IETF Logo Mail Archive

RE: Packet number encryption

Praveen Balasubramanian <pravb@microsoft.com> Sat, 10 February 2018 17:13 UTC

Return-Path: <pravb@microsoft.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20DB61276AF for <quic@ietfa.amsl.com>; Sat, 10 Feb 2018 09:13:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.011
X-Spam-Level:
X-Spam-Status: No, score=-0.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NgBXps_eOx1s for <quic@ietfa.amsl.com>; Sat, 10 Feb 2018 09:12:57 -0800 (PST)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0125.outbound.protection.outlook.com [104.47.34.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19D4D126BF3 for <quic@ietf.org>; Sat, 10 Feb 2018 09:12:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Anvih2CvI3K+IJ58iyQsyr16CvI6EBunF1IeOSCBto4=; b=hlTrPkaA8YocG8rWn6+YScmIs3fXtPIMW3thMc11MlOJDfUcI/m31XnTXKk/gDnUU2tMRhTTbmS75Sml5Ikv3zQmFM44EJEp9Dkm3/HH5DEo+Fnb+CvKwVDsrMOuHKdr89MDT8Ilwo8dstD5e7Zk9Tzf7HwYvgQorRraeC/kiRU=
Received: from CY4PR21MB0133.namprd21.prod.outlook.com (10.173.189.15) by CY4PR21MB0693.namprd21.prod.outlook.com (10.175.121.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.506.4; Sat, 10 Feb 2018 17:12:51 +0000
Received: from CY4PR21MB0133.namprd21.prod.outlook.com ([fe80::f4bd:bebf:7ea5:7dc5]) by CY4PR21MB0133.namprd21.prod.outlook.com ([fe80::f4bd:bebf:7ea5:7dc5%6]) with mapi id 15.20.0506.011; Sat, 10 Feb 2018 17:12:51 +0000
From: Praveen Balasubramanian <pravb@microsoft.com>
To: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>, Victor Vasiliev <vasilvv@google.com>
CC: "quic@ietf.org" <quic@ietf.org>, Marten Seemann <martenseemann@gmail.com>, huitema <huitema@huitema.net>
Subject: RE: Packet number encryption
Thread-Topic: Packet number encryption
Thread-Index: AQHTmW31V+0GAWpR/E2VqOCVLx9SYqOMgUQAgABeoYCAAAgUAIAAd3KAgAA8YgCAACPEAIAAAiYAgAOBloCAALfdgIAACBkAgAEGGACAANx9AIAAn5KAgAB7w4CAADUigIAADBeAgADUsaCAAGk3gIAAEEgAgACizACAADhiAIAAHkiAgAADUYCAACdFAIAAVRYAgAAUZQCAAA5oAIAAD4fQgABGjACAAAGHQIAACNQAgAAAqaCAAAeBgIAAC4qAgACi02CAAbWdAIAAKHbggAGCSACAAALsAIAAO8qAgABHugCAAGlygIAAXGZA
Date: Sat, 10 Feb 2018 17:12:50 +0000
Message-ID: <CY4PR21MB0133D903AD60734920BBC910B6F10@CY4PR21MB0133.namprd21.prod.outlook.com>
References: <CABkgnnVyo3MmWtVULiV=FJTnR528qfY8-OmKGWAs0bCvri-a_g@mail.gmail.com> <2102BDC2-62C0-4A76-8ADE-8167437E2D07@trammell.ch> <CAN1APde6o6=aCXuWajPFSU=jXv-ERdVHk=uyjM71uQ_uU-oMTg@mail.gmail.com> <8e833029-68b5-2787-3897-a0f7818a259f@tik.ee.ethz.ch> <1de39727-eeec-0e7a-1e8b-5ed50433c5bd@cs.tcd.ie> <MWHPR08MB2432D0216BC8FE1B0D9E3690DAFD0@MWHPR08MB2432.namprd08.prod.outlook.com> <CAGD1bZauKbucs_5n7RQbK8H2HiyfiqpGVEcKreGA6umhMBSFgg@mail.gmail.com> <CABcZeBPNrc-9vANSH02r++p53s6gN4pVB8DMd80nUxOhKTp3dA@mail.gmail.com> <CAKcm_gMvHSBhpUvsQCCkV2_o+d_wchF3R3L6H8mp6nKNaaRmSw@mail.gmail.com> <CY4PR21MB0133CCAA6807469BA983D00BB6FC0@CY4PR21MB0133.namprd21.prod.outlook.com> <CABkgnnW4xr_YzpsvCxaJJgcQdBTuX=Yv735_sdd4VoMfji8mbA@mail.gmail.com> <CY4PR21MB0133C759D4A08A4988B641B2B6FC0@CY4PR21MB0133.namprd21.prod.outlook.com> <bdf88936-8edc-d56e-ee59-c9d597058edd@huitema.net> <CY4PR21MB01337C8A700E58B49D90B712B6FC0@CY4PR21MB0133.namprd21.prod.outlook.com> <119b3276-5799-1cc3-8982-7479171bbf27@huitema.net> <CAOYVs2pi8-NVuS+crNMfjsP-n5upK3=5tPeQ8OSGpOvL6RTrjA@mail.gmail.com> <CY4PR21MB0133A1117B2733BBCF049C5FB6FC0@CY4PR21MB0133.namprd21.prod.outlook.com> <CAAZdMad-vEBj4Zw-9=bM8hfSui68YBPTi88ZB434giYMXA1viQ@mail.gmail.com> <MWHPR21MB0144A36781B9AB9BEC7B99A8B6F30@MWHPR21MB0144.namprd21.prod.outlook.com> <CAAZdMaf_okyh1FHemPK90=RQp2Tb-p34SA_C77RLp68bwWSE2Q@mail.gmail.com> <CAN1APdchpj++3K5AcYZk-SMPBRDi3jvo7gjSMQwdYY_NuLNkgQ@mail.gmail.com> <CAAZdMaf-+q+3L9XPBLgDq6qGzVed4NaGOL63DqjGTcSm8g6oBA@mail.gmail.com> <DB6PR10MB176692436653B08C1CA949C2ACF10@DB6PR10MB1766.EURPRD10.PROD.OUTLOOK.COM> <CAN1APddho1==P7x3PV-F2Rj5DJkfzGLx5UqsN4fxOBg-C30RDg@mail.gmail.com>
