Re: [QUIC] Network Path Requirements for QUIC
Jana Iyengar <jri@google.com> Sat, 18 June 2016 03:11 UTC
Return-Path: <jri@google.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13D9E12D776 for <quic@ietfa.amsl.com>; Fri, 17 Jun 2016 20:11:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.126
X-Spam-Level:
X-Spam-Status: No, score=-4.126 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p-E30eUFTpVS for <quic@ietfa.amsl.com>; Fri, 17 Jun 2016 20:11:07 -0700 (PDT)
Received: from mail-yw0-x22d.google.com (mail-yw0-x22d.google.com [IPv6:2607:f8b0:4002:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 781D112B01A for <quic@ietf.org>; Fri, 17 Jun 2016 20:11:07 -0700 (PDT)
Received: by mail-yw0-x22d.google.com with SMTP id w195so1699008ywd.0 for <quic@ietf.org>; Fri, 17 Jun 2016 20:11:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=fsaIsFRn3d/i9YCUz/5GgdISqKBgxk/Vee/tQ7RCFTo=; b=MO8nx1/wFQ4khdj+EA/Vw4E09rEz4O8N6C9wasLNDBM5b/9Sp6tudXuavwGTzThr7R j5ac61pDV6z2Bvq1g0xM/90LWjDzxQDiHppHNkOmfxBywLlsFRegaOH5X61b8LPtjxhN b6P0d/KkkoZdI2oMAFveRiKGRDcw4yUoAiVejVrKfKB286osMC9syVsFuJ8N2l4gtaj6 7IgtwWA9lKjLXzKweKUp1ol5YWY/15IuWc69eFkjBwupvegpWT4jJ9DzGUnmr1H556ju H/Bpgln9mybnFwQ0EIaSuun2K11ddRCnk/OEmbAod8lC9YnrIdB9eITmRLp+EcKFWz5g 6RNQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=fsaIsFRn3d/i9YCUz/5GgdISqKBgxk/Vee/tQ7RCFTo=; b=UolM1ljltSl40WvRp1dUXVrbZ3VYN7GXgJxli1rlbyGxRW5bcC0Gei2+QsAU7iYiwP wI3a2HL9FrNN4aWhALDF2XK0Y/7XF0ns0Zdq1mBXhSblrOZjGqtSGVYmmFarqo305DRs vX7lQ8DEBtz+2765c6TMovUUQcxxr8vxOe70QyEVxv/qpOQ7lMKH53NsMemINRsXfEQJ uLLd31dhi5/XgGF26xZyFysxBoKKT75CNnYIaRNL+7o/TdGB0d6uknvtrSy4NJk+ygav WOeeOdovJe6nv3a1TPnXeelt0WAECXF2u/6Et997QSNFfpm23dqXe1pcL7xIVgPLxih7 gWeg==
X-Gm-Message-State: ALyK8tJz9uVkgAbVvpWUbueVXphzNXeIFwzndZ9t8i4DWcxXxbwYKoeF++TFaZMkMJQasmOglqeypZ4PNF3QJgse
X-Received: by 10.13.223.151 with SMTP id i145mr3005930ywe.189.1466219466355; Fri, 17 Jun 2016 20:11:06 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.219.83 with HTTP; Fri, 17 Jun 2016 20:11:05 -0700 (PDT)
In-Reply-To: <AA57AD2E-6634-4460-8D78-09482DD6C5B0@trammell.ch>
References: <D8376C9E-FD28-4FE3-B40A-D2BD58D2B4B7@cisco.com> <9D5D60A1-869C-495A-8C2A-7BEAAE93D2B3@cisco.com> <DM2PR0301MB0655F1B2DC19EC23BEA36BE4A8540@DM2PR0301MB0655.namprd03.prod.outlook.com> <D96C08FC-916F-4130-9FEE-114264CA5FDA@cisco.com> <CA+9kkMDm0UYq71LVWRG9jFRy2Be-gmF16jvONusZNBhuDew0WQ@mail.gmail.com> <A61CC0ED-5FA5-47C9-AA3B-B3D429D7CA20@cisco.com> <CAGD1bZYSpXVoyUJwd=3oNVxRk1Agc=jjJiEr2wuH18FHhsx9hg@mail.gmail.com> <B9E3E345-235D-476C-8079-4E5AB0564A9E@cisco.com> <CAGD1bZa1DODT4hSOogeVLwd_vc__ydX82tcTTRqA3fhSMPuDOA@mail.gmail.com> <DC0D9145-DB82-462B-B765-AA6245E6050B@cisco.com> <CY1PR0301MB06492D878878FA2D71803B67A8560@CY1PR0301MB0649.namprd03.prod.outlook.com> <36A34F1E-7673-4A5D-9263-DCE246276C85@cisco.com> <AA57AD2E-6634-4460-8D78-09482DD6C5B0@trammell.ch>
From: Jana Iyengar <jri@google.com>
Date: Fri, 17 Jun 2016 20:11:05 -0700
Message-ID: <CAGD1bZZ=hAY=dy0w=Y=aCdg11vcfvrkeJ2iVAxSPX4PnZKYzvw@mail.gmail.com>
To: Brian Trammell <ietf@trammell.ch>
Content-Type: multipart/alternative; boundary="001a114e4a2474d471053584d2ed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/_wrYNfpJv2kc2WP28Iq_BL-d3qU>
Cc: Christian Huitema <huitema@microsoft.com>, "quic@ietf.org" <quic@ietf.org>, "Joe Hildebrand (jhildebr)" <jhildebr@cisco.com>
Subject: Re: [QUIC] Network Path Requirements for QUIC
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list to discuss QUIC standardization <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jun 2016 03:11:10 -0000
