QUIC Chrome Error with GSUITE & QUIC transport draft publication ETA
Gyan Mishra <hayabusagsm@gmail.com> Sat, 04 January 2020 16:13 UTC
Return-Path: <hayabusagsm@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACF0412007C for <quic@ietfa.amsl.com>; Sat, 4 Jan 2020 08:13:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id azUyj7WU8gFz for <quic@ietfa.amsl.com>; Sat, 4 Jan 2020 08:13:16 -0800 (PST)
Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D36A120046 for <quic@ietf.org>; Sat, 4 Jan 2020 08:13:16 -0800 (PST)
Received: by mail-io1-xd2f.google.com with SMTP id x1so44323081iop.7 for <quic@ietf.org>; Sat, 04 Jan 2020 08:13:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=8t1stLFf3GlOak9h+j6JbTEIY0Z2XLU5wuvl7AAdh9c=; b=a4bpsIf5bmte0sY/1WQXf5L1ypEcgptmDyFoJujpJYHY8WZegDFWTCCQFEoHRYTaGn 1ii5GHBp+PcjuHrZMc3GpG9qT0f4/+dkAdN1UGmEUjasXkP0eoZdNsbe2gS4oXr7f61r FpUnEsPoJrtiUONTgN7UHcsX21Q56mZ8MB/vUo0Rx+BDeZTbCTVwf4yRn9vrcr6wZ7Vy 7Wd1WjtbjI0lwel7ZUzkMfy7guvnrDh3IH9Khj5CJ4RI5PnzslXa05ZOMu1WbENrWRJ0 kB+KO18Xuwf/V3Ozg6KT+Spvl2CA9VZazhVhEkYa6/Pfe6EiEMO1JX35JzALqyhlMsd5 6y+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=8t1stLFf3GlOak9h+j6JbTEIY0Z2XLU5wuvl7AAdh9c=; b=aBg4jhXv/w7QIgE+MabpUhvqCIqUHtiuzHPK4qNrmms21TtiveHJUvwckPXBGGDgrk iVrD9iRFD0Ma5L+ASySgie/RPKtZwE8511U8mQACD1fXzlgoZlDGhUXajxcaJP1dT8rU IgfY/U7rI5TvxhEKqLEpkWDYducBIk8ZXRsImU2xcxqfIXYWfXLLucx+xlBq4rKaMBgh AJOUilDTlws5aSgtoEd9gb/vr5I0+fr5HMU1JUtT3HQtsio6Auxgm/h1ZoygZj6ZRlLd 5CeSCYeU0K0G+IRsO0KxLn9W+3QdOKBKf9z5z6l8HVW8oJFLaRPOT0TL0SGKETuF6bGt Qd/Q==
X-Gm-Message-State: APjAAAUpjXJeYQJi/BYNkQO8BGEyrSGt3JRNmqSs65SFiusgIuBAx9Aj DsqAEHq++V0/Ipg0bv301gHf3k2apjPznxgUMq0c5tPM
X-Google-Smtp-Source: APXvYqxoaO5H4T25d+YojeRkWALp/RdoUXffcdIFCFi2jMxogHOR1gdEhm7YxlJpHh2oqVR1N6upcQyJmsPROvUAMSI=
X-Received: by 2002:a6b:c007:: with SMTP id q7mr59318369iof.58.1578154395070; Sat, 04 Jan 2020 08:13:15 -0800 (PST)
MIME-Version: 1.0
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Sat, 04 Jan 2020 11:13:04 -0500
Message-ID: <CABNhwV28q_3VfgNUCBqGHCpNbyMH8bewkND7_aX5DnsKF52K6Q@mail.gmail.com>
Subject: QUIC Chrome Error with GSUITE & QUIC transport draft publication ETA
To: "quic@ietf.org" <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001e79bf059b52b410"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/WPZHlES5EDpFhpLweirKn7kcz3Q>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Jan 2020 16:13:19 -0000
QUIC WG, We had some issues at work recently with Chrome and getting QUIC error. The issue appears to be related to our DMZ firewalls blocking QUIC. I believe GQUIC was working but was somehow bypassing the firewalls logging ; but then when google switched to using QUIC IETF standard I believe that’s when we started seeing the chrome error. Below is an email I sent at work as an overview of QUIC and recommendations on how to resolve the QUIC error. Please provide me any feedback and suggestions on how to best resolve this issue. We use GSUITE at work which uses QUIC and we noticed all traffic to GSUITE was using QUIC over IPV6. We have our network infrastructure enterprise fully dual stacked and since google URIs are all dual stacked as well ; since IPv6 is preferred over IPv4 by default with windows ; all the GSUITE traffic was now using QUIC over IPv6. Has anyone else had any encounter with this scenario where they are using GSUITE and are dual stacked and are seeing all GSUITE traffic use IPv6. Also what is the appropriate ETA of when the QUIC transport draft will be approved standard RFC. ——email below related to google chrome QUIC error and remediation—— What was the patch that was applied to the default silo firewalls that was deployed. Was the patch for QUIC support? Also were we seeing QUIC or GQUIC being logged and dropped on the firewall? Below is some information related to QUIC and how the protocol works: G-QUIC was the protocol developed by google to improve and secure all web traffic. QUIC is the IETF standard version of the protocol. QUIC protocol brief: QUIC was designed to be low overhead and robust and secure by default to eliminate issues with traditional TCP and improving transaction response times. QUIC provides a secure default transport using TLS 1.3 by replacing the TLS record layer with its own framing format while keeping the same TLS handshake. QUIC improves head of line blocking issues with HTTP/2 which multiplexes multiple http requests into the same TCP connection. QUIC transport stream is delivered just as the acronym states “quick udp internet connections” over udp instead of traditional TCP. https://www.google.com/amp/s/blog.cloudflare.com/the-road-to-quic/amp/ Wireshark is able to decode and differentiate both G-QUIC and QUIC. QUIC has an IETF WG which I am part of as development of standards for quic transport protocol. At this time QUIC transport is maturing but is still in draft state awaiting WG Last call and IESG review and final reviews before publication as an RFC. Some vendors have started early adoption of the protocol. We should reach out to Checkpoint to see if they support QUIC. Chrome has QUIC enabled by default. At this time google sites such as YouTube and GSUITE apps are the only web URIs that have QUIC protocol enabled on the server for client/server communication to use QUIC. QUIC IETF Draft: https://tools.ietf.org/pdf/draft-ietf-quic-transport-24.pdf For security reasons If the firewall and security appliances don’t support QUIC then it is recommend to disable QUIC. How to disable QUIC on chrome: https://kinsta.com/knowledgebase/err_quic_protocol_error/ If Checkpoint does support QUIC I would recommend to keep it enabled as it improves web performance and is more secure than traditional TCP. ———end email————- Kind regards, Gyan Mishra Verizon Communications (VZ) Cell 301 502-1347 -- Gyan S. Mishra IT Network Engineering & Technology Verizon Communications Inc. (VZ) 13101 Columbia Pike FDC1 3rd Floor Silver Spring, MD 20904 United States Phone: 301 502-1347 Email: gyan.s.mishra@verizon.com www.linkedin.com/in/networking-technologies-consultant
- QUIC Chrome Error with GSUITE & QUIC transport dr… Gyan Mishra
- Re: QUIC Chrome Error with GSUITE & QUIC transpor… Jana Iyengar
- Re: QUIC Chrome Error with GSUITE & QUIC transpor… Gyan Mishra