Questions about QUIC and Anycast
William Herrin <bill@herrin.us> Tue, 11 December 2018 00:18 UTC
Return-Path: <bill@herrin.us>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 561D2131336 for <quic@ietfa.amsl.com>; Mon, 10 Dec 2018 16:18:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.107
X-Spam-Level:
X-Spam-Status: No, score=-1.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RDNS_NONE=0.793, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ms7vjmMWyrn7 for <quic@ietfa.amsl.com>; Mon, 10 Dec 2018 16:18:40 -0800 (PST)
Received: from magic.dirtside.com (unknown [199.33.225.68]) by ietfa.amsl.com (Postfix) with ESMTP id 9FE63131330 for <quic@ietf.org>; Mon, 10 Dec 2018 16:18:40 -0800 (PST)
Received: from minoc.dirtside.com (minoc.dirtside.com [199.33.225.67] (may be forged)) by magic.dirtside.com (8.14.3/) with ESMTP id wBB0Iaup013722 for <quic@ietf.org>; Mon, 10 Dec 2018 19:18:36 -0500
X-Really-To: <quic@ietf.org>
Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by minoc.dirtside.com (Postfix) with ESMTPSA id 55A2BEBF8E for <quic@ietf.org>; Mon, 10 Dec 2018 19:18:36 -0500 (EST)
Received: by mail-pf1-f178.google.com with SMTP id y126so6202866pfb.4 for <quic@ietf.org>; Mon, 10 Dec 2018 16:18:36 -0800 (PST)
X-Gm-Message-State: AA+aEWagpGmENwkDQPHSub+wfS2QKey2K2sjNCxEHb3E2CxL7IYyLSF1 kOkY7ZXzh7zoohea6pdHeWBCfHxUNxuAnq/FIlM=
X-Google-Smtp-Source: AFSGD/Ufn/0eKYW4abNqMmmtUqLfYrKgP6BqXwc59UICaQZ/kyNPmgp6P8YOnAn2Goc/Ao9o3EuJmCRz1tRUs6/3h+k=
X-Received: by 2002:a63:1321:: with SMTP id i33mr12973061pgl.380.1544487515370; Mon, 10 Dec 2018 16:18:35 -0800 (PST)
MIME-Version: 1.0
From: William Herrin <bill@herrin.us>
Date: Mon, 10 Dec 2018 16:18:24 -0800
X-Gmail-Original-Message-ID: <CAP-guGVPd-_YkfaGAk+dmi9TJGQ8n-RozbM0ea4wC7hDoU7Xhg@mail.gmail.com>
Message-ID: <CAP-guGVPd-_YkfaGAk+dmi9TJGQ8n-RozbM0ea4wC7hDoU7Xhg@mail.gmail.com>
Subject: Questions about QUIC and Anycast
To: quic@ietf.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Checker: magic.dirtside.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/noqXS-zmbiu9j3coATuvgVpblCY>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Dec 2018 00:18:42 -0000
Hi folks, I've been reading draft-ietf-quic-transport-16 and seek some clarification about how QUIC is intended to work with Anycast routing. For anyone unfamiliar with Anycast routing, that's where multiple servers located around the world are all configured with the same IP address. The client's packet routes to the "nearest" of those servers as selected by the layer-3 routing protocols. >From what I've read there are two ways to robustly support anycast with QUIC: A. The responding server can issue a unicast preferred address. The client switches to the preferred address. B. The responding server can pick a connection ID according to a non-overlapping pattern for all servers within the anycast cluster. The pattern can be used to route each client packet to the correct server. Question 1: Did I miss anything? Do the QUIC authors envision any additional ways of supporting Anycast-routed servers? Section 9.6 of the draft describes the server issuing a preferred address. So once anycast finds the best server, use of the server's unicast address lets the client stick with it. However, as I read it the client and server must complete TLS negotiation before the client can attempt a connection migration. Question 2: Which packet contains the server preferred address? Is this in the first response packet to the client? Can the client start trying to use the preferred address with its second packet or does it have to wait? Is it allowed to continue using the non-preferred address and, if so, will it fail over to attempting the preferred address if its communication fails in some way (no response or rejection from the server at the non-preferred address)? I ask this because Anycast routing has a packet spread case in which per-packet load balancing, ECMP anomalies and other network funkiness cause the client's second packet to reach a different server in the cluster than the first. Both behaviors have been observed in the wild. If the client can't reliably switch to the preferred address on packet #2, the preferred address will fail to solve the Anycast use case. Section 5 describes connection IDs. As I read it, the responding server selects one or more integers whose presence in the client's packet along with the client's selected connection IDs associate the packet with an ongoing connection. It's possible to constrain the server selection of those integers such that a simple algorithm applied to the server's connection ID (such as an AND mask) uniquely identifies which server in an Anycast cluster handles the associated connection. A load balancer fronting the cluster or a packet rerouting process in the Anycast QUIC implementation could then move the packet to the server capable of handling it. Question 3: What picks the connection ID? Does the API allow the application software to influence the selection of connection ID in any way? Question 4: Is the connection ID inside or outside the encrypted portion of the packet? Question 5: Fragmentation needed / Packet Too Big messages originate from an intermediate router that often has.a different return path than the route taken by packets from the endpoint. How is QUIC intended to deal with packet too big messages which arrive at a different node in the Anycast cluster than the one which sent the overlarge packet? Thanks, Bill Herrin -- William Herrin ................ herrin@dirtside.com bill@herrin.us Dirtside Systems ......... Web: <http://www.dirtside.com/>
- Questions about QUIC and Anycast William Herrin
- Re: Questions about QUIC and Anycast Martin Thomson
- RE: Questions about QUIC and Anycast Lubashev, Igor
- Re: Questions about QUIC and Anycast William Herrin
- Re: Questions about QUIC and Anycast Martin Thomson