IETF Logo Mail Archive

Re: [tsvwg] L4S DSCP (was: L4S drafts: Next Steps)

Bob Briscoe <ietf@bobbriscoe.net> Mon, 10 May 2021 09:42 UTC

Return-Path: <ietf@bobbriscoe.net>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B8A13A1262 for <tsvwg@ietfa.amsl.com>; Mon, 10 May 2021 02:42:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.433
X-Spam-Level:
X-Spam-Status: No, score=-1.433 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=bobbriscoe.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dCpyP1DhiG3U for <tsvwg@ietfa.amsl.com>; Mon, 10 May 2021 02:42:05 -0700 (PDT)
Received: from mail-ssdrsserver2.hosting.co.uk (mail-ssdrsserver2.hosting.co.uk [185.185.85.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4FA43A1205 for <tsvwg@ietf.org>; Mon, 10 May 2021 02:42:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bobbriscoe.net; s=default; h=Content-Type:In-Reply-To:MIME-Version:Date: Message-ID:From:References:Cc:To:Subject:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=0ENnpnnqL02Cq6bUCxqUlYovto7NhcOo4UuHX666p8w=; b=FpL06SJzAbZQSyi/Qm093IBHQN 7DPi+b9f+2EUOTEG7fevSDHBJvhX18Bh3g+o/CDYKaWNPCcpCu6oehmLbL+ImeiIlp1OKNYffDaKh lId6tAZeyxSztLRhzcWg5K/AaAIT8Cz8szFXhcNzEoBf6cC1ddR8I9M4pFHiPQDWxsiwcBh7RzAlp TB30flJvhaPhfkcVjdV8Emwg5fMjfEL855A0dnn8Jx3eHf/TkXUTwJQHmGOplXJIylEbf315g+kTI g0oVhSpH6x+qPKgY9t+BsDE5OLCMREw6KE5cAcHpnT7jedzai4O8y8bAwqwj6hmFdwhzTg+2bnuWG UmE+omTA==;
Received: from 67.153.238.178.in-addr.arpa ([178.238.153.67]:52896 helo=[192.168.1.11]) by ssdrsserver2.hosting.co.uk with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from <ietf@bobbriscoe.net>) id 1lg2QN-00046h-LD; Mon, 10 May 2021 10:42:02 +0100
To: Martin Duke <martin.h.duke@gmail.com>
Cc: "tsvwg@ietf.org" <tsvwg@ietf.org>
References: <MN2PR19MB404527384A1B1DD9CFC2A3D983659@MN2PR19MB4045.namprd19.prod.outlook.com> <6f0ac4bf-bd1a-65cd-1d40-a97d4aa71aab@bobbriscoe.net> <7B4426F9-E1C5-4F88-A264-0D54C809D523@gmail.com> <AM8PR07MB74761AFC8F5BE0F9573DFF32B9629@AM8PR07MB7476.eurprd07.prod.outlook.com> <6481E606-2458-49D7-B580-8DF7B93494FD@gmx.de> <AM8PR07MB747675E421F0B7A6246C67BEB9619@AM8PR07MB7476.eurprd07.prod.outlook.com> <9A9D4AC3-43F0-4778-839B-E1E247A3C5FA@gmx.de> <AM8PR07MB7476026EA3AA7AD49622B296B9619@AM8PR07MB7476.eurprd07.prod.outlook.com> <76BB09A0-E385-48C2-810A-A1E48811188C@gmail.com> <CAM4esxTSZW6DzVFxkB37A7yg8MqKXRjMDUF79UEK8=2pcy3W8w@mail.gmail.com>
From: Bob Briscoe <ietf@bobbriscoe.net>
Message-ID: <f843d28b-abff-ed2b-f870-3a4885e3629a@bobbriscoe.net>
Date: Mon, 10 May 2021 10:42:00 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1
MIME-Version: 1.0
In-Reply-To: <CAM4esxTSZW6DzVFxkB37A7yg8MqKXRjMDUF79UEK8=2pcy3W8w@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------BF77E817CB4BCC527F33866E"
Content-Language: en-GB
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - ssdrsserver2.hosting.co.uk
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bobbriscoe.net
X-Get-Message-Sender-Via: ssdrsserver2.hosting.co.uk: authenticated_id: in@bobbriscoe.net
X-Authenticated-Sender: ssdrsserver2.hosting.co.uk: in@bobbriscoe.net
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/GuqY3UvUE78VNcZVR5S7PRipAes>
Subject: Re: [tsvwg] L4S DSCP (was: L4S drafts: Next Steps)
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 May 2021 09:42:10 -0000

Martin,

Mike Heard has just referred to your email below, which I missed at the 
time - apologies. Let me respond now [BB]...

On 26/03/2021 17:15, Martin Duke wrote:
> Speaking as an individual,
>
> Bob has identified all of the problems with using DSCP for L4S. Among 
> them is running L4S through a tunnel.
>
> Another axis of discussion was changing the L4S signal to be 
> ECT(1)->ECT(0) and preserving the CE signal (thread: [1]), which 
> comprehensively solves the coexistence issues. But this fell down, 
> partially because of the (needless) RFC6040 tunnel decap behavior, 
> which will revert any outer-header changes. There are some other 
> problems, of course, they don't affect bystanders and I don't see them 
> as likely to be fatal.
>
> Honestly, if we're going to break L4S in tunnels anyway, I would just 
> as soon break it with the semantic change and not take all the other 
> DSCP baggage that Bob describes. We could even bis the mistake in 6040 
> so that "eventually" the needless behavior goes away.

