Re: QUIC Chrome Error with GSUITE & QUIC transport draft publication ETA
Jana Iyengar <jri.ietf@gmail.com> Sun, 05 January 2020 00:51 UTC
Return-Path: <jri.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE5A91200A1 for <quic@ietfa.amsl.com>; Sat, 4 Jan 2020 16:51:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vXlj-6PFRm08 for <quic@ietfa.amsl.com>; Sat, 4 Jan 2020 16:51:14 -0800 (PST)
Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 755B912008F for <quic@ietf.org>; Sat, 4 Jan 2020 16:51:13 -0800 (PST)
Received: by mail-lj1-x232.google.com with SMTP id o13so35969755ljg.4 for <quic@ietf.org>; Sat, 04 Jan 2020 16:51:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=E+NWCEEgAKbDlVr9oYamYNXfhBvSaslreNRRNPTvIGw=; b=Wzal8nfHeU62vmyzIGS+ByExWx13ksuFRwcb2aRNfZkbxeYaIkQvwdBoFzkqKaWYgR gG3wdt2MSyhPVTTtYnhKLLkCWjcQvD8nsoo8LtQX9qYm1VWoHVguySFRLZyaR8jVQtA0 ISd7eLhGDXXPypTzzrcc4fe9+/r03zpHPoGkxFxuT5WPVre7PmdlF0N9aM+b/WlXNPvM bnDiKDXU4ZdyRXdaWd04TN5BxHfsn6N2jSgDyLkNNefMK4FE49UxYj8bejBq8j8rCFNX w5xewqNDdjJeibJ/bfqhQwxpudFHHQDYVkzSSwgosY1y2+YRt5xPM5Nws5BunPO/zZdF qGtA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=E+NWCEEgAKbDlVr9oYamYNXfhBvSaslreNRRNPTvIGw=; b=V9kW7mJPUnGXLIC+o9KS5B9hHVRInQdYvpujehaxQ/23neszty0+riWQXFAT6vh1wS GQe3x+3iN55CLPlnQBwQ2BTxpTqtLZUGWByZxLbMDa4KSDrSpFLsVoOR+Aydqcpk9Jse BsiwA8WkrksL6mnE70Yx8tiPIMbk19yOxyDvqS5VHz1UK6RYrLBDu1FfLsLntOxMQW97 Ld/IrQ1h6EY4PHICKilffm0FDOOvxw7ZhtEgTLwJ8hRA10P7/QYaaenA2RRG8eJ7JasI NLlTcKMr5f3bO1BAINDA17xuOnBVNWZqIjYaPQ9E3FYRUYn6KiGQFCSwhAla21QhXcZv hqpw==
X-Gm-Message-State: APjAAAVKVuEjNT9pFpZFui/NtPnXjCm1axub1QHUPvkzHUVTjquuNivf aPOq+FtwMMDWg6boW1pPvizTxE/2DU/9QvJ/Ok0=
X-Google-Smtp-Source: APXvYqxfOhD5IsE82JbegkYesentzPJlil0TtIPVXflard3qlfxQ0zAZbPhES6IPjUYF/mdzCtZA7+0s4LAzOLzNvHU=
X-Received: by 2002:a2e:8946:: with SMTP id b6mr54861205ljk.1.1578185471520; Sat, 04 Jan 2020 16:51:11 -0800 (PST)
MIME-Version: 1.0
References: <CABNhwV28q_3VfgNUCBqGHCpNbyMH8bewkND7_aX5DnsKF52K6Q@mail.gmail.com>
In-Reply-To: <CABNhwV28q_3VfgNUCBqGHCpNbyMH8bewkND7_aX5DnsKF52K6Q@mail.gmail.com>
From: Jana Iyengar <jri.ietf@gmail.com>
Date: Sat, 04 Jan 2020 16:51:00 -0800
Message-ID: <CACpbDcdmT4Qk5FW-OnKhcbCjWSDrSr16ug201rCyJT_fMvdCVQ@mail.gmail.com>
Subject: Re: QUIC Chrome Error with GSUITE & QUIC transport draft publication ETA
To: Gyan Mishra <hayabusagsm@gmail.com>
Cc: "quic@ietf.org" <quic@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006b7202059b59f046"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/fx-vKlZWelfw1c7KFDfNLNvMqwA>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Jan 2020 00:51:16 -0000
Gyan, Firewalls that relied on gQUIC signatures to detect QUIC packets are not going to be able to detect IETF QUIC. You should discuss specific Chrome errors you are seeing as a result of this on the proto-quic@chromium.org mailing list. - jana On Sat, Jan 4, 2020 at 8:13 AM Gyan Mishra <hayabusagsm@gmail.com> wrote: > QUIC WG, > > We had some issues at work recently with Chrome and getting QUIC error. > The issue appears to be related to our DMZ firewalls blocking QUIC. > > I believe GQUIC was working but was somehow bypassing the firewalls > logging ; but then when google switched to using QUIC IETF standard I > believe that’s when we started seeing the chrome error. > > Below is an email I sent at work as an overview of QUIC and > recommendations on how to resolve the QUIC error. > > Please provide me any feedback and suggestions on how to best resolve this > issue. > > We use GSUITE at