Re: [tsvwg] morton REVIEW of draft-white-tsvwg-nqb-02

Greg White <> Wed, 28 August 2019 17:00 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id F2B30120143 for <>; Wed, 28 Aug 2019 10:00:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XL5leITOECih for <>; Wed, 28 Aug 2019 10:00:25 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7D3BD1208DF for <>; Wed, 28 Aug 2019 10:00:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901;; cv=none; b=Zr1his22qfDLojU2CmuoHuvb4/XGiyUZCdS7+vcW41V/alKFndKuG9kTp9t8yYYecR5JVP9hqjjZCnqzn3+io3cc27Y8YTWjmOyAcjFeDBDjOMgMjWGVIWZdkvAhy/jRZn6xZs+lm/YSq5qu5Z9/94vWYWYk+VRo3Blup399nyyotl6j2pAR4FYt7ECQV22QFp213XfvwpxxDRV/NcRCYKUd78uoKa4K7upd7zqIwHGzSi0Ga6p9qAD/KIrYBQK0z/uhdzKx2J3iYLp9kBFj0wXkF31eCkk89FHJnIOt0ez/VJh++IaWF7g2bNXrXU7bPejhwpVtJn7JDuDSGV32Uw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i+FxFufPXWjDc/OV4+WmFceWi/lmpjOgacAwC7q4mLI=; b=OVkxv0BUAqCPObU2/Rj8u+BKdr7AMf7etoYQ9l0kclT7EYTgdHySDyjStreh0ZzJPghP/YkV/jR9Yv7K37ZhJbUuAuiGVLROi5+5e/Cp6EuFFeuMVj/0xi/E7jrcQdcUpwr66jtEaz3NaUVaaVGxuH01ipOHSDXfNDVthjAGpZzHk2B02nfSnMMvUERZYkZUA10BuVOlfIKi2DLXS0tgURuoSFEqheNN+zRGOAMzibiR2TYRly7D9mEryJJ2rQwIJQPZKspVfgmCOel947EXA3Ikme+hecpUZLZKQaLiUjMpdXwWy848mMoWI8/DY6FfWbLhSd1+ODICu4ozn/EjkQ==
ARC-Authentication-Results: i=1; 1; spf=pass; dmarc=pass action=none; dkim=pass; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i+FxFufPXWjDc/OV4+WmFceWi/lmpjOgacAwC7q4mLI=; b=ZUbnlH7INCdnJ/ER41TFulgQa7GudjcbyxFRZBAnApJsJkxtpFAsuwTKxraTwgsgbaT9w5mZds4wFl80s3KHmFF4kTnD8+pCSMnK7ns6AHt5ZDBZfVq1HHa+qbV8OZ9t3b63lOX2sgIf6KS1SiagrvCLpxn7yudyVDHxWtkoszI=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2199.21; Wed, 28 Aug 2019 17:00:23 +0000
Received: from ([fe80::f120:9fe8:4522:d39b]) by ([fe80::f120:9fe8:4522:d39b%6]) with mapi id 15.20.2199.021; Wed, 28 Aug 2019 17:00:23 +0000
From: Greg White <>
To: Jonathan Morton <>, tsvwg IETF list <>
Thread-Topic: [tsvwg] morton REVIEW of draft-white-tsvwg-nqb-02
Thread-Index: AQHVWu6nOHeHydgGs0ObEhnf9ZOvVKcQabSA
Date: Wed, 28 Aug 2019 17:00:23 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/10.1a.0.190530
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 05a87d03-50ca-4d16-df88-08d72bd93786
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:SN6PR06MB4368;
x-ms-traffictypediagnostic: SN6PR06MB4368:
x-microsoft-antispam-prvs: <>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 014304E855
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39850400004)(346002)(376002)(366004)(396003)(136003)(189003)(51914003)(199004)(229853002)(6486002)(14454004)(25786009)(6506007)(102836004)(446003)(11346002)(81166006)(71190400001)(76116006)(66446008)(64756008)(66556008)(66476007)(91956017)(66946007)(478600001)(81156014)(256004)(8676002)(53936002)(71200400001)(2906002)(14444005)(486006)(6246003)(6512007)(6116002)(476003)(3846002)(33656002)(5660300002)(2616005)(6436002)(186003)(316002)(7736002)(58126008)(110136005)(36756003)(66066001)(66574012)(76176011)(26005)(8936002)(99286004)(305945005)(86362001)(85282002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR06MB4368;; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None ( does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: HX+XkYcSH2ao1cOiGBnz6u1pAHhofaYr0gTv7cZSXDknbEHG/PGaIOj1V8xMLoIRDXXqU7vvdgLzghGGkUYi9JUN4WJAHWbM08kr/qPVNW7P6sDQBakh6ahpZH0UVAJzPoSE8oAFPe5PQ8Lq9RpbY1WFK2aX+8C7ICw0Tt8CpxDwejdK8ADeKFNWd8GfU1KOAeQkxGuwy8rH89Iek/PS9kA/RaSdG3awiPybaqQB02A1MK59GKVo3wQ/Qp4uQ5aWJYybI0Dn5zhUKYYniBqFZz7D0dK/oZPr1xbk/qqbYYYY6tp3P6RYj2WUOfen6jVbt6ylXxkX/hA+OuBK6lyFZYwcFNqh8ggtupZYY/bL8cOsfWDDoob9GxYzjLTjpAtjTtbfnS08mliluK+KNcjSNkOvJh6H3iQ1LbPW3PH7JLU=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 05a87d03-50ca-4d16-df88-08d72bd93786
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Aug 2019 17:00:23.4638 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ce4fbcd1-1d81-4af0-ad0b-2998c441e160
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: BPRgZ06c/4bQADPZUdMNudRNPjT8EHIeiIUgsdMYki49Y4qBS+yq0U9JITVSFwzZoJU14L1/NQCuFIl84KC59A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR06MB4368
Archived-At: <>
Subject: Re: [tsvwg] morton REVIEW of draft-white-tsvwg-nqb-02
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 28 Aug 2019 17:00:30 -0000


