IETF Logo Mail Archive

Re: UDP source ports for HTTP/3 and QUIC

Willy Tarreau <w@1wt.eu> Fri, 16 July 2021 06:07 UTC

Return-Path: <w@1wt.eu>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4B023A2709 for <quic@ietfa.amsl.com>; Thu, 15 Jul 2021 23:07:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bt8z-dju2Vzt for <quic@ietfa.amsl.com>; Thu, 15 Jul 2021 23:07:02 -0700 (PDT)
Received: from 1wt.eu (wtarreau.pck.nerim.net [62.212.114.60]) by ietfa.amsl.com (Postfix) with ESMTP id 2678D3A2705 for <quic@ietf.org>; Thu, 15 Jul 2021 23:07:01 -0700 (PDT)
Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 16G66imG003541; Fri, 16 Jul 2021 08:06:44 +0200
Date: Fri, 16 Jul 2021 08:06:44 +0200
From: Willy Tarreau <w@1wt.eu>
To: Toerless Eckert <tte@cs.fau.de>
Cc: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>, Mark Nottingham <mnot@mnot.net>, IETF QUIC WG <quic@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>
Subject: Re: UDP source ports for HTTP/3 and QUIC
Message-ID: <20210716060644.GA3469@1wt.eu>
References: <3985895D-D420-4995-831E-332E33693B79@mnot.net> <6F79A78A-1DF8-4A48-9B7F-334B309C9C26@gmail.com> <20210715092937.GC27830@1wt.eu> <20210716014010.GL24216@faui48e.informatik.uni-erlangen.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20210716014010.GL24216@faui48e.informatik.uni-erlangen.de>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/mZ_-5Nt1cublDy0SR5cUb56Q0l8>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jul 2021 06:07:08 -0000

On Fri, Jul 16, 2021 at 03:40:10AM +0200, Toerless Eckert wrote:
> > > It is perhaps worth noting that due to QUIC (optionally) having unique
> > > connection identifiers, it is feasible to have many connections on the same
> > > source port. Therefore that could be a recommendation in cases where some
> > > source ports might be blocked.
> > 
> > I think that this is an excellent idea! The simple fact that this is
> > being discussed precisely is because the source port serves no purpose
> > here other than being compatible with UDP.
> 
> Huh ?? The UDP source port serves as the UDP destination port for
> return packets. Otherwise how do you redirect the packet to he
> right socket ? 

That's exactly what I meant by "compatible with UDP", i.e. a datagram
oriented, bidirectional transport protocol. The source port is solely
used to know what socket to deliver the return traffic to.

> > So basically we could have
> > a recommendation that each application preferably uses a single socket
> > and source port for outgoing communication. 
> 
> Sure, but different UDP source port (socket) for different applications.

Sure :-)

> > This will also lower the
> > stress on source port allocation (and recycling) as well as the need
> > for file descriptors.
> 
> Yes, especially for systems with many simultaneous connections,
> likely servers/responders.
> 
> Unless scale is a problem its somewhat hard to say whats better or worse.

Stefan made a good point about the problem that might result, with
inbound load balancing between multiple listeners (typically what's
achieved by L3 switches doing L3+L4 hash between multiple servers,
and operating systems hashing the source+destination port to pick a
different listening socket). Thus a suggestion might be to possibly
save resources by using a small amount of sockets, with "small" left
to the appreciation of the implementation.

> Using separate sockets/port-numbers even within a sinle app allows
> to distinguish the connections easier with the usual suspsects such
> as per-socket kernel diagnostics, network tools such a IPfix or the
> like.

Sure, but at the application level it does require to check the
connection ID anyway.

> If i where to implement a stack for clients i'd certainly
> wanted to offer the option of whether to allocate separate sockets
> (source ports) per connection or not - and see what users do with it.

Yep, at least as a debug option to help with captures or to trace
file descriptors activities.

Willy

v2.39.1 | Report a Bug | By Email | System Status