IETF Logo Mail Archive

Re: Spin bit as a negotiated option

Marten Seemann <martenseemann@gmail.com> Fri, 05 October 2018 10:33 UTC

Return-Path: <martenseemann@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 581EA130E69 for <quic@ietfa.amsl.com>; Fri, 5 Oct 2018 03:33:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BqBTr-0QP0zX for <quic@ietfa.amsl.com>; Fri, 5 Oct 2018 03:33:25 -0700 (PDT)
Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27889130E51 for <quic@ietf.org>; Fri, 5 Oct 2018 03:33:25 -0700 (PDT)
Received: by mail-io1-xd31.google.com with SMTP id w11-v6so10287978iob.2 for <quic@ietf.org>; Fri, 05 Oct 2018 03:33:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=k8JUFU355rIsfUju/1vxXO5bsK0pdUbzDBZU0ZjLxNA=; b=WVm66i89O7mgeY0BjZ2FGVJ8C8b7/QEEpUJoD3DCoMRbfbBcyCeKi46mrKAgsYmQOB 6YzX0L9LSS19FPIVtuuEag8M76QWzrP/9QXsxkHrow3qBcXaWvh7zYgzJI7CD6qS+ElI s/sCmyClWXamjBdcPLumqfM2xWMXdJOtML8CRztfUlU3Zd5nReY0rlKrNXdzo7Z1Z+oM masGOd+YqsgPZEtu2E9woPqw6PwQDv6tM4Be62rWmxzt+e+Cz2Pf0XYlDwKGyvUOg5Ap A+AIpulH44tsRtCQ60EM20zZQpVMDP657iJJsBuqEdgbPwP0sjihhiPdAIyaYbB5Zh7Q j1iw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=k8JUFU355rIsfUju/1vxXO5bsK0pdUbzDBZU0ZjLxNA=; b=JikoYG/fVA5u5O/QvvDJE5tlMZNtqsxqwNnmFh43y1xddhJgHdPyr9dKyk8muQP3gT flPI2a0tqzt81jLtROyqJpej/f1RJvmTXJPLrgwQYW7rafHsdjIFpfY1LTy0+B2hMJOL jIyASGC81irp7rvTdJD/2c+6WEWQeTJD+kkznhyL4Kbh/7naPPe5JlvuaewzaC01rEPQ WPrPcFAB2OqenKHXqfdQuQG0DUCYUYedtk2unOxJsuHL4yoHTbdxsJz5kiI9ULkEW6fG fXP9ONFDxvcgkd4Eg78xQqBVmf+Czyh+9jFe/siECAf1jW3kD8PzGTsh/TX/5GY4oQYj S6hw==
X-Gm-Message-State: ABuFfohyCfJuKCy+gc49cccppPd5vD9UYeDVdCpX3NjWaT1Ha+F3Rog4 uCk7V09vIwDFDlY5upw68C3lLqbC76SfdS1pFCw=
X-Google-Smtp-Source: ACcGV621RDqdOcaLqBUDgWVfuJfVk1wO0TtozsY7bra1tLOrTdG5g5S7stfAAEuMSa8zojDm4Kk8SsXAQCtMvAU8i3o=
X-Received: by 2002:a6b:8c48:: with SMTP id o69-v6mr7632737iod.195.1538735604161; Fri, 05 Oct 2018 03:33:24 -0700 (PDT)
MIME-Version: 1.0
References: <14531_1538460420_5BB30B04_14531_237_4_c0f3a391-9897-80b0-575b-aa73edad0d52@orange.com> <3E3DBC15-FE42-47CF-AF7A-1F2597ED2390@eggert.org> <24019_1538484216_5BB367F8_24019_26_1_8e6b0d8e-78f0-56c7-e731-da2ff22cb194@orange.com> <08A9C80F-59E6-46EE-A4D4-1F78F5085CF7@eggert.org> <9737_1538485723_5BB36DDB_9737_147_1_82e0e028-b0e8-5e09-7bd5-e66db97c556a@orange.com> <E7479831-9594-444E-9545-A162E8D9B154@eggert.org> <32072_1538492813_5BB3898D_32072_266_1_8380ff40-29fe-269b-8ed7-4331c9e53f4d@orange.com> <MWHPR22MB0991D93D706031603B077BFCDAE80@MWHPR22MB0991.namprd22.prod.outlook.com> <CAKcm_gM+zAEwfimHsorsWprJgS7O++85EOjpQoNY0LviaQ+KNQ@mail.gmail.com> <45751C2A-9F6C-4447-8D70-11ABE8C07F8D@trammell.ch> <CANatvzzCvmbu=bN1C-UCzNaT6EUPVCMPwY53wyFNkKa4HQT00g@mail.gmail.com> <E32A1E8D-0FD7-47F3-B026-10D46E201D54@trammell.ch> <21082_1538561186_5BB494A2_21082_335_1_26ed0978-a314-37d1-3c97-5924d62ef539@orange.com> <CANatvzy87Lc-kyzQUcZZS7unvaBQF+DUoEHsd1G0UoPncr4AEQ@mail.gmail.com> <4582_1538649993_5BB5EF89_4582_187_1_98109893-8492-6a58-0534-3fc4eaa09dd9@orange.com> <CY4PR22MB0983849F01312CBE18A4F69CDAEA0@CY4PR22MB0983.namprd22.prod.outlook.com> <HE1PR0701MB2393C0B9756449E5CC060723E2EB0@HE1PR0701MB2393.eurprd07.prod.outlook.com>
In-Reply-To: <HE1PR0701MB2393C0B9756449E5CC060723E2EB0@HE1PR0701MB2393.eurprd07.prod.outlook.com>
From: Marten Seemann <martenseemann@gmail.com>
Date: Fri, 05 Oct 2018 12:33:11 +0200
Message-ID: <CAOYVs2oyQO6kC3tMA3Cw7zzzDjiJca4yWRXqaK1ZH3_sbxWWtQ@mail.gmail.com>
Subject: Re: Spin bit as a negotiated option
To: Marcus Ihlar <marcus.ihlar@ericsson.com>
Cc: "alexandre.ferrieux@orange.com" <alexandre.ferrieux@orange.com>, "huitema@huitema.net" <huitema@huitema.net>, "ietf@trammell.ch" <ietf@trammell.ch>, "kazuhooku@gmail.com" <kazuhooku@gmail.com>, "mbishop@evequefou.be" <mbishop@evequefou.be>, "quic@ietf.org" <quic@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000016e223057778cd16"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/XtroO3lEDjb28wQjoShb0qXc4V8>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Oct 2018 10:33:29 -0000

