[tsvwg] Re: [gwhiteCL/NQBdraft] Should traffic protection be mandatory to implement? (Issue #48)
"Black, David" <David.Black@dell.com> Tue, 23 July 2024 15:12 UTC
Return-Path: <prvs=19345b2335=david.black@dell.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1372C15793B for <tsvwg@ietfa.amsl.com>; Tue, 23 Jul 2024 08:12:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.253
X-Spam-Level:
X-Spam-Status: No, score=-2.253 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dell.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yrOfTMEbXOA2 for <tsvwg@ietfa.amsl.com>; Tue, 23 Jul 2024 08:12:22 -0700 (PDT)
Received: from mx0b-00154904.pphosted.com (mx0b-00154904.pphosted.com [148.163.137.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8DF1C157927 for <tsvwg@ietf.org>; Tue, 23 Jul 2024 08:12:21 -0700 (PDT)
Received: from pps.filterd (m0170395.ppops.net [127.0.0.1]) by mx0b-00154904.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 46NEX6ji014768; Tue, 23 Jul 2024 11:12:20 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dell.com; h=from :to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=smtpout1; bh=x8RrcX+vImPG8Xv04a6So G6SKQ8s6BWRsfJXfKpu2d4=; b=VgiIh5UpYdlZd7kIEv0nMiAy851ob70S3kKzF POg6DeLW15kglCzBwrlIcX9Qh20wpu81afp3RFsb54laYB3qQc3hIVGzpI8Xy5rB RxH0nvJ6cvtSYbmU4/DrUtkNnhkAy8LbOfR5pSRr58saUJMzEElHHWrfj8r8+Oz6 gF0siltEU5t1VgAwEab6eH1Wfk5Qhk37IDnQPdDX/sl1vGO48IXX7v1ol69X/Q/d CYTyWJraYmWpqhdVh6bFrxBXTUt7jFTJF2qSAiHB+6Gz5UP5/qc481hMvWf482VJ vuJv5Ey/4ukflPRpCVu03s8w0ZhS7MSP1uCbM67eT0XY82mKw==
Received: from mx0b-00154901.pphosted.com (mx0b-00154901.pphosted.com [67.231.157.37]) by mx0b-00154904.pphosted.com (PPS) with ESMTPS id 40g9wk5e0v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 23 Jul 2024 11:12:20 -0400 (EDT)
Received: from pps.filterd (m0393468.ppops.net [127.0.0.1]) by mx0a-00154901.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 46NF3HdP025467; Tue, 23 Jul 2024 11:12:20 -0400
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2101.outbound.protection.outlook.com [104.47.58.101]) by mx0a-00154901.pphosted.com (PPS) with ESMTPS id 40g8a4wb6g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 23 Jul 2024 11:12:18 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=wNiwuGJ/yj6Oe30AGbO/C3raO2dy8QuxFK1LAblk8EGQBnzMBgFZWNfquvTkMT6UuH0QAWGwsFfloIM3eXgqDRKWgCd9p35QPAIR8a2s8pKdC6cGIO1msxb7SOtsIU8hY+QlzMbzxXEqsjifK9GrYM7yjstVxcXwSq1aszDRtV7xM2PsvMK0/eYZ1P9d3CBJttaq2OJ+mOx1SsLc3pCt3mVGr4VKBcGLIInCM+HGnielmkBvNaldPExWhwRq8DAPFEoiGmoW5/1ieeZvfzwfeKqmtq4JhaEfr6VV/i8J2p+J5FSxD5U4y2KIrlt9oER+eCEK9ucYFlBKKomVUpLg/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=x8RrcX+vImPG8Xv04a6SoG6SKQ8s6BWRsfJXfKpu2d4=; b=g+B0b7TUEeGj3C/KEvWGAVtcptPe59hZeEqeEFSYeKPmKVZ7ClCV0BxWWfVtKS4cmheSyy093ukNDL6BQKGxR2uHfhxh6u24fRlyPnBgSDZvsWy38/4/Q8OHZWi5ZXwKDD85rulTWgOc02lkZXFB3YOwrlaIxR/t44F/HeVniHuzhU6wqVfvzL/LqIpgGwjWLhr3FL1mOh/0kBcUghI3ufr/us24gytit0P1OpCLlFJ6HFnh0xc4HMkDvPmw9GWKbRXq1+DhWMxU166XeDe3y07hcQi2OQM2TCuP0GHO70fLGDQSSBbAQW49enBnimgPNXs8+SBIRfxtb3DTxXGf3g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dell.com; dmarc=pass action=none header.from=dell.com; dkim=pass header.d=dell.com; arc=none
Received: from MN2PR19MB4045.namprd19.prod.outlook.com (2603:10b6:208:1e4::9) by CO6PR19MB5418.namprd19.prod.outlook.com (2603:10b6:303:14d::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7762.33; Tue, 23 Jul 2024 15:12:13 +0000