Many thanks for the review and the summary comments.  We'll work on making the draft a bit more concise.  I agree that some of the text was intended to provide rationale for adoption of the draft, and may not be needed in the eventual spec (or it could be moved to an appendix).   I've also added some thoughts on other points in line (prefaced by [GW]) below.


On 8/24/19, 8:41 PM, "tsvwg on behalf of Jonathan Morton" < on behalf of> wrote:

    Summarising and condensing observations from various quarters, and upon carefully reading the draft myself…
    In a specification introducing a new DSCP, it is necessary to:
    1: Identify the (proposed) codepoint in question, subject to formal assignment by IANA.
    2: Identify the types of traffic which should be marked with the new DSCP.
    3: Describe the PHB to be applied to traffic carrying that DSCP, avoiding over-specification.
    These three requirements can be met much more concisely than the draft presently achieves.  In particular, the draft should focus on the immediate technical issues, refrain from editorialising or marketing, and does not need to be written like a white-paper (despite the primary author's name).  For an example of the latter, it is not necessary to include catechism phrases like:
    > (Section 4)
    > "Some questions that arise when considering endpoint marking are: How can an application determine whether it is queue building or not, given that the sending application is generally not aware of the available capacity of the path to the receiving endpoint?"
    I and others take particular exception to the editorialising around FQ qdiscs.  It should be perfectly sufficient to observe that not all network environments have FQ installed or are presently considered suitable for FQ deployment, and therefore that some other method of identifying NQB flows than "uses less than its fair share of the bandwidth" (which FQ identifies naturally) would be useful for these environments.  That is sufficient motivation for the NQB DSCP, and limiting the discussion of FQ to that point would probably shorten the draft by half.
    In terms of identifying traffic suitable for the NQB DSCP, I would specifically identify the following categories:
    1: Simple request-response protocols, such as DNS and NTP.
    2: Latency-sensitive protocols that are not capacity-seeking, such as VoIP and realtime multiplayer games, and for which the EF (Expedited Forwarding) DSCP is not appropriate.
    3: Capacity-seeking protocols whose congestion control algorithms are specifically designed to avoid building either persistent or transient queues, and for which the LE (Least Effort) DSCP would not be more appropriate.  These could include certain variants of TCP, but TCPs using ordinary versions of Reno or CUBIC could be identified as counterexamples with an explanation of the correct distinction to br drawn.
[GW] We haven't included capacity-seeking protocols as candidates to be labeled NQB, since this draft (and mechanism) is intended to be orthogonal but complementary to L4S.  There is no requirement that a node supporting NQB also support L4S (or vice versa), and thus no expectation that an L4S sender should mark its packets both as NQB and ECT(1).  

    Contrary to assertions made in the draft, it is not yet established that mis-marking traffic as NQB is harmless. In particular, if an effective "queue protection mechanism" is not provided (noting that it is optional in the spec), an adversary is able to increase the latency and/or the packet loss of NQB flows by flooding the NQB queue.  For an adversary interested in disrupting NQB traffic, that is an advantage not afforded by a similar flood composed of best-effort marked traffic.  We can reasonably predict that adversaries will take such an interest, given that NQB traffic is likely to include (pseudo) telephone calls and gaming sessions.

