IETF Logo Mail Archive

Re: Expected Client Response to SERVER_BUSY

Roberto Peon <fenix@fb.com> Wed, 20 February 2019 21:18 UTC

Return-Path: <prvs=79544d0ce0=fenix@fb.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8AF012D4E7 for <quic@ietfa.amsl.com>; Wed, 20 Feb 2019 13:18:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.703
X-Spam-Level:
X-Spam-Status: No, score=-2.703 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fb.com header.b=msg8qKLF; dkim=pass (1024-bit key) header.d=fb.onmicrosoft.com header.b=Rggn/MX3
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mLVZdN5sxIoq for <quic@ietfa.amsl.com>; Wed, 20 Feb 2019 13:18:11 -0800 (PST)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FDFA129C6A for <quic@ietf.org>; Wed, 20 Feb 2019 13:18:06 -0800 (PST)
Received: from pps.filterd (m0044010.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x1KLAV4P017461; Wed, 20 Feb 2019 13:17:55 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=facebook; bh=Q7i/KpbnzjmAlWo0k1us3K2i3pIqyGW0VoPGfIcNpV0=; b=msg8qKLFL0PLraBr7uVBoYR0I3Ig3Cj5u3Sta9TZtG5o99HddwTTEnipuLRDeYDkM5WU MNQZegwqCAhlsd0BYIBH7EBF7cEZnE+qs/VZEwvZc2T0wGD038bNE8pCNKC5IXcmhwpG NM7tWfKBcBVKN/P4UJNWpdVLy7Z9bTJPRWs=
Received: from mail.thefacebook.com ([199.201.64.23]) by mx0a-00082601.pphosted.com with ESMTP id 2qse1u84n6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 20 Feb 2019 13:17:55 -0800
Received: from prn-mbx05.TheFacebook.com (2620:10d:c081:6::19) by prn-hub01.TheFacebook.com (2620:10d:c081:35::125) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1531.3; Wed, 20 Feb 2019 13:17:54 -0800
Received: from prn-hub02.TheFacebook.com (2620:10d:c081:35::126) by prn-mbx05.TheFacebook.com (2620:10d:c081:6::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1531.3; Wed, 20 Feb 2019 13:17:54 -0800
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (192.168.54.28) by o365-in.thefacebook.com (192.168.16.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1531.3 via Frontend Transport; Wed, 20 Feb 2019 13:17:53 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector1-fb-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Q7i/KpbnzjmAlWo0k1us3K2i3pIqyGW0VoPGfIcNpV0=; b=Rggn/MX3KwVNmI+lYbg0OPiy3Y8A6AIhYBvyFnth9VYYbB5/xEBLHYCTm1SmwKOpn9ka3R8BBq+Gm4ejOesdazqLP80RNrKKMniAogX+js6X7+swmngSkABzgDqBHZQOnyd1r5ecCS3Aqgx/qnAFXIf3B9hMHFmDpnj8niIr4IM=
Received: from BYAPR15MB2312.namprd15.prod.outlook.com (52.135.197.146) by BYAPR15MB2584.namprd15.prod.outlook.com (20.179.155.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1643.15; Wed, 20 Feb 2019 21:17:52 +0000
Received: from BYAPR15MB2312.namprd15.prod.outlook.com ([fe80::2403:324c:ac17:7084]) by BYAPR15MB2312.namprd15.prod.outlook.com ([fe80::2403:324c:ac17:7084%5]) with mapi id 15.20.1622.018; Wed, 20 Feb 2019 21:17:52 +0000
From: Roberto Peon <fenix@fb.com>
To: Praveen Balasubramanian <pravb@microsoft.com>, Töma Gavrichenkov <ximaera@gmail.com>, Christian Huitema <huitema@huitema.net>
CC: Nick Banks <nibanks@microsoft.com>, "Brian Trammell (IETF)" <ietf@trammell.ch>, Ian Swett <ianswett@google.com>, IETF QUIC WG <quic@ietf.org>, Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
Subject: Re: Expected Client Response to SERVER_BUSY
Thread-Topic: Expected Client Response to SERVER_BUSY
Thread-Index: AdTInrfRZAbJSsLZSlWCCrlUkiWX7AAgkIeAAACdzgAAAbynAAAAN6coAACOYoAAAIKXwAAAszQAAAatwwAAAd27AP//i/wA//92IBCAAJI+gA==
Date: Wed, 20 Feb 2019 21:17:52 +0000