> > > Given that, would the following change to the charter (adding one sentence > to the paragraph for focus area one) be acceptable? > > OLD: > > The first of these is the core transport work, which will describe the > wire format, along with the mechanisms for connection establishment, stream > multiplexing, data reliability, loss detection and recovery, congestion > control, version negotiation, and options negotiation. Work on congestion > control will describe use of an existing congestion controller as a default > scheme for QUIC. QUIC is expected to support rapid iterability and > experimentation, and this work will describe a versioning process that > enables distributed experimentation with QUIC. > > NEW: > > The first of these is the core transport work, which will describe the > wire format, along with the mechanisms for connection establishment, stream > multiplexing, data reliability, loss detection and recovery, congestion > control, version negotiation, and options negotiation. This work will > consider deployability, manageability and diagnosability of the wire > format, including how the wire format will be processed by devices on path. > Work on congestion control will describe use of an existing congestion > controller as a default scheme for QUIC. QUIC is expected to support rapid > iterability and experimentation, and this work will describe a versioning > process that enables distributed experimentation with QUIC. > Indeed, I would hope that manageability and diagnosability -- which > includes enabling firewalls to keep state, and making it possible to > differentiate attack traffic -- are requirements for any IETF transport > protocol going forward. > I'm fine with adding this text. That said, I don't think this requirement that you mention for any IETF transport is clear. What state are we talking about? I don't know of a clear definition of "attack traffic", though I very much agree that network operators have to deal with this problem for UDP. Without concrete requirements, it's hard to define a solution in the transport. - jana The discussion below, I think, needs to happen in the WG. General guidance > here can come from PLUS (and indeed, I see a lot of points raised in the > SPUD-derived requirements document draft-trammell-spud-req in Joe's list > below), but the detailed evaluation of these aspects of how the protocol > will interact with devices on path in the specific case of QUIC are a > matter for QUIC. I believe the suggestion above allows that work to happen. > > > Cheers, > > Brian > > > >> I heard two common requirements, "marking the beginning and end of a > flow," because that helps firewalls and load balancers manage resource, and > "assessing consent," because that helps differentiating between regular > traffic and attack traffic. Is there more? > > > > If you want the processing to be efficient (and not ossify something > unintended), being able to separate QUIC traffic from non-QUIC UDP traffic > easily would be useful. Otherwise, path devices are likely to grab > whatever version number they see as the discriminant. > > > > If “marking the beginning of a flow” also includes being able to tell > easily which side intended to initiate the conversation, then that’s fine. > > > > The protocol needs to ensure that a path element can associate further > traffic on a QUIC connection with the beginning of the flow. > > > > There probably needs to be