Re: Expected Client Response to SERVER_BUSY
Ian Swett <ianswett@google.com> Wed, 20 February 2019 14:42 UTC
Return-Path: <ianswett@google.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A53AA130E09 for <quic@ietfa.amsl.com>; Wed, 20 Feb 2019 06:42:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.501
X-Spam-Level:
X-Spam-Status: No, score=-17.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eSb_y1Vp5ly9 for <quic@ietfa.amsl.com>; Wed, 20 Feb 2019 06:41:59 -0800 (PST)
Received: from mail-wm1-x32d.google.com (mail-wm1-x32d.google.com [IPv6:2a00:1450:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FC78127AC2 for <quic@ietf.org>; Wed, 20 Feb 2019 06:41:59 -0800 (PST)
Received: by mail-wm1-x32d.google.com with SMTP id x10so6647033wmg.2 for <quic@ietf.org>; Wed, 20 Feb 2019 06:41:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9PfG2AI8RheDos3yeJM2X+UDZ8ngBTuWWtzqskmSNJ0=; b=N1lLzW+sXAqoTAF83q07SU3iApCbWUF36KvNJW+h0bzk9W+p2zkmPh+7ptUW0D1HHy RDeSv/60EaVGENvhWnZMu/ishLwnBL1T554V7lJvanG+wGj5M6oxwckKuu/8Xqd/wkmE rB6SEbePW/yB0XMhJ+cNGuvM9hh4oy5rlnk1ChqmrCizTU6orD+L3U/H2Eduf/HvpDsa uzRfiKfi5yZGZrbN36Q86+yXqmGPILnxxP+cKahhBsIaKvZ5uK1zs56QGjKIE2x0n8YY doXJmILFR/0AtJ53Ao6EtswaHA6EXVP4XXYduR1X4/re3iDxsF2/WcS6lU2YAf6Gk/Wz OkTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9PfG2AI8RheDos3yeJM2X+UDZ8ngBTuWWtzqskmSNJ0=; b=pKNw3GKC4aYT65ELEn8gZkv/FpsB69Gx51yHdG4thayGjylmkgKUOYZcD+L7Ha7y4F 1s7rkdDmdWZ4vPQLq8ZUQ3CvIwe2TzZDtZh2X7MAJvuygn6Js6s4SvzK/Jg77QU89s6/ MWIpm77U6eQe0FdEDykT2HxHdQVhj36ymHlimVT2rg3EYVAc7+0q9vNul0vGCW2HJMEO STkss4n6IutiC1oTmLbn+mKkr/jPJ3kfkQ2A5NlVQjh03zoLepX4wuvrx8cJPxyPlN0k MUoihkWJ7j+BAhTGWT0k/jekv/KgeBYySuEDqCSLJ6xEU8ZwxxOQ0Um4Euq3NDUwMQbf PjpQ==
X-Gm-Message-State: AHQUAubYZKtp9EPW0XpXEWpDb2U3E2TzCrUAhOWJYj7f8Qk3EiA6JUc+ 7aL6hbIMtB+JMr5OQK8bDVtlbZxUxUKeyFkul0EE4g==
X-Google-Smtp-Source: AHgI3IaKwjvscMENBqK5T8dDQU32Bf821RP2saciMqErZkSRFI/mSGOJt8VpDsIcK+/7hfIcdIxkX3wpzV+HKuZBcGU=
X-Received: by 2002:a1c:6789:: with SMTP id b131mr6881905wmc.22.1550673717274; Wed, 20 Feb 2019 06:41:57 -0800 (PST)
MIME-Version: 1.0
References: <CY4PR21MB0854341128C64E450E7C2DA2B37C0@CY4PR21MB0854.namprd21.prod.outlook.com> <CAKcm_gPmQiMhzfXnkEB4u+X+84bCbL8FE3Lj3ZdPPQBBu+4uPg@mail.gmail.com> <1AF7E952-4542-4C40-8652-BFFBFA61784A@trammell.ch>
In-Reply-To: <1AF7E952-4542-4C40-8652-BFFBFA61784A@trammell.ch>
From: Ian Swett <ianswett@google.com>
Date: Wed, 20 Feb 2019 09:41:40 -0500
Message-ID: <CAKcm_gN11=DcV2v-JrX+Ym88D7P1Ey3rDvYomTf1seemsWDSwA@mail.gmail.com>
Subject: Re: Expected Client Response to SERVER_BUSY
To: "Brian Trammell (IETF)" <ietf@trammell.ch>
Cc: Nick Banks <nibanks@microsoft.com>, IETF QUIC WG <quic@ietf.org>, Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
Content-Type: multipart/alternative; boundary="0000000000001539f00582545c15"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/dQav4pHpj9SbtMl0QTVlJvXyC78>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Feb 2019 14:42:02 -0000
If a client follows 3xx redirects by default, then it seems sensible it'd fall back to TCP automatically, but I'm not sure an immediate QUIC connection close is equivalent to a redirect. I can also imagine clients that don't follow redirects by default falling back to TCP, so I think I just chose a poor example. On Wed, Feb 20, 2019 at 8:52 AM Brian Trammell (IETF) <ietf@trammell.ch> wrote: > hi Ian, > > Sent from my iPhone > > On 20 Feb 2019, at 14:34, Ian Swett <ianswett=40google.com@dmarc.ietf.org> > wrote: > > For HTTP/3, my intent was to close the connection immediately with a > connection close as you suggest, then the client would fall back to TCP, > and then ensure the next Alt-Svc advertisement via TCP cleared any existing > Alt-Svc entry so QUIC wasn't tried again in the immediate future. > > I hadn't thought of assigning semantics to a specific error code, but I'm > reluctant to do so. In our case, I think a more likely error code would > indicate the