Re: QUIC idle timeouts and path idle timeouts

Lucas Pardue <lucas@lucaspardue.com> Wed, 24 July 2024 21:47 UTC

Return-Path: <lucas@lucaspardue.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 549D5C14F6AF for <quic@ietfa.amsl.com>; Wed, 24 Jul 2024 14:47:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.806
X-Spam-Level:
X-Spam-Status: No, score=-2.806 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lucaspardue.com header.b="sQBF/iEs"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="C9zo5c2I"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cGBU4X6FC3LL for <quic@ietfa.amsl.com>; Wed, 24 Jul 2024 14:47:11 -0700 (PDT)
Received: from flow5-smtp.messagingengine.com (flow5-smtp.messagingengine.com [103.168.172.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4CF8C14F60D for <quic@ietf.org>; Wed, 24 Jul 2024 14:47:11 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailflow.nyi.internal (Postfix) with ESMTP id CEB8D200131; Wed, 24 Jul 2024 17:47:08 -0400 (EDT)
Received: from wimap26 ([10.202.2.86]) by compute4.internal (MEProxy); Wed, 24 Jul 2024 17:47:08 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lucaspardue.com; h=cc:cc:content-type:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm1; t=1721857628; x= 1721864828; bh=bSX7bPzKUgMVfs7nzJhBTZeUia7XwDu/M9DxrYrD2TY=; b=s QBF/iEsW865O04EKeRggbMq4jlmm9S8beCdglwlAU9f2bFB/BJJitbu6I1fYJpdz PQlapOC6jYf6jUPrNiZyaYTbCwN5cYb43kCVkIVWgs7T6o3l13jujCdViHIOJEl6 boSpJhw8pkt5Chrgl67ji8STQ9+L/gN3P8wj0MWIo5l74X/7r3nasgwTjpSFyF6Q hGetvJzQSBRd0Shc9oTAt318YF86igAISHpDkQSncL4Dh3+FGEZmnvPjLljyLpPm SDJhvvtp/J4iwXSIU0JVZzFKjfwH70j+TPMYLIrBEEgPVrXuOOrwXXL8aoDKP0uR iAktEJF5U9aARoNx5/NBQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= i23b94938.fm3; t=1721857628; x=1721864828; bh=bSX7bPzKUgMVfs7nzJ hBTZeUia7XwDu/M9DxrYrD2TY=; b=C9zo5c2IgRi7PKZ1+yNtoUN6jZx0e23dkG MP5Jf/6ROZYqw9j1XgQTJNVppmewefFHR3VMx1jHYdL+2FjdnUOvZ8x7plgwMmI8 xtkjsAhB/zIwephZcbv2jXUhXcfpJChgMKUue7Ky73yzlmgPiNi4Gk6j/SG3dQoi XtOe3S8Vsw640IkPvrFi/lhSbwKS//WPgAIDnJ976ZIJL6nj3JzsHIZne3Tpi9x9 RVdOVJc4KvVWTF2jtVyovFxgu/8w/EqsY5e8OQxnqbnwaXp9PnbmR1I56wkkla2N sgqsskZGZSuf7nRfaXZpgf/OYSCV3Ptdq6oHmmAemIbBr/IoXMwg==
X-ME-Sender: <xms:XHahZrI8hiM9nZrOVysl9q9BV-CcpyA8km9Cr3a_IxjflEENxbg5RA> <xme:XHahZvLfvVLXJ-fLQAXZuV1lb4XhAHsvEAm3R2MP6k7nyH-RcoTtn_25FSmDjRqnQ caU_0-nQRI24_ylWSc>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddriedvgddtfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvvefutgesrgdtreerreerjeenucfhrhhomhepfdfnuhgt rghsucfrrghrughuvgdfuceolhhutggrsheslhhutggrshhprghrughuvgdrtghomheqne cuggftrfgrthhtvghrnhepgfettdeukeeuuefhudejfffgkeetjedvheefvdefffejtedt jeffvdeukeekffeinecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilh hfrhhomheplhhutggrsheslhhutggrshhprghrughuvgdrtghomhdpnhgspghrtghpthht oheptd
X-ME-Proxy: <xmx:XHahZjsehBjsIxoQCtBhyQf4gzob-La1FF3v80xk2pf5SRUrqWIPvA> <xmx:XHahZkZNsXAUfodzJnQW5W0GTSIc8PcH_lIgiHepMbtTcwBFzlP6Rg> <xmx:XHahZiaPtnNBJx3-98qKclqaU8jgHT-ln-upZ64BJHgBpdN53XLfSw> <xmx:XHahZoCzRbXKHcFerHUf7mgv9nYPWar4yz--J01ltzbTQ9eFhEOTyw> <xmx:XHahZgb_j7pUQAocgy2Wcd1zCUWHf3k83Og5_dmEDY5TtGhvVmQndOTa>
Feedback-ID: i23b94938:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 97F5919C0069; Wed, 24 Jul 2024 17:47:08 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.11.0-alpha0-582-g5a02f8850-fm-20240719.002-g5a02f885
MIME-Version: 1.0
Message-Id: <a32843f2-ab55-451e-9fc6-fd26290c4945@app.fastmail.com>
In-Reply-To: <F308D2A8-CB97-4A94-BCC8-C637D3BE726A@gmail.com>
References: <c85efbc5-fac3-4ddf-9cb0-733ef5f855fd@app.fastmail.com> <F308D2A8-CB97-4A94-BCC8-C637D3BE726A@gmail.com>
Date: Wed, 24 Jul 2024 14:46:45 -0700
From: Lucas Pardue <lucas@lucaspardue.com>
To: Dan Wing <danwing@gmail.com>
Subject: Re: QUIC idle timeouts and path idle timeouts
Content-Type: multipart/alternative; boundary="a657b07001f244dc8144ac609f2d4df2"
Message-ID-Hash: MLKZZF5KCFNVCTZPX65GYK6VOBRVF7H5
X-Message-ID-Hash: MLKZZF5KCFNVCTZPX65GYK6VOBRVF7H5
X-MailFrom: lucas@lucaspardue.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-quic.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: QUIC WG <quic@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/qIqQyyPlr-GgLG1htuozRDcomlc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Owner: <mailto:quic-owner@ietf.org>
List-Post: <mailto:quic@ietf.org>
List-Subscribe: <mailto:quic-join@ietf.org>
List-Unsubscribe: <mailto:quic-leave@ietf.org>

