Re: [secdir] SecDir review of draft-ietf-aqm-pie

"Rong Pan (ropan)" <ropan@cisco.com> Fri, 27 May 2016 19:26 UTC

Return-Path: <ropan@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CA6C12D7B6; Fri, 27 May 2016 12:26:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.946
X-Spam-Level:
X-Spam-Status: No, score=-15.946 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KkVJERlpAN1B; Fri, 27 May 2016 12:26:14 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E406812D123; Fri, 27 May 2016 12:26:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=18011; q=dns/txt; s=iport; t=1464377174; x=1465586774; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=txYJZTMPpT5Q9dmvFF6l4HgvN7FFLACLzLa1LALMv1M=; b=nDawyZ3vaMMVaCnv5lrhSPib3XutK7wc3DBRirYUJrZu/YfixXqsEhAs Y1pivTORUrnbf984GpYt4t6FKeihy3KGGVRXMQ/qXtxYIFjPIPwAzrStd 3UOEwF9m9rG+HP1ngj3cPRrM3Hwroi8ZXoeUhdAQ9T0tWrgYIwFLJbLEU I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AJBgCknkhX/4cNJK1bgmxNgVMGtHqHA?= =?us-ascii?q?IYRAoE2OxEBAQEBAQEBZSeEQwEBAQSBCQIBCBEDAQIoBzIUCQgCBAESG4gTAcN?= =?us-ascii?q?tAQEBAQYBAQEBAQEBIIYng0mBA4RfhToFhXaNQYUAAYtkgjuBaY0zhjOJGAE2L?= =?us-ascii?q?INtbokJAX4BAQE?=
X-IronPort-AV: E=Sophos;i="5.26,375,1459814400"; d="scan'208,217";a="109127380"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 27 May 2016 19:26:12 +0000
Received: from XCH-ALN-017.cisco.com (xch-aln-017.cisco.com [173.36.7.27]) by alln-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id u4RJQCYk015756 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 27 May 2016 19:26:12 GMT
Received: from xch-aln-017.cisco.com (173.36.7.27) by XCH-ALN-017.cisco.com (173.36.7.27) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Fri, 27 May 2016 14:26:12 -0500
Received: from xch-aln-017.cisco.com ([173.36.7.27]) by XCH-ALN-017.cisco.com ([173.36.7.27]) with mapi id 15.00.1104.009; Fri, 27 May 2016 14:26:11 -0500
From: "Rong Pan (ropan)" <ropan@cisco.com>
To: Warren Kumari <warren@kumari.net>, IETF Security Directorate <secdir@ietf.org>, "draft-ietf-aqm-pie.all@ietf.org" <draft-ietf-aqm-pie.all@ietf.org>, The IESG <iesg@ietf.org>
Thread-Topic: SecDir review of draft-ietf-aqm-pie
Thread-Index: AQHRpJAqD1rMJ9aCcEa7X80zJps755/NMJUA
Date: Fri, 27 May 2016 19:26:11 +0000
Message-ID: <D36DED3E.189FE%ropan@cisco.com>
References: <CAHw9_iJfoq-xdQxdB6M=NQ0Xp+ip-BBRqRYRH9dA4caKJH4o2A@mail.gmail.com>
In-Reply-To: <CAHw9_iJfoq-xdQxdB6M=NQ0Xp+ip-BBRqRYRH9dA4caKJH4o2A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.2.160219
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [171.71.130.224]
Content-Type: multipart/alternative; boundary="_000_D36DED3E189FEropanciscocom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/fFIIF3lg5dr90CA0tXQT6PRCP1s>
Subject: Re: [secdir] SecDir review of draft-ietf-aqm-pie
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 May 2016 19:26:16 -0000

Thanks for the suggestions. I have included them accordingly.

Best,

Rong

From: Warren Kumari <warren@kumari.net<mailto:warren@kumari.net>>
Date: Monday, May 2, 2016 at 9:31 AM
To: IETF Security Directorate <secdir@ietf.org<mailto:secdir@ietf.org>>, "draft-ietf-aqm-pie.all@ietf.org<mailto:draft-ietf-aqm-pie.all@ietf.org>" <draft-ietf-aqm-pie.all@ietf.org<mailto:draft-ietf-aqm-pie.all@ietf.org>>, The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>
Subject: SecDir review of draft-ietf-aqm-pie


Be ye not afraid...