Received: from MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::656e:ea92:20c8:471e]) by MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::656e:ea92:20c8:471e%3]) with mapi id 15.20.7784.016; Tue, 23 Jul 2024 15:12:13 +0000
From: "Black, David" <David.Black@dell.com>
To: gwhiteCL/NQBdraft <reply+AB2VULW2XRH6MPK23ABRZQOEVLRFREVBNHHI5USV5Y@reply.github.com>, gwhiteCL/NQBdraft <NQBdraft@noreply.github.com>
Thread-Topic: [gwhiteCL/NQBdraft] Should traffic protection be mandatory to implement? (Issue #48)
Thread-Index: AQHa3JwfOJAPnnLUJEmQXstKT2fKJLIEXDAw
Date: Tue, 23 Jul 2024 15:12:13 +0000
Message-ID: <MN2PR19MB404591B9BAA1AEED7BBB900983A92@MN2PR19MB4045.namprd19.prod.outlook.com>
References: <gwhiteCL/NQBdraft/issues/48@github.com> <gwhiteCL/NQBdraft/issues/48/2244060936@github.com>
In-Reply-To: <gwhiteCL/NQBdraft/issues/48/2244060936@github.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a7bd41d9-d1d6-4f41-bf46-97f0241fcca2_ActionId=4d2b8fb1-77d9-4d35-abd8-ebc447a25224;MSIP_Label_a7bd41d9-d1d6-4f41-bf46-97f0241fcca2_ContentBits=0;MSIP_Label_a7bd41d9-d1d6-4f41-bf46-97f0241fcca2_Enabled=true;MSIP_Label_a7bd41d9-d1d6-4f41-bf46-97f0241fcca2_Method=Standard;MSIP_Label_a7bd41d9-d1d6-4f41-bf46-97f0241fcca2_Name=No Visual Label;MSIP_Label_a7bd41d9-d1d6-4f41-bf46-97f0241fcca2_SetDate=2024-07-23T14:15:00Z;MSIP_Label_a7bd41d9-d1d6-4f41-bf46-97f0241fcca2_SiteId=945c199a-83a2-4e80-9f8c-5a91be5752dd;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN2PR19MB4045:EE_|CO6PR19MB5418:EE_
x-ms-office365-filtering-correlation-id: b00dca46-c8d0-4709-d458-08dcab29d4d8
x-exotenant: 2khUwGVqB6N9v58KS13ncyUmMJd8q4
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|4022899009|69100299015|366016|376014|38070700018;
x-microsoft-antispam-message-info: IuYscb/aWqplkdcq0N6Im04Fvm4zowcgkovwTTkyBcv0O1DcisEO6IcIx8X5DIVtNxLhlsKtfGvLIqCvm+ksQAv8rDce1qeAR9MXkZtrewxxaetMqaJQIlAhGRADjlIG9kpASBxp514+zrGLNfuTSRx7FYX+4jBTW/SeBTatbv6FLWUCwS6fWEU75EbwbkTiX3vBdHHRUwmWFYa3CpJo+nGBwknbnsJJmxiW9xquYKqiFbJJSnrVG8KiwJToKSVUOHlTtV0RYtgT232D2i3YyiM94bYNVxL1JiwZ0Tykhh18+EKfZWggM/84XEy+hUXMkbesq7lnWGr3CiSuMxGSiSLLHGlzW9JDK2XwwoZJv3ZP+nf91Q8pIHfQ9nPJZJKRz3OGQpocGLKgEoHKwFdADOWMw9VlmBFTHyYCAqSPBH1nwZpNkRVNuvPaBvRhirTxoF09pP14hn9W9VCVTVU+S7iaqdNCqp+vw4208c5cU+RQyMjVL6upxGO1QdV+/3u6VLTXEi8I6UghBB835zj7AOwn1KF/afXbz8RzE3MfKIIRC3q3p9nNKLUGhxE60BagvYpKECGowxYZKENNfT/3fa5jDUfW/VI8o6cNHLggTf3W96jIDejf2vbG0Q3VytrZxlp545xjt/jQKcW9dIFbFUcBvVeVvWlqdd+XOnvMGhyfi4ad9SzwjgBfodgCAim9QnX6+SdXSFIsilKo0XIq/HJBtpnkBN72RdkUq7tMzuf4qDc1t6uTMk5bA6UNeDXB2clqgqXR7jvcZ6A4Cf/4oUEHbwnCzHqoDOuCvZSgyCV+rXmUoM5IHD5B3sytUjhn2YH1MpqRSYHk2bg7avshiLqrNrZb6XwguRv2w/ulXzf8AULdOxT4ixT3y1iH8yAzewyehb/Bt5lKOvIv+fn0AJ6n8JmCKnxQsUuF7bfX3YyRwqpKHrlGQDd8+otsvPYpLYwRAcvjjTFjZ2USk817npqoDRl3uFJFEm8QrHs+quiJ+l+Jd6Ex09Ds1xErHwFm1ny+0qv6OyXlnDPi5Xa7ySFPToTRy5EhrUO8eTkP2eo5GQaRQlC3Pt+14z7QzYX8a853VjcuzqTryJqOHFWINhbOMdwGE8L3j8UxjtsenNhOidtq2TWuApuWDQxfMJEOcQya4/jZi/QUk3BF0Bmbg64dJdtPoAX+X/9fN+uGDMMGUymcrvwMKsE/znAzpse7wTfoWXubkE1qeUJIiM/f0sOggX7f4/YdCX+zC8jUSzRzkszRsNeYsJGiI5JknG4u8gy/ZsIWl3djy59mNP6ff/2mphe7V1OCnTtZ3AWn4mnnOtvFpCLLIrjQXgm7kM5hNcfZnsGItTnGWBspAGMvJB2E1Xz2RDh8kAlm+oilGxM=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MN2PR19MB4045.namprd19.