The problem with using a specific version for implementations that use and
don’t use the spin bit is that middleboxes can effectively enforce usage of
the spin bit version by blackholing every packet advertising a version that
doesn’t use the spin bit. If only a few middleboxes do that, this would
force *all* implementations to avoid these versions.
Implementations that don’t want to expose their RTT would then have to
negotiate a version that is supposed to use the spin bit, but then grease
the corresponding bits in order to preserve their privacy. Of course, this
would only work if the peer doesn’t enforce compliance. Otherwise, we’ll
end up in a world where it’s basically impossible to opt-out of the
spin-bit.

On Fri, Oct 5, 2018 at 12:15 Marcus Ihlar <marcus.ihlar@ericsson.com> wrote:

> Hi,
> I like this approach since it allows us to disregard non-spinning flows by
> simply observing the initial handshake. This saves us quite some work.
> On the heuristics part, we cannot get away from it, even if we see the
> spin version in the initial handshake as there´s no guarantee that an
> endpoint will set the bit properly anyway.
> However, for the version where the intent to use spinbit is explicit it
> actually makes sense for an endpoint to treat non-participating behavior as
> a protocol error.
>
> Marcus
>
> -----Original Message-----
> From: QUIC <quic-bounces@ietf.org> On Behalf Of Mike Bishop
> Sent: den 5 oktober 2018 00:40
> To: alexandre.ferrieux@orange.com; Kazuho Oku <kazuhooku@gmail.com>
> Cc: Brian Trammell <ietf@trammell.ch>; IETF QUIC WG <quic@ietf.org>;
> Christian Huitema <huitema@huitema.net>
> Subject: RE: Spin bit as a negotiated option
>
> So long as this is the only thing being negotiated, it's not too bad.  If
> we want to negotiate other things, it quickly gets out of hand.  One could
> plausibly argue that the spin bit is special in that we actually want
> parties observing the transaction to understand which option has been
> selected.
>
> It's important to remember, though, that this is information you get only
> at the beginning of a new connection.  If there's migration or NAT
> rebinding, it's not guaranteed (and in fact, not intended) than you can
> correlate it back to a particular previous handshake.  You'll still either
> need heuristics to identify whether the spin bit is actually in use, or
> you'll need to ignore any traffic for which you didn't see the handshake.
>
> -----Original Message-----
> From: QUIC <quic-bounces@ietf.org> On Behalf Of
> alexandre.ferrieux@orange.com
> Sent: Thursday, October 4, 2018 3:47 AM
> To: Kazuho Oku <kazuhooku@gmail.com>
> Cc: Brian Trammell <ietf@trammell.ch>; IETF QUIC WG <quic@ietf.org>;
> Christian Huitema <huitema@huitema.net>
> Subject: Re: Spin bit as a negotiated option
>
> Thanks Kazuho. Using version numbers directly was an obvious choice, but
> so far I was discouraged by strong language in the spec, saying 0x00000001
> was the unavoidable point of convergence after all 0xFF0000XX experiments.
> So in essence you're proposing to weaken that a bit, right ?
>
> If so, how do you envision segmenting the version number space ?
>
>   - direct enumeration:
>
>         0x00000001 = v1dry
>         0x00000002 = v1 + spinbit
>         0x00000003 = v1 + spinbit + VEC
>
>   - low order bits for options:
>
>         0x000001XX = v1 + option XX
>         0x000002YY = v2 + option YY
>
> Also, are we sure that this explosion won't weigh on the new VN scheme,
> inducing slower convergence due to longer lists on either side ?
>
> On 10/04/18 11:50, Kazuho Oku wrote:
> > Hi,
> >
> > Thank you for starting the discussion specific to how we could
> > possibly negotiate the use of spin bits.
> >
> > Regarding the topic, my preference goes to using the version number
> > field of the long header for negotiating the presence of spin bits, or
> > any additional signal being exposed to the network.
> >
> > For example, QUICv1 without spin bit could use version 0x101, and v1
> > with spin bit could use 0x102. In the future, we can assign a
> > different version number for QUICv1 with multiple spin + VEC (or
> > people interested in testing the feature can designate a private
> > version number even before that).
> >
> > I see the following benefits to using the version field as a method to
> > negotiate the use of spin bits.
