IETF Logo Mail Archive

Re: [tsvwg] L4S DSCP (was: L4S drafts: Next Steps)

Martin Duke <martin.h.duke@gmail.com> Mon, 10 May 2021 17:48 UTC

Return-Path: <martin.h.duke@gmail.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D98773A250E for <tsvwg@ietfa.amsl.com>; Mon, 10 May 2021 10:48:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H9A54Kq9jVxB for <tsvwg@ietfa.amsl.com>; Mon, 10 May 2021 10:48:27 -0700 (PDT)
Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4CD723A250C for <tsvwg@ietf.org>; Mon, 10 May 2021 10:48:27 -0700 (PDT)
Received: by mail-io1-xd36.google.com with SMTP id a11so15602215ioo.0 for <tsvwg@ietf.org>; Mon, 10 May 2021 10:48:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xonOs7O/KrElWcVuiDwIeA/k5yRXU8gX4RGFH6SG+PI=; b=DFx0Wde4Q3kMsEGMt1NNsTt1d+7JaOaNe4qVtABQMUD1271KL7+JG9apJNP9tm1thY 9h6B9g4db3TVCbjOVmI557SIq+21aey3oLMBwCu7VxVklbLzTtza5lXwLR+F1AmOCpdB dLzTd5j2+CXSIPqgUPAgT4IdhmOx0PoVtSIQ1Qk0EkygfKlMw0DQUTWNGidcs6iyZ1YC IJBRt9vJcq1SY3qI/XCShzNuqMU9a1ip9PCQKXphOb4BMmygw3ZuFKKwqv97150vXu/P tQOasszmmJOZVeGT9L3kYKS56nXeZmVyEP4jCxCPA0929DUcAVshQXCGW42Z07dDNF0x sE7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xonOs7O/KrElWcVuiDwIeA/k5yRXU8gX4RGFH6SG+PI=; b=iQDcPd/Ptp0gCrd0wodNSwtT+RRAUP7dQ3LAEX6x3ZiPaOKFnAQ34Quj9dXQpiqV3D j6/HVG6TL24Gy8QNUJ7elvQqZ+p4V6/TClQlM9yd/Webgh1ZVo1nbj1RR6C+hYJT75s6 G+cCejeKhMKv9CunvbATaRniHnxF/hESschKVUgXM6apaSqbjjshjjue34TfvjnR+Ef8 c0tej6xwk83yAfx38BaKf7s+oHbPDdqIIMKYwzCKgMzpKeiljEJE6xKPGP6X4lt0Neb1 D42l523QrSRWvNpO4vi2f9zN59Cu8+tLGw8GYVXOnssFK4fdFuOJRRiEQRuOz7I4+vGi Awxw==
X-Gm-Message-State: AOAM532kEjUF6YDSFy4W7ORltNwDfN6EEGhIUQcyokY6U/tppSN0OQi6 Ie+XsP74OvjJjJphGGwMHPrC/sOC1ZlYD2Ss2EYW+sfZOv0=
X-Google-Smtp-Source: ABdhPJymxDx4jdA5CM9bEDmJVT9tATr1ObOMIBxz84k2oi0mwdItodvR0LhPvv/otLvgsTBvURSKjXEKNRnzrAbl96M=
X-Received: by 2002:a5d:9682:: with SMTP id m2mr19335533ion.20.1620668905958; Mon, 10 May 2021 10:48:25 -0700 (PDT)
MIME-Version: 1.0
References: <MN2PR19MB404527384A1B1DD9CFC2A3D983659@MN2PR19MB4045.namprd19.prod.outlook.com> <6f0ac4bf-bd1a-65cd-1d40-a97d4aa71aab@bobbriscoe.net> <7B4426F9-E1C5-4F88-A264-0D54C809D523@gmail.com> <AM8PR07MB74761AFC8F5BE0F9573DFF32B9629@AM8PR07MB7476.eurprd07.prod.outlook.com> <6481E606-2458-49D7-B580-8DF7B93494FD@gmx.de> <AM8PR07MB747675E421F0B7A6246C67BEB9619@AM8PR07MB7476.eurprd07.prod.outlook.com> <9A9D4AC3-43F0-4778-839B-E1E247A3C5FA@gmx.de> <AM8PR07MB7476026EA3AA7AD49622B296B9619@AM8PR07MB7476.eurprd07.prod.outlook.com> <76BB09A0-E385-48C2-810A-A1E48811188C@gmail.com> <CAM4esxTSZW6DzVFxkB37A7yg8MqKXRjMDUF79UEK8=2pcy3W8w@mail.gmail.com> <f843d28b-abff-ed2b-f870-3a4885e3629a@bobbriscoe.net>
In-Reply-To: <f843d28b-abff-ed2b-f870-3a4885e3629a@bobbriscoe.net>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Mon, 10 May 2021 10:48:15 -0700
Message-ID: <CAM4esxR1fZq6bxUMZZeUsKmkCsnkDKzrXv-j-3oQwSy0bVueMA@mail.gmail.com>
To: Bob Briscoe <ietf@bobbriscoe.net>
Cc: "tsvwg@ietf.org" <tsvwg@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007033ae05c1fd622d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/BhhxCF_AXRlGYou3ZrtpuXRIHf0>
Subject: Re: [tsvwg] L4S DSCP (was: L4S drafts: Next Steps)
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 May 2021 17:48:32 -0000