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(4022899009)(69100299015)(366016)(376014)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: rVsraC0Gd0ed//V63MWnHIqygRcyKCxGCoXPDP3szr3vr0U3qpwO2hsD9H0xpPhA9Ja+ejvLR5NgsIh2yXEdkGP9iwhB2qnh2MdD3eKjvWqczQRGtCoNHlOflb26WyUTLeLGaj6Sh0lxYGdeZYr7GBVwrn5DKHyxkJtXYsCjk5A1EOis+qIqr9vBdjKIP2mNm3SVB0FO83bzHaYAWT5cKpgmoxX3JNq4v2MFVDZreEiSvAIm7iC92mxbrARyajLUqePC6wuj+yo2/Z9FXy8qeXoDbC8xn0cYCyYtfXo+PRleBUlxrTO7Z5+l9sV708BxgyLHhXKzcGfKAwTKF0R3wuXNkuJr1S06Viv/OEUI1z59x4Xb2qJa2LqVvG/T/b9XBnFSNBUI1tlgfpXEhjq8OVtGEWe6Dbue+dnzFo2yX0A9yJWjWgPNKiE+48EtUqdHoWxvqePgSNAl25PnuyY1hIQMTTBQyZMxPqLbN/iYReFBdwuidR9GER8YaI/le1zC8UpFOY8pISrOP2/JyDEbEcnT6RvWXu7BUByV6GsQBY04lOvpZA+o5iQCbxXlx6m8DgKYK6oBOg0WP0LIfUORykzCLh9JGtG02VRGvEVkEY4NU+LFJO/NKZTlLN5fb/WtNmDg4Y2GmqtmRx0gg5RYF5OsWkGkkSO/Yexh0Bxv/RJkbW9pYUK8BPycrZ/WvaIAHWNdFk4MlsEL7Nuw7jD3oiL+LZr3cT8A6Pb9Ac4lJzKKhdhodf/c8duiepB06VTVcmepnS9cjLVgSZo5tzan/KUp3OuRQT53QJ0l72TS7H48h1ozNPkQmCX/ctPaVDfdyjCCknR27Yxe73wUtJUg00flbEWs3ydl092rE/E6pl3G6eNVes15URinP6t7BcP2ABcEyS9Igmd48A4cStAi2R9987O1ngJtvIWR5/5FktnrecAQzkcDY+eCQ3JvoyAy1xrwYl8ZbROFP4ld0n77S2IK8iV1MlQ1K28Gb/rGiJIZZ0cJw1EEfH5hpIa97VKz7ND4BqwPnF9nBx2qtpsO1ZD6ZwGHma1xav29ICHZjmuIbox9TXyFHyQ71qL2wuVsd6LFTOmLy0PAuvIh2+hFdomJN1R/HZva/7ImOle9GZNcFAWogppEiatV/BeSbJp88luumAEMZ6uvBnEXSDXvxml0Nf8y3xxE4XG/jcWSt0ZtPylE1uwxg7RosCqZjq+x71Q7w5WWfeA/VwoQWsH3vOaxgIoQWqt38XfHDiCj0TOHTE6sBtcofLklh+IFP13rOsSNpdyy7XuyYNrEa2eFeKiLJUdoNuT6pmhiSUHy+JEzk4qBrbweF3VKaGde8LzOeVY6UyMt9UF23X9W/FgXXgfLtC+dFa4jl2YPmWNBmf8yLh+YE7TdpG23g/cJ6BL4cZJ3gPc1tivBQq4+9q8uE1ANAIDTA+0+3Y9hf0Fwqr454FZacp8qW7c+k/C5Eu5A5yDzLEYS6Q4JjDCU2pmidOP74K0+oSzfuJGxWHpj3VcCO9uGstXweosrym7+wZItIS3zFLfEJgamWbbs89IEKkEreIbiwCkehKu1NhFgphct41QBG8y/KrjGBIJazb56
Content-Type: multipart/alternative; boundary="_000_MN2PR19MB404591B9BAA1AEED7BBB900983A92MN2PR19MB4045namp_"
MIME-Version: 1.0
X-OriginatorOrg: Dell.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR19MB4045.namprd19.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b00dca46-c8d0-4709-d458-08dcab29d4d8
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jul 2024 15:12:13.2145 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 945c199a-83a2-4e80-9f8c-5a91be5752dd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: rVoJ2tdOtfSSleO+TqMhIY/2V+KSMVVXz10U1G0EvZ/s8eiDq1nk79BUaSttayDzjdf70INO2WKQq0xsoedmng==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO6PR19MB5418
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-07-23_04,2024-07-23_01,2024-05-17_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=999 adultscore=0 clxscore=1011 mlxscore=0 impostorscore=0 suspectscore=0 malwarescore=0 priorityscore=1501 lowpriorityscore=0 bulkscore=0 spamscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2407110000 definitions=main-2407230106
X-Proofpoint-ORIG-GUID: NDiUB4KrOKGI5QKgW_ozORx7605qQ6C3
X-Proofpoint-GUID: NDiUB4KrOKGI5QKgW_ozORx7605qQ6C3
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 spamscore=0 lowpriorityscore=0 bulkscore=0 priorityscore=1501 clxscore=1015 impostorscore=0 phishscore=0 mlxscore=0 suspectscore=0 malwarescore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2407110000 definitions=main-2407230106
Message-ID-Hash: G45YUDBJVMHHPAPNQP7ZTJQWQAM5YKHX
