IETF Logo Mail Archive

Re: Getting to consensus on packet number encryption

Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> Wed, 02 May 2018 06:18 UTC

Return-Path: <mikkelfj@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FB6C12D86C for <quic@ietfa.amsl.com>; Tue, 1 May 2018 23:18:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T6uoJGb6UIuK for <quic@ietfa.amsl.com>; Tue, 1 May 2018 23:18:38 -0700 (PDT)
Received: from mail-pf0-x230.google.com (mail-pf0-x230.google.com [IPv6:2607:f8b0:400e:c00::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E98DC127698 for <quic@ietf.org>; Tue, 1 May 2018 23:18:37 -0700 (PDT)
Received: by mail-pf0-x230.google.com with SMTP id w129so5461514pfd.3 for <quic@ietf.org>; Tue, 01 May 2018 23:18:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:thread-topic:thread-index:date:message-id :references:in-reply-to:accept-language:content-language :mime-version; bh=2OvPa4wVZmxoCfgzGIPP7pl1UAwsRGgI7eMTwcRDKlQ=; b=qsaOzSHOTbIaJMCPTDkA5ahAXQskfqF6CT9xBdeqZJM6Y0l5APXtxt1JReix5ppN5k zr3ZXW5qGKZS57OXmKJ4XSqHz96mbxZtdReZI/Ruk52/4bFLcMukXbNHLEcRyfJHb2DM GtKH+uwLhCMYiPY9c/GdJ93beUzTbneGeZv71mNxqnz3j1CuqaNcNuy2TLDdfosf33zT yWNf+NY7eKDo9II3P6Br/i42dy5/VpwBtEGUZVJ9yDpkFKRaIl1tcXPV3ii5gcezNq1A 3Diia7vj77ZCsh2nXvLdlX/e+BF/w3Vuww4NCB9mrGi9oAgt+eo8TaGC8Zi2nIrnwZx4 nZ8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:thread-topic:thread-index :date:message-id:references:in-reply-to:accept-language :content-language:mime-version; bh=2OvPa4wVZmxoCfgzGIPP7pl1UAwsRGgI7eMTwcRDKlQ=; b=Jy20bldnBrzH8FgwK/rCoxvW5X1uN8VDqX5zBDRF+zC1JpdngSmoLjEQzWeksDhzU4 A0106rbPeeo/AIu7mI2E9rMX/zG+1zXeAlXA0oPd07n3J6Yd5YXZGczwLWLtjouaRf8Z fNrDP6prIwLqj29N109moWlRLKG1VAc9HyFY7MBkJZkNZtfhRMS17ZJoWxccAV6ViSjG 92o6vdKBl24SuMqXHA3pYF3QAukO8yAqXjkEPNQUYVExVLqit2CRsThUWouClYIl4ujJ zs0OFf/VEHHNd13dhM+LLUquqwLYKPeeWCW6q6yz66GolpPxhnxKeS9SOcggEU9gsMzq 4e6Q==
X-Gm-Message-State: ALQs6tDlQBkQicSUrNHX30cOhlvOkWGzHScjaXSfMzouGDzOt66d2zjd 9CcYj3TkEQtLGqaLCRIySZM=
X-Google-Smtp-Source: AB8JxZrokNEbIc6dLMZmMG/FGRg0AH17wXz+eO0gcGAk+fCRMLS+vdDk23wX5/Ab9Pbl60YCJoaYLg==
X-Received: by 2002:a63:a06a:: with SMTP id u42-v6mr14572816pgn.389.1525241917316; Tue, 01 May 2018 23:18:37 -0700 (PDT)
Received: from DB6PR10MB1766.EURPRD10.PROD.OUTLOOK.COM ([40.101.73.69]) by smtp.gmail.com with ESMTPSA id j9sm18509705pff.46.2018.05.01.23.18.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 01 May 2018 23:18:36 -0700 (PDT)
From: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
To: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>, Praveen Balasubramanian <pravb=40microsoft.com@dmarc.ietf.org>
CC: Ted Hardie <ted.ietf@gmail.com>, "Salz, Rich" <rsalz@akamai.com>, "Lubashev, Igor" <ilubashe@akamai.com>, Roberto Peon <fenix@fb.com>, "Brian Trammell (IETF)" <ietf@trammell.ch>, Benjamin Kaduk <bkaduk@akamai.com>, IETF QUIC WG <quic@ietf.org>
Subject: Re: Getting to consensus on packet number encryption
Thread-Topic: Getting to consensus on packet number encryption
Thread-Index: AQHTy9Gavrm3K/jvTEOucWh2l1TdAaPwZ0sAgAC4ugCAAARcAIAAG5CAgAAFCACAAACJgIAAEVkAgACR+YCAB09lAIAFXyIAgAVK+oCAAJlSAIABxdSAgACOHICAB/EyAIACo7YAgACiMICAAADPgIAAIs8AgAAm/YCAABExgIAABpIAgAAK6ACAAPIgAIAA5wcAgACzcYCAAHHMgIAEe1cAgAABEACAABWHgIAA8UgAgAABeQCAAC8kAIAAC7UAgAARLwCAAA0zAIAAD7YAgAAFcACAAJPZAIAAKeKS
X-MS-Exchange-MessageSentRepresentingType: 2
Date: Wed, 02 May 2018 06:18:30 +0000
Message-ID: <DB6PR10MB17667578B2E994EE1B771E45AC800@DB6PR10MB1766.EURPRD10.PROD.OUTLOOK.COM>
References: <CANatvzwCYrOZULG3iVmDFp97nr=M5=Gufo8TZjOGQVFUpsn0bQ@mail.gmail.com> <CAAedzxqDcPXJUE83KVnDiU23PvqDcTCrc6rRMw09FexjJA-Y6Q@mail.gmail.com> <CANatvzwjYE6EdvFtOXJMVQnutbVQ4YY+=XsQFzKwHzqWzZ4U+w@mail.gmail.com> <d32ade7b56bf4651952659307c08893b@usma1ex-dag1mb5.msg.corp.akamai.com> <CANatvzwHtCn8rLB8npf3i7PGyYZhVDRd2uojh5hv3uxtFPEsSA@mail.gmail.com> <58447D8E-782C-431C-8FC3-71124B10A047@trammell.ch> <CACpbDcdfF9w3qqrH1eB0sGU_4vheD9aMP5EXnp1o3Y19N19NUg@mail.gmail.com> <e8b4931a-3931-5b8d-8dad-3ca1939d5542@huitema.net> <CAKcm_gPaj3o-VTdA_0+Kk+nTcVJrYcs_BMyOiDGXKub3gB=GLg@mail.gmail.com> <MWHPR21MB063869878060E850137210FEB6820@MWHPR21MB0638.namprd21.prod.outlook.com> <20180501121906.GA5742@akamai.com> <F63059EA-BA14-4886-A4FB-AA5F04AC164B@akamai.com> <BY2PR15MB07757EAB6A818F1D8D8CCED9CD810@BY2PR15MB0775.namprd15.prod.outlook.com> <CA+9kkMCpxve3CKhQk45YKbvyOyQ6kvzyhpJhrTq1UM-QM+ms2Q@mail.gmail.com> <89893592-7135-4C24-BE1E-4B0FFD1A2E97@trammell.ch> <CA+9kkMCUTRrM9SPEz=Q5GDgU7whryZ1cRdj-O3=GP=-vOr-X+A@mail.gmail.com> <ba56bca23f5747e5abdfec137de37481@usma1ex-dag1mb5.msg.corp.akamai.com> <MWHPR21MB0638014E783CE63F5D30DE38B6810@MWHPR21MB0638.namprd21.prod.outlook.com>, <CAKKJt-e6WsXpvTRELUSCMRQJBgAsRFHPh9SHO6sH_LHEYY1VmQ@mail.gmail.com>
In-Reply-To: <CAKKJt-e6WsXpvTRELUSCMRQJBgAsRFHPh9SHO6sH_LHEYY1VmQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-Exchange-Organization-SCL: -1
X-MS-TNEF-Correlator:
X-MS-Exchange-Organization-RecordReviewCfmType: 0
Content-Type: multipart/alternative; boundary="_000_DB6PR10MB17667578B2E994EE1B771E45AC800DB6PR10MB1766EURP_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/YO-Vgs1RLdUOxUr2W4U4PFEF4Po>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2018 06:18:40 -0000

