[tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Should traffic protection be mandatory to implement? (Issue #48)

"Black, David" <David.Black@dell.com> Wed, 24 July 2024 15:11 UTC

Return-Path: <prvs=193501744b=david.black@dell.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C751C1840D8; Wed, 24 Jul 2024 08:11:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.255
X-Spam-Level:
X-Spam-Status: No, score=-2.255 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dell.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DCgxDQQxcEKN; Wed, 24 Jul 2024 08:11:04 -0700 (PDT)
Received: from mx0b-00154904.pphosted.com (mx0b-00154904.pphosted.com [148.163.137.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3FE3C1840FE; Wed, 24 Jul 2024 08:10:58 -0700 (PDT)
Received: from pps.filterd (m0170396.ppops.net [127.0.0.1]) by mx0b-00154904.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 46OE2V7B007071; Wed, 24 Jul 2024 11:10:56 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dell.com; h=from :to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=smtpout1; bh=TR+DZ/KB2VnamVSh6ue+t XB9orNclmnyl6Ea2KV1E2A=; b=ZYASfqWm4hFHCJzp7TMrijd36c5WyLQpWcm8E gWCWAbZwq+28UQ6LHM5Gn/Cb3+8ilQL+nVoxiSmm99wnvE3/DnnttM0FsJN8NkE/ F6QpAmDrPTc/MTu1K8Miw4NDtD2qd/eSnVtZHxBcl5KBt65JMf2WNpVfmJhbfBCn OcvAbY9p6+XaMisJZvG/CH65HUrow3fCQewVLbdz9XUl4vtG8rb2AtpG/cPO0Fdk dwGPRQcn5O7IABhIJfzI0ZFFjkyMn2VrjJBVbuXdhermh+KbVGFu2GpHdQgfbROc deyiDO0GuvMbE8WSkmoVQ+sllZ2nPudDF2A9+KHEB41qZTJrA==
Received: from mx0b-00154901.pphosted.com (mx0b-00154901.pphosted.com [67.231.157.37]) by mx0b-00154904.pphosted.com (PPS) with ESMTPS id 40juc0qk0t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 24 Jul 2024 11:10:56 -0400 (EDT)
Received: from pps.filterd (m0144103.ppops.net [127.0.0.1]) by mx0b-00154901.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 46OD4DYQ002514; Wed, 24 Jul 2024 11:10:55 -0400
Received: from nam04-dm6-obe.outbound.protection.outlook.com (mail-dm6nam04lp2040.outbound.protection.outlook.com [104.47.73.40]) by mx0b-00154901.pphosted.com (PPS) with ESMTPS id 40k25xt6n6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 24 Jul 2024 11:10:55 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=b5AHf87H5Y1TM18EsVHsFQv2Ux+7IgUncXgay78y3IjMMm0Y7BOXlG3rGhSaT+kpXXTlykNdBqYoTOHE55U/yTj6v6CnTTEcbrmSiZD2OfMzsv6VLwO9D50NMXUvEysmB1tOAos1Rrho4E3WeLS5I4cu86hZmdGh6pmbE4b2XGXSfkCve/lep9hyHQ3KVVGofg+Z7J/YL6mA02SBY4h5oVxwi8XBK0eZ5sTBID3klfAAM7uNeFW3VGXhC5zaDz/p2hjiWyu7y7UI3zDP4J1IcDQitAoib8GCHFhL4VDWShyH9uDZRCWqGRhpEbvz0eYaUllrX6HnvoeR1vDnxDpqtA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TR+DZ/KB2VnamVSh6ue+tXB9orNclmnyl6Ea2KV1E2A=; b=LgRFq8yQHVG70HYX5s5UIW8eVIoYboPAgN1ImSb+lr86rX2mldt2io7xe1IJRUud+CCkz/I4rIvU+JG1xAyFLvYn1kmILAo7s+IvWV5cbNvSABtSkyH+h6RiYieE7tXerKLEnMUleXhEBqtDNy4CphIHfhywQi3nTVkloQbzEMGBb5MdC8el0Phpif1ldFqxXBsmQiIj+SlUbLCXUbA2Rppm5RifS3P6vpxwzS1dGjywQCmzj79u80td9nv6YflZIZAjgAesxagXpOoItS0ZYlwKAM1S8MN0zLdD7BC7YmImR9FRFG08lg0TpwxA9XPJHu6KIuRUE5NqzfUZfrQ+wA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dell.com; dmarc=pass action=none header.from=dell.com; dkim=pass header.d=dell.com; arc=none