Message-ID: <F7964472-41D4-473C-BB26-2F50BF5EA9B6@fb.com>
References: <CY4PR21MB0854341128C64E450E7C2DA2B37C0@CY4PR21MB0854.namprd21.prod.outlook.com> <CAKcm_gPmQiMhzfXnkEB4u+X+84bCbL8FE3Lj3ZdPPQBBu+4uPg@mail.gmail.com> <1AF7E952-4542-4C40-8652-BFFBFA61784A@trammell.ch> <CAKcm_gN11=DcV2v-JrX+Ym88D7P1Ey3rDvYomTf1seemsWDSwA@mail.gmail.com> <CY4PR21MB0854D8F7383CDF72EEDAE9FBB37D0@CY4PR21MB0854.namprd21.prod.outlook.com> <CALZ3u+Zmau+167msd9+OGcU+V00+__yLK83ByNEqvWhm7yFORg@mail.gmail.com> <CY4PR21MB0854E1E9AAF564CD8B12305CB37D0@CY4PR21MB0854.namprd21.prod.outlook.com> <CALZ3u+b_NqyrSAkqiuXnnVVL+T0XiExPDUP5JyuzvZVaXqHtCA@mail.gmail.com> <a861dc7b-c1a4-fa72-649a-4f98050aa6f5@huitema.net> <CALZ3u+YxHeVuF-27pjO6gGZ__RT7Y9cAx0vE+x-n8vJbWM+L6g@mail.gmail.com> <CC1D0429-A09E-4844-90B9-2C053FE583E8@fb.com> <MW2PR2101MB104957EA222B6ABA00B5E6AEB67D0@MW2PR2101MB1049.namprd21.prod.outlook.com>
In-Reply-To: <MW2PR2101MB104957EA222B6ABA00B5E6AEB67D0@MW2PR2101MB1049.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.15.0.190117
x-originating-ip: [2620:10d:c090:200::6:a040]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 79d00858-5250-4068-6757-08d69778df9c
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:BYAPR15MB2584;
x-ms-traffictypediagnostic: BYAPR15MB2584:
x-microsoft-exchange-diagnostics: 1; BYAPR15MB2584; 20:SRrq8EtuwEQfUp2vNwrG7KB67Y0hHKF2kKrkMLGTs5gFTe2ogfUXoZI7wmXRn9dmzhblKPxy/7SepDBS1XBTwPH+x85d5VQtCfqIWt75Tp5pvJC7/6XcWxhBlsWuviAn9niA1AJfjPhNowZ1xKJVNVZHIpMR53Mx0FiXa9Q1BVE=
x-microsoft-antispam-prvs: <BYAPR15MB2584AA4018C10D78997C74EBCD7D0@BYAPR15MB2584.namprd15.prod.outlook.com>
x-forefront-prvs: 0954EE4910
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(366004)(346002)(136003)(376002)(39860400002)(53824002)(13464003)(199004)(189003)(5660300002)(46003)(8936002)(36756003)(186003)(82746002)(14454004)(33656002)(6506007)(53546011)(6436002)(478600001)(8676002)(81156014)(6116002)(25786009)(316002)(2906002)(54906003)(93886005)(110136005)(58126008)(81166006)(99286004)(76176011)(7736002)(305945005)(4326008)(1511001)(83716004)(14444005)(486006)(53936002)(11346002)(71190400001)(71200400001)(68736007)(97736004)(106356001)(2616005)(446003)(476003)(6486002)(229853002)(102836004)(66574012)(86362001)(6246003)(6512007)(105586002)(256004); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR15MB2584; H:BYAPR15MB2312.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: fb.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: CLl4RzoT+zk8W15Vzz+nUlePf3RUDvmI/3a0sbGq3A5Lk1YciS0ter5AM4EK7WoHo3LisLQkInGpL6iNlUpAZTLZeFEKNDvDnNKxLqbGVw8uIF7Pp7kXubVmOYgAM/fG7RF4zk2xbriZxcqzBiT8N8TWm9d6UcNwsLNwGh+yvb52LMHDGOEow/YWWoUXsWD6o0p/e5mkNazGUBbXxjRjA2t3qCwjirDvFNSrdycn7eT4P4g4tUX6z/Jx1SnqPsPi2CgdWIJRH+s/17fGKOaCgWVrfeowE4nPVv2SL3t4nWixYQd/bsgDgRavy7PtqBMsC0oD+E89CXmcoy51ESZXSqcEr4Fj5Rw/hbyc+AiyACmB292zVCtfOIBXCOGH1pFKsXmSVSn6caVxiNKPhKIIwbjfsNNsVYpB0KI55ozpAq0=
Content-Type: text/plain; charset="utf-8"
Content-ID: <DE942E085E87DC4295609EA2E9F48E3D@namprd15.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 79d00858-5250-4068-6757-08d69778df9c
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Feb 2019 21:17:52.1351 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR15MB2584
X-OriginatorOrg: fb.com
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-02-20_16:, , signatures=0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/bqCz6ExIxZ2bD3afM__5lbt9SEw>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Feb 2019 21:18:16 -0000

