Re: New Version Notification for draft-kazuho-httpbis-selftrace-00.txt
Robin MARX <robin.marx@uhasselt.be> Fri, 13 August 2021 16:28 UTC
Return-Path: <robin.marx@uhasselt.be>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9563F3A1E45 for <quic@ietfa.amsl.com>; Fri, 13 Aug 2021 09:28:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=uhasselt.be
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MiUj4bmkpvaZ for <quic@ietfa.amsl.com>; Fri, 13 Aug 2021 09:28:21 -0700 (PDT)
Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53F273A1E44 for <quic@ietf.org>; Fri, 13 Aug 2021 09:28:20 -0700 (PDT)
Received: by mail-wr1-x42f.google.com with SMTP id q11so14033299wrr.9 for <quic@ietf.org>; Fri, 13 Aug 2021 09:28:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uhasselt.be; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=iXxDMitM5dGytzIJHXDan4ugMkeEXSg1HMoRYPSi0ko=; b=f3g92QHFcV1NxOlgek4FD8nEgkDuTqXXhKZNmAMWGdUXooXFGHC8f+vwPcXg4PqQB+ OAeRlcl8gIee8JVEIjcROBQ60KAbltEU0QAEFF3XTXx7OwMWunW+febGyeyI/OECmrSH 2NEyMp6cxwxfeTwCikiQKZldcosJwhHgd9B5M=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=iXxDMitM5dGytzIJHXDan4ugMkeEXSg1HMoRYPSi0ko=; b=DX6b0HCHOYF4kDtyneZU3MQLRlmvJSDU5l2DRw7SX38tGGYgd85miLhMXSGsna07dU j4MPTYADmMFAPbMJ8/TvQJMCSU0cOtGMBrjWAmp6kOCXGkZT/Nw0mpOyl6LZx5QhY5a4 SfFgev7R0LwHZCZbsUFI0TZPSdewosEyGlBd+np1rfecJw8N8hXGIvg69Kdn5QQZef2N t0eiAJ6P4pKCwRd0xRzP9y++T88iyz4b0JRTzsta15lyspdnj9XFZUwej6kldnuah334 wuXK2Gv/W1Vdw5GayvXWPSN2DSTSzUatYycBfs7ZOsGvetEnpqlzTTSLhXgbF9fxJoHJ EubQ==
X-Gm-Message-State: AOAM5319lIuUQBX39AO2ti+5LF5MIDYxup/rKiWwMEr0zizYTFMDsJYa cwDHTg/j6Tl8LCFrXSPH5sqYo9T1NWu7h2ikGJAuDQ==
X-Google-Smtp-Source: ABdhPJzKVtUulmvUH5b0MtsbCItKuXqN3V5bmgkMNkRt6h7iaGlcX68PnwTHxh/MmEUDejE4gBc1BoHkBLfFpyTt7Nw=
X-Received: by 2002:adf:d1c7:: with SMTP id b7mr4206658wrd.108.1628872094150; Fri, 13 Aug 2021 09:28:14 -0700 (PDT)
MIME-Version: 1.0
References: <162883401993.25302.7275724432785172464@ietfa.amsl.com> <CANatvzxWrg+rciDpOZqsnDWq_oW_cr-Do2SjUzGgPy_vyAUs=Q@mail.gmail.com>
In-Reply-To: <CANatvzxWrg+rciDpOZqsnDWq_oW_cr-Do2SjUzGgPy_vyAUs=Q@mail.gmail.com>
From: Robin MARX <robin.marx@uhasselt.be>
Date: Fri, 13 Aug 2021 18:28:05 +0200
Message-ID: <CAC7UV9aVnrUfvLuMB6dFSqiVzyr5PNF_xc+nRiZve35R3xqyrw@mail.gmail.com>
Subject: Re: New Version Notification for draft-kazuho-httpbis-selftrace-00.txt
To: Kazuho Oku <kazuhooku@gmail.com>
Cc: IETF QUIC WG <quic@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>, Jana Iyengar <jri.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000008e853005c97356c7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/YZbBWavPek51M36Dv2NwhuWOaPQ>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Aug 2021 16:28:29 -0000
Hello Kazuho, Thanks a lot for writing this up and sharing it. This concept has been part of the qlog docs since the very start [1], but has simultaneously been something that no-one has implemented yet, so it's good to see a concurrent proposal and an actual POC that seems to work quite nicely! I think this capability will be core to allow people to diagnose QUIC in the wild, as we've seen just this week with some of the problems Wix had to properly identify H3 vs H2 gains on their Fastly deployment [2]. A couple of questions/remarks: 1) The trace stream currently starts from when the request for the well-known URL is received, thus missing all events before that (e.g., handshake details). I understand this is a tradeoff (you don't want to keep full traces for all connections just in case they are requested), but I feel we might want a way to indicate at the very start (e.g., transport parameter) that a trace will be