IETF Logo Mail Archive

RE: HTTP Alternative Services Best Practices?

Mike Bishop <mbishop@evequefou.be> Tue, 17 December 2019 19:27 UTC

Return-Path: <mbishop@evequefou.be>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22557120894 for <quic@ietfa.amsl.com>; Tue, 17 Dec 2019 11:27:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=evequefou.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id srYC_8piukMk for <quic@ietfa.amsl.com>; Tue, 17 Dec 2019 11:27:51 -0800 (PST)
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (mail-eopbgr680107.outbound.protection.outlook.com [40.107.68.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1AF312087B for <quic@ietf.org>; Tue, 17 Dec 2019 11:27:50 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OTl2Fb3K694gvXeUdGYl1Rlig09C5hqF/SuqvdNuvfopq9+3ETQYnJRYNU0nmUshtoRIZb59gQN7dY9nj9pwaKnsuSSLYfdajAa6XV4LtrkdV2ASehprZFwF2541k+x96zd/nSCr8BGqdJ4Q0zwZ9JfiKtbtdCCfhMKqz1VMo1miSy/zllVt/VHaFxLdivtiLWfA9eEGIXLpZsX0KRwmjHqacoBL4DSeDrfnNZd0I9V/BjNvMY2vCl89NFQUk5vmH/VCQggI28N362mJXfun0Rtg5J+R06qHWZ/TsWGzlJVzI37u8OQ81fEcpet5xLvvBd6smnAa7MGD0gk68MpUig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wixmx337xNhvkiWkfUUsb34ltf4jw9oGW4+he4ThTNE=; b=nU6iRp4n2iY/RqC/pQk26lERrzrxW+EUeA5onoKmmlZfiSh0yevM4xHhGDgIHKUBBqiRCUWxuBXv2TSSjNwTpF5M3S28DPZkRvggxu/jL6nEwLaIUuRr7AWRM4bJsE5QTy0rFMwY2S01k5js86iataeeNlxxpO/aWzafi6fln1nOvGYFxi4Hnhl+fxfxMMPzWy8PYLDiVS0o6CR0PkhpvB+QPW3zV8AiYeu/lBiuh1LQsGHb7nz8H1vg1eXBsKBb7HOiTJ6LU5DpOtFsDp+5wKxyoXfYMGbsofq2/4KO4IDZrS4iPpDNJNX5vlX6OwWHNuEg8wN7X/X7iuh0HZuyqQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=evequefou.be; dmarc=pass action=none header.from=evequefou.be; dkim=pass header.d=evequefou.be; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=evequefou.onmicrosoft.com; s=selector2-evequefou-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wixmx337xNhvkiWkfUUsb34ltf4jw9oGW4+he4ThTNE=; b=DB5n0KYTajV8NWptlILxsdWepVifF+0o1VRB/xdGxe0MumYX+vCAS5kDqQXMBPKh0dPt1irdV+0c6jLqRgNYFMsk7+WgRIU+2jDMD4tDEjT6WZqf73kVz+FiLxEGRm5JpV7Nff4wUI7KBr/8EUdFUP3t81mxcF+g1P2VTYlXBqo=
Received: from DM6PR22MB2010.namprd22.prod.outlook.com (20.180.22.24) by DM6PR22MB2089.namprd22.prod.outlook.com (20.180.20.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2559.14; Tue, 17 Dec 2019 19:27:47 +0000
Received: from DM6PR22MB2010.namprd22.prod.outlook.com ([fe80::e09c:cecd:389d:d9f3]) by DM6PR22MB2010.namprd22.prod.outlook.com ([fe80::e09c:cecd:389d:d9f3%6]) with mapi id 15.20.2538.019; Tue, 17 Dec 2019 19:27:47 +0000
From: Mike Bishop <mbishop@evequefou.be>
To: Ryan Hamilton <rch=40google.com@dmarc.ietf.org>, Lucas Pardue <lucaspardue.24.7@gmail.com>
CC: QUIC WG <quic@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>
Subject: RE: HTTP Alternative Services Best Practices?
Thread-Topic: HTTP Alternative Services Best Practices?
Thread-Index: AQHVtAislmJRCCArc0GA3gC/RyYGfqe9NU8AgAGBP0A=
Date: Tue, 17 Dec 2019 19:27:47 +0000
Message-ID: <DM6PR22MB20105A0DA471BB9419E6BDEADA500@DM6PR22MB2010.namprd22.prod.outlook.com>
References: <CALGR9oaCNigDAZP=ue-sORxCJFzkVynhaJszjjY_ohN56ewy8g@mail.gmail.com> <CAJ_4DfQDgaouwoMyG1f2v4_CndWWNpqft+9=zbOfeM_ek7mSHA@mail.gmail.com>
In-Reply-To: <CAJ_4DfQDgaouwoMyG1f2v4_CndWWNpqft+9=zbOfeM_ek7mSHA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mbishop@evequefou.be;
x-originating-ip: [2600:2b00:931f:a301:6cb4:6dd:4e05:5861]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c0a2010b-83f8-4b87-4e83-08d7832732ec
x-ms-traffictypediagnostic: DM6PR22MB2089:
x-microsoft-antispam-prvs: <DM6PR22MB20897BCE02A55B31098F4342DA500@DM6PR22MB2089.namprd22.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-forefront-prvs: 02543CD7CD
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39830400003)(366004)(136003)(396003)(376002)(346002)(54094003)(199004)(189003)(33656002)(66574012)(52536014)(8676002)(81166006)(81156014)(4326008)(9686003)(110136005)(71200400001)(7696005)(54906003)(66476007)(508600001)(966005)(5660300002)(316002)(76116006)(66446008)(64756008)(66556008)(66946007)(86362001)(8936002)(186003)(2906002)(55016002)(6506007)(53546011); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR22MB2089; H:DM6PR22MB2010.namprd22.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: evequefou.be does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: B921KNvMbcz4YHHZZmtWT6GyxSZFflYwnViFsc/XRkXtKZEGDAMy6C9DXq8foATjnBZ34nS7KXidAwh05pjL7ks5TW0qay4RIe+/6ji8+Z6ck/JrwHNFE3jaGofw3KfWf+gv+UtMCEiCjETPgbVxSe5+1zeFvcE0LJ7qwqF0WCCgkyJcWqa2jMdJhiNJv66yOmyDvM1AKBnVmGcPzv/A/VxoBDYTRrAAlqrpQelxuhafn1iKE3AOa+twnbzzmoQ2kloxMl7dRasNO8ab3uZJnoLg2YPNu49c7+8XBBF3WACgYMgjbdmPdBYlueSetaMnNUU4p/4mHpRohmr7bJTN1vZrxXVkQ5tS91qgwZThFbQQ+ffuSNgeJ3zVsrA+NmXxa3spwPybXHXXdG8Ul/NM9PosHnqhkJo9bmMtguE/cu0Z1t59/IypqMFYTmtUnTpJZdh+5WSQsnN7/VEwB2wwW197nKPgyhB4WTU0SBtKImYdU7d1lFASXU6VH08uGI62y4Ad0MbA7FfYbjI+6vYRS5+usUivsVrShrTW8ttBpk8=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM6PR22MB20105A0DA471BB9419E6BDEADA500DM6PR22MB2010namp_"
MIME-Version: 1.0
X-OriginatorOrg: evequefou.be
X-MS-Exchange-CrossTenant-Network-Message-Id: c0a2010b-83f8-4b87-4e83-08d7832732ec
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Dec 2019 19:27:47.4697 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 41eaf50b-882d-47eb-8c4c-0b5b76a9da8f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: B14uHlZsBdLjORN7I1YWxdeZnbuXQKOO2cD69tAnS3oGm2/pS2QALorw8wYho5w3pCo73gTn6rp4FWRli4Lnhw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR22MB2089
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/gthWKAqBSZhNRT_MROmMdUSOeNI>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Dec 2019 19:27:55 -0000