Received: from MN2PR19MB4045.namprd19.prod.outlook.com (2603:10b6:208:1e4::9) by MN0PR19MB6358.namprd19.prod.outlook.com (2603:10b6:208:3c2::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7784.28; Wed, 24 Jul 2024 15:10:49 +0000
Received: from MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::656e:ea92:20c8:471e]) by MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::656e:ea92:20c8:471e%3]) with mapi id 15.20.7784.017; Wed, 24 Jul 2024 15:10:49 +0000
From: "Black, David" <David.Black@dell.com>
To: Greg White <g.white@CableLabs.com>, "Overcash, Michael (CCI-Atlanta)" <michael.overcash=40cox.com@dmarc.ietf.org>, "Black, David" <David.Black=40dell.com@dmarc.ietf.org>, gwhiteCL/NQBdraft <reply+AB2VULW2XRH6MPK23ABRZQOEVLRFREVBNHHI5USV5Y@reply.github.com>, gwhiteCL/NQBdraft <NQBdraft@noreply.github.com>
Thread-Topic: [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Should traffic protection be mandatory to implement? (Issue #48)
Thread-Index: AQHa3VqqiQTMFqH0Zk6mjNioLFT6XLIF5yfw
Date: Wed, 24 Jul 2024 15:10:49 +0000
Message-ID: <MN2PR19MB40457A63C91A2FA2D244A08583AA2@MN2PR19MB4045.namprd19.prod.outlook.com>
References: <gwhiteCL/NQBdraft/issues/48@github.com> <gwhiteCL/NQBdraft/issues/48/2244060936@github.com> <MN2PR19MB404591B9BAA1AEED7BBB900983A92@MN2PR19MB4045.namprd19.prod.outlook.com> <LV2PR01MB7622B7EA53C95951987C9B0B9FA92@LV2PR01MB7622.prod.exchangelabs.com> <7C5E6558-C37C-42DF-9936-E34A669982CC@CableLabs.com>
In-Reply-To: <7C5E6558-C37C-42DF-9936-E34A669982CC@CableLabs.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a7bd41d9-d1d6-4f41-bf46-97f0241fcca2_ActionId=4d2b8fb1-77d9-4d35-abd8-ebc447a25224; MSIP_Label_a7bd41d9-d1d6-4f41-bf46-97f0241fcca2_ContentBits=0; MSIP_Label_a7bd41d9-d1d6-4f41-bf46-97f0241fcca2_Enabled=true; MSIP_Label_a7bd41d9-d1d6-4f41-bf46-97f0241fcca2_Method=Standard; MSIP_Label_a7bd41d9-d1d6-4f41-bf46-97f0241fcca2_Name=No Visual Label; MSIP_Label_a7bd41d9-d1d6-4f41-bf46-97f0241fcca2_SetDate=2024-07-23T14:15:00Z; MSIP_Label_a7bd41d9-d1d6-4f41-bf46-97f0241fcca2_SiteId=945c199a-83a2-4e80-9f8c-5a91be5752dd;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN2PR19MB4045:EE_|MN0PR19MB6358:EE_
x-ms-office365-filtering-correlation-id: d0805892-7f52-42e2-3a5e-08dcabf2cd17
x-exotenant: 2khUwGVqB6N9v58KS13ncyUmMJd8q4
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|1800799024|38070700018;
