IETF Logo Mail Archive

Re: Re: Greasing more of QUIC

Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com> Wed, 13 December 2017 17:15 UTC

Return-Path: <mikkelfj@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D09CD1270B4 for <quic@ietfa.amsl.com>; Wed, 13 Dec 2017 09:15:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.698
X-Spam-Level:
X-Spam-Status: No, score=-1.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nK6mt0MpvJcS for <quic@ietfa.amsl.com>; Wed, 13 Dec 2017 09:15:11 -0800 (PST)
Received: from mail-it0-x234.google.com (mail-it0-x234.google.com [IPv6:2607:f8b0:4001:c0b::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36DD1124BAC for <quic@ietf.org>; Wed, 13 Dec 2017 09:15:11 -0800 (PST)
Received: by mail-it0-x234.google.com with SMTP id m11so21433183iti.1 for <quic@ietf.org>; Wed, 13 Dec 2017 09:15:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to; bh=wqzcYzy1dea9chmEcWsiFrknXOL5a8X0M3EZ4xlXGEU=; b=uCAGqymbz381+fbaPwOnb5PZcFEKxBwt7YU89gkCTW9Rja5ZDxvevEZnCXPVJ8StNx XtRghQl5L4s5bJ+DTkw8oaMnPGCbKkWQbJPO1HHaYwz5cjQpWrKNeDNr2zbQlMn9yiE6 gXwevwUJ0skIJe04yaP5PJO1WcFTYkcVBdNBDfladiY9D1++9JtoaOhuBgYlvl3CxAjx kB/wQS/JgyL4NKArXscfy5D/td8y6WM9CKYrWSWIVzLu15MFwivqxFt/DBi/G5zB71Zk LlKjH8QRgpumio0xKr1/dgEF4g/6s4H+7H7P7knpduvd730KVdzmXnTFX+zPa+V3x3RH ma4g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to; bh=wqzcYzy1dea9chmEcWsiFrknXOL5a8X0M3EZ4xlXGEU=; b=DHd18D6+CdzaDuUjTjh65Yf8Yc1Ha7SBc9P8mOO47CmSDX2vQ6CsfN+APkbf64IHz8 xigZIdzo1YGEg1n6GmoFfGmDRLYPL8nXbXozqc0URlIJ/EbfhKnAUg61Jjd0+J3MNwOV Rx/8bzjZFl6u1kMsFZeFdsUlTXZYY7+rQDHxBDFPfZbZfz9kgcT8FWJZaZxYImGd5t9f Y9ju8uQyaTMs5IjzHEH81E8b1C8r8euo4AtMf/rrKq1QYvQGW4YxVtzKlAY/QB7cYWUT BrkN1gLb1hccAJUQijdR/EcTObvV7TFV1vvb4zcRdjpskxnkqUq0aWe9cvg5XEVIvudc 8Iow==
X-Gm-Message-State: AKGB3mLSsBr490VWEoScdyYKUfct5JB1/OWk2r1EPTZuAELHK7XIXiTI U7y/+hpRMTKEnFKQQAtp1HTdEO2eH9gmZaq/EY0=
X-Google-Smtp-Source: ACJfBotMsV8ocCLM/I83FcF1aThzeJ3fQGEICXBjOpedAoUeIBSS/m6zSz2PVcJoU7/s2XEim26ZEEqZ8zJ/ls8vSRU=
X-Received: by 10.107.47.234 with SMTP id v103mr3587471iov.96.1513185310512; Wed, 13 Dec 2017 09:15:10 -0800 (PST)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Wed, 13 Dec 2017 12:15:09 -0500
From: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
In-Reply-To: <14936_1513181345_5A3150A1_14936_390_1_5A3150A4.7010700@orange.com>
References: <CABkgnnUxr3cAv81m5PfzRb+LWbiUq1qaASMnLkG+hEokHR714A@mail.gmail.com> <68B6C3D7-243D-4E0A-B8D1-34AE5E08468A@trammell.ch> <14936_1513181345_5A3150A1_14936_390_1_5A3150A4.7010700@orange.com>
X-Mailer: Airmail (420)
MIME-Version: 1.0
Date: Wed, 13 Dec 2017 12:15:09 -0500
Message-ID: <CAN1APddNG1ito5w168TQJJA1VPU5cXtiPNydYXN7y8Zo3P5mqg@mail.gmail.com>
Subject: Re: Re: Greasing more of QUIC
To: alexandre.ferrieux@orange.com, quic@ietf.org
Content-Type: multipart/alternative; boundary="001a1135a438e99e8b05603be87e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/uJRvoHgGtbB5Y-8PNsvymP88w9E>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Dec 2017 17:15:13 -0000

A passive middle box observer can do harm if the deployment is large scale
and mission critical. If it mis-interprets new QUIC version it may report
network damage which may cause operators to explicitly block new QUIC
versions as opposed to deal with upgrading passive, but mission critical,
middleware.

Kind Regards,
Mikkel Fahnøe Jørgensen


On 13 December 2017 at 17.09.15, alexandre.ferrieux@orange.com (
alexandre.ferrieux@orange.com) wrote:

Hello Brian,

On -10/01/-28163 20:59, Brian Trammell (IETF) wrote:
>
> [...] what I was hoping I'd see here, and didn't, is an explicit
statement of the threat model the greasing we apply
> is meant to counter.

Thanks for focusing on this. I'd like to take this opportunity to chime in
with a network operator's perspective on
these matters.

As it turns out, the generic term "middlebox", which seems to be rather
loaded in this context, somehow hides another
important use case for us: a passive middle observer meant for
troubleshooting.

While I agree that all active middleboxes may somehow wreck things in
creative though unwilling ways, a passive middle
observer can do no harm. But the point is that this middle observer is not
only harmless, but necessary for the smooth
operation of the network, which benefits the whole chain: its purpose is
simply to locate, as effectively as possible,
the offending link or piece of equipment, once some problem has been
detected end-to-end.

To do so, the most efficient method is dichotomy, which allows to home in
on the problem in logN steps for a path of N
segments, where each steps means (1) installing the middle observer at a
chosen point on the path and (2) deciding
whether the problem happens upstream or downstream from that point.

Clearly step (2) assumes that the measurements done by the middle observer
give the upstream/downstream information.
This means that the observable of interest (RTT, loss or reordering) should
be available for both upstream and
downstream segments. This somehow constrains the class of methods that can
be designed to support the use case. In this
respect, the spin bit is satisfactory (since it gives both upstream and
downstream RTT estimates), while proposed
alternatives like packet number echo aren't (since they only yield
end-to-end RTTs).

Now, while pondering options like a random key shared by the endpoints,
please keep in mind the use case of dichotomic
troubleshooting, where typically none of the endpoints is under control.
You may still impose stateful operation on the
middle observer though. But don't just kill it.

-Alex

_________________________________________________________________________________________________________________________


Ce message et ses pieces jointes peuvent contenir des informations
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu
ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou
falsifie. Merci.

This message and its attachments may contain confidential or privileged
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and
delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been
modified, changed or falsified.
Thank you.

v2.23.0 | Report a Bug | By Email