In some circumstances, falling back to TCP may be something that the application shouldn't do (TCP offers the wrong semantics, or there are concerns about visibility).

I think this is very much an application-level thing, and not so much a transport-level thing.

-=R

On 2/20/19, 1:02 PM, "Praveen Balasubramanian" <pravb@microsoft.com> wrote:

    Agreed that we cannot mandate any client behavior for malicious clients, but have clear guidance for well-behaved clients to fall back to TCP. This mechanism provides a very low CPU cost fast fallback to TCP under DoS attacks until all infrastructure can support QUIC natively. Certainly a big step up from just rate limiting UDP traffic. This way well behaved clients will have a good chance for connectivity and the malicious ones will be rate limited. And as pointed out middleboxes can do other bad things like drop all CIs.
    
    -----Original Message-----
    From: QUIC <quic-bounces@ietf.org> On Behalf Of Roberto Peon
    Sent: Wednesday, February 20, 2019 12:48 PM
    To: Töma Gavrichenkov <ximaera@gmail.com>; Christian Huitema <huitema@huitema.net>
    Cc: Nick Banks <nibanks@microsoft.com>; Brian Trammell (IETF) <ietf@trammell.ch>; Ian Swett <ianswett@google.com>; IETF QUIC WG <quic@ietf.org>; Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
    Subject: Re: Expected Client Response to SERVER_BUSY
    
    I believe that the solution to this problem (what a client does when the server is being DoS'd) is inherently out-of-band, and thus not part of the QUIC protocol.
    
    Clients should do whatever they want to do as a response to SERVER_BUSY. We can't make the malicious ones stop, and anything we do to allow non-malicious ones to respond appropriately requires pre-sharing of something, or for the connection to succeed (which is essentially establishing a context for such sharing).
    
    Designing policy around that is probably fodder for another discussion (that I hope we get together and have in the context of the HTTP wg).
    
    -=R
    
    On 2/20/19, 11:44 AM, "QUIC on behalf of Töma Gavrichenkov" <quic-bounces@ietf.org on behalf of ximaera@gmail.com> wrote:
    
        On Wed, Feb 20, 2019 at 10:49 AM Christian Huitema <huitema@huitema.net> wrote:
        > the proposition here allows a middle-box or a man-on-the-side to send an
        > unencrypted signal and have the client immediately immediately drop the
        > connection. That does not feel right.
        
        A man-on-the-side (don't even mentioning a box-in-the-middle) could
        *always* make a client drop a connection, e.g., by sending a large
        amount of junk packets towards the client that the client would be
        unable to correctly handle. It's just a matter of how much harm does
        that box need to do to the network.
        
        Any opposite approach I can think of requires to put the private key
        of the server on a DDoS handling machine or to deploy it onto a DDoS
        mitigation cloud, which not only increases exposure of the users' data
        but is also explicitly forbidden in certain countries for companies
        from certain industries. It's already only narrowly possible to avoid
        doing so with QUIC (and that already requires either a collaboration
        between the QUIC library supplier and the DDoS mitigation vendor —
        which in turn leads to vendor lock — or a reverse engineering-based
        design), so until we have a v2 which is (hopefully) more LB and
        DDoS-aware, this is the lesser of two evils.
        
        --
        Töma

v2.23.0 | Report a Bug | By Email