x-microsoft-antispam-message-info: xtW7QN78yaKt2gvM+SWivaxwnfR8mmje/vfRT3drc3HqnQGKfNhVKG2ftyk2Z0ukC6gGZGZPMNXancl2euZm/vQh52STEi6zp3Qmc8f3NJh+obCxPFoC76y2mrXiNnG/CxQYeoUB6NU/IREnjtqjUd9Z9xQrSQBBrp9hDnyigZOsEnb9IdI9W+VVnLOg4NwtyavlkfrOr1FJxraGxgsfUvQ5T95wz1msN6ASTu7uoOziU61KEDumpVjv+mehp99HbWtkEVeWapeEE2V8OYvwa5XDeuMehWYGgQh6EJN20q5m30t4MR8WQE5w98P6hZiFh+df5jUy58P915LT/1qVylFtnaedporNwK/B5quYvVQ1NzBA9wezDoiJ4odiZonVJuCsOBERNF6FeROcxd7isRgeImx3vk28kYTTYXya3d1JZigiVlSBe/AfbKp2JZH3ymjKpUrBxjjzLsLxUPKNJ9PgsFm2XpiJkECsmMPqh5rHUupeOBGGc68IZcq5xbf8+MGzCxZ3GbFlZe/wM7jbUs5yGlBkw9R3oVGhxRbXYe5LyCeua5qPDdsCgosfIZD9mhmtLPU/uPMcjvdObwe9Cv2LyspwaTCi52yb25FyKZwD23F+xgDl2BoUwS0HxtE9YdapZ3D/PP6YxfONdsPT2ZSo/3EDIqpV5OB3fBjneiG7IhNol9OQISbI08Gdev8XIsz54w2p2sRcPDmX144URIYeMs+JKSl8qaHf3G/Zyf0KnygtPVX8SbvXmk3IAD6Q8iOHPZ9KkPGi9vxRzVFRHhCkqMXCosKy6+VZDsiauNv/kkf+9CEsG0DH8/UfIVrPF9loLrmblAIH1aOe66lh5GCFefIMpzzcTkxq8ca9AJMbljPOtwPamv2rhmTOL9vO+v4ZJXVtvNwQZu75acKeAhYscMkkhCi05XZtqX80kSnnw3mB92n1FyGYI62PLnqlJGpP32w4w2kZOkPDH85fVhR+zLWklbmZDL5qVgu2D2mJ0vL5sIhEUYWTeXk3UIr3XjBreGv0bBONg+UnmmVOtCrqYcVXPanBnN0DNrXcEKtSPtNzz3p1gXwh02zmgB/VlIffkYJwhPWlv5Ek5iUU0uzuHtGukt3/KgE58BCKvIq2zGVekeXD0jXbV2SnNTOG9ctX556/xOrmViHhTdu4G5Hkas735QT8H5FnTBWTsd17099ZxAgGbxukoDQfbG+AOXguzAb5vHNPNhZKdDgEao7gJrU0J74U9SkeWjqkXPciaeUGaH7F16l6Pxog49pTg/TDIUMF7Un9rewXq/AQjz3wcRkHwJNhNOKXIf8VTT3flMbpehD9ieqJeZeAPdlVNEIoqxc4JQCzdnp0sElRhvcYi4gpVoA2TOvFomHEvq6EEvltVtoEVEsCI6oDwrO8I60R9wWE7TEHXXZtDMooEQ==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MN2PR19MB4045.namprd19.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 9jgc2cPmaNd2jyNrLH9MeoZROgaTJXmEEqkj6RJTfrzZtpcBKU6qruOf2+Q2rd9FxHe9p+RzyLZgb3KGCyqdiaRf1uX4FEyozRUZpMAY7YOE4V5A0QYhrRfqaBhNO3hRvNqJldKC95WJk2xXWi85oCssFtw6EKlpdlb3UNGW4KJgg89M1l92v2nq89zEhGfFozRMmBF6f5aof/lymnwrGpFVgDbdZztZsbkeia6pYRx6GyG0eOFAcAI+XC6o+mgr5y/Dg9SDJNheL2rgws9pnWxeAGUcokuBubWYG2qNHPDLjUdl0YwaU6gTc//oQDvmRDEIxJuLcYuXa1El7S5HcXdr2YghzFhZw+tXfCLfdsX/qMzl8hTzBMRSoE2iJzCfoBEylphGvPW6boZnFEr2oNUXWaqa71/lQ1ajEBNF72LyDse8GbWEj78ua39FTtiMeqtQlBVRCd9XKFLggDZQiU2XC9z4vLxIqsu6vMjvprlbeIuRmlAEyLGgibIP840W9nB/XuoPti4tEsKsvqBBv/ofqLy6xtdWteBKRb+zu1evO4QxEcOhw++2Cmy2B1yUzTlvUhdXA2UbkOI19VnIFEmplsSfJIdpX5UOvQjpGU4okM3uXrwqytXI2mpUYsjDXGvm4gOuiJ5zd+YGVhsDXZ1Mx37QIkwy+y1891+uxqizVQMDG+6lAx1b/NgNs0VYfqBQMuxSIw3d5HUOac48y3g3eL4yrACjZ6iSgR/1bZNw6S04VOLEby4wjmnt3S6adskYLnPo+mwR3yM3W8ZwRY9eOh3ZxRbrzIK1xnA/y1K1qpRoN81H5m19k2TQe7g6/+2Kn0UoHZA+wOoE/XlxBhbgO23Dk3DX6Z/3vLRHdoabek5SKp6yIJgKUOf7mDFL/x5ZgOnLgXaU/NcWTTn8DclsKq93nYWdYsUvMlEnfKyBdGZxPowYicBwhE7eDRIYHwV5wbHA7UCggbsVq9EIPeSytS8yjo9TUr0VakDQF+w6+qpxAXa/BJ+PUtbGSyse80LwUKKu6osSll/N8nv3w/qTIBjNjWyTrcAgn1akM1q0a4S5019WraiNq32N6a0s1rRLC6UFxrZsXEP5daJgiRq6/XAou63RPBBteSeBA3HGFACoLs63Z50JzgpsUxDiCKuHXFohBz3vbJy/7AcekYW2vR6gna53bxbsFwQPVV9DpakIJw1KMEgXrShDZcFTt79mL2QAGaou+n+LhLtq6y+XtGIF1JcAu3fCjcbYG4OXrGhf2HFRJPIV+9gsdIEwqQOghvdZ5Fb2pcd7TiGJIdPJnSpsH83M0FcUR1w0i6uyJ9qpCT3ATpsy2wspeRxn6yoHYk+aT8ikn8ZUGPw/Did9XY5ql9V8er+YMy2cGABa7SusKXvXLY7QflPWFNUdxvo4mo/iFDc+TZp3YUAz03PYNqCjUCpdpPLC6bD2cezHz95XGa7atj/Hkxu2uZZ44madZp3vWed/fx3wlwgnldmK3133q8goD1kSKCNPMtQ5T7UbeyivN9kkza5CJ5ckRyxT9yNYxdhvHOQfx6pxnmlbD74LOVMNOeYbvFdwgaRhgP3rTLSE8A00UmuVO1G/
Content-Type: multipart/alternative; boundary="_000_MN2PR19MB40457A63C91A2FA2D244A08583AA2MN2PR19MB4045namp_"
MIME-Version: 1.0
X-OriginatorOrg: Dell.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR19MB4045.namprd19.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d0805892-7f52-42e2-3a5e-08dcabf2cd17
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jul 2024 15:10:49.0749 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 945c199a-83a2-4e80-9f8c-5a91be5752dd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: fHXAld8kpd2L2D8PkzQPfDSr2zMvjpSD8cU82y0khBR+jf0F0Oti7Dwh8waKxWFaOm+tXUdymmLuzToWfGTe0Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR19MB6358
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-07-24_13,2024-07-24_01,2024-05-17_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 lowpriorityscore=0 spamscore=0 bulkscore=0 malwarescore=0 mlxscore=0 mlxlogscore=999 impostorscore=0 clxscore=1011 phishscore=0 suspectscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2407110000 definitions=main-2407240111
X-Proofpoint-GUID: dQTFm3-Y04tSjGI61XSWJIZ-t9VSQ0iV
X-Proofpoint-ORIG-GUID: dQTFm3-Y04tSjGI61XSWJIZ-t9VSQ0iV
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 lowpriorityscore=0 mlxlogscore=999 adultscore=0 impostorscore=0 suspectscore=0 bulkscore=0 priorityscore=1501 clxscore=1015 mlxscore=0 spamscore=0 malwarescore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2407110000 definitions=main-2407240111
Message-ID-Hash: 2B6ESZ4DP5HPBQKTZR5ESMGMOE5KD42N
X-Message-ID-Hash: 2B6ESZ4DP5HPBQKTZR5ESMGMOE5KD42N
X-MailFrom: prvs=193501744b=david.black@dell.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tsvwg.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: tsvwg IETF list <tsvwg@ietf.org>, "Black, David" <David.Black@dell.com>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Should traffic protection be mandatory to implement? (Issue #48)
List-Id: Transport Area Working Group <tsvwg.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/815qSeH1T1zmeBok_CBrYUEJcRk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Owner: <mailto:tsvwg-owner@ietf.org>
List-Post: <mailto:tsvwg@ietf.org>
List-Subscribe: <mailto:tsvwg-join@ietf.org>
List-Unsubscribe: <mailto:tsvwg-leave@ietf.org>

