IETF Logo Mail Archive

RE: Middlebox introspection/self-describing packets

Dave Dolson <ddolson@sandvine.com> Thu, 09 March 2017 01:45 UTC

Return-Path: <ddolson@sandvine.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B99981295D9 for <quic@ietfa.amsl.com>; Wed, 8 Mar 2017 17:45:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zFp2MyvaK5DZ for <quic@ietfa.amsl.com>; Wed, 8 Mar 2017 17:45:58 -0800 (PST)
Received: from mail1.sandvine.com (mail1.sandvine.com [64.7.137.165]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBB9D12953D for <quic@ietf.org>; Wed, 8 Mar 2017 17:45:57 -0800 (PST)
Received: from WTL-EXCHP-1.sandvine.com ([fe80::ac6b:cc1e:f2ff:93aa]) by WTL-EXCHP-3.sandvine.com ([::1]) with mapi id 14.03.0319.002; Wed, 8 Mar 2017 20:45:55 -0500
From: Dave Dolson <ddolson@sandvine.com>
To: Martin Duke <martin.h.duke@gmail.com>, Brian Trammell <ietf@trammell.ch>
Subject: RE: Middlebox introspection/self-describing packets
Thread-Topic: Middlebox introspection/self-describing packets
Thread-Index: AQHSmFSBe5LHTHc90EmU7CpJzM5KXqGL3nwAgAAQToD//8t6MA==
Date: Thu, 09 Mar 2017 01:45:55 +0000
Message-ID: <E8355113905631478EFF04F5AA706E9870541281@wtl-exchp-1.sandvine.com>
References: <CABcZeBP7_Pb+uSi8ZxFtf4d_5=Gr3bcoS8qzySN5Y94Ugotaaw@mail.gmail.com> <A79DEAE5-95B7-4A3E-8C0F-B363510072AB@trammell.ch>, <CAM4esxR79UCT_iY66NAxMnMGjm1Tdxf6EH8mHxEacGDv8t5JoA@mail.gmail.com>
In-Reply-To: <CAM4esxR79UCT_iY66NAxMnMGjm1Tdxf6EH8mHxEacGDv8t5JoA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.142.2]
x-c2processedorg: b2f06e69-072f-40ee-90c5-80a34e700794
Content-Type: multipart/alternative; boundary="_000_E8355113905631478EFF04F5AA706E9870541281wtlexchp1sandvi_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/qekLn3y8uz5Wusm9zOR3zo7UQVI>
Cc: Eric Rescorla <ekr@rtfm.com>, IETF QUIC WG <quic@ietf.org>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Mar 2017 01:46:00 -0000

Within the context of PLUS, we have attempted to assemble a list of benefits provided by on-path middleboxes.
Please see https://tools.ietf.org/html/draft-dolson-plus-middlebox-benefits-02

>From the abstract:

   A primary goal of this document is to provide information to working
   groups developing new transport protocols, in particular the PLUS and
   QUIC working groups, to aid understanding of what might be gained or
   lost by design decisions that may affect (or be affected by)
   middlebox operation.

The authors hope this will provide context for discussion about what sorts of middlebox functions are worth supporting.
We believe many important diagnostic and network protection mechanisms require some visibility into the transport connection, without violating privacy.

Please take a look.

-Dave



________________________________
From: QUIC [quic-bounces@ietf.org] on behalf of Martin Duke [martin.h.duke@gmail.com]
Sent: Wednesday, March 08, 2017 6:43 PM
To: Brian Trammell
Cc: Eric Rescorla; IETF QUIC WG
Subject: Re: Middlebox introspection/self-describing packets

I have a substantially different position on middlebox inspection. First is the load balancing point, which many people have already made.

Second, service providers have an interest in (1) measuring the quality of service they provide to customers, (2) enforcing bandwidth limitations, etc. on users, and (3) identifying application types to provide QoS where it matters. I think (1) and (2) can be done without a meaningful loss of privacy, although (3) is highly problematic. To that end, there are a number of open issues looking to expose some transport state to middleboxes:
- Packet number echo to allow RTT measurements (#269)
- ECN to allow a non-loss rate-limiting signal (replacing TCP zero-window) (#68)
- Public flag bits to indicate flow-control and loss-detection causes of throttling, to aid in troubleshooting (#279) - I believe it was someone from Orange in Tokyo who asked "how am I going to troubleshoot this?"
- Replacing CONNECTION_CLOSE to an authenticated Public Reset to clear connection state on middleboxes. (#353)

No one has yet demonstrated that any of these are meaningful losses of privacy. They also require no modifications to the packet itself.

For all the above reasons I am somewhat concerned about all of the surreptitious connection-ID changes, but I think all of these features are valuable regardless of how those discussions turn out.

On Wed, Mar 8, 2017 at 2:45 PM, Brian Trammell <ietf@trammell.ch<mailto:ietf@trammell.ch>> wrote:
hi ekr,

The point in this space I'd use is “expose nothing without necessity, or clear benefit with mutual cooperation of the endpoints, but ensure exposed information is efficiently usable.”

> On 8 Mar 2017, at 22:38, Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:
>
> There's recently been some back and forth on the headers PR about the
> value of having packets be self-describing so that middleboxes can parse
> them.
>
> To take a concrete example, consider the connection_id. In general, it seems
> that mostly packets in a given direction either need connection_ids or don't
> (assuming that the point of connection_id is partly to handle unexpected
> NAT rebinding.), so this seems like a prime thing to negotiate. Jana argued
> in the PR that the reason to have a bit is to allow middleboxes to know how
> to parse the packet.

Taking the case of Connection ID, specifically, it does seem to be a candidate for moving to negotiation, saving one header bit pretty much everywhere. Connection ID is designed for load balancers, and one could define negotiation to be mandatory on the client side: if the server gives you a connection ID, then the client MUST return it. Otherwise, any device trying to observe the Connection ID would have to keep the has-a-Connection-ID state observed during the negotiation, and it wouldn't have access to that state when the Connection ID is used during rebinding.

In this case, saving the bit costs you the possibility of client-side choice on whether to not return the Connection ID, which seems to me to violate the mutual cooperation principle.

Cheers,

Brian


>
> It seems like it would be good to come to agreement about our attitude towards
> middlebox inspection. I have been generally taking the position that we should
> conceal as much as possible from middleboxes and only expose what is needed
> to make the protocol work (i.e., if possible I would encrypt conn_id and packet
> number). It seems like perhaps not everyone shares that objective, so I thought
> I would ask what principles other people thought they were adhering to.
>
> Jana? MT? Others?
>
> -Ekr
>
>
>

v2.23.0 | Report a Bug | By Email