Saying that “persist=false would be deleterious” is a bit simplistic.  You wouldn’t use persist=false for your scenarios, true enough.  Persist=true is intended for alternatives that aren’t derived from the user’s network location, and therefore don’t need to be flushed when the network location changes.  (For example, this host also supports QUIC.)

However, there are other scenarios where it is location-dependent – a CDN routing you to a closer node because DNS or Anycast didn’t get you close enough, for example.  If you change networks, not only is the node you were directed to no longer your closest, it might actually be prohibited from serving users on other networks.

The right answer here is that you need to know which type of Alt-Svc you’re issuing.

From: QUIC <quic-bounces@ietf.org> On Behalf Of Ryan Hamilton
Sent: Monday, December 16, 2019 3:24 PM
To: Lucas Pardue <lucaspardue.24.7@gmail.com>
Cc: QUIC WG <quic@ietf.org>; HTTP Working Group <ietf-http-wg@w3.org>
Subject: Re: HTTP Alternative Services Best Practices?

Thanks for raising this issue! I think documenting best practices/guidance would be a great idea. I think the Google servers advertise a 30 day expiration (because 24 hours is *really* short). Further, it turns out that Chrome implicitly assumes persist = true (because Chrome incorrectly doesn't implement persist = false). We have a bunch of deployment experience with this model which I think suggests that shorter ttls and persist = false would be have a deleterious impact on performance.

On Mon, Dec 16, 2019 at 4:02 AM Lucas Pardue <lucaspardue.24.7@gmail.com<mailto:lucaspardue.24.7@gmail.com>> wrote:
Hello QUIC and HTTP members,

HTTP Alternative Services (Alt-Svc) is specified in RFC 7838 which was published in 2016 [1].. Many of us are starting to use Alt-Svc and I wonder if its appearance of simplicity might cause some unintended effects on the Internet. In the 3 or so years since it was published, have any best practices emerged that might be useful to capture.

Major uses of Alt-Svc today in no particular order: switching to gQUIC (typically on the same port), switching to HTTP/3, Opportunistic Encryption (RFC 8164) [2], Opportunistic Onion (advertising .onion [3]), and traffic management by advertising alternatives with different destination IPs or network path characteristics..

Arguably, HTTP/3 will be the largest-scale deployed use case of Alt-Svc both in terms of advertisements and clients that take them up. Alt-Svc for this can be deceptively simple, which may lead to unexpected outcomes. For example, the minimal expression:

Alt-Svc: h3-24=":443"

invokes default values for parameters, "ma" is fresh for 24 hours and "persist" is false (i.e. clear alternative cache on network changes). One could imagine how this could cause bursts of activity at regular periods, or cascades due to end-user local conditions such as flocking or hopping.

Finally, the proposal for an HTTPSVC DNS record [4] might attract a different population of operator that is less familiar with the expected behaviour of Alt-Svc implementations.

Does anyone think it would be useful to share or document some guidance?

Cheers
Lucas

[1] https://tools.ietf.org/html/rfc7838
[2] https://tools.ietf.org/html/rfc8164
[3] https://tools.ietf.org/html/rfc7686
[4] https://tools.ietf.org/html/draft-ietf-dnsop-svcb-httpssvc-01

v2.23.0 | Report a Bug | By Email