Re: [tsvwg] FQ & VPNs

Ingemar Johansson S <ingemar.s.johansson@ericsson.com> Sun, 21 February 2021 19:07 UTC

Return-Path: <ingemar.s.johansson@ericsson.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A772F3A0EDB for <tsvwg@ietfa.amsl.com>; Sun, 21 Feb 2021 11:07:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.671
X-Spam-Level:
X-Spam-Status: No, score=-2.671 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.57, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DPt84tN4VUin for <tsvwg@ietfa.amsl.com>; Sun, 21 Feb 2021 11:07:09 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2088.outbound.protection.outlook.com [40.107.21.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51BB53A0EDA for <tsvwg@ietf.org>; Sun, 21 Feb 2021 11:07:09 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CyuTGMyoF6DmAE00uFsnTjvUaSknieDJnYdMQomgzjyC4CSGKUlUpYr2vKYin4IqKWDko8qiCJ0TE3jbs7y0689PbMXxigBTJY6koHHNm552eeP5RTb+0HEovOWIEmwGzA1/iFOyuSdJ7NVQiL/qPHP7tf5nlToUkV+u7OhAncqUbzaxIyUvfhYkvNes3Se/YzTasmXnExs+gSSzpXl/TnNa4+L+0hMV4vwkXG/r66Od7r13gC63GrIxKOvkvlcsGoLVoUst94UW/BujDw56mavZM1stWRXZzPaVIDJ7pEPdAinjjPFe4Roxe0vg1otfqvNl1P7r737Itog+/EMbbA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DSuIex9jUviMmc8WvriSQhUSGukB+kdn8gojysNfvt4=; b=JA+FVClkRHvcs+DwY+4fRfHqXiCutimFSGuNev0OVH+q2cciaG1dYP9fUZHMJzXfArEQgiwRXfuTfQ3XEwbOXVdqYHsrgRl6WmZvEAjirPkIW3jsecRkmPSO3yGxsINsBbnxmykT2RKAeOpdzqvfMfHfG4tXZhk0nuxbUk0R787rSG67ixZyw7CQHWu8EdoT5tqFM5UdINiFaGpK+o7EWKKg830Kd9QrKIvkWSTLKXDU9e6LNaQ1baVwhLomFIgh/V7pKCJwXq1RgPJgHonVo8MKTVwFpOGsM/LESHcASRAkYDhD7MIO3vZw4E2xWT6G9VW1ShljsBANW10HjhOtew==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DSuIex9jUviMmc8WvriSQhUSGukB+kdn8gojysNfvt4=; b=EE7cZO0UR8Lf+UCLbraWiXQOUNuwx2V3kgaNg1CglvaLXVonbCxhurqiT2XQyuwfeamFcbHKSVBPmYXCnJf+5DB8aQClZ5B7zVsFY7W2ol40/TOhRIlR4TdhJHpZJJMlAiWp1U/y7I4XPdc4+zykcwk+D6KSTJ0u0jHZE6BlQdg=
Received: from HE1PR0701MB2299.eurprd07.prod.outlook.com (2603:10a6:3:6c::8) by HE1PR0701MB2298.eurprd07.prod.outlook.com (2603:10a6:3:6d::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.11; Sun, 21 Feb 2021 19:07:06 +0000
Received: from HE1PR0701MB2299.eurprd07.prod.outlook.com ([fe80::494d:6160:61fd:5b1]) by HE1PR0701MB2299.eurprd07.prod.outlook.com ([fe80::494d:6160:61fd:5b1%9]) with mapi id 15.20.3890.016; Sun, 21 Feb 2021 19:07:06 +0000
From: Ingemar Johansson S <ingemar.s.johansson@ericsson.com>
To: Jonathan Morton <chromatix99@gmail.com>
CC: Dave Taht <dave.taht@gmail.com>, Bob Briscoe <ietf@bobbriscoe.net>, TSVWG <tsvwg@ietf.org>, Ingemar Johansson S <ingemar.s.johansson@ericsson.com>
Thread-Topic: [tsvwg] FQ & VPNs
Thread-Index: AQHXBxaqQomJ8SowS0azevj3vl+bUqpgOKaAgAAGrYCAAQ438IAAQwSAgACdhfCAALevgIAAEIAA
