[tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Should traffic protection be mandatory to implement? (Issue #48)

"Black, David" <David.Black@dell.com> Wed, 24 July 2024 00:33 UTC

Return-Path: <prvs=193501744b=david.black@dell.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F174C090385; Tue, 23 Jul 2024 17:33:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.253
X-Spam-Level:
X-Spam-Status: No, score=-2.253 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dell.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZFV_IsLPDC35; Tue, 23 Jul 2024 17:33:19 -0700 (PDT)
Received: from mx0b-00154904.pphosted.com (mx0b-00154904.pphosted.com [148.163.137.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D65BC09C231; Tue, 23 Jul 2024 17:33:19 -0700 (PDT)
Received: from pps.filterd (m0170398.ppops.net [127.0.0.1]) by mx0b-00154904.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 46NNkXwC001285; Tue, 23 Jul 2024 20:33:16 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dell.com; h=from :to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=smtpout1; bh=miDtiAwkvCALFxcCySgEi 5ZrcuclZtUS1MKs0/mylvY=; b=KuwEMvWoWdGRPFANeX3qFmPvxufFNTAEsQ+Ti 6tXZvhpuXS+bmRZpSOqBTzjO57oOZP8VDQIaPDFWUDqqHWO0JOYX8vBandUFWYpW 8g9lWXKgFHvTK8TqJfZjrZCll+P83zjR5TkmOh3E2stm/j2G6eYChTI94Qew9ARZ YG4j5mvIgubwC4xxu55jEFiJ32jmkuK3A/mXDSBrzWBDcznA1uzZbfC1nHYFyTAZ bU19CFUeFp4TkvQ0+YlMD8hEOFDJRG/rXyRLVzt234Br07pN2rDeZM75X4t7/d5x A296HiV8/ssLHz/UPZT+8n7nSIZQaCBQSOat+pFL2NcUKcTig==
Received: from mx0b-00154901.pphosted.com (mx0b-00154901.pphosted.com [67.231.157.37]) by mx0b-00154904.pphosted.com (PPS) with ESMTPS id 40h3m49q5v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 23 Jul 2024 20:33:16 -0400 (EDT)
Received: from pps.filterd (m0144104.ppops.net [127.0.0.1]) by mx0b-00154901.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 46NNSUYe021970; Tue, 23 Jul 2024 20:33:15 -0400
Received: from nam02-dm3-obe.outbound.protection.outlook.com (mail-dm3nam02lp2041.outbound.protection.outlook.com [104.47.56.41]) by mx0b-00154901.pphosted.com (PPS) with ESMTPS id 40jcmm1wuk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 23 Jul 2024 20:33:15 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ClT9QYCU7rb00e5SdOvWpdnQVH3Y2nIf9l9PV2U5Z7vzidWmFjsDnM6aaNvRQ0t6egUJGTRgOYH4QXH1H/zBZZ1U4Kk6cAdNO7ultJ+HBlAZmnTuu2cZwJJHCVTVmx7QVvfvqCAEE5OaTRLfA7d3agQbQj1r9wHiLWhxf1GAFBnNBMbaYsDgft2cF2iQrdadhjk1PufIORDiHpUf/mE/zWb0fLVPoTfqQu6ZxYJIGHLpcvoJToI7yonkAS2RHcMR+oMKBph8nbLPgUlCsysND7rEaB9Ei6kZDAEebkDUAEXUMFVWFSSvwFcF2nwgTM/51MeB7o7255xdfuKKbrQg6Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=miDtiAwkvCALFxcCySgEi5ZrcuclZtUS1MKs0/mylvY=; b=S5zKvcVrFz6QceNw7krf0qSfMo0/txqYSzRdXnKSyAsJfh3vwyPQTUkVdEVBud1E3Yfe4wnzdOhR7Vc7GZFb6C/bAoLWHpB+5oBRylt+F58BPpGuRZJH+fmXh2b2gACpKKyivrv1dgtkusxul+7JxVs8T9F4pgatp/DmZ6VrKklznTJ1XZ8IksDZprUfi6KYgQggXSQ9EHPut4Vqn1KO5bGFk7S1lANBIu0UQBPUmucMaV0MZ2Ti5nYR/GvM+7SLyrLX43a+4dmm6/YDlc5KNtyxhp0+g4EOEeGu5b41ujQOPmcmOBchmuqUFR1alJmKSbA/XHjKJIPMSQroFALP+w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dell.com; dmarc=pass action=none header.from=dell.com; dkim=pass header.d=dell.com; arc=none