I think there are cases where the PNE overhead is more than single digit pct:

Small packets with, say, latest stockquote would have PNE double the packet protection overhead - and there isn’t much other overhead. This adds latency.

Another example is sending a transaction ID serially through 3 out of 5 masters to reach consensus. PNE could dominate the achievable transaction rate assuming very fast networks.

________________________________
From: QUIC <quic-bounces@ietf.org> on behalf of Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Sent: Wednesday, May 2, 2018 5:48:36 AM
To: Praveen Balasubramanian
Cc: Ted Hardie; Salz, Rich; Lubashev, Igor; Roberto Peon; Brian Trammell (IETF); Benjamin Kaduk; IETF QUIC WG
Subject: Re: Getting to consensus on packet number encryption

Speaking as a curious observer with no hat on ...

On Tue, May 1, 2018 at 1:59 PM, Praveen Balasubramanian <pravb=40microsoft.com@dmarc.ietf.org<mailto:pravb=40microsoft.com@dmarc.ietf.org>> wrote:
Yeah this doesn’t have to be unilateral and is a negotiation. Either side is free to terminate the handshake and fall back to TCP if it doesn’t want to support the transforms being offered in the negotiation. This works perfectly fine for the intra-DC use cases.

So, please help me understand whether I'm tracking this.

Most of the time, QUIC connections are expected to traverse something like the public Internet, so a bunch of participants want PNE as an anti-ossification thing in this case.

Sometimes, QUIC connections would traverse only a controlled network path (which I THINK is the point of the conversation about datacenters), for server-to-server connections. Some participants would like to avoid any overhead they can avoid in those situations, and don't see any need for PNE, only additional (single-digit percentage) costs, and would like to negotiate not using PNE for those connections.

Is that about right, so far? Assuming so ...

Is it correct that those connections are using TCP today, and are seeing sufficiently good performance with TCP to make additional overhead look problematic?

Is it correct that if an implementation doesn't want to use QUIC with PNE overhead, Plan A would be to refuse the QUIC connection and fall back to TCP?

Thanks in advance for clues ...

Spencer

v2.23.0 | Report a Bug | By Email