Re: New Plaintext QUIC-LB Design

Mikkel Fahnøe Jørgensen <> Fri, 15 January 2021 20:18 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BAA193A1149 for <>; Fri, 15 Jan 2021 12:18:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.097
X-Spam-Status: No, score=-1.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id JU7snUTe8MjU for <>; Fri, 15 Jan 2021 12:18:08 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 63E043A1141 for <>; Fri, 15 Jan 2021 12:18:08 -0800 (PST)
Received: by with SMTP id e7so11729996ljg.10 for <>; Fri, 15 Jan 2021 12:18:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=3HZ1hYgev0miCbbh4LQcaxl8FWGUuFypfiVU12CwHWQ=; b=kXf2X++KkoGC9GelIZtJAwXAieMJPij2FxH8mDXb+NjoX97Qrkc/CxEFrQ5ZCIr4k6 RE1Ql0rGfI17YweMUbIYpHzoSfdQ8rUyY9N/7OpdJfoJRnd7LqD8xmzknmfc7xipeQhs sS+UBuaIhaUSLMI5hQgnFQhT/YD0ewULotFdq5l9rp5HBJUliQJxy43LNJFyYitbspXn NTkn4A8Y2uk/uJJeyQNuGLLUT+CUrLzP1c18p9gI0vwecYy8q9TndHQe0bOLbpjAzgz2 7OZ9UJkjYUCxtGkLuj+yStlcExZjKGUpbf/wbHbbKnV7azwk+rzBrbwuWgcHHB98Xm/Z xW1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=3HZ1hYgev0miCbbh4LQcaxl8FWGUuFypfiVU12CwHWQ=; b=ThYJY9dYTn70lCvdINBXf/HLBCV5+aRLBjSeGFtu0YMi9GHY9JB0RTvEQF/MG54b9v 6tsUjcgwhejHshuNIzJ4ke+HwZtWNpcIO4M8jo2Up3SZ0UyGViDOQ4uDjyocnVK6Xjnb 3bizo5xIBh5MGrj3WIJJLsT7WvioI/HnR6wEN7qIqVq7kmelv4CxUWJBsgKwvhBAVT3g c8wTDO+f7zRNeB7mWMv9f8Gz5xdwcEhJSnh5juJhUsnZkCmNOovbInHGWXFPT/V9HtmW IbXsez6bbfM+huVgHZ8Ap2peC+9uBMhD4aLslhFnYl298j5/gYKuJrMxzjUehJjEs32z N9kg==
X-Gm-Message-State: AOAM533UpLgJU2s8dF5jx8GBlTJzutj98P0wcC7J/VgrS+iSdm0db2u0 Muq3oBVf0X8E+QDwPl+Fu5YYNeTwsdEDtw==
X-Google-Smtp-Source: ABdhPJxGw3qnrsU92VYnGXSnr79KWq9ey6pF1p9lybLkJL5HW9bku7FchLy44zRtbwVCTI2bzpKVaw==
X-Received: by 2002:a2e:9645:: with SMTP id z5mr6040299ljh.36.1610741886472; Fri, 15 Jan 2021 12:18:06 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id j26sm1010217lfh.251.2021. (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 15 Jan 2021 12:18:05 -0800 (PST)
From: Mikkel Fahnøe Jørgensen <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_F4AF6F60-3BFB-49B0-B846-A0FBDEEF464E"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.\))
Subject: Re: New Plaintext QUIC-LB Design
Date: Fri, 15 Jan 2021 21:18:04 +0100
In-Reply-To: <>
Cc: Christian Huitema <>, IETF QUIC WG <>
To: Martin Duke <>
References: <> <> <> <> <> <> <> <> <> <>
X-Mailer: Apple Mail (2.3608.
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 15 Jan 2021 20:18:11 -0000

I would be hesitant to introduce a situation where a load balancer is forced to use memory, especially memory it doesn’t fully control. It may be fine as a choice, but not the only choice.

Aside from potential attacks, there is also the hardware cost/complexity. SHA256 and AES is pretty standard in almost anything, but lots of RAM is a cost driver.

It is really hard to estimate crypto vs lookup overhead, but it is far from a given that lookup will be faster once the tables grow large.

Less coordination is a good thing though. I’m afraid that without out of band payload to coordinate, there will have to be a choice between configuration and state.


> On 15 Jan 2021, at 21.04, Martin Duke <> wrote:
> To muddy this discussion a little further, after a little more thinking I believe there's a way to generalize this approach to all three of the original algorithms, encrypted or unencrypted, so there is never a need to manually allocate server IDs.
> Again, the main tradeoff here is simpler configuration vs. more complexity and state at the load balancer.
> As a document organization matter, rather than have six different algorithms I would prefer to specify three with a separate section describing the two separate ways to allocate a server ID.
> But it is not too late to yell "stop" at this multiplicity of options if people feel the tradeoffs are clear-cut in one way or the other.
> On Mon, Jan 11, 2021 at 6:50 PM Martin Duke < <>> wrote:
> Yes. Do you have an alternate suggestion?
> On Mon, Jan 11, 2021 at 5:54 PM Christian Huitema < <>> wrote:
> On 1/11/2021 5:22 PM, Martin Duke wrote:
>> Perhaps I should make some edits for clarity!
>> On Mon, Jan 11, 2021, 16:52 Christian Huitema < <>> wrote:
>> I am looking at the text of section 4.2, and I am not sure how I would implement that. What should be the value of the config rotation bits in CID created by the server?
>> Any config includes the corresponding CR bits, and when generating the CID it would use those bits.
>> The confusing part is that, for this algorithm, a usable SID has to be extracted from any CID, hence all the weird stuff about CIDs with undefined configs.
>> Aside from that, it's like PCID: any server-generated CID uses the CR bits in the config, optional length encoding, SID, server-use octets.
>> Should the 6 other bits in the first octet be set to a CID Len or to a random value?
>> It depends on the rest of the config, as with the other algorithms.
>> Issss the timer set when the server ID is first added to the table, or is the timer reset each time a packet is received with that CID? In the latter case, is it reset when any packet is received, or only when a "first initial" packet is received?
>> When any packet is received with that SID (not CID), the expiration is refreshed.
> OK. So we can have the following:
> 1) Server learns of Server-ID = X.
> 2) Server creates new CID with that server ID, uses it to complete handshake.
> 3) Client maintains a long running connection with that CID.
> 4) Server keeps receiving messages with CID pointing to server-ID = X
> 5) server-ID=X never expires.
> Is that by design?
> -- Christian Huitema