Received: from MN2PR19MB4045.namprd19.prod.outlook.com (2603:10b6:208:1e4::9) by CY8PR19MB6961.namprd19.prod.outlook.com (2603:10b6:930:5f::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7762.28; Wed, 24 Jul 2024 00:33:10 +0000
Received: from MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::656e:ea92:20c8:471e]) by MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::656e:ea92:20c8:471e%3]) with mapi id 15.20.7784.016; Wed, 24 Jul 2024 00:33:10 +0000
From: "Black, David" <David.Black@dell.com>
To: "Overcash, Michael (CCI-Atlanta)" <michael.overcash@cox.com>, "Black, David" <David.Black=40dell.com@dmarc.ietf.org>, gwhiteCL/NQBdraft <reply+AB2VULW2XRH6MPK23ABRZQOEVLRFREVBNHHI5USV5Y@reply.github.com>, gwhiteCL/NQBdraft <NQBdraft@noreply.github.com>
Thread-Topic: [EXTERNAL] [tsvwg] Re: [gwhiteCL/NQBdraft] Should traffic protection be mandatory to implement? (Issue #48)
Thread-Index: AQHa3JwfOJAPnnLUJEmQXstKT2fKJLIEXDAwgABbGACAAEtNcA==
Date: Wed, 24 Jul 2024 00:33:10 +0000
Message-ID: <MN2PR19MB4045E01E9923873F4A0BBD4883AA2@MN2PR19MB4045.namprd19.prod.outlook.com>
References: <gwhiteCL/NQBdraft/issues/48@github.com> <gwhiteCL/NQBdraft/issues/48/2244060936@github.com> <MN2PR19MB404591B9BAA1AEED7BBB900983A92@MN2PR19MB4045.namprd19.prod.outlook.com> <LV2PR01MB7622B7EA53C95951987C9B0B9FA92@LV2PR01MB7622.prod.exchangelabs.com>
In-Reply-To: <LV2PR01MB7622B7EA53C95951987C9B0B9FA92@LV2PR01MB7622.prod.exchangelabs.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_dad3be33-4108-4738-9e07-d8656a181486_ActionId=dc085fbd-ef1b-4368-adba-a856a5ad6fe3;MSIP_Label_dad3be33-4108-4738-9e07-d8656a181486_ContentBits=0;MSIP_Label_dad3be33-4108-4738-9e07-d8656a181486_Enabled=true;MSIP_Label_dad3be33-4108-4738-9e07-d8656a181486_Method=Privileged;MSIP_Label_dad3be33-4108-4738-9e07-d8656a181486_Name=Public No Visual Label;MSIP_Label_dad3be33-4108-4738-9e07-d8656a181486_SetDate=2024-07-24T00:19:09Z;MSIP_Label_dad3be33-4108-4738-9e07-d8656a181486_SiteId=945c199a-83a2-4e80-9f8c-5a91be5752dd;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN2PR19MB4045:EE_|CY8PR19MB6961:EE_
x-ms-office365-filtering-correlation-id: 40cdef28-c575-40e3-b284-08dcab78324c
x-exotenant: 2khUwGVqB6N9v58KS13ncyUmMJd8q4
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|4022899009|1800799024|366016|69100299015|38070700018;
