IETF Logo Mail Archive

Re: [tsvwg] Consensus call on ECT(1)

Sebastian Moeller <moeller0@gmx.de> Thu, 14 May 2020 07:36 UTC

Return-Path: <moeller0@gmx.de>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 274D23A03FF for <tsvwg@ietfa.amsl.com>; Thu, 14 May 2020 00:36:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Level:
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7NUIOrTfaJZX for <tsvwg@ietfa.amsl.com>; Thu, 14 May 2020 00:36:43 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 598323A03F6 for <tsvwg@ietf.org>; Thu, 14 May 2020 00:36:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1589441793; bh=pD3pI7/Nqf0uWjDqPt5ZjUQuRCKubOrHuuAITeMD2vU=; h=X-UI-Sender-Class:Subject:From:In-Reply-To:Date:Cc:References:To; b=gMMDD0RFeP+UQzX8mzT1lgw6rGtmoUslQvvfkgRS/+32m2oCKEGdCNhdwOm6aj4wN w4Zu1BoKB22l4uG9X52yzFvSZxDfAV8JZjGRbJFaVmi21otLVTePc7t3jtX1Hhbahe MzXj9SRAlebZdi2wGctgSlIdZ2ZmTuPcNuHW1nR0=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [10.11.12.16] ([134.76.241.253]) by mail.gmx.com (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1M2f5Z-1jWfJW2hh9-004FZh; Thu, 14 May 2020 09:36:33 +0200
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\))
From: Sebastian Moeller <moeller0@gmx.de>
In-Reply-To: <AA8650CE-8DAA-4E6D-BDAB-23986A1E505F@apple.com>
Date: Thu, 14 May 2020 09:36:30 +0200
Cc: Wesley Eddy <wes@mti-systems.com>, "tsvwg@ietf.org" <tsvwg@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <53F2B9B0-583C-4983-BFF5-60204953C64C@gmx.de>
References: <46720ce0-ffcb-e97f-3e2d-6b5274b73b15@mti-systems.com> <AA8650CE-8DAA-4E6D-BDAB-23986A1E505F@apple.com>
To: Stuart Cheshire <cheshire=40apple.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3445.104.14)
X-Provags-ID: V03:K1:ObZQ1vPP0a4OOA3ctsQU/WPoW/zSpwZZoQiC6LJ6mULVUknOMHI dmgDBuQ4QeFgcqpfkEo5ZukSWqEvO+alSeRdbguTPJQ55KUmHbsZ+XBoqWD2cFim1Nq/u4f 29x/y0OXcBaSaJQAQmCXUP8OuKCseUJD+8TbUpBzXiHkmdhGz2ii4QesoI3RwPzeiUuafZo mV1PseAst52AA+K/C7zQQ==
X-UI-Out-Filterresults: notjunk:1;V03:K0:imO6eB9bvEQ=:yrVOlnZtuyuWZgm9/aRa25 iSkjvFsAmtRqw/TnBuiCfHBMlu9Yl+FuMWGPBLRDCb8aPL8O8Kvj0rhDWduMFq9RV6DXYdiIr TfKkb9CRP+/oa5GrzDmfR+BFRF4p//3wBQffGIokmBZzpSV+HoOsgDyBpIPt0kBukTxim2eod ag0hvdVLDH8LG2d85LM9PySC2QuuETUkv3aIhvsQQc+FNoqqOGeLHzZ95QSs2G9dyy3old1ao eQaIo3c7Gl2PJM7jUPLEXkJdtlNwmaQIjyr3W+NRhsOL9IGWyNh/OAzZLh9UChJreVyUqG905 yq9HxJQgSEYPFDSVbkXJEUiXgzVjlDAJETndCcChxFNMMwGRs17B/D4i9ARYg46EPkfwhk4lW 8nSD+tpDnOsVM0oIQV/JauUhjRYALjttoJBfm06L3p6G2LL3elJADZsPa8mvgt1xsK6eeW7nF EdarVoHjURaPOtiAIzFwVwPyV+hJloCtv18sgJJULfS3nwr0BpHO2qqmSJB5ndaTeWD4iSLVw gohn0vGHEsLVkGVCVoOGpTjtd/2eYy54nld7oYi3IJUFj8e26ap4LGcfvonfiWpm0tAChbMzr 0/RqIBvCNAims+vF86ydGLu6eXw95Kq/b1vvH63bqGPKufSOetKEFlNHOu4ndbsBICCoGaU9N L63IOIOd692qUXnyCLzrFJxkLpLvNxJT2GAWbceu/a+mihr0hcpOgnScGubWEVlhe58fjEgJg d+n3UuSsP/7rXexaC3ku/3uMDYSmyA7v/60QUbu9/Aw5G9XGdbw4f3moIjLvdBnQrfBaaME31 s8touIiFf7HFUvbxjSqGokqQydfUwvR9kn6g5EJyRD9etBMdZM+F96V3hWVZnARPWfdnkANkE A8rvXEwaHnUq4qzSySZHObe1GJLTC5cL0Wf5fyq9/x27GReXTitEBx2OVJaTVF1AXVPynKtOw nz4s8YXTj601WtEuLJSG64QLPjzF9ybIbGiOfjf9k7niPBRCImLzOeSq0D4y5wbgGzVbCWOt5 QqSCjO6QNOL7Y0aetmQgCZ0CYBXXnFY9hLElZ56SXBJCEY4naOCY1ce5lstY1nst/mNT1UlpA kT1tECq9OQCPlyKIYfW6340aalKA11dDZ3oQfNNE+0NqNz1RcZPcJvArwZh0aTTrdfzSgjQBS sVcOjlbeYA3r0L9MV9WxAow4N1vezBvtOd9ESLiv+hReh52T1LJoJIOThpeZns/EUmDbPWWsZ lZlU85T18d0DEHE2l
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/Wy7T89U9DKrg_PuXVe0F6oKoQbU>
Subject: Re: [tsvwg] Consensus call on ECT(1)
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 May 2020 07:36:45 -0000

Hi Stuart,

I have a question about your rationale below.


