Re: [tsvwg] Another tunnel/VPN scenario (was RE: Reasons for WGLC/RFC asap)

Jonathan Morton <> Fri, 04 December 2020 11:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C75AA3A0B8B for <>; Fri, 4 Dec 2020 03:45:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id dKVORwMu1Ert for <>; Fri, 4 Dec 2020 03:45:37 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4864:20::134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 42ED23A0B8A for <>; Fri, 4 Dec 2020 03:45:37 -0800 (PST)
Received: by with SMTP id t6so7205389lfl.13 for <>; Fri, 04 Dec 2020 03:45:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=bpeqaBc9vovmmueGSApUjrZBniJOHqFTIKscPXvAYwY=; b=XlxzDRA5QjALknAQ23ObfXNId8G4Ukpo7G+G1oFgc3yyXiWzd2aF7xepeERjl0jRA6 llHiSIukbQF9IlEahwbEBYKOXXqk2MaYKW4QtTWHRt4RnTHUmC+M4iwvonSrqurz45FE P6pOqXZSenK6ilBQc9auxGH8fo1/FTBAYfC7ZjJa1jzVTVprXrDBaDvxB88D4OB7/8Iy 29kPkdFAhUKxppz7FdA8OSFNnu6XpQlyCIDasQ9h6mZ44Ml+vbkSK3TYOc+Tl7K9ajrv D3G6r3u52asInbFg2fHE8fviI+lQ0b/wydYM0DlRJFwhNzcYnrgkLDJ3pV/wI1g3O5mV vBqw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=bpeqaBc9vovmmueGSApUjrZBniJOHqFTIKscPXvAYwY=; b=mYXtbFQK7ZuPqm9850qJXEqsWxxZLS9TAf2ZoC7WyVjzCIACq5WSuA0vfl3RikIxcR yEAEr5rZ7ee6dB1yABLP8pilJDMS777IfCI/R1VMnuvmKUPEglilEAsxBG4q9pUaNyvx rTLcofj+8EMSxTDoa5+aWxbzOZ99xDOprsdc6viyoKhu2kd0k00XWPBYTqNxHjzO5dbr 0en4dI8VDgGSWeQZAzYGM3GQ8PZz4LX+gbwcjJSOcLpgLSZ4rPyV6s6Xfbp2j7G1z7YU bkkdDvJvOb5fDQqnIqhxS1oMzg+w/MTvz3gm8FdqsK5+hO5o2GcFwF9NL5EiFo3hYUpJ OaRw==
X-Gm-Message-State: AOAM532BZ0eX8yiyduMQwPmR42KZZ4QZEayxg2OLWBx7poz7iaasFsVM GySIx+DQEG95hRw6lV092Zc=
X-Google-Smtp-Source: ABdhPJwNiWa7JqN9ox0NKAMhRlbUspaMl2iErXO1opDpSa/aNxfvNNXO1cSEslBtFIIlGBpsQGHqUQ==
X-Received: by 2002:ac2:5334:: with SMTP id f20mr3273611lfh.30.1607082335177; Fri, 04 Dec 2020 03:45:35 -0800 (PST)
Received: from jonathartonsmbp.lan ( []) by with ESMTPSA id m30sm197173lfj.107.2020. (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 Dec 2020 03:45:34 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.7\))
From: Jonathan Morton <>
In-Reply-To: <>
Date: Fri, 04 Dec 2020 13:45:32 +0200
Cc: Wesley Eddy <>,
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <> <> <> <> <> <>
To: Michael Welzl <>
X-Mailer: Apple Mail (2.3445.9.7)
Archived-At: <>
Subject: Re: [tsvwg] Another tunnel/VPN scenario (was RE: Reasons for WGLC/RFC asap)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 04 Dec 2020 11:45:39 -0000

> On 4 Dec, 2020, at 1:33 pm, Michael Welzl <> wrote:
> Right; bad! But the inherent problem is the same: TCP Prague’s inability to detect the 3168-marking AQM algorithm. I thought that a mechanism was added, and then there were discussions of having it or not having it?  Sorry, I didn’t follow this closely enough.

Right, there was a heuristic added to TCP Prague to (attempt to) detect if the bottleneck was RFC-3168 or L4S.  In the datasets from around March this year, we showed that it didn't work reliably, with both false-positive and false-negative results in a variety of reasonably common scenarios.  This led to both the L4S "benefits" being disabled, and a continuation of the harm to conventional flows, depending on which way the failure went.

The code is still there but has been disabled by default, so we're effectively back to not having it.  That is reflected in our latest test data.

I believe the current proposals from L4S are:

1: Use the heuristic data in manual network-operations interventions, not automatically.

2: Have TCP Prague treat longer-RTT paths as RFC-3168 but shorter ones as L4S.  I assume, charitably, that this would be accompanied by a change in ECT codepoint at origin.

Those proposals do not seem very convincing to me, but I am just one voice in this WG.

 - Jonathan Morton