x-microsoft-antispam-message-info: VG6O05F/x5OyS2OnHRdB21h2vuUQRCdwT4YX3mROVsfG1LVIMvfrKuHTKO7OyC0j70Oe6+zkGR0KcSPrba3rVib2GeiqP1rkxKve3zPL9rZqeoQi6TTrxyto9qFIGI+qXi/FJVOI4PA1KDAsoGkEu444ARBGRlPApgIFwQ2Dpjb95gwZWGeMTRd1QV4IZ5iP6tsK5kBxlZB4LsLbPI7HOAN7Ro5p5X0f7DY5Z6rJ82E6/vrp+TowwIXYkEnRPMZzQdr4jsD76BcpsHUiRb7wx+ub/8tFMWf01dysWnVd0lGfl9xoIwsJUMATQ2WEp/0Ywsoi4+Bs6uEpp+KbGj+pA7Yk86Hv7IUVfkixa0N+3G6ZG16SoEyYkiHj31od3BiJQ0pXclD1ZZwsfgFsORlFfuIJlv7Jkpdt7GYi9rtDiloDR1FeRu7zWBbJl1/Sk0owBeRGKx6wGfH1WnjROC4SdV48Pgi6TAbKW6+lunYYsQiHf32entIjPGbPcYPbjwJcvcyuCSIO5RJGtHspU2iw05AWo8kP6E/KEP3FsDqCjiC6ot7TBLk42gRSOuTOhtz/vglInv0TZVY9qi3NYXYJBnCd3MB3IBrDSneHqsyAWIXCIrxcBVbAEq+I4Uj/yPyxNUP+NdlfUuCcQ1nrZ4ghBWXEQl35vDelh5UKplcoSLZw29CeNoAKlCdEdHNlf6wVSVNRvisczHvF+iFAFpk8aGkpyQwM6FwkBQpeNOx1EAXGF7XOnWZSPuIfB+J4WG2zsSGDvkIHqzML8DNpvG7OJ5BEgi4LSGAm6pIfj+tejRTiZOpdBga4JwE/T6RwvLyAuDzVBZxEzH6q0XJLSf3y8WcGAHsME0+yfJZjxwm3wBulzNJtlsBpmpwsTOWuWWm/yft9Pgo/fSUo0voH1CiRx0yOdbR9POY5YIIa01r48A463IcATe3R6qTDm47dbcl9Y9JN1tctTRAlC26UcR5QrOsrxOlgLWZ7celQ+Y7v/iL3fL4L7T76DtzhbBLkNCtFl+6Za1hHzDozcQc3/3zcnuH5rL0w6QqEV2qG0IPjY0bitOa5tVQmX5Dfmks2qA3xWlkimC+OElpwgXugK65+Jr70FpbYovuXkY1bMmwGtLUdb/CxgucDpm+GnUtmf1DXHWe1itpJpJD8x0O/zgzpF0CTZqk7u2Cr4z3Il6kBtlqn0hXZr9mS1Nm9F84aVHzlHDbZdc580Y686kFEmDePTgxRak+6IqtuSh45VbzudsykwBpovcBjwLUBhvtwpdObm+4uexu5S2+EeLlyVouc/TFmAyj3V9sfG27GjLrgfsxygF6o7XHyPZYt0vmwRu0N+VOJUbpswyKPMdaUrjb/Nm1GkYOY8oWhB+HxvlJ9fZc=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MN2PR19MB4045.namprd19.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(4022899009)(1800799024)(366016)(69100299015)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: HC6jC4aH8H5k6dAQhfa17PBrqsQp9iwfRkLCS3yFhw6NKx1hWM3cLQn1JnwwOntKUFaLepnJSuV+48ed0syDZ6dV76Gp5rDDOfFOPhJ/Ch2ihh/e87GdHoQe8mqOwtFt1+yvdIdLj2chCfVZAnztMQtv6a8FL+b2Xh5jY3EHaBx8ypm/5HQ+r11Nokl1GT36qEHVzJlyP+Tidr5Ew2ZyU74dc/MuAzvm7dCG935XURyhhaXku+LM4C15fuDGGF96fwc07EQZpbcwKP4JZIATX1mSHpLOTtjzMy4McvB7q1plOenL/zdLvSrF4lsq+7Zm4h5E/0TW2ttcQtQZqA9zfO+OjE0eKZNdiK5XWVEXdW9SrnZofr+pR8ONYNB5p3E7FzwQ+c34A3sw+4NphtSRylHBCeZYMdSJS6lzw/mXEDeTI9fGqxBnhPNpPHbTxBV3id8jyw0Vh1JSOqyjvK9QyMS6awUV7KvEDzOYFnr7MZBO4wK8fWos6eyKKO7f/z0HrmBSUs/WKwXQmiayAGLyBo+NsJW5gBw1S3NkXEiA/SavVLem6JSDwaoD0jTv3iIOoms1hVmAtfEFlkX1lBglSGz3BnJONJ6XhDwYZfA9J3C8LNKPVDaOqQAfzVUyiRm51TvLhHp7Zbp21m2WM8sWdkhS7cC41VreNabxnYffkpuXt5qKhioUqdISmKjoRppeTgkDOes0Z5rut6FZmKcohi/u6Dp6p+mii0V2uMpviztSQOW4nGjJJeCMcjUIAKwo6+CKfNxkg20StbuxRowGjbHL/4sZwvmZAxspFh9cpcsWXGngArQnDZbb0/5A3dkfSA2BNXWgHnuTH6omMhNocl4IdEXM+BVsz3gQUZjlhvhka25tbDE6JFpfooJlETiDYvRmzbGcHnio40XhBZ/wWiUWqyuC4YJSWa9pt/WKPLlIOn9VJBoISJ3XUJOEb08AVZFm6jx0HVG4Dxo3C1fwJEtjvEuRASimWS0tAnAYchWRaE5hw9YNjZUH4r1BfyYaYdkifaNjIdL636oqK3WvbYNPbd2OSRvJrWSPxNTzlWXjPLdGCz7VxY0HaH0PRwB1rvmXwCusHOIN8+GWDrLLKL/vvSURbhSShUVf7B5UeEqcLnh3+BEYxjMi8X20ok0QWeRF++fZYZ5kbHBaaI8AZAOX7luye/VjOdXqm9+aCBSM2Wi/sZRIfN8s58/5lYumjPrQC836P80VLiQSc+DOYBstgNpvqad3j7hAK9RfQkCkWgKOm3DYxG+Z+2weZYTnIUHxN2K5RNAhEmO5Z0xwxEmW2rKjsj5wBWE85WB50WWXvcLryz9KRGtvE8x6XYzcDLHjp5hti23rhYZuIwGN2GuTajwtWAks6pPqTZu5KAK2TMs1QUeYgzJDgndY4Ecumvt4ePXgSipMLGElTpCnILLVIrPx305LZxhsVCdskQ2g5sRuCakbFblGpzord6u8DuowNO/HX5i+RtVDQhZ5gGAj5E+dE1jvJrW4uP53iYNs6eHbm++cDZkrb9JWqTPmgxfNoEmClhvdPYsq8embHGBbC6DxCOljukjuXbsUjekVSbikZA+420o6rJBBY8DZ
Content-Type: multipart/alternative; boundary="_000_MN2PR19MB4045E01E9923873F4A0BBD4883AA2MN2PR19MB4045namp_"
MIME-Version: 1.0
X-OriginatorOrg: Dell.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR19MB4045.namprd19.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 40cdef28-c575-40e3-b284-08dcab78324c
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jul 2024 00:33:10.7716 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 945c199a-83a2-4e80-9f8c-5a91be5752dd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: APWjy63F4Na70PJk09mu9Z6+kETV7Kr5z19DP4QcHfMWMuqfZWrN5aVqTiXJTJb+Et1hl9rTTaCJDQsrfDJXdw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR19MB6961
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-07-23_17,2024-07-23_02,2024-05-17_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 mlxscore=0 clxscore=1011 adultscore=0 mlxlogscore=999 spamscore=0 phishscore=0 suspectscore=0 malwarescore=0 impostorscore=0 lowpriorityscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2407110000 definitions=main-2407240002
X-Proofpoint-GUID: lg7UbHmn7x9xvaYHQiqIfz9R8Bcbtnsy
X-Proofpoint-ORIG-GUID: lg7UbHmn7x9xvaYHQiqIfz9R8Bcbtnsy
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 suspectscore=0 bulkscore=0 spamscore=0 mlxscore=0 lowpriorityscore=0 phishscore=0 mlxlogscore=999 priorityscore=1501 impostorscore=0 clxscore=1015 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2407110000 definitions=main-2407240002
Message-ID-Hash: KMDVBE64FJMIDRMTE7J5WDXLG5HVGQCS
X-Message-ID-Hash: KMDVBE64FJMIDRMTE7J5WDXLG5HVGQCS
X-MailFrom: prvs=193501744b=david.black@dell.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tsvwg.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: tsvwg IETF list <tsvwg@ietf.org>, "Black, David" <David.Black@dell.com>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Should traffic protection be mandatory to implement? (Issue #48)
List-Id: Transport Area Working Group <tsvwg.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/ULAzoeHxj5biTUi99CdG9IqST1I>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Owner: <mailto:tsvwg-owner@ietf.org>
List-Post: <mailto:tsvwg@ietf.org>
List-Subscribe: <mailto:tsvwg-join@ietf.org>
List-Unsubscribe: <mailto:tsvwg-leave@ietf.org>