recommendations for time-outs, particularly > around the end of the flow. > > > > The protocol doc needs to describe what happens with associated ICMP. > > > > The protocol needs to say what happens when a network or host receives a > QUIC packet it wasn’t expecting. > > > > We need to think about return routability. > > > > The protocol needs to keep in mind that state will be generated in the > network, so that as we add multi-path extensions (for example), we don’t > just start sending traffic on a new path without first starting a new flow. > > > > It is possible that we might want to describe what a load balancer > should do when it drops QUIC state due to a timeout (or when it is *about* > to drop state). We might want it to send a hint to one or both of the > endpoints, to avoid having to diagnose mid-stream black holes. Some load > TCP load balancers send RSTs in both directions in this case, for example. > > > > We should analyze the known attacks on TCP (at least) to ensure that > QUIC is not immediately vulnerable to the sorts of things we’ve already > fixed over the last 40 years. > > > > There are probably a couple of others, and I’m open to modifying the > list as people see fit. Alternately, if we can find a way to describe > these kind of discussions in a way that does not bring in the explicit path > communication bits that we explored in SPUD, I think the charter would be > easier to understand. > > > >>> QUIC will not be able to be deployed on some networks, such as the > >>> one I'm on right now, unless we describe the changes that are necessary > >>> for the network devices that are currently blocking it. > >> > >> There are such networks. But there also are networks today that block > outgoing TCP connections, because of some policy considerations. We don't > change TCP for that. We simply accept that these networks are making a > tradeoff. They care so much about some of their policies that they are > willing to forego some of the value of the Internet. That's probably fine. > Over time, the cost/advantage balance of the tradeoff will change, and the > policies will probably evolve. > > > > Are you saying that people will want QUIC so much that they will open > their firewalls up to all UDP traffic in both directions? Or that the > terrible timing-based heuristics we have for generic UDP will be enough for > a large enterprise? Or that the current protocol description, without > discussion and analysis, should be presumed to be perfect in this regard? > > > > For once, we have a chance to do some thoughtful engineering before a > protocol is fully specified to consider how it will be deployed, baking > decades of learning into the design. I think the approach that the TLS > working group has been doing on TLS 1.3 to consider attack vectors, > backward-compatibility, etc. is a model for what is needed from a protocol > of QUIC’s potential impact. > > > > -- > > Joe Hildebrand > > > > _______________________________________________ > > QUIC mailing list > > QUIC@ietf.org > > https://www.ietf.org/mailman/listinfo/quic > > > _______________________________________________ > QUIC mailing list > QUIC@ietf.org > https://www.ietf.org/mailman/listinfo/quic > >
- Re: [QUIC] Network Path Requirements for QUIC Ted Hardie
- Re: [QUIC] Network Path Requirements for QUIC Joe Hildebrand (jhildebr)
- Re: [QUIC] Network Path Requirements for QUIC Brian Trammell
- Re: [QUIC] Network Path Requirements for QUIC Jana Iyengar