requested so we can request that info as well? 2) There are downsides to loading the trace over the same connection, some of which you note in the text and in the email (overhead for the "real" connection). The qlog text allows fetching of traces of connection A over connection B by CID, but that of course has other tradeoffs. I feel your method is probably best, IF we can find a solution for point 1). e.g., if you don't want to impact real connection, you request trace at start, let the connection run, and then fetch full trace at the end instead of streaming during. This does introduce some extra (resource exhaustion) attack vectors that need mitigations etc. 3) Relatedly, your POC seems to assume the browser will have just a single connection and a trace request in a second tab will auto map to that connection. That works fine for the POC, but for a real deployment that lets end-users fetch traces, you'd need built-in browser/client support to select a specific connection / fetch traces for all connections to a given origin. Not a big problem ofc, and things like Chrome's netlog export already do this, but still a practical hurdle. 4) Any reason in particular you're not streaming qlog? I assume it's because you don't log qlog directly but instead use a converter and that converter adds too much overhead to do on the fly? Not that it really matters or that I feel we should limit to qlog, but it does bring up the question of how an automated client setup (e.g., via WebPageTest-alike tooling) would identify what the server sends back. You of course already know this because you made the qlog issue for it [3], but good to bring it up on the list as well. 5) I wonder if this should be a completely separate document, a separate document part of the qlog effort, or part of the qlog documents. As said in 4), I don't feel this necessarily should be limited to qlog, but a lot of the privacy issues+mitigations inherent to exposing logs will be discussed for qlog and should probably be referenced for this approach as well. Currently, you seem to skirt some of this by saying it doesn't matter because the client is the one requesting the logs, but I don't quite agree that's enough. This could be used to ask end-users to capture a trace of a problematic connection and upload it for analysis. If the end-user isn't very technical, they might not know which info they're exposing. Even if they are, they probably don't want to go through the trouble of sanitizing the logs themselves. Put differently: this should probably either be restricted to expose no privacy-sensitive info at all (or at least discuss the issues) or allow explicit selection of a "privacy level" (the approach we'll probably take with qlog is to define multiple levels of obfuscation/omission for different use cases). I am very excited by the proposal and would love for some large deployments to offer this service. I feel that wouldn't just be revolutionary to many academic efforts, but also enable better client-aided debugging and to allow users to assess bottlenecks in their setups. With best regards, Robin [1]: https://datatracker.ietf.org/doc/html/draft-ietf-quic-qlog-main-schema-00#section-7.2 [2]: https://twitter.com/alonkochba/status/1424403252284694528?s=20 [3]: https://github.com/quicwg/qlog/issues/158 On Fri, 13 Aug 2021 at 08:15, Kazuho Oku <kazuhooku@gmail.com> wrote: > Hello folks, > > Today Jana and I have submitted a tiny I-D called > draft-kazuho-httpbis-selftrace. > > The draft specifies a well-known URI to be used for providing a trace of a > particular HTTP/3 connection (e.g., qlog) on that same HTTP/3 connection. > > One