> I don't think you've really fully addressed Greg's main point here.
>
> "if the NQB queue is configured as specified (i.e. with a shallow buffer), there is a disincentive for QB applications to mis-mark their traffic because they will see excessive packet drops."

There's a reason for that - I agree in principle (or at least I don't disagree) with that point.  The problem that I have with the draft is that it needs to provide the details of what "configured as specified (i.e. with a shallow buffer)" means.  Unfortunately, this is an example of how not to do that:

> I don't think it is productive to rigorously define "shallow buffered" here. The exact buffer depth is a function of the algorithm and vendor implementation.

In other words, it's up to the implementers to figure out what to do.  That doesn't specify much of anything, and it's a lousy foundation for the strong claims being made about the incentives framework.

> I also don't think it is necessary or helpful to try to solve for malicious actors here. Any malicious actor can fill up queues and crowd out other traffic simply by sending high rate UDP.
> Shallow buffers are not uniquely vulnerable here.

That's the wrong class of malicious actor.  Theft of service is a different attack (with different malicious actor behavior) from denial of service.  The draft's incentives framework is making strong claims that theft of service attempts are sufficiently counterproductive for the thief so as to make other countermeasures (e.g., traffic protection) unnecessary.  The fact that all the buffers, e.g., both best effort and NQB, can be overwhelmed by a sufficiently large denial of service attack has almost no relevance to that theft of service concern.

Thanks, --David

From: Overcash, Michael (CCI-Atlanta) <michael.overcash@cox.com>
Sent: Tuesday, July 23, 2024 3:52 PM
To: Black, David <David.Black=40dell.com@dmarc.ietf.org>; gwhiteCL/NQBdraft <reply+AB2VULW2XRH6MPK23ABRZQOEVLRFREVBNHHI5USV5Y@reply.github.com>; gwhiteCL/NQBdraft <NQBdraft@noreply.github.com>
Cc: Black, David <David.Black@dell.com>; tsvwg IETF list <tsvwg@ietf.org>
Subject: RE: [EXTERNAL] [tsvwg] Re: [gwhiteCL/NQBdraft] Should traffic protection be mandatory to implement? (Issue #48)


[EXTERNAL EMAIL]
I don't think you've really fully addressed Greg's main point here.

"if the NQB queue is configured as specified (i.e. with a shallow buffer), there is a disincentive for QB applications to mis-mark their traffic because they will see excessive packet drops."

Traditional QoS/Priority approaches created an incentive to cheat by creating a "fast lane" for latency sensitive services. This is emphatically not how L4S and other similar AQM based methods work. The shallow-buffer queue is not a fast lane and will only improve latency performance for endpoints that implement the appropriate algorithms. An endpoint that tries to "cheat" will just end up policed and will experience worse performance. Why would anyone go out of their way to use the shallow-buffer queue to get worse performance?

I don't think it is productive to rigorously define "shallow buffered" here. The exact buffer depth is a function of the algorithm and vendor implementation.

I also don't think it is necessary or helpful to try to solve for malicious actors here. Any malicious actor can fill up queues and crowd out other traffic simply by sending high rate UDP. Shallow buffers are not uniquely vulnerable here. On the contrary, there is no buffer so large that a malicious actor cannot easily fill it.

Just my two cents...

Michael Overcash
Principal Architect, Cox Communications
michael.overcash@cox.com<mailto:michael.overcash@cox.com>

From: Black, David <David.Black=40dell.com@dmarc.ietf.org<mailto:David.Black=40dell.com@dmarc.ietf.org>>
Sent: Tuesday, July 23, 2024 11:12 AM
To: gwhiteCL/NQBdraft <reply+AB2VULW2XRH6MPK23ABRZQOEVLRFREVBNHHI5USV5Y@reply.github.com<mailto:reply+AB2VULW2XRH6MPK23ABRZQOEVLRFREVBNHHI5USV5Y@reply.github.com>>; gwhiteCL/NQBdraft <NQBdraft@noreply.github.com<mailto:NQBdraft@noreply.github.com>>
Cc: Black, David <David.Black@dell.com<mailto:David.Black@dell.com>>; tsvwg IETF list <tsvwg@ietf.org<mailto:tsvwg@ietf.org>>
Subject: [EXTERNAL] [tsvwg] Re: [gwhiteCL/NQBdraft] Should traffic protection be mandatory to implement? (Issue #48)

[+tsvwg list]

> I continue to disagree that traffic protection needs to be made mandatory to implement, and I have some suggestions on a way forward that provides a compromise.
This overall direction looks promising, but the suggested compromise is not (yet) good enough.  Significant work on the draft will be needed, specifically on items 1 and 4:

> 1. Necessity: NQB is a shallow-buffered best-effort service. It is understood that performance is not guaranteed for any best-effort service.
I understand the overall intent, and I'm fine with that as a high-level goal/direction.  The problem is that in the -24 version of the draft, "shallow-buffered" is an all-but-undefined term.