X-Message-ID-Hash: G45YUDBJVMHHPAPNQP7ZTJQWQAM5YKHX
X-MailFrom: prvs=19345b2335=david.black@dell.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tsvwg.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Black, David" <David.Black@dell.com>, tsvwg IETF list <tsvwg@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [tsvwg] Re: [gwhiteCL/NQBdraft] Should traffic protection be mandatory to implement? (Issue #48)
List-Id: Transport Area Working Group <tsvwg.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/XPcey4j_480dkgITNA7x17F_qEg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Owner: <mailto:tsvwg-owner@ietf.org>
List-Post: <mailto:tsvwg@ietf.org>
List-Subscribe: <mailto:tsvwg-join@ietf.org>
List-Unsubscribe: <mailto:tsvwg-leave@ietf.org>
[+tsvwg list] > I continue to disagree that traffic protection needs to be made mandatory to implement, and I have some suggestions on a way forward that provides a compromise. This overall direction looks promising, but the suggested compromise is not (yet) good enough. Significant work on the draft will be needed, specifically on items 1 and 4: > 1. Necessity: NQB is a shallow-buffered best-effort service. It is understood that performance is not guaranteed for any best-effort service. I understand the overall intent, and I'm fine with that as a high-level goal/direction. The problem is that in the -24 version of the draft, "shallow-buffered" is an all-but-undefined term. To do better, the draft needs to provide a concrete specification of "shallow-buffered" and require that NQB implementations use shallow buffers. If this specification of "shallow-buffered" requirements is done well, it should lead to corresponding (hopefully minor) revisions of the incentives framework discussion that result in an acceptable resolution to points 2 and 3 on Incentives. OTOH, the comment that "performance is not guaranteed for any best-effort service" appears to have missed the point. I definitely agree that the draft is not guaranteeing any performance for NQB traffic, but this line of reasoning is claiming to guarantee non-performance(!) for QB traffic that uses (abuses) the NQB service. Specifically, the claim is being made that a shallow-buffered NQB service provides a sufficient non-performance guarantee to ensure that QB traffic has nothing to gain (and quite a bit to lose) by using (abusing) the shallow-buffered NQB service. The detailed requirements for sufficiently shallow buffers that realize that non-performance guarantee need to be specified and mandated, e.g., in Section 5.1 of the draft. > 4. Security: The incentives above don’t address malicious sources. While traffic protection is the remedy for this, some network environments have other ways to address malicious sources > (e.g. only approved applications are deployed in the network, or traffic conditioning is performed at the network edge). Proceeding in this direction ... if traffic protection is not mandatory to implement, then the draft will need to restrict NQB implementation and usage (using "MUST" and "MUST NOT" or equivalent RFC 2119 keywords) to network environments that have "other ways to address malicious sources." The nature and/or results of those "other ways" will need to be specified in a sufficiently concrete