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Version reviewed: draft-ietf-aqm-pie-06 - PIE: A Lightweight Control Scheme To Address the
Bufferbloat Problem

Summary:
LGTM, Security AD attention not required.

Details:
No major issues, some nits. Feel free to integrate or ignore.

Notes:
>5 authors. Many of the authors are experienced, so they probably already know the RFC Ed might make sad face at you.

Comments in [O]riginal, [P]roposed, [R]eason.


Abstract

Bufferbloat is a phenomenon where excess buffers in the network cause
[O] phenomenon where excess
[P] phenomenon in which excess
[R] grammar
high latency and jitter. As more and more interactive applications

[SNIP]

There is a pressing need to design
intelligent queue management schemes that can control latency and
jitter; and hence provide desirable quality of service to users.
[O] jitter; and hence
[P] jitter, and hence
[R] grammar

[SNIP]
The design does not
require per-packet timestamp, so it incurs very small overhead and is
[O] require per-packet timestamp,
[P] require per-packet timestamps,
[R] grammar
[O] incurs very small overhead
[P] incurs very little overhead
[R] word choice



1. Introduction

The explosion of smart phones, tablets and video traffic in the
Internet brings about a unique set of challenges for congestion
control. To avoid packet drops, many service providers or data center
operators require vendors to put in as much buffer as possible. With
rapid decrease in memory chip prices, these requests are easily
[O] With rapid decrease in memory chip price,
[P] Because of the rapid decrease in memory chip prices,
accommodated to keep customers happy. While this solution succeeds in
assuring low packet loss and high TCP throughput, it suffers from a
major downside. The TCP protocol continuously increases its sending
rate and causes network buffers to fill up. TCP cuts its rate only
when it receives a packet drop or mark that is interpreted as a
congestion signal. However, drops and marks usually occur when
network buffers are full or almost full. As a result, excess buffers,
initially designed to avoid packet drops, would lead to highly
elevated queueing latency and jitter. It is a delicate balancing act
to design a queue management scheme that not only allows short-term
burst to smoothly pass, but also controls the average latency in the
presence of long-running greedy flows.
[O] It is a delicate balancing act to design a queue management scheme that not only allows short-term burst to smoothly pass, but also controls the average latency in the presence of long-running greedy flows.
[P] Designing a queue management scheme that allows short-term bursts to pass smoothly as well as controlling the average latency in the presence of long-running greedy flows is a delicate balancing act.
[R] readability

[SNIP]

New algorithms are beginning to emerge to control queueing latency
directly to address the bufferbloat problem [CoDel]. Along these
lines, PIE also aims to keep the benefits of RED: such as easy
[O] the benefits of RED: such as easy
[P] the benefits of RED, including easy
[R] readability and grammar
implementation and scalability to high speeds. Similar to RED, PIE
randomly drops an incoming packet at the onset of the congestion. The
congestion detection, however, is based on the queueing latency
instead of the queue length like RED.

[SNIP]

In October 2013, CableLabs' DOCSIS 3.1 specification [DOCSIS_3.1]
mandated that cable modems implement a specific variant of the PIE
design as the active queue management algorithm. In addition to cable
specific improvements, the PIE design in DOCSIS 3.1 [DOCSIS-PIE] has
improved the original design in several areas, including de-
randomization of coin tosses and enhanced burst protection.

This draft separates the PIE design into the basic elements that are
MUST to be implemented and optional SHOULD/MAY enhancement elements.
[O] that are MUST to be implemented
[R] This is awkward, but maybe should be left as is? Or delete "are"?



4. The Basic PIE Scheme

As illustrated in Fig. 1, PIE conceptually comprises three simple MUST
[O] PIE conceptually comprises three simple
[P] PIE is comprised of three simple
[R] I think this is what is meant -- PIE is made of three MUST components, not PIE makes those three components?

components: a) random dropping at enqueueing; b) periodic drop
probability update; c) latency calculation.

[SNIP]


5.2 Departure Rate Estimation

One way to calculate latency is to obtain the departure rate. The
draining rate of a queue in the network often varies either because
other queues are sharing the same link, or the link capacity fluctuates.
[O] because other queues are sharing the same link, or the link capacity fluctuates.
[P] because other queues are sharing the link or because the link capacity fluctuates.
[R] clarity



9. Security Considerations

This document describes an active queue management algorithm based
on implementations in Cisco products. This algorithm introduces no
specific security exposures.


10. IANA Considerations

There are no actions for IANA.


-- END --