To do better, the draft needs to provide a concrete specification of "shallow-buffered" and require that NQB implementations use shallow buffers. If this specification of "shallow-buffered" requirements is done well, it should lead to corresponding (hopefully minor) revisions of the incentives framework discussion that result in an acceptable resolution to points 2 and 3 on Incentives.

OTOH, the comment that "performance is not guaranteed for any best-effort service" appears to have missed the point. I definitely agree that the draft is not guaranteeing any performance for NQB traffic, but this line of reasoning is claiming to guarantee non-performance(!) for QB traffic that uses (abuses) the NQB service. Specifically, the claim is being made that a shallow-buffered NQB service provides a sufficient non-performance guarantee to ensure that QB traffic has nothing to gain (and quite a bit to lose) by using (abusing) the shallow-buffered NQB service. The detailed requirements for sufficiently shallow buffers that realize that non-performance guarantee need to be specified and mandated, e.g., in Section 5.1 of the draft.

> 4. Security: The incentives above don't address malicious sources. While traffic protection is the remedy for this, some network environments have other ways to address malicious sources
> (e.g. only approved applications are deployed in the network, or traffic conditioning is performed at the network edge).

Proceeding in this direction ... if traffic protection is not mandatory to implement, then the draft will need to restrict NQB implementation and usage (using "MUST" and "MUST NOT" or equivalent RFC 2119 keywords) to network environments that have "other ways to address malicious sources."  The nature and/or results of those "other ways" will need to be specified in a sufficiently concrete fashion that a network operator can readily determine whether or not her network has sufficient "other ways to address malicious sources."

Turning to the suggested compromise:

> Specifically, the suggestion is that we address your concern about abuse of the code point by adding a mandatory requirement
> that NQB PHB implementations provide statistics that can be used by the network operator to detect whether abuse is occurring.
> These statistics could be as simple as packet and drop counters.
That could work in combination with a solution to the "4. Security" problem suggested above.  By themselves, requiring collection/provision of statistics is not sufficient to resolve the security problem.

> Regarding the paragraph in 5.2 discussing situations where traffic protection is potentially not needed, we could rework the paragraph ...
That would help ... after the security problem (4) is resolved (see above)..

The bottom line is that items 1 (e.g., What is the concrete specification of "shallow-buffered" ?) and 4 (e.g., What are other ways that are sufficient to address malicious sources?) need to be addressed.

Thanks, --David

From: gwhiteCL <notifications@github.com<mailto:notifications@github.com>>
Sent: Monday, July 22, 2024 9:03 PM
To: gwhiteCL/NQBdraft <NQBdraft@noreply.github.com<mailto:NQBdraft@noreply.github.com>>
Cc: Black, David <David.Black@dell.com<mailto:David.Black@dell.com>>; Mention <mention@noreply.github.com<mailto:mention@noreply.github.com>>
Subject: Re: [gwhiteCL/NQBdraft] Should traffic protection be mandatory to implement? (Issue #48)


[EXTERNAL EMAIL]

@dlb237 [github.com]<https://urldefense.com/v3/__https:/github.com/dlb237__;!!LpKI!jyiVIyRb0wHGFj6E5pa6Rm73RYDbMxjO3w3_EPIu0Igv6c7N8-NWOQisrmDR8o9RxjsUqJKazSDQ4_HKgrTj_EGiYA$> I continue to disagree that traffic protection needs to be made mandatory to implement, and I have some suggestions on a way forward that provides a compromise. Here are some of the reasons why I disagree:

1.      Necessity: NQB is a shallow-buffered best-effort service. It is understood that performance is not guaranteed for any best-effort service. For example, the IETF doesn't mandate that implementations of the Default PHB provide mechanisms to police/prevent applications from inducing delay and/or loss.