Hey Dan,

On Wed, Jul 24, 2024, at 14:30, Dan Wing wrote:
> On Jul 24, 2024, at 11:24 AM, Lucas Pardue <lucas@lucaspardue.com> wrote:
>> 
>> Hi folks,
>> 
>> Wearing no hats.
>> 
>> There's been some chatter this week during IETF about selecting QUIC idle timeouts in the face of Internet paths that might have shorter timeouts, such as NAT.
>> 
>> This isn't necessarily a new topic, there's past work that's been done on measurements and attempts to capture that as in IETF documents. For example, Lars highlighted a study of home gateway characteristics from 2010 [1]. Then there's RFC 4787 [2], and our very own RFC 9308 [3]
>> 
>> There's likely other work that's happened in the meantime that has provided further insights.
>> 
>> All the discussion got me wondering whether there might be room for a QUIC extension that could hint at the path timeout to the peer. For instance, as a server operator, I might have a wide view of network characteristics that a client doesn't. Sending keepalive pings from the server is possible but it might not be in the client's interest to force it to ACK them, especially if there are power saving considerations that would be hard for the server to know. Instead, a hint to the peer would allow it to decide what to do. That could allow us to maintain a large QUIC idle timeouts as befitting of the application use case, but adapt to the needs of the path for improved connection reliability. 
>> 
>> Such an extension could hint for each and every path, and therefore a benefit to multipath, which has some addition path idle timeout considerations [4].
>> 
>> Thoughts?
> The client has to send a message to keep firewalls or NATs from timing out UDP connections; it can't be kept alive solely from the server.
> 
> If, after a NAT (or firewall) timeout closes the mapping (or pinhole), a new QUIC message is initiated by the client, a NAT (or firewall) timeout is not harmful to a QUIC connection because of the connection-id, as you know. It might cost a round trip if the server decides it needs to be validated.  However, if in that same situation the new QUIC message is initiated by the server, it will be dropped because the NAT mapping or firewall pinhole is gone.  I believe that is the problematic use-case?  If so, would it be useful for the server to tell the client "I will want to send an unsolicited application message to you"?  The client could use that to keep the firewall pinhole or NAT mapping alive.
The application bearing messages are STREAM and DATAGRAM frames, which are both ack-eliciting. I don't think this problem is impactful enough to motivate developing a new non-ack eliciting application dara frame. But perhaps a transport level mechanism could work, and be applicable to everything by default.

Cheers
Lucas
> 
> -d
>