Re: Questions about QUIC and Anycast
Martin Thomson <martin.thomson@gmail.com> Tue, 18 December 2018 21:24 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6B4B130F63 for <quic@ietfa.amsl.com>; Tue, 18 Dec 2018 13:24:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rBT8Ve8Bz7r9 for <quic@ietfa.amsl.com>; Tue, 18 Dec 2018 13:24:28 -0800 (PST)
Received: from mail-ot1-x334.google.com (mail-ot1-x334.google.com [IPv6:2607:f8b0:4864:20::334]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCBC01292F1 for <quic@ietf.org>; Tue, 18 Dec 2018 13:24:28 -0800 (PST)
Received: by mail-ot1-x334.google.com with SMTP id 40so17132725oth.4 for <quic@ietf.org>; Tue, 18 Dec 2018 13:24:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Ks+7G/Wg9gQ4pxtePguwBFGARLUYKYQZ6eJMTuoO9YA=; b=hcJ5VQreTGkeNfRAEim0DtqSdh2h+6ZucV/AwSk6ZUdWW+X2L3qWRRX7v9QWiT7P8J gPj1YchEHk3Q2vk+ScBQpWPXflKXQmMTpKqfimZyq13gw4xOruq2srr/Q6Xt8A/eCViF Kke0VXsMvtRmVxDBPLz2lkiUMGKj3RYg6yuyaktZi6PB5/Ej7C00r8gM7habQNmNS+Y9 poQy0Az7UEx61Qcb5GS1Kgzpp7VINp5IE0TATNzMm9eTKDZkeG+ji0px7s2b43qIvUtk lnXJkJQu288v3JRDadngt8wDkyN3+4HSNCAyevfL+Tuj/5854duKqkeBsVi/w7PUv234 JcnQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Ks+7G/Wg9gQ4pxtePguwBFGARLUYKYQZ6eJMTuoO9YA=; b=eqcMoTVt1FHL5kPFMqkvlq8KM512RzRHNUZraLl9HrX6i0CZFv82Sb9Xw5XN3vxyIR lR0vuB1HTWF3nr62lRZpwV8bwXEnOXfD1KIKDWf7Rx6cPsdycoE+bcDNGcjybXV+MU35 Y0zZ+jQNrh6SVpWdrZVLnHqG4eswLCszAtJ4rMAxMmiE4OKoTmawKqkN+xRG/sXsk/vu BgAiFnjq7171rw5wbdOG6uY5O4Rrw0FHrsup95KtcV8bj5BVom0IG7hqb2LPsrS1nJZt +RL27aqp6NFSI28FSDte53EvJbml1RWSopp8ASlrwiQz+qmDpemtdGY5Q4Im7B1tLt8W vMxg==
X-Gm-Message-State: AA+aEWYZPdmlLFJ7PmhFnu6kRqtZgJvUDT+mByfLQFevZD1cMxSXvV/r o5QLuvbycyWtbRRKEGwHdEKYaXY85pogKJC0m2zhLDaI
X-Google-Smtp-Source: AFSGD/UGHmX8vfW58RE6bRPXyL03rgQZdIv+zzS7rulT2nZDVvr6IYe+qne8AcQKbQ7++PepbuY5mCYbEeCiIIsDmtQ=
X-Received: by 2002:a05:6830:165a:: with SMTP id h26mr13946423otr.299.1545168267797; Tue, 18 Dec 2018 13:24:27 -0800 (PST)
MIME-Version: 1.0
References: <CAP-guGVPd-_YkfaGAk+dmi9TJGQ8n-RozbM0ea4wC7hDoU7Xhg@mail.gmail.com> <CABkgnnWBm1=+8FMhbqD2662uybTaYHF4aBR4QyAqJDGdU+Qo7w@mail.gmail.com> <CAP-guGUpwLb5mQrF-sB0gmUggyUsfCPrqNYbUkqdujQUsJDGzQ@mail.gmail.com>
In-Reply-To: <CAP-guGUpwLb5mQrF-sB0gmUggyUsfCPrqNYbUkqdujQUsJDGzQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 19 Dec 2018 08:24:18 +1100
Message-ID: <CABkgnnWgSy=YXAtjnRTQ5pRK2PNwD4miLaVz2oFnzK0jBxiZUQ@mail.gmail.com>
Subject: Re: Questions about QUIC and Anycast
To: William Herrin <bill@herrin.us>
Cc: QUIC WG <quic@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/rCkKXWXcGjoueFwWd5kVnHndm-I>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Dec 2018 21:24:31 -0000
On Wed, Dec 19, 2018 at 5:47 AM William Herrin <bill@herrin.us> wrote: > On Mon, Dec 10, 2018 at 4:41 PM Martin Thomson <martin.thomson@gmail.com> wrote: > > On Tue, Dec 11, 2018 at 11:18 AM William Herrin <bill@herrin.us> wrote: > > > Question 3: What picks the connection ID? Does the API allow the > > > application software to influence the selection of connection ID in > > > any way? > > > > The server picks connection IDs that the client puts in packets. That > > selection really has to be done in consultation with load balancers or > > the folks managing routing configurations. > > How does short header versus long header impact this? Can the server > instruct the client to use the full destination connection ID in both > headers so that the full connection ID is available to a middlebox in > every packet? The destination connection ID included, in full, in every packet. The point of that is to ensure that that any middlebox that cooperates with the server can use it. (I say cooperates because the value can change over time.) > > > Question 2: Which packet contains the server preferred address? > > > > In practice, taking some of the less-used exchanges (Retry, Version > > Negotiation, a TLS HelloRetryRequest) out of the picture, the server > > will often include the value in the first flight of packets it sends. > > However, that can be a couple of round trips away from the end of the > > handshake, because the handshake is multiple packets and might need to > > be repaired due to packet loss. > > Hmm. I'm curious what the reasoning is here. TLS would have to satisfy > the same cryptography regardless of which address is used, would it > not? Presumably the client could return to the original address upon > failed communication with the preferred address, including a failure > to negotiate TLS. How does requiring the TLS negotiation to complete > before attempting the preferred address end up enhancing security in > the bigger picture? Yes, TLS can complete using multiple paths - it doesn't care. However, we treat it like a black box, only releasing information once it has been authenticated. So while the preferred address might appear in a packet, it won't be available until the handshake completes. Best case, that's immediately, because the server's handshake fits into our amplification limit and there is no packet loss. However, that's not guaranteed. We also simplify the protocol analysis by limiting the handshake to the same address tuple. Migration to a different address comes with a bunch of other problems that we decided weren't worth grappling with, like ensuring that the other endpoint genuinely can receive packets at that address, and so forth. Perhaps that is something that might be improved with some work, but work is the scarce resource right now and we're spending all we can on completing the other bits of the protocol that we know need to be fixed. > Does the preferred address have another use case besides load > balancing? The load balancing process could be stateless if it could > rely on the client shifting to the preferred address on packet #2. It > seems to me that making the load balancing process stateless, > especially in the anycasted CDN case, would be a big win if it could > be done securely. Yep, that "done securely" qualifier is the real catch. See above.
- Questions about QUIC and Anycast William Herrin
- Re: Questions about QUIC and Anycast Martin Thomson
- RE: Questions about QUIC and Anycast Lubashev, Igor
- Re: Questions about QUIC and Anycast William Herrin
- Re: Questions about QUIC and Anycast Martin Thomson