC
    >        flows and completely fail in the near future, and is therefore not
    >        recommended.
    >     [acm] Where "valid traffic" is the focus, I agree, let it flow.
    >     But the Operator's focus may instead be "admissible traffic", where
    >     experimental traffic is not wanted or allowed. IOW, only traffic that is
    >     understood to conform to <RFC list> shall pass, because "Active Attacks are
    >     also Pervasive", to put a different spin on 7258. [acm] See also the comment in
    >     3.4.1.
    > 
    > [MK] This is not about experimentation. 
    [acm] 
    OK, let's just say unexpected traffic.

    > The expectation is that QUIC versions
    > will change often, e.g. we already have a draft for a new version adopted in
    > the group and there might be another RFC some time this year. So if you
    > "manually" have to allow for new versions in all your equipment that will
    > delay deployment of new versions (or even hinder them because there is always
    > one box that doesn't get updated). Therefore we strongly recommend to not use
    > the version to filter QUIC traffic. Is that not clear enough in the text?
    > 
    >        In addition, due to the speed of evolution of the
    >        protocol, devices that attempt to distinguish QUIC traffic from non-
    >        QUIC traffic for purposes of network admission control should admit
    >        all QUIC traffic regardless of version.
    [acm] 
    I think it is clear, and at the same time, it is aspirational for many networks.
    This sentence informs, but then strays into policy.

    Maybe this will work:
          ...devices that attempt to distinguish QUIC traffic from non-
           QUIC traffic for purposes of network admission control should not rely
           on the version field alone.

[MK] I think your proposal is not correct because the whole point is that you really should not use the version field _at all_. I know that people will still do that, but I think we should at least spell it out clearly here that this is problematic and hinders evolution.

    > 
    >     [acm] I was hoping to see a description of fallback to TCP (I see that fallback
    >     is mentioned briefly at the end of section 4.2., and later, fail over and
    >     failover. pick one...)
    > 
    >     How can Network Operators observe when a QUIC setup has failed, and the
    >     corresponding TCP fallback connection(s) succeeded?
    > 
    > [MK] There is no unified way how and if fallback is implemented. However, why
    > do you think a network operator would need that information?
    [acm] 
    To affirm that their admission policy is working properly, for one reason.

[MK] However, there is really no guarantee that all QUIC will have a fallback. Without further knowledge about what higher layer service the QUIC transport carries, I don't think you can make any assumption about fallback. If you want to support evolution, you need to support QUIC and not rely on any potentially fallbacks.

    > 
    >     Is there a reference available with this info, to save effort here?
    > 
    > [MK] As I said this is rather implementation specific, so I would say no.
    > 
    >     ...
    > 
    >     3.4.1.  Extracting Server Name Indication (SNI) Information
    > 
    >     ...
    > 
    >        Note that proprietary QUIC versions, that have been deployed before
    >        standardization, might not set the first bit in a QUIC long header
    >        packet to 1.  However, it is expected that these versions will
    >        gradually disappear over time.
    >     [acm]
    >     And some networks may prefer not to admit experimental traffic. The goal of the
    >     experiment may be problematic for the network operator and/or their
    >     subscribers. I think this is legitimate operator behavior, and worth a few more
    >     words in the draft.
    > 
    > [MK] To be honest I don't understand this point. How would an operator even
    > know if an experiment would be problematic or no? QUIC is fully encrypted.
    > Versioning is only one extension mechanism. So basically even if you see the
    > same version number, the QUIC behind that could behave very differently
    > depending on which extensions are used and because of the encryption, there is
    > no chance for the operator to know about this. Is this not clear in the
    > document? Do we need to state this more clearly?
    [acm] 
    First, let's say s/experimental/unexpected/ or s/experimental/proprietary/
    Then, I'm responding to your reply more than the paragraph in the draft now:
    Network operators are also end users, and often act on their subscriber's behalf. Observations are not strictly limited to mid-points, where encryption is present.
    Harboring old notions of what operators cannot do will not sit well with your audience...

    So, (in the paragraph above) you've informed operators that some proprietary QUIC versions remain in use as of this writing.
    But traffic that doesn't conform *might* be considered nefarious. That's all. It's a message for everyone involved.

[MK] I think the point is actually rather that we want to say here: if you don't support these old versions that will not be a problem in the near future.