Date: Sun, 21 Feb 2021 19:07:05 +0000
Message-ID: <HE1PR0701MB2299AE86413353FDA29EB915C2829@HE1PR0701MB2299.eurprd07.prod.outlook.com>
References: <161366419040.16138.17111583810851995947@ietfa.amsl.com> <BF0810D9-E742-4FCB-90B1-6957551B585D@heistp.net> <b222bbdf-70ae-3e5b-b122-1160299fb4e2@bobbriscoe.net> <E7CC88FA-F064-4B72-BAA9-8BE40F7AF040@gmail.com> <52cb434a-bd91-6260-7be9-85bdbd07b625@bobbriscoe.net> <BCAB7068-A10A-4FC4-9719-E300F644262C@gmail.com> <43f43fa2-69c4-bc10-3ffb-e95e41809335@bobbriscoe.net> <4835a3cd-4d88-68ac-d172-1e21bc42a150@bobbriscoe.net> <CAA93jw7_yvkqU-uxHkbHkO2g_RFmzCmJcxQhMJcBQjo=+QMh=w@mail.gmail.com> <HE1PR0701MB2299CF42CA83576C86070BB0C2839@HE1PR0701MB2299.eurprd07.prod.outlook.com> <13EBAF97-A9AF-47A1-AB71-546C31F762C2@gmail.com> <HE1PR0701MB22999A319816198B515234BEC2829@HE1PR0701MB2299.eurprd07.prod.outlook.com> <A63D9A97-95D7-4C5D-8A06-D08EAF4842A5@gmail.com>
In-Reply-To: <A63D9A97-95D7-4C5D-8A06-D08EAF4842A5@gmail.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [83.227.122.88]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1a149231-be36-4951-c8b2-08d8d69be159
x-ms-traffictypediagnostic: HE1PR0701MB2298:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <HE1PR0701MB2298233202E14E781B4081FDC2829@HE1PR0701MB2298.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:1728;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: nApHFPqiJ3mcY6c2zMaPaltzUN8Hw/atIMd7GiRR6ktExa3Bwue0UlTGjzYeHCVxaoR2ZnH4Wz9+HKS9t2g8b+rm5023Lg5U9jAW45Lpo8wW7QM2gAnZ682H6vYyuDpycW9l41anTNxlLm//1Oy24thu53PX/H22yJchVg9d/SURc86hWv7/SpIlwTghZNvRuRErXUXUdwRRc+x5RRiT8D8ewiMI9WApSisO97WeQA9rzTyEe69TAXiEbNo5Fyce7A4x0KuMJBO9GM1fwcN3wH19rfmKbkaZvNU7/STmGwz0KeXci9IOpbu8mgW9/C66teaDArDrWN7WD50LB4sMF2XBm6YoXbjLlstXPGcDzJ3Ol59cXDkEvtl5Xv0hQV0cGkzBdNA+bSdVktwVMUJyjlFIyGAU0eix+h/if+mutAYPvSL/KmlwSfIlkNcIvoHEyea5JRHFsYo6TbWog6KXPFLjLegT7k4f8iKBIgpq/xU1xNT7pbfIIQjpx9oTKvgMOeKvRVjAven0gp+CpXqWGQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB2299.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(39860400002)(346002)(366004)(376002)(136003)(186003)(6506007)(26005)(55016002)(9686003)(6916009)(2906002)(52536014)(107886003)(4326008)(316002)(71200400001)(54906003)(99936003)(86362001)(7696005)(478600001)(83380400001)(66946007)(66556008)(66446008)(66476007)(64756008)(8676002)(33656002)(76116006)(66616009)(5660300002)(53546011)(8936002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?ZG41K0l6SE5sUUt6ODBjaFFrbmZGSjRwbndMc2s5RDlMM1h0aTc2ZGFkRUdq?= =?utf-8?B?elVFMTZNUU9XazZVLy9KeUtTbGtvN2t1clNqNXluQmNXQ2NUb2xLVUQwNitR?= =?utf-8?B?RWtKZ1F2SU5TRTZoS2padSttVHYyR2RBeTdnUGt3TFFYSisraFV2cUhiTC92?