infrastructure doesn't support QUIC, rather than DDoS, but the > desired behavior of falling back to TCP and not attempting QUIC for a while > is the same. > > The assumption I made above is that the client immediately falls back to > TCP. That of course depends upon the type of client it is. I'd expect a > browser to fall back, but I wouldn't expect curl or wget to. > > > This is a bit of an aside, but I’m curious here: why not? I’ve always > thought of the semantics of TCP fallback as equivalent to a 3xx redirect > (either temporary or permanent, depending on the client heuristics wrt the > underlying reason for the redirect). curl won’t do this automagically > unless you tell it to, but iirc wget will... > > Am I wrong in thinking that most clients will see this as YA form of > redirect? > > Cheers, > > Brian > > There is a decent amount of text on fallback in the Applicability draft: > https://github.com/quicwg/ops-drafts/blob/master/draft-ietf-quic-applicability..md > <https://github.com/quicwg/ops-drafts/blob/master/draft-ietf-quic-applicability.md> > > > > On Tue, Feb 19, 2019 at 5:11 PM Nick Banks <nibanks= > 40microsoft.com@dmarc.ietf.org <40microsoft.com@dmarc.ietf..org>> wrote: > >> Hello Folks, >> >> >> >> I’ve been looking at interim DDoS mitigation strategies for QUIC until we >> can have a more complete and QUIC aware DDoS and LB solution. One thing I >> came up with is just trying to force the client to fallback to TCP. >> Eventually, we will use Stateless Retry but that still requires a good bit >> of design work and cooperation between the offload device and the backend >> server. Until that is complete, a simple solution could be a device in path >> just responding to new QUIC connection attempts (while an attack is in >> progress) with a connection close frame containing the SERVER_BUSY error. >> The logic to implement a simple device to do that should be quite trivial. >> >> >> >> To that end, I was trying to figure out what the expected client response >> to any immediate (in the first RTT) connection close packets/frames would >> be and it seems we don’t have anything in the spec. What about SERVER_BUSY >> specifically? Is the client supposed to retry a new connection attempt? >> Should they fallback to TCP immediately? Should we say anything in the spec? >> >> >> >> Thanks, >> >> - Nick >> >
- Expected Client Response to SERVER_BUSY Nick Banks
- Re: Expected Client Response to SERVER_BUSY Ian Swett
- Re: Expected Client Response to SERVER_BUSY Brian Trammell (IETF)
- Re: Expected Client Response to SERVER_BUSY Ian Swett
- RE: Expected Client Response to SERVER_BUSY Nick Banks
- Re: Expected Client Response to SERVER_BUSY Töma Gavrichenkov
- RE: Expected Client Response to SERVER_BUSY Nick Banks
- Re: Expected Client Response to SERVER_BUSY Töma Gavrichenkov
- Re: Expected Client Response to SERVER_BUSY Christian Huitema
- Re: Expected Client Response to SERVER_BUSY Ian Swett
- RE: Expected Client Response to SERVER_BUSY Nick Banks
- Re: Expected Client Response to SERVER_BUSY Töma Gavrichenkov
- Re: Expected Client Response to SERVER_BUSY Roberto Peon
- RE: Expected Client Response to SERVER_BUSY Praveen Balasubramanian
- Re: Expected Client Response to SERVER_BUSY Roberto Peon
- Re: Expected Client Response to SERVER_BUSY Töma Gavrichenkov
- Re: Expected Client Response to SERVER_BUSY Kazuho Oku
- Re: Expected Client Response to SERVER_BUSY Mikkel Fahnøe Jørgensen
- Re: Expected Client Response to SERVER_BUSY Töma Gavrichenkov
- Re: Expected Client Response to SERVER_BUSY Mikkel Fahnøe Jørgensen
- Re: Expected Client Response to SERVER_BUSY Töma Gavrichenkov
- RE: Expected Client Response to SERVER_BUSY Nick Banks
- Re: Expected Client Response to SERVER_BUSY Mirja Kühlewind
- RE: Expected Client Response to SERVER_BUSY Nick Banks
- Re: Expected Client Response to SERVER_BUSY Ian Swett
- Re: Expected Client Response to SERVER_BUSY Mikkel Fahnøe Jørgensen