In-Reply-To: <CAN1APddho1==P7x3PV-F2Rj5DJkfzGLx5UqsN4fxOBg-C30RDg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:5::712]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0693; 7:4PvGpQ+Hvmo6nVcR9hB6gXDEwqJiT00kIEXiPMcBYiaUb/JQPahe82SCiZUmonRWSkEyt9v5GIe8f3vg23YWqh+zXERBS/1x8G6GBYj+o3JA2/kXdlO8dRTTvW7AZnZB6wCC9NRavOzW2PjAdZPBKNukucRyq5cpsv1P4xepXm2K/wy3Y56BRklNRqd99bfffbm76GEsYBm9UbtDlRkWWk4UZkK5sAvfTtqKNEWWDzKBoqIjSAjw0/PKYA10EkIe
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 12e72fe0-4911-4f1b-1564-08d570a98432
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(3008032)(2017052603307)(7193020); SRVR:CY4PR21MB0693;
x-ms-traffictypediagnostic: CY4PR21MB0693:
x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr
x-microsoft-antispam-prvs: <CY4PR21MB0693CBBC7DBDF6A0CFE2FD23B6F10@CY4PR21MB0693.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(108984395545644)(89211679590171)(189930954265078)(85827821059158)(211936372134217)(153496737603132)(219752817060721)(21748063052155)(228905959029699);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040501)(2401047)(5005006)(8121501046)(3231101)(2400082)(944501161)(93006095)(93001095)(3002001)(10201501046)(6055026)(61426038)(61427038)(6041288)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123564045)(6072148)(201708071742011); SRVR:CY4PR21MB0693; BCL:0; PCL:0; RULEID:; SRVR:CY4PR21MB0693;
x-forefront-prvs: 057906460E
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39380400002)(366004)(39860400002)(376002)(396003)(346002)(189003)(199004)(11905935001)(10290500003)(7696005)(86612001)(33656002)(97736004)(3480700004)(25786009)(81166006)(106356001)(2906002)(8676002)(81156014)(8936002)(8990500004)(606006)(6246003)(3660700001)(5250100002)(186003)(3280700002)(10090500001)(110136005)(105586002)(93886005)(2900100001)(54906003)(39060400002)(4326008)(99286004)(19609705001)(790700001)(5660300001)(22452003)(229853002)(6116002)(59450400001)(966005)(74316002)(316002)(236005)(2950100002)(7116003)(6506007)(53546011)(14454004)(55016002)(478600001)(6346003)(9686003)(53936002)(68736007)(7736002)(102836004)(54896002)(6306002)(86362001)(6436002)(76176011); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0693; H:CY4PR21MB0133.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pravb@microsoft.com;
x-microsoft-antispam-message-info: c65vEZGQM594KFUiBOv8aZ+yc755FmhX7Gyn2MvZhDDpy0xWC6NvOlhYwnCmdG/syNPjybrJPaQImCjsR88bPw==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR21MB0133D903AD60734920BBC910B6F10CY4PR21MB0133namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 12e72fe0-4911-4f1b-1564-08d570a98432
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Feb 2018 17:12:51.0889 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0693
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/b_-lO1GRdFLy3lh2SKwVKMuNmdk>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Feb 2018 17:13:00 -0000