Hi Bob

On Mon, May 10, 2021 at 2:42 AM Bob Briscoe <ietf@bobbriscoe.net> wrote:

> [BB] The RFC6040 tunnel behaviour shouldn't be thought of as needless. The
> valid ECN transitions are the primary security property of the ECN protocol
> at the IP layer. If it is valid for a middlebox to undo a previous increase
> in severity, it becomes hard if not impossible {1} to add enforcement
> around the system, if found to be necessary later.
>
> I say 'valid', rather than 'possible', advisedly. It's always possible,
> but if it's not valid, it can be detected as an attack, so enforcement
> mechanisms  can be retrofitted. For instance, the Congestion Exposure
> (ConEx {2}) policing and audit enforcement mechanism [RFC7713] relies on
> only upward severity transitions being valid. That's inherent for loss (you
> can't unlose a packet). And it's true for ECN CE. But if both 0>1 and 1<0
> were valid for ECN, I'm certain it would make it hard if not impossible {1}
> to enforce anything about these intermediate transitions, if it became
> necessary in the future.
>
> When we had to choose which would have the higher severity between ECT0
> and ECT1 for RFC6040, I remember going round the relevant intarea and
> secarea groups giving brief heads-ups over a few IETF cycles emphasizing
> that this was a fork in the road - paraphrasing "It's a change to IP v4 &
> v6 and if anyone can see any reason why it should be the other way round,
> speak now or forever hold your peace".
>

Thanks for the context. Maybe "needless" is too strong of a word -- but
this ECT(1) inner/ECT(0) outer combination should not actually happen in
today's internet, and if we could take it back to make this proposal work,
I think we would.


>
> Whatever, as I've said before, relying on any change to the ECN behaviour
> of tunnels is a deployment challenge orders of magnitude greater than ECN
> or L4S is (and they are already 3-party deployments). The number of types
> of tunnel, the number of vendors of each, the tendency of some to be
> implemented in hardware, and their typical lifespan create a far greater
> combinatorial problem for deployment. But the main problem is that their
> developers are not in the companies and departments of companies that would
> monetize any of the improvements that L4S would bring. It would just be
> cost for them
>

I am happy to defer to your deployment experience. I agree this is a
significant problem, but my original argument is that it is a smaller
problem than the ones introduced by the Guard DSCP. If you disagree, and
would actually prefer the Guard DSCP, I am happy to withdraw the
suggestion.

Martin

>

v2.34.0 | Report a Bug | By Email | System Status