> >
> > 1. One of the concern regarding spin bits has been that they could
> > lead to ossification. Spin bits are not part of the Invariants, but if
> > the observation tools start looking at those bits without checking the
> > version number field, we will have the pressure to not change how the
> > bits are used. Using the version number to indicate the presence of
> > spin bits is the best approach to resolve such concern.
> >
> > 2. We have hoped to roll out multiple versions of QUIC in a small
> > interval so that the version number field does not get ossified. The
> > best solution is obviously to roll out two flavors of the protocol
> > that uses different version numbers at the same time. We will have a
> > real-world use of version negotiation from day one, because we are in
> > a condition where implementors have different opinions on if they
> > should support spin bit :-)
> >
> > The blocker to this approach has been version negotiation requiring an
> > additional round-trip, but that is going to be resolved by #1755.
> >
> > 2018年10月3日(水) 19:06 <alexandre.ferrieux@orange.com>:
> >>
> >> On 10/03/18 09:58, Brian Trammell (IETF) wrote:
> >> > Backing off the MUST for now for such situations is IMO a good
> >> > tradeoff, though, especially since we only need fractions of a
> >> > percent of deployment to start seeing useful signal for
> >> > baseline/anomaly measurement of large aggregates.
> >>
> >> If the consensus is that we must allow for such situations, then
> >> there are two
> >> possibilities:
> >>
> >>   (a) weak spec language (MAY WISH TO or similar) => many
> >> implementations will simply drop it
> >>
> >>   (b) negotiated option where the negotiation mechanism is mandatory
> >>
> >> In the vein of (b), Christian suggested offline to introduce
> >> negotiation to allow for experimentation of the remaining two
> >> reserved bits. Then may be we can synthesize both ideas by the
> following proposal:
> >>
> >>   - in the first few exchanges of the 5-tuple, use the three bits for
> >> option negotiation
> >>
> >>   - then use them as defined by the selected option
> >>
> >> Example encodings:
> >>
> >>   000 : nothing
> >>   001 : spin bit alone : S00
> >>   010 : spin bit + VEC : SVV
> >>   ... : other extensions
> >>
> >> The negotiation mechanism allows both endpoints to force 000.
> >> And since it is in the clear first byte, it allows on-path observers
> >> to identify the option without resorting to heuristics; this helps in
> >> the case of a small support ratio.
> >>
> >>
> >>
> >>
> >> _____________________________________________________________________
> >> ____________________________________________________
> >>
> >> Ce message et ses pieces jointes peuvent contenir des informations
> >> confidentielles ou privilegiees et ne doivent donc pas etre diffuses,
> >> exploites ou copies sans autorisation. Si vous avez recu ce message
> >> par erreur, veuillez le signaler a l'expediteur et le detruire ainsi
> que les pieces jointes. Les messages electroniques etant susceptibles
> d'alteration, Orange decline toute responsabilite si ce message a ete
> altere, deforme ou falsifie. Merci.
> >>
> >> This message and its attachments may contain confidential or
> >> privileged information that may be protected by law; they should not be
> distributed, used or copied without authorisation.
> >> If you have received this email in error, please notify the sender and
> delete this message and its attachments.
> >> As emails may be altered, Orange is not liable for messages that have
> been modified, changed or falsified.
> >> Thank you.
> >>
> >
> >
>
>
>
>
> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations
> confidentielles ou privilegiees et ne doivent donc pas etre diffuses,
> exploites ou copies sans autorisation. Si vous avez recu ce message par
> erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les
> pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou
> falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged
> information that may be protected by law; they should not be distributed,
> used or copied without authorisation.
> If you have received this email in error, please notify the sender and
> delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been
> modified, changed or falsified.
> Thank you.
>
>

v2.23.0 | Report a Bug | By Email