    > 
    >     ...
    > 
    >     3.8.1.  Measuring Initial RTT
    > 
    >     ...
    > 
    >        Handshake RTT can be measured by adding the client-to-observer and
    >        observer-to-server RTT components together.  This measurement
    >        necessarily includes any transport- and application-layer delay at
    >        both endpoints.
    >     [acm] suggest s/any/all/
    > 
    > [MK] Done!
    > 
    >     3.8.2.  Using the Spin Bit for Passive RTT Measurement
    > 
    >     ...
    > 
    >        Note that this measurement, as with passive RTT measurement for TCP,
    >        includes any transport protocol delay (e.g., delayed sending of
    >     [acm] suggest s/any/all/
    > 
    > [MK] Done!
    > 
    >     ...
    > 
    >        Since the spin bit logic at each endpoint considers only samples from
    >        packets that advance the largest packet number, signal generation
    >        itself is resistant to reordering.  However, reordering can cause
    >        problems at an observer by causing spurious edge detection and
    >        therefore inaccurate (i.e., lower) RTT estimates, if reordering
    >        occurs across a spin-bit flip in the stream.
    >     [acm] thanks for mentioning this!
    > 
    >     ...
    > 
    >        Raw RTT samples generated using these techniques can be processed in
    >        various ways to generate useful network performance metrics.  A
    >        simple linear smoothing or moving minimum filter can be applied to
    >        the stream of RTT samples to get a more stable estimate of
    >        application-experienced RTT.  RTT samples measured from the spin bit
    >        can also be used to generate RTT distribution information, including
    >        minimum RTT (which approximates network RTT over longer time windows)
    >        and RTT variance (which approximates jitter as seen by the
    >        application).
    >     [acm]   (let's avoid the clocky term "jitter", and clarify)
    >     Suggest: (which over-estimates one-way packet delay variance as seen by an
    >     application end-point).
    > 
    > [MK] Done!
    > 
    >     4.  Specific Network Management Tasks
    >     ...
    > 
    >     4.2.  Stateful Treatment of QUIC Traffic
    > 
    >        Stateful treatment of QUIC traffic (e.g., at a firewall or NAT
    >        middlebox) is possible through QUIC traffic and version
    >        identification (Section 3.1) and observation of the handshake for
    >        connection confirmation (Section 3.2).  The lack of any visible end-
    >        of-flow signal (Section 3.6) means that this state must be purged
    >        either through timers or through least-recently-used eviction,
    >        depending on application requirements.
    >     [acm] Comment: It suddenly struck me that this might be similar to the scenario
    >     that dkg frequently cited during QUIC development: His ISP would terminate idle
    >     TCP connections after many hours. See the citation of RFC5382 below. Don't
    >     expect QUIC connections to stay-up forever! The next Purge will occur in 3, 2,
    >     1, ...
    > 
    > [MK] QUIC has the connection ID mainly because time-outs for UDP are often
    > short. So I think this is a known problem. Or is there anything you think we
    > should add to this document?
    [acm] 
    You've made the recommendation below, I was just making a "*Comment*"
    > 
    >        While QUIC has no clear network-visible end-of-flow signal and
    >        therefore does require timer-based state removal, the QUIC handshake
    >        indicates confirmation by both ends of a valid bidirectional
    >        transmission.  As soon as the handshake completed, timers should be
    >        set long enough to also allow for short idle time during a valid
    >        transmission.
    > 
    >        [RFC4787] requires a network state timeout that is not less than 2
    >        minutes for most UDP traffic.  However, in practice, a QUIC endpoint
    >        can experience lower timeouts, in the range of 30 to 60 seconds
    >        [QUIC-TIMEOUT].
    > 
    >        In contrast, [RFC5382] recommends a state timeout of more than 2
    >        hours for TCP, given that TCP is a connection-oriented protocol with
    >        well- defined closure semantics.  Even though QUIC has explicitly
    >        been designed to tolerate NAT rebindings, decreasing the NAT timeout
    >        is not recommended, as it may negatively impact application
    >        performance or incentivize endpoints to send very frequent keep-alive
    >        packets.
    > 
    >        The recommendation is therefore that, even when lower state timeouts
    >        are used for other UDP traffic, a state timeout of at least two
    >        minutes ought to be used for QUIC traffic.
    >     [acm]
    >     2 minutes, not hours. got it.
    > 
    >     ...
    > 
    >     4.5.  Filtering Behavior
    > 
    >        [RFC4787] describes possible packet filtering behaviors that relate
    >        to NATs but is often also used is other scenarios where packet
    >        filtering is desired.  Though the guidance there holds, a
    >        particularly unwise behavior admits a handful of UDP packets and then
    >        makes a decision to whether or not filter later packets in the same
    >        connection.  QUIC applications are encouraged to fail over to TCP if
    >     [acm]
    >     is "fail over" or "fallback" the preferred term?
    >     (using only one will help)
    [acm] 
    Still need to pick-one here, and everywhere...

