Re: New Plaintext QUIC-LB Design

Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> Fri, 15 January 2021 20:26 UTC

Return-Path: <mikkelfj@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 722013A1166 for <quic@ietfa.amsl.com>; Fri, 15 Jan 2021 12:26:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.096
X-Spam-Level:
X-Spam-Status: No, score=-1.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WianK3H15RLY for <quic@ietfa.amsl.com>; Fri, 15 Jan 2021 12:26:02 -0800 (PST)
Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAED83A1165 for <quic@ietf.org>; Fri, 15 Jan 2021 12:26:01 -0800 (PST)
Received: by mail-lf1-x129.google.com with SMTP id s26so14992007lfc.8 for <quic@ietf.org>; Fri, 15 Jan 2021 12:26:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=52CBAvNsP9c0NiuZN18k3MX+CvgZALTAbZY1o+++jqY=; b=K8IrVKJ+gbt5dR+gSlFkViaeCLnRtHeyM2DrFEvSghLvV45WLdyBNzO2m97VFcqBK7 vJQBzUddsXwu9EyY8vgusMxEwFnNSWiDhZ0u0V98NmDC21xtGBXSCJ/d3vCU0OVjDC4b e76ZOqxdBy7WFQ0yUfcmaqVjpWqUueP1V1UL7gp9M/u02EbLT/oyTF+rFWz2KFTeTyLB gumRQkbaZu2j6T7W5DHkjpuSUfoHAOUghbxApUDjIGJNT2b+U/GREwZWmuqvjZ9j/8IK 9Y9allGSRoc8lbjYHEO/T5INDacSx89uyGuetKhTcfA58u3X8K+EofJuQzAffpLur5Dy Z5fw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=52CBAvNsP9c0NiuZN18k3MX+CvgZALTAbZY1o+++jqY=; b=SIh2w6g7dPHzL7YBX/iRlIQk8P9kfKR3LfyqrxmxlGnAEygK7bfMVBggT+inwcGdEL 73opTYqvAqhSKbIAyJThTrfA0fE6qh7qfn0Z756DcnGlNhY63yb9T1onuVPPu+px90uq /qG8aVP6DUdk7XQeRUrd9qt+hfNUNEGyc66C9UMdHMQrbcE4HreQvLvU0cFWt3p1jRI0 hTqc7wT55Z3nBqK9KlygtylSMaqH1KHtoX44ckv/xE9vqMBt6kPPCZcK1F8S9bM8Gr/j EE6p+30x09yTPAPa4mYp1lF7sAiHAhVwGhDONvTCa0OPoZPBaAWX86rYf/CREYG19ADO axWw==
X-Gm-Message-State: AOAM531g+GdoamtNZe9MG3ATdFw/tBW/OuvKEKQdyedpgNw68MITXTWI gdUjCkYUYCbrK7S1jKVebiYm6FwNHngEPA==
X-Google-Smtp-Source: ABdhPJxDLEWvOiWruiKgy23NzBql8Qu/gS6XxJi4vzQjnidaAphCmVWVXGDoR832hR1MsjANIH4MIA==
X-Received: by 2002:a05:6512:3328:: with SMTP id l8mr6476796lfe.185.1610742360191; Fri, 15 Jan 2021 12:26:00 -0800 (PST)
Received: from [192.168.8.100] (109.59.218.219.mobile.3.dk. [109.59.218.219]) by smtp.gmail.com with ESMTPSA id g13sm1019529lfb.43.2021.01.15.12.25.59 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 15 Jan 2021 12:25:59 -0800 (PST)
From: =?utf-8?Q?Mikkel_Fahn=C3=B8e_J=C3=B8rgensen?= <mikkelfj@gmail.com>
Message-Id: <04B2488D-1EFE-4CBB-BB1E-2AF08F4BDEFA@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_27CD7AC6-40D9-4FF2-8C77-AAE76A3BF1F7"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Subject: Re: New Plaintext QUIC-LB Design
Date: Fri, 15 Jan 2021 21:25:58 +0100
In-Reply-To: <D7415808-034A-4E93-9329-2BC8F1F116E7@gmail.com>
Cc: Christian Huitema <huitema@huitema.net>, IETF QUIC WG <quic@ietf.org>
To: Martin Duke <martin.h.duke@gmail.com>
References: <CAM4esxRRp5=-YvcPsCdsgB=8O=_RAXq05Ldma0smGsjy95T4=g@mail.gmail.com> <6B05568D-1905-4416-904C-2EEC25491920@gmail.com> <CAM4esxSyn7uEiUsYvtiUbQ=4Qt-Bp+yLYBK+re+a+V3ea0BjcQ@mail.gmail.com> <B4D950F6-452A-4CFC-9707-DC1C9B3AB49B@gmail.com> <EB8897FC-1A57-4C45-ABDE-B87E36E519E8@gmail.com> <03ba27b1-3d27-d66b-4fc0-a952c24c993d@huitema.net> <CAM4esxToXBrKezEc3WVWpZFmNLVgVBX+==N77OyjmvEfvJ+kTA@mail.gmail.com> <527d1ec7-c354-5756-6f02-c8058c560b3a@huitema.net> <CAM4esxSVn9zdsur8E6EUGJTusE5DTkQOz7N1+VXm6aZ2v1Zzow@mail.gmail.com> <CAM4esxS8mqf5F6ZAW_JPrwg4gHWdtk=OMtRnwfJeuOH9JhoiqA@mail.gmail.com> <D7415808-034A-4E93-9329-2BC8F1F116E7@gmail.com>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/TbLv3cPMHAFqQLd0irCcl2f8HZU>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jan 2021 20:26:06 -0000

