[tsvwg] FQ & VPNs (was: Fwd: New Version Notification for draft-heist-tsvwg-ecn-deployment-observations-00.txt)

Bob Briscoe <ietf@bobbriscoe.net> Fri, 19 February 2021 21:54 UTC

Return-Path: <ietf@bobbriscoe.net>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 4448B3A0A87 for <tsvwg@ietfa.amsl.com>; Fri, 19 Feb 2021 13:54:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.433
X-Spam-Status: No, score=-1.433 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=bobbriscoe.net
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 1frp41SwfwpQ for <tsvwg@ietfa.amsl.com>; Fri, 19 Feb 2021 13:54:55 -0800 (PST)
Received: from mail-ssdrsserver2.hosting.co.uk (mail-ssdrsserver2.hosting.co.uk []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8832F3A08BE for <tsvwg@ietf.org>; Fri, 19 Feb 2021 13:54:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bobbriscoe.net; s=default; h=Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:Cc:To:Subject:Sender :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=whxI72Z5nMB8kGqMnzVi2mkMFFmBPL3QiqND5ERpTmo=; b=bUMY8ugwX6fobYmt1+30t0e73m 4HUgBaeLv8XANNyId2y6sXcjTzCJlD2olJ73jao3BHImBXiHom90GHvZ4ehO2eat8jMuzFCIVq7Nj af19r8zukXIluMGmSVx8gLPmDnL448dr1TINmXieHVXVbhh9tYW6U7OJ7HaXjFnbpfiGabIozMhSp h+7wp1KRw31U4tSLl7nS2p2oVlitrxLcsZgD4zF+blPKSjwkLcspzhLrcl9rMCzSkTlz/PqeBWdlf 310P9/t03hFBetTKVc1pbaGDi473h+DzrJTjJmA0wMKirv72fFU74fi+kFwDA7AO7+jBJZiDSFeHr sfFEwwYQ==;
Received: from ([]:39588 helo=[]) by ssdrsserver2.hosting.co.uk with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from <ietf@bobbriscoe.net>) id 1lDDji-000350-Of; Fri, 19 Feb 2021 21:54:54 +0000
To: Jonathan Morton <chromatix99@gmail.com>
Cc: Pete Heist <pete@heistp.net>, TSVWG <tsvwg@ietf.org>
References: <161366419040.16138.17111583810851995947@ietfa.amsl.com> <BF0810D9-E742-4FCB-90B1-6957551B585D@heistp.net> <b222bbdf-70ae-3e5b-b122-1160299fb4e2@bobbriscoe.net> <E7CC88FA-F064-4B72-BAA9-8BE40F7AF040@gmail.com>
From: Bob Briscoe <ietf@bobbriscoe.net>
Message-ID: <52cb434a-bd91-6260-7be9-85bdbd07b625@bobbriscoe.net>
Date: Fri, 19 Feb 2021 21:54:52 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <E7CC88FA-F064-4B72-BAA9-8BE40F7AF040@gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-GB
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - ssdrsserver2.hosting.co.uk
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bobbriscoe.net
X-Get-Message-Sender-Via: ssdrsserver2.hosting.co.uk: authenticated_id: in@bobbriscoe.net
X-Authenticated-Sender: ssdrsserver2.hosting.co.uk: in@bobbriscoe.net
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/DDQ0qLygTHgZY0IZdz_Vm-vscX0>
Subject: [tsvwg] FQ & VPNs (was: Fwd: New Version Notification for draft-heist-tsvwg-ecn-deployment-observations-00.txt)
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Feb 2021 21:54:57 -0000


On 19/02/2021 13:34, Jonathan Morton wrote:
>> On 19 Feb, 2021, at 2:50 pm, Bob Briscoe <ietf@bobbriscoe.net> wrote:
>> Given you have close contact with this ISP, have you asked, or could you ask them whether they have ever deployed any FIFO ECN-enabled AQMs themselves?
> As far as I'm aware, they have only used fq_codel for ECN.  Before that, they were using SFQ in some places, without any AQM.
> However, I would remind you that neither SFQ nor fq_codel can distinguish between flows carried inside an encrypted tunnel, so this cannot be relied upon alone to make L4S safe.  Pete's data shows significant tunnelled traffic, much of which is probably due to people working from home and using VPNs to access a corporate network.

[BB] So would you not advise this ISP to remove the FQ on their 
backhaul, given they are serving large amounts of tunnelled VPN traffic?

The degree of flow rate inequality that FQ causes in this scenario is 
unbounded. For instance, if someone was running a torrent of N flows 
within their VPN, each of their flows would be squeezed to 1/N of the 
capacity of each of all the other non-tunnelled long-running flows. N is 
pretty much  unbounded.

There's no L4S there of course. The FQ is quite capable of wreaking this 
havoc all on its own. This isn't the first time you've taken a 
well-known failing of FQ, then dropped L4S into the FQ in an attempt to 
deflect the pre-existing failing of FQ onto L4S. You don't need to do 
this. Everyone knows L4S has a potential problem in Classic ECN AQMs. We 
laid that out from the very first day we brought L4S to the IETF. 
Debating games like this just turn people off.


>   - Jonathan Morton

Bob Briscoe                               http://bobbriscoe.net/