> [From David:]
>> I understand the overall intent, and I'm fine with that as a high-level goal/direction. The problem is that in the -24 version of the draft,
>> "shallow-buffered" is an all-but-undefined term. …. The detailed requirements for sufficiently shallow buffers that realize
>> that non-performance guarantee need to be specified and mandated, e.g., in Section 5.1 of the draft.

> Ok, I think this is solvable.  Here is a proposal:
> `The NQB queue MUST have a buffer size that is significantly smaller than the buffer provided for Default traffic.
> It is RECOMMENDED to configure an NQB buffer size less than or equal to 10 ms at the shared NQB/Default egress rate.`

That's an improvement, but "significantly smaller" is almost as undefined as "shallow-buffered" and the size in octets of a 10ms queue varies dramatically by egress rate.

Trying a different perspective ... A simple way to attempt abuse of an NQB queue is to point a TCP connection at the queue and set TCP loose.  If that TCP is using IW10, then drops in that initial window would be a good initial disincentive for that sort of abuse (aside: this is all but assuming that the IW10 packets are not paced, which may not be a good assumption).  Attempting some quick back of the envelope math for my 50 Mbit home service, 15kB (10 x 1.5kB typical MTU) x 8 = 120 kbits.  120k/50M = 2.4ms at a 50Mbit line rate, which is less than 10ms.  If the NQB egress rate were capped at 10% of the line rate, then 15kB takes 24ms, so a 10ms bottleneck buffer size ought to cause multiple drops which will get that TCP's attention ;-).  OTOH, if the service rate is increased to 1 Gbit (available from my ISP), then that 24ms gets divided by 20, resulting in 1.2ms for 15kB which easily fits in a 10ms buffer.

At a minimum, I hope this illustrates that a fixed time period is not a great way to size NQB queues because the link/egress rates involved vary by a number of orders of magnitude.  There's more to be done from here to get to a complete solution.

Greg – two questions (with more doubtless to come):

  *   what sort of link/egress rates were assumed in coming up with the 10ms recommendation for NQB buffer size?
  *   The 10% NQB rate cap in the above example is at best a plausible assumption (e.g., could allow for 10 microflows @ 1% rate cap each, as described in the per-microflow rate policer for traffic protection) – what would make sense?

Thanks, --David

From: Greg White <g.white@CableLabs.com>
Sent: Tuesday, July 23, 2024 7:47 PM
To: Overcash, Michael (CCI-Atlanta) <michael.overcash=40cox.com@dmarc.ietf.org>; Black, David <David.Black=40dell.com@dmarc.ietf.org>; gwhiteCL/NQBdraft <reply+AB2VULW2XRH6MPK23ABRZQOEVLRFREVBNHHI5USV5Y@reply.github.com>; gwhiteCL/NQBdraft <NQBdraft@noreply.github.com>
Cc: Black, David <David.Black@dell.com>; tsvwg IETF list <tsvwg@ietf.org>
Subject: Re: [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Should traffic protection be mandatory to implement? (Issue #48)


[EXTERNAL EMAIL]
[From David:]
> I understand the overall intent, and I'm fine with that as a high-level goal/direction. The problem is that in the -24 version of the draft, "shallow-buffered" is an all-but-undefined term. …. The detailed requirements for sufficiently shallow buffers that realize that non-performance guarantee need to be specified and mandated, e.g., in Section 5.1 of the draft.

Ok, I think this is solvable.  Here is a proposal:
`The NQB queue MUST have a buffer size that is significantly smaller than the buffer provided for Default traffic. It is RECOMMENDED to configure an NQB buffer size less than or equal to 10 ms at the shared NQB/Default egress rate.`


[From David:]
> Proceeding in this direction ... if traffic protection is not mandatory to implement, then the draft will need to restrict NQB implementation and usage (using "MUST" and "MUST NOT" or equivalent RFC 2119 keywords) to network environments that have "other ways to address malicious sources."

[From Michael:]
> I also don’t think it is necessary or helpful to try to solve for malicious actors here. Any malicious actor can fill up queues and crowd out other traffic simply by sending high rate UDP. Shallow buffers are not uniquely vulnerable here. On the contrary, there is no buffer so large that a malicious actor cannot easily fill it.

I agree with Michael’s viewpoint.  Similar to my previous argument, the IETF doesn't restrict implementations of the Default PHB to only being deployed in network environments that have "other ways to address malicious sources." What would be the rationale to do so here?  It is IMO definitely ok to include guidance to network operators saying that NQB implementations that lack traffic protection are as vulnerable to malicious traffic as other queues, and so the operator should follow existing best practices to protect their NQB queues from malice.