= =?utf-8?B?SjM4NTJxZ0kxTzMvblNFaCs4bmpNeldKNUhHaWZoQ3VrZWNva3YvZUd0bFZW?= =?utf-8?B?dWR6eVcvWTBvWHErVDl4MUIvTkVwbC9IRXF1VVg2TnkyMXY2WTFEQ25Hdnh4?= =?utf-8?B?Yis3eDAwM1pHZUwzeklNbVBzbG5xcEo0bFNFU0hES1FDRjRZNEJHVlhqWUgx?= =?utf-8?B?TFVHZWZ0OVdVVTNrbnk3blhFMExqUnR0YnA2VDhWS0hib0FPVlVaRkFaRW5u?= =?utf-8?B?UE1wNG54MTB4ZUIyU2xwRGsxTlhNV1lXNnVtd2dhaUZTWTRad0RlY0pVOWsz?= =?utf-8?B?dUk3cVhiMDI0Unl1TkNnYmZDUC9NTXJsclhxNFNEVHNja1ZMSFpoOE5oK2lZ?= =?utf-8?B?ejV0NXRpQmpCWEZkL2pRV1VUS214NVdkVUNjWEY0ZVVVL3FxUHZOZVkxMU5z?= =?utf-8?B?REtDNUJ6T1VUSm9qQUVWTUJmREZGVmpuZVZjcFRpTjJjZVRsZmlhUUpQdDRl?= =?utf-8?B?c1RFOEswZkFtVDNxNytaNmlWem53a1RhMG1ERVA3d0lGaE9RR0pMWFZjdnpJ?= =?utf-8?B?TTRyRElROVc0ek9KZ1V3Mjk4NFRra3B4ekpGbWRybGIzd0Iwb0hlNlFmTGZl?= =?utf-8?B?ZEV0b3dxM1hJVVF0c2hFUEhlZjQ2Z1RCVVY1RUtaVlhVNlFOME91b1l0bUxZ?= =?utf-8?B?WHNqUE1ORXkzenlmZXRFMXYzSVBtZkcvTE80WkRONDlPU0FmdXJUVlRIbG51?= =?utf-8?B?YVdrWHFBSnphbXRRekswSnhmWTdKZ2JvbGg2SFdtNU1teFhWcUtQbVo3NHRX?= =?utf-8?B?anYzSURBVjdIRUhsSklqQjVqb3lCWUx0ZG44Ky90SGxrblplU2pTMlJkSnI0?= =?utf-8?B?bG90NzRzUnkvRng3c0l6VExkdFZEVDNveVVxR0g2SHg5SnFmMEJEamE3ME9h?= =?utf-8?B?REk4SjhoTU1qejNFSThhM0tWanRFUE1nbnZraDdhSUhzOUpHcFRHZWFTam5p?= =?utf-8?B?d3FoZko5Qk50eWRMcWxIbVJ0MmhFVlhTaXh5bHN1NVJGZzNYMW1QTDV0OHVs?= =?utf-8?B?RFFPTFdnOTc1bzkxZnl3VklwbnpqYkpMaUhpN201ZEJvbWZWUHV3MzN2c2Fs?= =?utf-8?B?d0hrY29PWGNMdjNEZ1V3V0tUWi9PTEJEeXVUY3JKWjZPdjZ5SEl1b00zcmhI?= =?utf-8?B?aFBsNXJGU2pKcWRlN1dPeWdhTDNpeDJtbnFMZnI4Mk95WXZrbHFlK0RzSnk5?= =?utf-8?B?d2ozU2dGVVp1UHdWUEY3WDFsRXdPbjhYb2ZLSDVqVnF0VmNRaWpGNlJNOEtm?= =?utf-8?B?WEdKNmwrb3lGL2RVRmhZMUt4dTNvcDN6emp6b1ZWb25sZ0gwMXdvd3liNmly?= =?utf-8?B?OTNMa3BqU1JLVDhDSEJrYnMzUFp3K0dNSnNNa0l3bWtHQkoyektaVlJXNGRo?= =?utf-8?B?R0QzTlk5ZWNQeURXdlE1UVdMZnlaUFFGUmJpWGV1emRhNTVoQThSOW9VZVA1?= =?utf-8?B?T1h5bk93WWZ3QW1IQ1UxQ3Jvc3krQ2o1V01vVUNjTlMyOW1QVkY4d1hCMGp4?= =?utf-8?B?Rk1QSG9JbC9xQ2dhMU9jU09kRUtNeGlrQkovbTVHL3EvWnh5MXZtTE5hWGd4?= =?utf-8?Q?t7+/YLBZAiV5YLWFtDV9Tn5uZDKr7yf4OaVaRs4?=
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0245_01D7088D.1F8A0970"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB2299.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1a149231-be36-4951-c8b2-08d8d69be159
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Feb 2021 19:07:05.9468 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Ig1TsiVc7Wm6I0ohi3fUrMTFO/GoUk7XLA1AXL5/8d+4k72HcViCHdQ4KZLobQuXbRKnBT4Pv5Wo1aPSgaAJX+PunSdOdya09I+tvyglXCETZeePCXoaISvqQKXmLtIs
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2298
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/Iytd0BtdlKyLGs_HqM8KR0ubr6k>
Subject: Re: [tsvwg] FQ & VPNs
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Feb 2021 19:07:12 -0000