Makes sense. The 1%+ overhead I had quoted was in comparison to full protocol processing all the way from app to NIC. This is with an unoptimized early QUIC implementation and not fully optimized UDP/IP stack (we have focused much much more on optimizing TCP in the past). After software stack optimizations, the crypto share of the cost will only keep going up for which we have no technique other than to offload when such support is available in hardware and offload is way more challenging when workload is hosted in VMs and containers.

From: Mikkel Fahnøe Jørgensen [mailto:mikkelfj@gmail.com]
Sent: Saturday, February 10, 2018 3:36 AM
To: Victor Vasiliev <vasilvv@google.com>
Cc: Praveen Balasubramanian <pravb@microsoft.com>; quic@ietf.org; Marten Seemann <martenseemann@gmail.com>; huitema <huitema@huitema.net>
Subject: Re: Packet number encryption

To put numbers into perspective using Intel 2015 data

https://software.intel.com/en-us/articles/improving-openssl-performance#_Toc416943490<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsoftware.intel.com%2Fen-us%2Farticles%2Fimproving-openssl-performance%23_Toc416943490&data=04%7C01%7Cpravb%40microsoft.com%7C947ea96d592c498130df08d5707a6db1%7Cee3303d7fb734b0c8589bcd847f1c277%7C1%7C0%7C636538593507129957%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=I1%2BnvvFBfsQ1P%2BwSI7riWr%2FkP9ydkAihxlpAgpFggEg%3D&reserved=0>

A 64 byte message in AES-GCM AEAD in HW would use 1.03 cycles per byte or 66 cycles total, or 22ns on a 3GHz core.

For packet numbers we use the CBC encrypt numbers because here AES cannot exploit block parallelism.
Here we see 4.44 cycles/byte in HW or 71 cycles per block. With a 3GHz setup that would amount to about 24ns overhead for packet encryption.

Clearly it makes no sense that AES-GCM is faster than a single AES block encryption, but these are only approximate numbers and CBC mode might have a little overhead, so we clamp packet numbers to 22ns.

Taking the 98ns overhead by the Solarflare report we get a total (simplified) processing time is 98ns non-crypto, 22ns for packet number, and 22ns for AEAD totalling 142ns. So the packet number encryption overhead would be 22/(98+22)*100% = 18%. The numbers ignore other QUIC bookkeeping, but that can be done in other cores or outside the latency critical window.

This does not take into account that AEAD operation may operate less than optimal because the packet number must be extracted first. On the other hand, it is also not a disastrous overhead if no good alternative can be found.

Earlier AES-NI I’ve seen from Intel doc suggests around 100cycles in HW for a single AES-128 block which would be 33ns per packet number in the above example.


On 10 February 2018 at 06.18.25, Mikkel Fahnøe Jørgensen (mikkelfj@gmail.com<mailto:mikkelfj@gmail.com>) wrote:
98ns for 68 byte messages

v2.23.0 | Report a Bug | By Email