of the biggest hurdles in analyzing HTTP/3 performance issues is > obtaining traces that show the symptoms. That is because clients being > affected by issues have to coordinate with the server operators to collect > the traces. > > This PR solves the problem by defining a well-known URI for serving a > trace to the client on the HTTP connection that the client is using. When a > user sees an issue, they can collect the traces themselves and provide it > to the server operator. > > We have already implemented the feature in h2o, and doing so was easy, > assuming that the underlying QUIC stack already defines callbacks for > collecting trace events, see lib/handler/self_trace.c of > https://github.com/h2o/h2o/pull/2765. > > We also have a public endpoint; to try it out, first open > https://ora1.kazuhooku.com/test/self-trace/video-only.html (which starts > streaming a video), then open > https://ora1.kazuhooku.com/.well-known/self-trace. While the video is > being served, you would see the trace flowing through the well-known URI. > > At the moment, we are using a custom JSON format for the trace, but when > gzip compression is applied on-the-fly, the overhead of sending a trace > alongside ordinary HTTP responses is less than 10%. Therefore, we tend to > believe that this approach would work well in practice. > > Please let us know what you think - your feedback is very welcome. > > ---------- Forwarded message --------- > From: <internet-drafts@ietf.org> > Date: 2021年8月13日(金) 14:53 > Subject: New Version Notification for draft-kazuho-httpbis-selftrace-00.txt > To: Jana Iyengar <jri.ietf@gmail.com>, Kazuho Oku <kazuhooku@gmail.com> > > > > A new version of I-D, draft-kazuho-httpbis-selftrace-00.txt > has been successfully submitted by Kazuho Oku and posted to the > IETF repository. > > Name: draft-kazuho-httpbis-selftrace > Revision: 00 > Title: Self-Tracing for HTTP > Document date: 2021-08-13 > Group: Individual Submission > Pages: 5 > URL: > https://www.ietf.org/archive/id/draft-kazuho-httpbis-selftrace-00.txt > Status: > https://datatracker.ietf.org/doc/draft-kazuho-httpbis-selftrace/ > Htmlized: > https://datatracker.ietf.org/doc/html/draft-kazuho-httpbis-selftrace > > > Abstract: > This document registers a "Well-Known URI" for exposing state of an > HTTP connection to the peer using formats such as qlog schema [QLOG]. > > > > > The IETF Secretariat > > > > > -- > Kazuho Oku > -- dr. Robin Marx Postdoc researcher - Web protocols Expertise centre for Digital Media *Cellphone *+32(0)497 72 86 94 www.uhasselt.be Universiteit Hasselt - Campus Diepenbeek Agoralaan Gebouw D - B-3590 Diepenbeek Kantoor EDM-2.05
- Fwd: New Version Notification for draft-kazuho-ht… Kazuho Oku
- Re: New Version Notification for draft-kazuho-htt… Robin MARX
- Re: New Version Notification for draft-kazuho-htt… Matt Joras
- Re: New Version Notification for draft-kazuho-htt… Jana Iyengar
- Re: New Version Notification for draft-kazuho-htt… Jana Iyengar
- Re: New Version Notification for draft-kazuho-htt… Mark Nottingham
- Privacy considerations of trace logging (was Re: … Lucas Pardue
- Re: New Version Notification for draft-kazuho-htt… Spencer Dawkins at IETF
- Re: New Version Notification for draft-kazuho-htt… Kazuho Oku
- Re: New Version Notification for draft-kazuho-htt… Ryan Sleevi
- Re: Privacy considerations of trace logging (was … Kazuho Oku
- Re: Privacy considerations of trace logging (was … Lucas Pardue
- Re: New Version Notification for draft-kazuho-htt… Roberto Peon
- Re: New Version Notification for draft-kazuho-htt… Roberto Peon
- Re: Privacy considerations of trace logging (was … Roberto Peon