[GW] Yes, queue protection is necessary for mis-marking to be (largely) harmless. While there are use-cases in which it may not be needed (e.g. where the risk of mis-marking is negligible), I've received comments from others that they would feel more comfortable if the draft said that an implementation "MUST" support QP (perhaps with exceptions called out, e.g. equipment that supports FQ, or equipment designed for operation in controlled environments).  
    A "queue protection mechanism" is mentioned as a SHOULD requirement of the PHB, but is not described in an IETF document but an industry-specific external specification.  My understanding is that, ironically, this externally-specified algorithm is broadly similar to FQ.  Such a normative reference needs to be brought within the IETF, so that the association is not lost if the external specification moves URLs or goes offline in future.

[GW] The DOCSIS QP algorithm is now described in an IETF document that is on a path to being published as an RFC, so I think we're covered there.   I'll update the references to point to the IETF doc.  BTW, it's not ironic that the DOCSIS QP algorithm has similarities to the FQ sparse flow identification, LLD was in part motivated by the desire to capture as many of the benefits of the FQ approach as possible without the complexity and without imposing a fixed scheduling discipline on the internet.

    > 6. End-to-end Support
    > In contrast to the existing standard DSCPs, which are typically only meaningful within a DiffServ Domain (e.g. an AS), this DSCP would be intended for end-to-end usage across the Internet.
    It was my impression that the "standard" DSCPs were in fact intended for end-to-end usage across the Internet, but that misinterpretation of the specifications has led to DSCPs frequently being erased or corrupted on typical Internet paths.  It is certainly true that this situation has made Diffserv much less practically useful from an end-to-end perspective.
[GW] I think you are right about the original intent of standard DSCPs, though I don't think misinterpretation of specs is the reason for them not to be used end-to-end.  I think the more realistic PHBs for many of the previously standardized DSCPs have commonly involved prioritization and hence require trusted endpoints, or admission control, or policing, all of which are hard to enable across trust boundaries (i.e. it's a layer 8/9 issue).  Since the NQB PHB does not involve prioritization, and the NQB DSCP is intended to indicate verifiable behavior as opposed to value judgements, the belief is that those sticky issues will be much less likely to get in the way.    Nonetheless, point taken, the word "intended" in that sentence essentially blows the "contrast".  I'll try to rework that. 

    > (Section 8.3)
    > As discussed in [RFC8325], most implementations use a default DSCP to User Priority mapping that utilizes the most significant three bits of the DiffServ Field to select User Priority. In the case of the 0x2A codepoint, this would map to UP_5 which is in the "Video" Access Category (one level above "Best Effort").
    > Systems that utilize [RFC8325], SHOULD map the 0x2A codepoint to UP_6 in the "Voice" Access Category.
    This is obviously wrong and SHOULD be deleted.
    As I understand it, 0x2A was suggested as a suitable DSCP *specifically* so that it would naturally map to UP_5 and thus the "Video" category.  There are significant practical ramifications associated with placing capacity-seeking traffic, which may legitimately be marked NQB, in the "Voice" category; in particular it leads to considerably higher priority for airtime access, which is specifically stated as a non-goal elsewhere in the draft.  Even the "Video" category gives some additional priority, but is not as damaging to other RF-spectrum users in the vicinity.
    Better wording might be:
    > Systems that utilize [RFC8325], MAY map the 0x2A codepoint to UP_5 in the "Video" Access Category.  Otherwise, they SHOULD map it to UP_0 in the "Best Effort" Access Category.
    If this change is not made, I recommend that capacity-seeking protocols be removed entirely from the list of suitable traffic types.
[GW] As mentioned above, capacity-seeking protocols are not in the list, so I'm not sure it is obviously wrong to have request/response protocols, non-capacity-seeking latency-sensitive traffic, and other sparse flows mapped to the Voice AC.   But since (at least in many use-cases) mismarking should be anticipated, a WiFi implementation that maps NQB to AC_VO would almost certainly need an appropriate Queue Protection algorithm in place to prevent high bandwidth or capacity seeking flows from causing collateral damage to other flows.  You are probably right that AC_VI/UP_5 would likely be safer (and may lessen the need for or simplify the requirements of QP).  I don't have a strong view on this one, and would be fine changing it to UP_5 unless others object.

     - Jonathan Morton