2.      Incentives: As I wrote in #47 (comment) [github.com]<https://urldefense.com/v3/__https:/github.com/gwhiteCL/NQBdraft/issues/47*issuecomment-2215318283__;Iw!!LpKI!jyiVIyRb0wHGFj6E5pa6Rm73RYDbMxjO3w3_EPIu0Igv6c7N8-NWOQisrmDR8o9RxjsUqJKazSDQ4_HKgrT6fDk_CQ$>, even without traffic protection, if the NQB queue is configured as specified (i.e. with a shallow buffer), there is a disincentive for QB applications to mis-mark their traffic because they will see excessive packet drops. So, I disagree with your assertion that the incentives framework fundamentally depends on the presence of traffic protection. Traffic protection as defined in DOCSIS Queue Protection [ietf.org]<https://urldefense.com/v3/__https:/www.ietf.org/archive/id/draft-briscoe-docsis-q-protection-07.html__;!!LpKI!jyiVIyRb0wHGFj6E5pa6Rm73RYDbMxjO3w3_EPIu0Igv6c7N8-NWOQisrmDR8o9RxjsUqJKazSDQ4_HKgrSwpL2vsw$> arguably provides less of a disincentive for inappropriate marking than would be the case in the absence of QP, because it results in significantly less packet loss for the offending application.

3.      Incentives: Incentives apply more broadly than on a hop-by-hop basis, and also generally apply more broadly than on a path-by-path basis. In other words, a QB application developer would (generally) need to make a decision as to whether to mark their packets as NQB without specific knowledge whether the traffic would be subjected to traffic protection or not. So, again, I disagree with the assertion that the incentives framework fundamentally depends on the presence of traffic protection.

4.      Security: The incentives above don't address malicious sources. While traffic protection is the remedy for this, some network environments have other ways to address malicious sources (e.g. only approved applications are deployed in the network, or traffic conditioning is performed at the network edge).

I definitely agree that traffic protection is the preferred implementation, but I disagree that it needs to be made mandatory to implement.

As a compromise, I'd like to suggest that we strengthen the recommendation around the implementation of traffic protection, and eliminate some of the language that seems of offer rationales to ignore that recommendation, futher I'd like to suggest that we mandate some mechanism that a network operator can use to detect and avoid abuse.

Specifically, the suggestion is that we address your concern about abuse of the code point by adding a mandatory requirement that NQB PHB implementations provide statistics that can be used by the network operator to detect whether abuse is occurring. These statistics could be as simple as packet and drop counters. This requirement would ensure that operators who configure the NQB PHB have the ability to track the amount of packet drop that is occurring due to traffic overrunning the shallow buffer, and then take action if they feel as though the PHB is causing more issues than it is solving in their environment. Those actions could include disabling the PHB, identifying and dealing with the sources of malicious traffic directly, or pursuing a feature request with the equipment manufacturer to add a traffic protection function.

In addition, I think we can delete the words in section 10: "but recognizes that other options might be more desirable in certain situations." so that the recommendation to implement traffic protection isn't watered down.

Regarding the paragraph in 5.2 discussing situations where traffic protection is potentially not needed, we could rework the paragraph to emphasize that the decision by an implementer to not implement traffic protection might limit the deployment/usage of their NQB PHB implementation to a small subset of potential sitations, and it would put the onus on the operator to monitor usage and take remediations manually rather than automatically dealing with misbehaving traffic. We can also add text to more fully specify the implications of ignoring the recommendation. That, I think, would strengthen the SHOULD as opposed to offering rationales for ignoring it.

-
Reply to this email directly, view it on GitHub [github.com]<https://urldefense.com/v3/__https:/github.com/gwhiteCL/NQBdraft/issues/48*issuecomment-2244060936__;Iw!!LpKI!jyiVIyRb0wHGFj6E5pa6Rm73RYDbMxjO3w3_EPIu0Igv6c7N8-NWOQisrmDR8o9RxjsUqJKazSDQ4_HKgrRJn3skGw$>, or unsubscribe [github.com]<https://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AB2VULQNPSLLSSFSGIZRZP3ZNWTVRAVCNFSM6AAAAABKRH2VICVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENBUGA3DAOJTGY__;!!LpKI!jyiVIyRb0wHGFj6E5pa6Rm73RYDbMxjO3w3_EPIu0Igv6c7N8-NWOQisrmDR8o9RxjsUqJKazSDQ4_HKgrRNUJ0Ebg$>.
You are receiving this because you were mentioned.Message ID: <gwhiteCL/NQBdraft/issues/48/2244060936@github.com<mailto:gwhiteCL/NQBdraft/issues/48/2244060936@github.com>>