> On May 14, 2020, at 05:44, Stuart Cheshire <cheshire=40apple.com@dmarc.ietf.org> wrote:
> 
> On 4 May 2020, at 11:15, Wesley Eddy <wes@mti-systems.com> wrote:
> 
>> In this email thread, please state, concisely, which of the following viewpoints on ECT(1) you prefer.
> 
> I support option 1, using ECT(1) as an *input* signal to the network.
> 
> We need an input signal to the network because it allows the sender to signal to the network that it it is able to gracefully handle (and indeed, benefit from) ultra-shallow network queues. It also serves as a commitment by the sender not to abuse that shallow queue by bloating it (under pain of severe penalty if caught doing that by a stochastic traffic policer). Without an input signal to communicate the source’s request for the shallower queue (and acceptance of the corresponding consequences if caught cheating) the network can’t know to which traffic it can safely apply the stricter policy.

	[SM] The L4S RFCs make it explicitly clear, that no such "stochastic traffic policer" will be mandated (or maybe not even needed). In an earlier discussions here on the mailing list I got the impression that even the idea of mandating even just the implementation (let alone default activation) of such a monitoring and enforcement was rejected. The official L4S position seems to be that the shallowness of the LL-queue alone would be sufficient to act as disincentive against abuse.

From https://datatracker.ietf.org/doc/html/draft-ietf-tsvwg-l4s-arch-06:

"8.1.  Traffic (Non-)Policing


   Because the L4S service can serve all traffic that is using the
   capacity of a link, it should not be necessary to police access to
   the L4S service.  In contrast, Diffserv only works if some packets
   get less favourable treatment than others.  So Diffserv has to use
   traffic rate policers to limit how much traffic can be favoured.  In
   turn, traffic policers require traffic contracts between users and
   networks as well as pairwise between networks.  Because L4S will lack
   all this management complexity, it is more likely to work end-to-end.

[...]
8.2.  'Latency Friendliness'


   Like the Classic service, the L4S service relies on self-constraint -
   limiting rate in response to congestion.  In addition, the L4S
   service requires self-constraint in terms of limiting latency
   (burstiness).  It is hoped that self-interest and standardization of
   dynamic behaviour (especially flow start-up) will be sufficient to
   prevent transports from sending excessive bursts of L4S traffic,
   given the application's own latency will suffer most from such
   behaviour.

   Whether burst policing becomes necessary remains to be seen.  Without
   it, there will be potential for attacks on the low latency of the L4S
   service.  However it may only be necessary to apply such policing
   reactively, e.g. punitively targeted at any deployments of new bursty
   malware.

   A per-flow (5-tuple) queue protection function [I-D.briscoe-docsis-q-protection] 
   has been developed for the low
   latency queue in DOCSIS, which has adopted the DualQ L4S
   architecture.  It protects the low latency service from any queue-
   building flows that accidentally or maliciously classify themselves
   into the low latency queue.  It is designed to score flows based
   solely on their contribution to queuing (not flow rate in itself).
   Then, if the shared low latency queue is at risk of exceeding a
   threshold, the function redirects enough packets of the highest
   scoring flow(s) into the Classic queue to preserve low latency.

   Such a queue protection function is not considered a necessary part
   of the L4S architecture, which works without it (in a similar way to
   how the Internet works without per-flow rate policing).  Indeed,
   under normal circumstances, DOCSIS queue protection does not
   intervene, and if operators find it is not necessary they can disable
   it.  Part of the L4S experiment will be to see whether such a
   function is necessary.
"


and https://tools.ietf.org/html/draft-ietf-tsvwg-aqm-dualq-coupled-11"

"4.1.  Overload Handling


   Where the interests of users or flows might conflict, it could be
   necessary to police traffic to isolate any harm to the performance of
   individual flows.  However it is hard to avoid unintended side-
   effects with policing, and in a trusted environment policing is not
   necessary.  Therefore per-flow policing (e.g.
   [I-D.briscoe-docsis-q-protection]) needs to be separable from a basic
   AQM, as an option under policy control."


It seems clear that this position of not requiring a policer is not based on actual data, as otherwise there would be references demonstrating that. IMHO this is based on hope/wishful thinking.


QUESTIONS:

1) Are you agreeing that these definitions are not fully aligned with your idea that misusing the input signal will have negative consequences for the abuser?

2) Are you proposing to make such policing mandatory (which would require at least changes to the cited section of RFC drafts) or are you fine with leaving this aspect purely for implementers? At that point L4S proponents will argue that this will drag in reading L4 headers something they want to avoid at all costs* 


Best Regards
	Sebastian



*) IMHO this is misguided, a node not having access to L4 headers simply can use a 3-tupel (just from the IP header) for "flow-group" identification, or on IPv6 ualso se the flow label as part of the flow identification or not use ECN in its AQM at all. Or put differently, I do not assume meaningful roll-out of AQMs to this nodes, as the value equation that has made operators not deploy single queue PIE or Codel to those nodes still apply. And those single queue AQMs would already deliver the bulk of the latency improvement expected with L4S, from multiple 100s to 1000s of milliseconds down to the high single to low double digit millisecond range. But I digress.





> 
> Stuart Cheshire
>

v2.23.0 | Report a Bug | By Email