    Spencer and others had some replies/follow-up comments here.

[MK] We already did a PR for this as I mentioned at the beginning of the mail: https://github.com/quicwg/ops-drafts/pull/457/files

[MK] Thanks! Mirja

    > 
    >        early packets do not arrive at their destination
    >        [QUIC-APPLICABILITY], as QUIC is based on UDP and there are known
    >        blocks of UDP traffic (see Section 4.6).  Admitting a few packets
    >        allows the QUIC endpoint to determine that the path accepts QUIC.
    >        Sudden drops afterwards will result in slow and costly timeouts
    >        before abandoning the connection.
    > 
    >     4.6.  UDP Blocking, Throttling, and NAT Binding
    > 
    >     ...
    >        Further, if UDP traffic is desired to be throttled, it is recommended
    >        to block individual QUIC flows entirely rather than dropping packets
    >        indiscriminately.  When the handshake is blocked, QUIC-capable
    >        applications may fail over to TCP.  However, blocking a random
    >     [acm]
    >     is "fail over" or "fallback" the preferred term?
    >     (using only one will help)
    > 
    >        fraction of QUIC packets across 4-tuples will allow many QUIC
    >        handshakes to complete, preventing a TCP failover, but these
    >     [acm] ... or "failover" preferred?
    > 
    >        connections will suffer from severe packet loss (see also
    >        Section 4.5).  Therefore, UDP throttling should be realized by per-
    >        flow policing, as opposed to per-packet policing.  Note that this
    >        per-flow policing should be stateless to avoid problems with stateful
    >        treatment of QUIC flows (see Section 4.2), for example blocking a
    >        portion of the space of values of a hash function over the addresses
    >        and ports in the UDP datagram.  While QUIC endpoints are often able
    >        to survive address changes, e.g. by NAT rebindings, blocking a
    >        portion of the traffic based on 5-tuple hashing increases the risk of
    >        black-holing an active connection when the address changes.
    >     ...
    > 
    >     4.8.  Quality of Service Handling and ECMP Routing
    > 
    >        It is expected that any QoS handling in the network, e.g. based on
    >        use of DiffServ Code Points (DSCPs) [RFC2475] as well as Equal-Cost
    >        Multi-Path (ECMP) routing, is applied on a per flow-basis (and not
    >        per-packet) and as such that all packets belonging to the same active
    >        QUIC connection get uniform treatment.
    >     [acm] Comment: so networks should continue their *extra* efforts for datagrams,
    >     like maintaining order, while the datagram streams take away as much info as
    >     they can. got it...
    > 
    > [MK] I don't think networks should put in extra effort to reordering,
    > especially as reordering usually causes delays. Actually QUIC, as well as TCP
    > with certain extensions, can be quite robust to re-ordering but that's
    > implementation specific, and therefore you never know as passive observer.
    > The ask is rather, as you do today for TCP, to avoid reordering in the first
    > place if possible, e.g. use the full 5-tuple for ECMP. So I think the ask is
    > actually rather to keep thing running as they are right now, than doing
    > anything special for QUIC. Again do we need to make that message more clear?
    [acm] 
    Again, this was a "*Comment:*"

    Yes, there extra effort/complexity in the networks to avoid steady-state reordering. It would be better if new protocols (e.g., QUIC) were less sensitive to steady-state reordering, then networks could remove this form of complexity when all the sensitive protocols (and apps) have sunset. But that seems to be much farther out in time than most of us care about.
    > 
    > [MK] Thanks again! Mirja
    > 
    > 
    >     Done.
    > 
    > 
    >

v2.23.0 | Report a Bug | By Email