[BB] The RFC6040 tunnel behaviour shouldn't be thought of as needless. 
The valid ECN transitions are the primary security property of the ECN 
protocol at the IP layer. If it is valid for a middlebox to undo a 
previous increase in severity, it becomes hard if not impossible {1} to 
add enforcement around the system, if found to be necessary later.

I say 'valid', rather than 'possible', advisedly. It's always possible, 
but if it's not valid, it can be detected as an attack, so enforcement 
mechanisms  can be retrofitted. For instance, the Congestion Exposure 
(ConEx {2}) policing and audit enforcement mechanism [RFC7713] relies on 
only upward severity transitions being valid. That's inherent for loss 
(you can't unlose a packet). And it's true for ECN CE. But if both 0>1 
and 1<0 were valid for ECN, I'm certain it would make it hard if not 
impossible {1} to enforce anything about these intermediate transitions, 
if it became necessary in the future.

When we had to choose which would have the higher severity between ECT0 
and ECT1 for RFC6040, I remember going round the relevant intarea and 
secarea groups giving brief heads-ups over a few IETF cycles emphasizing 
that this was a fork in the road - paraphrasing "It's a change to IP v4 
& v6 and if anyone can see any reason why it should be the other way 
round, speak now or forever hold your peace".

Whatever, as I've said before, relying on any change to the ECN 
behaviour of tunnels is a deployment challenge orders of magnitude 
greater than ECN or L4S is (and they are already 3-party deployments). 
The number of types of tunnel, the number of vendors of each, the 
tendency of some to be implemented in hardware, and their typical 
lifespan create a far greater combinatorial problem for deployment. But 
the main problem is that their developers are not in the companies and 
departments of companies that would monetize any of the improvements 
that L4S would bring. It would just be cost for them.

{1} I don't often say impossible, but given I spent 12 years of my life 
'finding' ConEx, if we broke the 'monotonic transitions' property of 
ECN, it would be highly unlikely we could find an alternative if we ever 
needed it.

{2) ConEx might not be known by the current generation of those 
interested in ECN. Very simply:
* If you monitor ECN passing any point in any network you see upstream 
congestion (from senders to here).
* Once you add ConEx, then monitor ConEx and ECN passing the same point, 
you see downstream congestion (from here to receivers) as well.
This allows networks to add efficient congestion policers at the ingress 
to their networks (whether edge or border) for the single aggregate of 
traffic passing any point. Obviously IP is unidirectional, so it's much

{3} I appreciate this is vague, but I'm trying to get ready for 
presentations this afternoon at the same time.


Bob

>
> This is not a statement in favor of 1->0 marking. It is a statement 
> that if the WG is going to insist on a DSCP to ship this design, I 
> would prefer 1->0 over that.
>
> Sorry to complicate the discussion.
>
> Martin
>
> [1] 
> https://mailarchive.ietf.org/arch/msg/tsvwg/TDMKRyH9E6zho6VkiXDYes7FZK0/ 
> <https://mailarchive.ietf.org/arch/msg/tsvwg/TDMKRyH9E6zho6VkiXDYes7FZK0/>
>
> On Fri, Mar 26, 2021 at 7:00 AM Jonathan Morton <chromatix99@gmail.com 
> <mailto:chromatix99@gmail.com>> wrote:
>
>     > On 26 Mar, 2021, at 2:30 pm, De Schepper, Koen (Nokia -
>     BE/Antwerp) <koen.de_schepper@nokia-bell-labs.com
>     <mailto:koen.de_schepper@nokia-bell-labs.com>> wrote:
>     >
>     > I understood the goal of your proposal. But before diving into
>     the details of a DiffServ-based proposals, I'm taking a step back
>     asking: Is using DiffServ an option at all. I don't believe so
>     (see other reply to Steve's mail related to the reason for
>     deployment).
>     >
>     > As a second step after this, "IF" using DiffServ is an option,
>     then L4S and SCE can get married and we can benefit from both.
>
>     In recent days I have put forward two distinct ways to use
>     Diffserv in this context, both of which I believe are workable. 
>     The one I prefer is of course the one involving SCE-type
>     signalling rather than L4S-type signalling; it consumes fewer
>     DSCPs and has fewer failure modes.
>
>     In the SCE context, Diffserv is useful for three things:
>
>     1: Protection of early experimental deployments.  This is temporary.
>
>     2: Enabling dual-queue AQMs to perform SCE classification and
>     signalling.
>
>     3: Allowing SCE AQMs to distinguish SCE and non-SCE traffic
>     embedded in the same tunnel.
>
>     SCE itself is compatible with existing dumb FIFOs, policers,
>     dropping AQMs, and RFC-3168 AQMs both single and multi-queued,
>     without the assistance or need for any Diffserv mechanism. Most
>     SCE AQMs will probably have AF or FQ functionality to ensure good
>     compatibility with conventional traffic.
>
>     Diffserv is strictly an enhancement to SCE, which can be deployed
>     in those contexts which benefit from it.  The CDN -> ISP ->
>     subscriber path is an ideal context for deploying a coherent
>     Diffserv system.  I think that dovetails very nicely with the
>     technical needs of DOCSIS Low Latency.
>
>      - Jonathan Morton
>

-- 
________________________________________________________________
Bob Briscoe                               http://bobbriscoe.net/

v2.35.0 | Report a Bug | By Email | System Status