RE: Treatment of ICMP for PMTU

Lucas Pardue <Lucas.Pardue@bbc.co.uk> Thu, 28 June 2018 09:25 UTC

Return-Path: <Lucas.Pardue@bbc.co.uk>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0724130F96 for <quic@ietfa.amsl.com>; Thu, 28 Jun 2018 02:25:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iexD6tvKy9e6 for <quic@ietfa.amsl.com>; Thu, 28 Jun 2018 02:25:22 -0700 (PDT)
Received: from mailout0.telhc.bbc.co.uk (mailout0.telhc.bbc.co.uk [132.185.161.179]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 580E7130F7F for <quic@ietf.org>; Thu, 28 Jun 2018 02:25:22 -0700 (PDT)
Received: from BGB01XI1011.national.core.bbc.co.uk (bgb01xi1011.national.core.bbc.co.uk [10.161.14.15]) by mailout0.telhc.bbc.co.uk (8.15.2/8.15.2) with ESMTP id w5S9PIiL023861; Thu, 28 Jun 2018 10:25:18 +0100 (BST)
Received: from BGB01XUD1012.national.core.bbc.co.uk ([10.161.14.10]) by BGB01XI1011.national.core.bbc.co.uk ([10.161.14.15]) with mapi id 14.03.0389.001; Thu, 28 Jun 2018 10:25:18 +0100
From: Lucas Pardue <Lucas.Pardue@bbc.co.uk>
To: "Lubashev, Igor" <ilubashe@akamai.com>, Martin Duke <martin.h.duke@gmail.com>, IETF QUIC WG <quic@ietf.org>
CC: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
Subject: RE: Treatment of ICMP for PMTU
Thread-Topic: Treatment of ICMP for PMTU
Thread-Index: AdQOVlbAt8rn27zdQrag9H62mpvY5wABihw5AANGU0AABKuwsgAJFrAwAAfLncA=
Date: Thu, 28 Jun 2018 09:25:17 +0000
Message-ID: <7CF7F94CB496BF4FAB1676F375F9666A3BB5BA9B@bgb01xud1012>
References: <924fbd75dbcf4d62a9062570b0d2ba5a@ustx2ex-dag1mb5.msg.corp.akamai.com> <7CF7F94CB496BF4FAB1676F375F9666A3BB5B9DC@bgb01xud1012>, <2f0e251a9b274272968a8b3053d3a3a5@ustx2ex-dag1mb5.msg.corp.akamai.com> <7CF7F94CB496BF4FAB1676F375F9666A3BB5BA29@bgb01xud1012> <4674cc2be90e4b5b9056cc63a0735664@ustx2ex-dag1mb5.msg.corp.akamai.com>
In-Reply-To: <4674cc2be90e4b5b9056cc63a0735664@ustx2ex-dag1mb5.msg.corp.akamai.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.19.161.213]
x-exclaimer-md-config: c91d45b2-6e10-4209-9543-d9970fac71b7
x-tm-as-product-ver: SMEX-12.5.0.1300-8.2.1013-23934.005
x-tm-as-result: No-9.217100-8.000000-10
x-tmase-matchedrid: u7Yf2n7Ca/27lpQUW6Uvz7iMC5wdwKqdwZLXS0hN8p0NcckEPxfz2CU7 43HF3fJ15mb/1jYDTsq1rPg9k9RUkvMCf0EO7H1tDPhWwJzVhb6H7D1bP/FcOkENV4Lwnu7BM8b 8oRjLE5qFImf5EUPaDWIgk3Pw6FVn8HqrNSteiYTRc75iroKqApl/lu28zzkBnl2JZEArQgITBr T5FMhW3UT6WqzBWLOQpC0s6RzU0dr+hembQ23/aLai7SkVQxg5jiWciALpTNOW6aHRAuYExtEzI JFzSdhjj5h4B4zE00JBsJaf/YUTGPUZjbWnwyrhXP5rFAucBUEz7HWSgiz9ppsoi2XrUn/JmTDw p0zM3zoqtq5d3cxkNeAajwyO32wXIbER0cGW5hAQPPgi9B8ygvVI+Cgm6c3wbXqtS8jRZKs=
x-tm-as-user-approved-sender: Yes
x-tm-as-user-blocked-sender: No
x-tmase-result: 10--9.217100-8.000000
x-tmase-version: SMEX-12.5.0.1300-8.2.1013-23934.005
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/tsP-yOxChWIMl1ppEKPzJGcjX_k>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jun 2018 09:25:28 -0000

Igor Lubashev wrote:

>I think I see what you are talking about.
>
>At least the way it is specced in H2 and HTTP/QUIC, CONNECT proxies forward
>data streams, not packets.  Hence, MTU concept on a tunnel-stream is
>meaningless.  The text says it explicitly: "Note that the size and number of TCP
>segments is not guaranteed to map predictably to the size and number of
>HTTP DATA or QUIC STREAM frames."  From the client's perspective there is
>only one PMTU that is relevant -- the one to the proxy.  The proxy will keep
>tracks of the PMTUs to the CONNECT endpoints itself and will generate TCP
>segments accordingly.

Right, that's how I was seeing it.

>Trying to design a CONNECT-like method to proxy an entire QUIC connection
>over a single QUIC stream would create HOLB for QUIC packets to and from
>the proxy.  Some sort of a partially reliable QUIC stream could help here.

Both you and Mikkel have identified HOL as something that needs more thought. Thanks. Mikkel's view is a little more extreme, to paraphrase "HOL is enough to make QUIC not QUIC". I've taken the view that it may be desirable to tunnel QUIC over TLS/TCP too (perhaps using HTTP/2 frames), so I view HOL avoidance as an optimisation rather than a requirement. Partial reliability (of streams, or of some new frame type) could help solve that puzzle. Now I think about it, a complimentary mitigation could be to reserve a set of tunnel-streams to provide some basic multiplexing. However, the complexity of that might not be worth it.

>This proxying scheme would require an extension to CONNECT to open a
>UDP/IP tunnel instead of a TCP/IP tunnel.  That extension would also mandate
>that HTTP/QUIC DATA frame corresponds to a UDP frame.  I suspect that it
>would be a very good idea for such a proxy to add a new frame for providing
>ICMP-like explicit PMTU feedback to the sender (why leave the sender
>guessing and probing, if the PMTU is already known to the proxy?).

This is good feedback. Thanks!

Kind regards
Lucas