RE: Go Back to Single Packet Number Space

Nick Banks <nibanks@microsoft.com> Thu, 26 July 2018 02:36 UTC

Return-Path: <nibanks@microsoft.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29BC4130EAA for <quic@ietfa.amsl.com>; Wed, 25 Jul 2018 19:36:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UYyGDc2FJx9h for <quic@ietfa.amsl.com>; Wed, 25 Jul 2018 19:36:05 -0700 (PDT)
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (mail-eopbgr680099.outbound.protection.outlook.com [40.107.68.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AB7A130E3C for <quic@ietf.org>; Wed, 25 Jul 2018 19:36:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qJuawzBA/3al1RqVQBaD1H3OsWNVrp/3pmYiKLO60kc=; b=S8Jmxo2+O0v9F24MoIGzzroO8FDJ23UvK/MiKgtNwxSC+LOhbO8EgFeer79WXpVWvEqYde1+jQAFo6h6gKodKGP3spORMT+cL4NNUw7qFzhvbNLf3IDOnMfS5L2Z7ODNT99O6ocTqbh9+7sQoyNKoX2dtGB5Uz8avium3iCeiag=
Received: from DM5PR2101MB0901.namprd21.prod.outlook.com (52.132.132.158) by DM5PR2101MB0965.namprd21.prod.outlook.com (52.132.133.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1017.2; Thu, 26 Jul 2018 02:36:03 +0000
Received: from DM5PR2101MB0901.namprd21.prod.outlook.com ([fe80::b1ef:f0bd:d9eb:2545]) by DM5PR2101MB0901.namprd21.prod.outlook.com ([fe80::b1ef:f0bd:d9eb:2545%2]) with mapi id 15.20.1017.000; Thu, 26 Jul 2018 02:36:03 +0000
From: Nick Banks <nibanks@microsoft.com>
To: Martin Thomson <martin.thomson@gmail.com>, QUIC WG <quic@ietf.org>
Subject: RE: Go Back to Single Packet Number Space
Thread-Topic: Go Back to Single Packet Number Space
Thread-Index: AdQkTBwat6Uz522HTCmlcfdQS0RX0wANbUcAAAFHrbA=
Date: Thu, 26 Jul 2018 02:36:03 +0000
Message-ID: <DM5PR2101MB0901E7A2FB4F8F8C79FEAEA4B32B0@DM5PR2101MB0901.namprd21.prod.outlook.com>
References: <DM5PR2101MB09016D44959E5796570F3CB7B3540@DM5PR2101MB0901.namprd21.prod.outlook.com> <CABkgnnUTPvrVALX0Xr9xGpJnTHq=yWN48NRqtcQSZ4bzGFjAYA@mail.gmail.com>
In-Reply-To: <CABkgnnUTPvrVALX0Xr9xGpJnTHq=yWN48NRqtcQSZ4bzGFjAYA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=nibanks@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-07-26T02:36:01.6551027Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:4898:80e8:1:1d83:4be1:90a4:2f3c]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR2101MB0965; 6:jVBaV90Ik2W6AxBWMThsVVl+ocUSnsq8R0vsQ6fQbOIoS5TTAYstPWtPrBr5nuukZUUGJoFLG7IQuF6/HmckQmtA3lXGQrVg1lgD/Wa8vhkT4PZE3M3Cqm8VcKdFvQICCAzcCSgblsUwyS1SRoxmHdOomZGIBf/kHMZc+pB+P0SJRQd6sEXYIfDfwXP3kxjC6m44ceyPR9NW9l1dlqW1dqAO6vsCTmzd7SWprD19v5rWvrqKw7PqELZ2FZ67gv6kkY6B5Jo3nJfLS7+tCr5iRUf4KQEzgFDJDcNcAmsqwgFsxoZz1zAz/jZ500BxmFnn/rg1RaPt0IsQbn3KKmSBR75J0suentTcIBMrW2mW4y0LJ4Buh1yMIUnc9XpaAxSQ9qPYBKW7iyBHoQMMO5VsbqsRo0zmIPn3Z9m/tQovSb4HRtMu03VQaigot+MpTkeD4biCHd27KZ8t6+GOo4BpWQ==; 5:tBFHZSoqp4mwHkNH0ShRJh2paFuMzKhFJromMFkZxN91kaJ+g/ynzkIFsD3Yis8xmMt+kzOnyQoIv8tM5QdnyOAvyt/m93TKwWTYDFYJyJ87u+o75KcpwN82Nx5T6GyayQjT+CLzeACcJKrZDAMokHlBPGmaA06ylytD0tjpgfI=; 7:gx2M9JYTuf/UdD8ZOIuh8wY38wC9RKMmRCV/TrsXXC7nrnNcfMyQ4+njcrS2PtFqyS/nAAgCTqscYRWMiKhNRBqUt5y25+g9DyXLqs5APnJcDImeddmkYPyFwAOZcs9CwO/ZZmnHi1MUgYXj1VoorvkmB4t/a2pGlqoTFbEDiI7yJRvs8xxvLktmaqYnN9ET8byC4i1vdhjRaH3lzHprIJgQi99Qa5suMTLkqKk+A4A5Hcu0OhixOsV1oRZsO7PA