Jonathan

So.. on the one hand you can set up multiple VPN's to overcome the fq-codel problem. But then when I mention that you can use that very same method to put L4S traffic it becomes overly complex. I am not going to analyze what makes it so hard. 
I've seen similar arguments in the past in the form of edge devices that are impossible to upgrade.  

I believe that we (the WG), has to make a decision. The current discussion has been ongoing for almost 2 years. Are we going to put arguments back and forth for two more years.. or work together to bridge the gaps ?. After all fq-codel with L4S support would have been ripe and ready in one year if there had only been an incentive to have it done. Why not spend the time and effort on that instead?  

/Ingemar

> -----Original Message-----
> From: Jonathan Morton <chromatix99@gmail.com>
> Sent: den 21 februari 2021 18:50
> To: Ingemar Johansson S <ingemar.s.johansson@ericsson.com>
> Cc: Dave Taht <dave.taht@gmail.com>om>; Bob Briscoe <ietf@bobbriscoe.net>et>;
> TSVWG <tsvwg@ietf.org>
> Subject: Re: [tsvwg] FQ & VPNs
> 
> > On 21 Feb, 2021, at 9:04 am, Ingemar Johansson S
> <ingemar.s.johansson@ericsson.com> wrote:
> >
> > Trying to summarize. Your concern is that the L4S flows starve out the non-
> L4S flows when they share the same VPN tunnel.
> > You proposed the solution yourself below:
> > “The VPN user is thus in a position to predict, understand, and possibly
> mitigate the effect by splitting the traffic across multiple VPN flows, if
> performance turns out to be more important than hiding that piece of
> information”.
> > The same rationale can be used to put the L4S flows in a separate VPN
> tunnel, problem solved.
> 
> In the current situation, where the flows sharing the tunnel do so on a
> roughly equal basis, the choice is an *optional* performance enhancement,
> to be undertaken only when actual experience shows it to be necessary.
> Usually it is not enough of a problem to bother with the hassle - and it *is* a
> hassle, because by default VPNs do not work that way.  I mentioned it only
> to illustrate that the VPN user has some agency and is reasonably able to
> predict what will happen, and know that it won't be too bad either way.
> 
> Adding L4S to the mix means that the flows no longer share the tunnel on
> anything even approximating an equal basis.  A single L4S flow will bully all
> others out of its way, as soon as the bottleneck is at a conventional ECN AQM
> (whether with FQ, AF, or not).  It does not even matter whether the
> conventional flows support ECN themselves; if not, the conventional AQM
> will simply drop their packets at the same rate that it would have marked
> them, producing the same effect on congestion control and throughput.
> 
> Which means that separating the L4S flows out to a separate tunnel becomes
> *necessary*, not optional, to retain anything resembling normal
> performance.  And this would *not* be helped by deleting FQ from the AQM
> in question, as Bob suggested earlier; that would only permit the L4S flow to
> bully flows outwith the tunnel that happen to traverse the same bottleneck,
> rather than its harm being contained to the tunnel it occupies.
> 
> While the VPN user might reasonably be able to estimate the number of
> flows running through his tunnel, he might not be aware of the particularly
> drastic effect that L4S traffic would have.  I think it likely that his
> troubleshooting will lead to a conclusion that the L4S traffic is "unresponsive"
> to congestion control signals, immediate shutdown of the L4S traffic source,
> and a strongly worded letter of complaint to the vendor(s) perceived to be
> responsible for it.
> 
> > And then, there is always a possibility to upgrade the AQMs to support L4S
> as well ?
> 
> To be deployable outside of carefully prepared networks, L4S *MUST* be
> capable of coexisting, at default settings, with conventional traffic in existing
> networks.  That is mandatory, not optional.  Pete's new data is prima facie
> evidence that fq_codel (and other ECN AQMs) is a feature of existing
> networks.  I'm sure you can work out the logical conclusion to that equation.
> 
>  - Jonathan Morton