Re: New Plaintext QUIC-LB Design

Behcet Sarikaya <sarikaya2012@gmail.com> Mon, 18 January 2021 16:04 UTC

Return-Path: <sarikaya2012@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3C883A091C for <quic@ietfa.amsl.com>; Mon, 18 Jan 2021 08:04:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.847
X-Spam-Level:
X-Spam-Status: No, score=-1.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wmVUKkZ1_n_j for <quic@ietfa.amsl.com>; Mon, 18 Jan 2021 08:04:42 -0800 (PST)
Received: from mail-yb1-xb2b.google.com (mail-yb1-xb2b.google.com [IPv6:2607:f8b0:4864:20::b2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 957123A0927 for <quic@ietf.org>; Mon, 18 Jan 2021 08:04:42 -0800 (PST)
Received: by mail-yb1-xb2b.google.com with SMTP id k4so13111482ybp.6 for <quic@ietf.org>; Mon, 18 Jan 2021 08:04:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc; bh=CqaPaiq2NQcUpoNCcG8vnby7uXvcBrWv0jS4PFmy/9E=; b=YZ812D96NAFsy5idsG6xw+In3btspJ7Rq8DuhBOZix4Ih7LyBrmrKiPZth+RHQ20NZ +TnkB3Y173zBXydclplT7d/GnDIAwgz2TbKYYkIP4IaWJnrPbYfWnVnlN7E0tEVgDeDB AldnvxAGPvYaf550yqS8Bu0FENkBxYj20s0b92TBvlT/Qw1je/jzmsReJmqeUYibKN6+ PCR63gGRQSz+y93wjgzVJeSsjISBQk0aR/xJrLcQoXuN66NdE/YhdxC4AsaIcc6jHm0v wj2U8hgT0Bjah76EBCYXHAJ5cYPiKV53WOmcg7Wpa9OUZxvnbTMI71KvPhmcTNl0oN6l U5Pw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=CqaPaiq2NQcUpoNCcG8vnby7uXvcBrWv0jS4PFmy/9E=; b=QG0t0+Yo5QsC3tl8tKJQusBb3XGNRYUrSm2IKiFi4MS6GBmsP/7vCdOKq08H/Lxlvb cqjgFPaKFWudMFFTduSn5ESW0VWo9wG3GgP8LH9nU58avzxPwm5Xqegqm/CoWpPPKi6k oa7HUOcR7nJ4rbtqA/6clwM49gt+gQJfSLS6uafudWxKEAbUsafDMn7PqsChB3k7fHw9 2uxlz0//O6NcuW3NbgEg7a1OCrYr/f/Y76IG1GNn5YyQ2Ref3bJZRPut5eVxqyd4RyYB Ghzd7/9IVqJmK6mmbWmF61q5RS1LCeLCmhw9RUXdNhA2Pft3rYocBlMOxa+jf7rGhlo2 Sy3A==
X-Gm-Message-State: AOAM531k8+bv+woU7OOHeluwovEt836T1Cip+364ZE9nzYzTN9S+AFw9 HJByCO8Xa20/B4MyZazWdHD2lhuVPL/Y3KD1RccN77l7UHU=
X-Google-Smtp-Source: ABdhPJyJ2GkQMSqKEfrFi4aCmXOO3soN//Xr+nUvOgcBJN5dtw6FlWCpmHlW6dzTi0h1gNyB6GTjq91x2OiYcUbyBWQ=
X-Received: by 2002:a25:4258:: with SMTP id p85mr35470786yba.423.1610985881653; Mon, 18 Jan 2021 08:04:41 -0800 (PST)
MIME-Version: 1.0
References: <CAM4esxRRp5=-YvcPsCdsgB=8O=_RAXq05Ldma0smGsjy95T4=g@mail.gmail.com> <6B05568D-1905-4416-904C-2EEC25491920@gmail.com> <CAM4esxSyn7uEiUsYvtiUbQ=4Qt-Bp+yLYBK+re+a+V3ea0BjcQ@mail.gmail.com> <B4D950F6-452A-4CFC-9707-DC1C9B3AB49B@gmail.com> <EB8897FC-1A57-4C45-ABDE-B87E36E519E8@gmail.com> <03ba27b1-3d27-d66b-4fc0-a952c24c993d@huitema.net> <CAM4esxToXBrKezEc3WVWpZFmNLVgVBX+==N77OyjmvEfvJ+kTA@mail.gmail.com> <527d1ec7-c354-5756-6f02-c8058c560b3a@huitema.net> <CAM4esxSVn9zdsur8E6EUGJTusE5DTkQOz7N1+VXm6aZ2v1Zzow@mail.gmail.com> <CAM4esxS8mqf5F6ZAW_JPrwg4gHWdtk=OMtRnwfJeuOH9JhoiqA@mail.gmail.com> <D7415808-034A-4E93-9329-2BC8F1F116E7@gmail.com> <04B2488D-1EFE-4CBB-BB1E-2AF08F4BDEFA@gmail.com> <CAM4esxRFEMbXBAF+TjEXpSTreQQktPi264sQ7h3p=oUBgLUX1A@mail.gmail.com>
In-Reply-To: <CAM4esxRFEMbXBAF+TjEXpSTreQQktPi264sQ7h3p=oUBgLUX1A@mail.gmail.com>
Reply-To: sarikaya@ieee.org
From: Behcet Sarikaya <sarikaya2012@gmail.com>
Date: Mon, 18 Jan 2021 10:04:30 -0600
Message-ID: <CAC8QAcc15sF4bdfzmEexETVPsPmOsTVi5JUFZgiPy=p_Qv9MwQ@mail.gmail.com>
Subject: Re: New Plaintext QUIC-LB Design
To: Martin Duke <martin.h.duke@gmail.com>
Cc: =?UTF-8?Q?Mikkel_Fahn=C3=B8e_J=C3=B8rgensen?= <mikkelfj@gmail.com>, IETF QUIC WG <quic@ietf.org>, Christian Huitema <huitema@huitema.net>
Content-Type: multipart/alternative; boundary="00000000000036d68505b92ee16b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/oJ2KsEgQJrnBIbNk6yu-1VxQuI0>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jan 2021 16:04:45 -0000