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: aec2af75-3f05-4692-453c-08d5f2a087f8
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600073)(711020)(4618075)(2017052603328)(7193020); SRVR:DM5PR2101MB0965;
x-ms-traffictypediagnostic: DM5PR2101MB0965:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=nibanks@microsoft.com;
x-microsoft-antispam-prvs: <DM5PR2101MB0965DA7DC22236E864005D4CB32B0@DM5PR2101MB0965.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(89211679590171)(85827821059158)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3231311)(944501410)(52105095)(2018427008)(3002001)(6055026)(149027)(150027)(6041310)(20161123558120)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:DM5PR2101MB0965; BCL:0; PCL:0; RULEID:; SRVR:DM5PR2101MB0965;
x-forefront-prvs: 07459438AA
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(376002)(136003)(39860400002)(346002)(396003)(189003)(199004)(13464003)(53936002)(6436002)(105586002)(39060400002)(22452003)(446003)(74316002)(11346002)(486006)(2906002)(10090500001)(106356001)(5250100002)(25786009)(316002)(14454004)(5660300001)(46003)(110136005)(97736004)(33656002)(8990500004)(6306002)(76176011)(256004)(86362001)(9686003)(54896002)(8936002)(81156014)(236005)(81166006)(99286004)(7696005)(10290500003)(68736007)(476003)(6246003)(790700001)(55016002)(8676002)(6506007)(53546011)(102836004)(229853002)(2900100001)(186003)(6116002)(7736002)(478600001)(14444005)(86612001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR2101MB0965; H:DM5PR2101MB0901.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: PAILi7HIh4B8CkB/LXh2Y4GNcOizafXOvDQ3IRFD9dOvo/n7BnR46nwOcVIFD8+dpMqHhOeiALrrv6a27VL75ME4mCSn6Z6J/5kwhEuhKMiRQvUi5UjvpoX0E4RB2GsC8cbHs2RBDKAa1Q9HaIx5c6Vo6f5HCEWfzQA2XlN0s6TyY1XRFdKDWDqCzPmhZpxU3Mp4rzdFtLxU/D+lRgBoRtrTTf67kx5MJSb+7xUxkmp72sAIJze4tgx5PHAryw9GfdA7UOomSmbS86eVqc/VwIfNLf5axlcRmWcN1aC7uj6eYoGn/kQFaOD6/OyCsHCNmPCrLrkqL6eCDLeqeYmTMC1TwIZz3Jgq2i2bbKwlQe8=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM5PR2101MB0901E7A2FB4F8F8C79FEAEA4B32B0DM5PR2101MB0901_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: aec2af75-3f05-4692-453c-08d5f2a087f8
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jul 2018 02:36:03.1466 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR2101MB0965
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/0S8IkNmzSXU2RmaeJDgIZLWUrLw>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jul 2018 02:36:09 -0000

A lot more has already been discussed related to this on the issue, but I can expand on some of it here.