There is also

https://en.wikipedia.org/wiki/Rendezvous_hashing <https://en.wikipedia.org/wiki/Rendezvous_hashing>


> On 15 Jan 2021, at 21.18, Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> wrote:
> 
> I would be hesitant to introduce a situation where a load balancer is forced to use memory, especially memory it doesn’t fully control. It may be fine as a choice, but not the only choice.
> 
> Aside from potential attacks, there is also the hardware cost/complexity. SHA256 and AES is pretty standard in almost anything, but lots of RAM is a cost driver.
> 
> It is really hard to estimate crypto vs lookup overhead, but it is far from a given that lookup will be faster once the tables grow large.
> 
> Less coordination is a good thing though. I’m afraid that without out of band payload to coordinate, there will have to be a choice between configuration and state.
> 
> Mikkel
> 
>> On 15 Jan 2021, at 21.04, Martin Duke <martin.h.duke@gmail.com <mailto:martin.h.duke@gmail.com>> wrote:
>> 
>> To muddy this discussion a little further, after a little more thinking I believe there's a way to generalize this approach to all three of the original algorithms, encrypted or unencrypted, so there is never a need to manually allocate server IDs.
>> 
>> Again, the main tradeoff here is simpler configuration vs. more complexity and state at the load balancer.
>> 
>> As a document organization matter, rather than have six different algorithms I would prefer to specify three with a separate section describing the two separate ways to allocate a server ID.
>> 
>> But it is not too late to yell "stop" at this multiplicity of options if people feel the tradeoffs are clear-cut in one way or the other.
>> 
>> On Mon, Jan 11, 2021 at 6:50 PM Martin Duke <martin.h.duke@gmail.com <mailto:martin.h.duke@gmail.com>> wrote:
>> Yes. Do you have an alternate suggestion?
>> 
>> On Mon, Jan 11, 2021 at 5:54 PM Christian Huitema <huitema@huitema.net <mailto:huitema@huitema.net>> wrote:
>> 
>> 
>> On 1/11/2021 5:22 PM, Martin Duke wrote:
>>> Perhaps I should make some edits for clarity!
>>> 
>>> On Mon, Jan 11, 2021, 16:52 Christian Huitema <huitema@huitema.net <mailto:huitema@huitema.net>> wrote:
>>> I am looking at the text of section 4.2, and I am not sure how I would implement that. What should be the value of the config rotation bits in CID created by the server?
>>> 
>>> Any config includes the corresponding CR bits, and when generating the CID it would use those bits.
>>> 
>>> The confusing part is that, for this algorithm, a usable SID has to be extracted from any CID, hence all the weird stuff about CIDs with undefined configs.
>>> 
>>> Aside from that, it's like PCID: any server-generated CID uses the CR bits in the config, optional length encoding, SID, server-use octets.
>>> 
>>> 
>>> Should the 6 other bits in the first octet be set to a CID Len or to a random value?
>>> 
>>> It depends on the rest of the config, as with the other algorithms.
>>> 
>>> Issss the timer set when the server ID is first added to the table, or is the timer reset each time a packet is received with that CID? In the latter case, is it reset when any packet is received, or only when a "first initial" packet is received?
>>> 
>>> When any packet is received with that SID (not CID), the expiration is refreshed.
>> OK. So we can have the following:
>> 
>> 1) Server learns of Server-ID = X.
>> 
>> 2) Server creates new CID with that server ID, uses it to complete handshake.
>> 
>> 3) Client maintains a long running connection with that CID.
>> 
>> 4) Server keeps receiving messages with CID pointing to server-ID = X
>> 
>> 5) server-ID=X never expires.
>> 
>> Is that by design?
>> 
>> -- Christian Huitema
>> 
>> 
>> 
>