Hi Martin,


On Fri, Jan 15, 2021 at 7:09 PM Martin Duke <martin.h.duke@gmail.com> wrote:

> I've been playing with Ian's algorithm (specifically, the way I had to
> modify it to fit into the QUIC-LB framework) and filed an issue.
>

What is QUIC-LB?

Is it public domain?

Behcet

>
> https://github.com/quicwg/load-balancers/issues/84
>
> This is very long and hard to reason about, but the upshot is there are
> significant problems and without some clever design I'm not sure how to
> make this work.
>
> On Fri, Jan 15, 2021 at 12:26 PM Mikkel Fahnøe Jørgensen <
> mikkelfj@gmail.com> wrote:
>
>> There is also
>>
>> https://en.wikipedia.org/wiki/Rendezvous_hashing
>>
>>
>> On 15 Jan 2021, at 21.18, Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
>> wrote:
>>
>> I would be hesitant to introduce a situation where a load balancer is
>> forced to use memory, especially memory it doesn’t fully control. It may be
>> fine as a choice, but not the only choice.
>>
>> Aside from potential attacks, there is also the hardware cost/complexity.
>> SHA256 and AES is pretty standard in almost anything, but lots of RAM is a
>> cost driver.
>>
>> It is really hard to estimate crypto vs lookup overhead, but it is far
>> from a given that lookup will be faster once the tables grow large.
>>
>> Less coordination is a good thing though. I’m afraid that without out of
>> band payload to coordinate, there will have to be a choice between
>> configuration and state.
>>
>> Mikkel
>>
>> On 15 Jan 2021, at 21.04, Martin Duke <martin.h.duke@gmail.com> wrote:
>>
>> To muddy this discussion a little further, after a little more thinking I
>> believe there's a way to generalize this approach to all three of the
>> original algorithms, encrypted or unencrypted, so there is never a need to
>> manually allocate server IDs.
>>
>> Again, the main tradeoff here is simpler configuration vs. more
>> complexity and state at the load balancer.
>>
>> As a document organization matter, rather than have six different
>> algorithms I would prefer to specify three with a separate section
>> describing the two separate ways to allocate a server ID.
>>
>> But it is not too late to yell "stop" at this multiplicity of options if
>> people feel the tradeoffs are clear-cut in one way or the other.
>>
>> On Mon, Jan 11, 2021 at 6:50 PM Martin Duke <martin.h.duke@gmail.com>
>> wrote:
>>
>>> Yes. Do you have an alternate suggestion?
>>>
>>> On Mon, Jan 11, 2021 at 5:54 PM Christian Huitema <huitema@huitema.net>
>>> wrote:
>>>
>>>>
>>>> On 1/11/2021 5:22 PM, Martin Duke wrote:
>>>>
>>>> Perhaps I should make some edits for clarity!
>>>>
>>>> On Mon, Jan 11, 2021, 16:52 Christian Huitema <huitema@huitema.net>
>>>> wrote:
>>>>
>>>>> I am looking at the text of section 4.2, and I am not sure how I would
>>>>> implement that. What should be the value of the config rotation bits in CID
>>>>> created by the server?
>>>>>
>>>> Any config includes the corresponding CR bits, and when generating the
>>>> CID it would use those bits.
>>>>
>>>> The confusing part is that, for this algorithm, a usable SID has to be
>>>> extracted from any CID, hence all the weird stuff about CIDs with undefined
>>>> configs.
>>>>
>>>> Aside from that, it's like PCID: any server-generated CID uses the CR
>>>> bits in the config, optional length encoding, SID, server-use octets.
>>>>
>>>>
>>>>> Should the 6 other bits in the first octet be set to a CID Len or to a
>>>>> random value?
>>>>>
>>>> It depends on the rest of the config, as with the other algorithms.
>>>>
>>>>>
>>>>> Issss the timer set when the server ID is first added to the table, or
>>>>> is the timer reset each time a packet is received with that CID? In the
>>>>> latter case, is it reset when any packet is received, or only when a "first
>>>>> initial" packet is received?
>>>>>
>>>> When any packet is received with that SID (not CID), the expiration is
>>>> refreshed.
>>>>
>>>> OK. So we can have the following:
>>>>
>>>> 1) Server learns of Server-ID = X.
>>>>
>>>> 2) Server creates new CID with that server ID, uses it to complete
>>>> handshake.
>>>>
>>>> 3) Client maintains a long running connection with that CID.
>>>>
>>>> 4) Server keeps receiving messages with CID pointing to server-ID = X
>>>>
>>>> 5) server-ID=X never expires.
>>>>
>>>> Is that by design?
>>>>
>>>> -- Christian Huitema
>>>>
>>>>
>>>>
>>
>>