The design for managing sent packets and handling ACK frames for them for the two designs looks as follows:



Single Packet Space

  *   A single list of sent packet metadata objects, and other loss detection/recovery state (largest packet number, last sent time, RTO timer…).
  *   Each metadata object has 2 bits for tracking encryption level used to send the packet.
  *   On receipt of an ACK frame, encryption level and frame are passed to the ACK processing logic. This logic traverses the list of sent packets and just verifies that the received encryption level >= to the original level.



Multiple Packet Spaces

  *   Three lists of sent packet metadata objects and their associated loss detection/recovery state.
  *   On receipt of an ACK frame, encryption level and frame are passed to the ACK processing logic. The encryption level indicates when sent packet list to search.



The logic complexity of processing the ACK is pretty much the same, but the multiple packet spaces has a lot more state tracking. Additionally, how packet loss works across packet levels is not well explained. With single packet space, there is no extra complexity for cross-packet space loss recovery.



On the side of the acknowledger, there is a lot more complexity. Again, keeping three times the state to track which packets numbers are outstanding in which encryption level is a burden. The most painful part (at least for my code) is when it times to generate all the necessary packets given the current state. Taking those three sets of packet number to acknowledge and generate all the correctly formatted packets in the appropriate encryption levels in quite involved. My logic for deciding what type of packet to frame next and what can/should be put in it still has bugs after working on it for a few weeks. With a single packet number space, you only keep 1 set of packet numbers to acknowledge, and the highest encryption level for a packet number that needs to be acknowledged. Then, you send a single packet, with a single ACK frame at that highest encryption level (or higher), and you are done.



Bottom line, multiple packet numbers require 3 times the state and require a lot of additional logic to manage, both on the send and receive side. IMO, this is a lot of complexity that is not needed, and is overkill for what usually is just 1 or 2 RTT of the entire connection.



- Nick



-----Original Message-----
From: Martin Thomson <martin.thomson@gmail.com>
Sent: Wednesday, July 25, 2018 6:42 PM
To: Nick Banks <nibanks@microsoft.com>
Cc: QUIC WG <quic@ietf.org>
Subject: Re: Go Back to Single Packet Number Space



The feedback I've heard is that the simplification is subjective.

Others have said that a single space would complicate their implementation considerably more.  You might want to say more about that.



The loss of acknowledgements during the Initial phase has the unfortunate effect of forcing implementations to rely on implicit acknowledgment.  This doesn't seem like a problem now, but we're close to the quantum computer cryptographic apocalypse (put that on a sandwich board and yell it on street corners folks!) and this sort of reduction in capability could serious impair our ability to ship a key exchange that doesn't have problems.



Now, this latter thing is not an unfixable problem if you cared about it, but it depends on what your real problem is.

On Thu, Jul 26, 2018 at 5:29 AM Nick Banks <nibanks=40microsoft.com@dmarc.ietf.org<mailto:nibanks=40microsoft.com@dmarc.ietf.org>> wrote:

>

> Hello Folks,

>

>

>

> I have opened a GitHub Issue (#1579) and Pull Request (#1591) for this topic, but it seems progressed has stalled, so I figured I should take it to the list.

>

>

>

> While implementing draft-13, I came across a number of pain points related to using multiple packet number spaces. A lot of the issues result in duplicated state (and associated memory) for all the packet number spaces. But more importantly, the multiple packet number spaces bring in a lot more complexity of logic, compared to the previous single packet number space design. There is a lot more detail in the GitHub issue, and I’d ask that folks take a look at it (and the PR) and provide any feedback they might have. I feel that my Issue adequately describes the problem and my PR provides good (if not better, IMO) solutions to the problems that were fixed previously with multiple packet number spaces. I believe having a single packet number space will drastically simplify implementations in the end.

>

>

>

> Finally, as QUIC V1 (2?) is coming to a close (hopefully) I feel like we should resolve this issue soon. I don’t want this issue to slip out into the next version.

>

>

>

> Thanks,

>

> - Nick