work which uses QUIC and we noticed all traffic to GSUITE > was using QUIC over IPV6. We have our network infrastructure enterprise > fully dual stacked and since google URIs are all dual stacked as well ; > since IPv6 is preferred over IPv4 by default with windows ; all the GSUITE > traffic was now using QUIC over IPv6. > > Has anyone else had any encounter with this scenario where they are using > GSUITE and are dual stacked and are seeing all GSUITE traffic use IPv6. > > Also what is the appropriate ETA of when the QUIC transport draft will be > approved standard RFC. > > ——email below related to google chrome QUIC error and remediation—— > > What was the patch that was applied to the default silo firewalls that was > deployed. > > Was the patch for QUIC support? > > Also were we seeing QUIC or GQUIC being logged and dropped on the firewall? > > Below is some information related to QUIC and how the protocol works: > > G-QUIC was the protocol developed by google to improve and secure all web > traffic. > > QUIC is the IETF standard version of the protocol. > > QUIC protocol brief: > > QUIC was designed to be low overhead and robust and secure by default to > eliminate issues with traditional TCP and improving transaction response > times. > > QUIC provides a secure default transport using TLS 1.3 by replacing the > TLS record layer with its own framing format while keeping the same TLS > handshake. > > QUIC improves head of line blocking issues with HTTP/2 which multiplexes > multiple http requests into the same TCP connection. > > QUIC transport stream is delivered just as the acronym states “quick udp > internet connections” over udp instead of traditional TCP.. > > > https://www.google.com/amp/s/blog.cloudflare.com/the-road-to-quic/amp/ > > > Wireshark is able to decode and differentiate both G-QUIC and QUIC. > > QUIC has an IETF WG which I am part of as development of standards for > quic transport protocol. > > At this time QUIC transport is maturing but is still in draft state > awaiting WG Last call and IESG review and final reviews before publication > as an RFC. > > Some vendors have started early adoption of the protocol. We should reach > out to Checkpoint to see if they support QUIC. > > Chrome has QUIC enabled by default. At this time google sites such as > YouTube and GSUITE apps are the only web URIs that have QUIC protocol > enabled on the server for client/server communication to use QUIC. > > QUIC IETF Draft: > https://tools.ietf.org/pdf/draft-ietf-quic-transport-24.pdf > > For security reasons If the firewall and security appliances don’t support > QUIC then it is recommend to disable QUIC. > > How to disable QUIC on chrome: > https://kinsta.com/knowledgebase/err_quic_protocol_error/ > > > If Checkpoint does support QUIC I would recommend to keep it enabled as it > improves web performance and is more secure than traditional TCP. > > ———end email————- > > Kind regards, > > Gyan Mishra > Verizon Communications (VZ) > Cell 301 502-1347 > -- > > Gyan S. Mishra > > IT Network Engineering & Technology > > Verizon Communications Inc. (VZ) > > 13101 Columbia Pike FDC1 3rd Floor > > Silver Spring, MD 20904 > > United States > > Phone: 301 502-1347 > > Email: gyan.s.mishra@verizon.com > > www.linkedin.com/in/networking-technologies-consultant > >
- QUIC Chrome Error with GSUITE & QUIC transport dr… Gyan Mishra
- Re: QUIC Chrome Error with GSUITE & QUIC transpor… Jana Iyengar
- Re: QUIC Chrome Error with GSUITE & QUIC transpor… Gyan Mishra