- Re: [QUIC] Network Path Requirements for QUIC Jana Iyengar
- Re: [QUIC] Network Path Requirements for QUIC Joe Hildebrand (jhildebr)
- Re: [QUIC] Network Path Requirements for QUIC Ted Hardie
- Re: [QUIC] Network Path Requirements for QUIC Spencer Dawkins at IETF
- Re: [QUIC] Network Path Requirements for QUIC Eggert, Lars
- Re: [QUIC] Network Path Requirements for QUIC Eggert, Lars
- Re: [QUIC] Network Path Requirements for QUIC Brian Trammell
- Re: [QUIC] Network Path Requirements for QUIC DRUTA, DAN
- Re: [QUIC] Network Path Requirements for QUIC Joe Hildebrand (jhildebr)
- Re: [QUIC] Network Path Requirements for QUIC Ted Hardie
- Re: [QUIC] Network Path Requirements for QUIC Eggert, Lars
- Re: [QUIC] Network Path Requirements for QUIC DRUTA, DAN
- Re: [QUIC] Network Path Requirements for QUIC Watson Ladd
- Re: [QUIC] Network Path Requirements for QUIC Watson Ladd
- Re: [QUIC] Network Path Requirements for QUIC DRUTA, DAN
- Re: [QUIC] Network Path Requirements for QUIC Brian Trammell
- Re: [QUIC] Network Path Requirements for QUIC Eggert, Lars
- Re: [QUIC] Network Path Requirements for QUIC Brian Trammell
- Re: [QUIC] Network Path Requirements for QUIC Eggert, Lars
- Re: [QUIC] Network Path Requirements for QUIC Diego R. Lopez
- Re: [QUIC] Network Path Requirements for QUIC DRUTA, DAN
- Re: [QUIC] Network Path Requirements for QUIC Christian Huitema
- Re: [QUIC] Network Path Requirements for QUIC Tirumaleswar Reddy (tireddy)
- Re: [QUIC] Network Path Requirements for QUIC Joe Hildebrand (jhildebr)
- Re: [QUIC] Network Path Requirements for QUIC Joe Hildebrand (jhildebr)
- Re: [QUIC] Network Path Requirements for QUIC Matt Miller (mamille2)
- Re: [QUIC] Network Path Requirements for QUIC Mark Nottingham
- Re: [QUIC] Network Path Requirements for QUIC Brian Trammell
- Re: [QUIC] Network Path Requirements for QUIC Jana Iyengar
- Re: [QUIC] Network Path Requirements for QUIC Jana Iyengar
- Re: [QUIC] Network Path Requirements for QUIC Jana Iyengar
- Re: [QUIC] Network Path Requirements for QUIC Joe Hildebrand (jhildebr)
- Re: [QUIC] Network Path Requirements for QUIC Joe Hildebrand (jhildebr)
- Re: [QUIC] Network Path Requirements for QUIC Charles 'Buck' Krasic
- Re: [QUIC] Network Path Requirements for QUIC Smith, Kevin, (R&D) Vodafone Group
- Re: [QUIC] Network Path Requirements for QUIC mohamed.boucadair
- Re: [QUIC] Network Path Requirements for QUIC Brian Trammell
- Re: [QUIC] Network Path Requirements for QUIC Joe Hildebrand (jhildebr)
- Re: [QUIC] Network Path Requirements for QUIC Christian Huitema
- Re: [QUIC] Network Path Requirements for QUIC Joe Hildebrand (jhildebr)
- Re: [QUIC] Network Path Requirements for QUIC 🔓Dan Wing
- Re: [QUIC] Network Path Requirements for QUIC Brian Trammell
- Re: [QUIC] Network Path Requirements for QUIC Jana Iyengar
- Re: [QUIC] Network Path Requirements for QUIC 🔓Dan Wing
- Re: [QUIC] Network Path Requirements for QUIC Jana Iyengar
- Re: [QUIC] [E] Re: Network Path Requirements for … Mishra, Sanjay
- Re: [QUIC] Network Path Requirements for QUIC Joe Hildebrand (jhildebr)
- Re: [QUIC] Network Path Requirements for QUIC Smith, Kevin, (R&D) Vodafone Group
- Re: [QUIC] Network Path Requirements for QUIC Brian Trammell
- Re: [QUIC] Network Path Requirements for QUIC Ted Hardie
- Re: [QUIC] Network Path Requirements for QUIC Joe Hildebrand (jhildebr)
- Re: [QUIC] Network Path Requirements for QUIC Christian Huitema
- Re: [QUIC] Network Path Requirements for QUIC Joe Hildebrand (jhildebr)
- [QUIC] Network Path Requirements for QUIC 🔓Dan Wing