fashion that a network operator can readily determine whether or not her network has sufficient "other ways to address malicious sources." Turning to the suggested compromise: > Specifically, the suggestion is that we address your concern about abuse of the code point by adding a mandatory requirement > that NQB PHB implementations provide statistics that can be used by the network operator to detect whether abuse is occurring. > These statistics could be as simple as packet and drop counters. That could work in combination with a solution to the "4. Security" problem suggested above. By themselves, requiring collection/provision of statistics is not sufficient to resolve the security problem. > Regarding the paragraph in 5.2 discussing situations where traffic protection is potentially not needed, we could rework the paragraph ... That would help ... after the security problem (4) is resolved (see above).. The bottom line is that items 1 (e.g., What is the concrete specification of "shallow-buffered" ?) and 4 (e.g., What are other ways that are sufficient to address malicious sources?) need to be addressed. Thanks, --David From: gwhiteCL <notifications@github.com> Sent: Monday, July 22, 2024 9:03 PM To: gwhiteCL/NQBdraft <NQBdraft@noreply.github.com> Cc: Black, David <David.Black@dell.com>; Mention <mention@noreply.github.com> Subject: Re: [gwhiteCL/NQBdraft] Should traffic protection be mandatory to implement? (Issue #48) [EXTERNAL EMAIL] @dlb237 [github.com]<https://urldefense.com/v3/__https:/github.com/dlb237__;!!LpKI!jyiVIyRb0wHGFj6E5pa6Rm73RYDbMxjO3w3_EPIu0Igv6c7N8-NWOQisrmDR8o9RxjsUqJKazSDQ4_HKgrTj_EGiYA$> I continue to disagree that traffic protection needs to be made mandatory to implement, and I have some suggestions on a way forward that provides a compromise. Here are some of the reasons why I disagree: 1. Necessity: NQB is a shallow-buffered best-effort service. It is understood that performance is not guaranteed for any best-effort service. For example, the IETF doesn’t mandate that implementations of the Default PHB provide mechanisms to police/prevent applications from inducing delay and/or loss. 2. Incentives: As I wrote in #47 (comment) [github.com]<https://urldefense.com/v3/__https:/github.com/gwhiteCL/NQBdraft/issues/47*issuecomment-2215318283__;Iw!!LpKI!jyiVIyRb0wHGFj6E5pa6Rm73RYDbMxjO3w3_EPIu0Igv6c7N8-NWOQisrmDR8o9RxjsUqJKazSDQ4_HKgrT6fDk_CQ$>, even without traffic protection, if the NQB queue is configured as specified (i.e. with a shallow buffer), there is a disincentive for QB applications to mis-mark their traffic because they will see excessive packet drops. So, I disagree with your assertion that the incentives framework fundamentally depends on the presence of traffic protection. Traffic protection as defined in DOCSIS Queue Protection [ietf.org]<https://urldefense.com/v3/__https:/www.ietf.org/archive/id/draft-briscoe-docsis-q-protection-07.html__;!!LpKI!jyiVIyRb0wHGFj6E5pa6Rm73RYDbMxjO3w3_EPIu0Igv6c7N8-NWOQisrmDR8o9RxjsUqJKazSDQ4_HKgrSwpL2vsw$> arguably provides less of a disincentive for inappropriate marking than would be the case in the absence of QP, because it results in significantly less packet loss for the offending application. 3. Incentives: Incentives apply more broadly than on a hop-by-hop basis, and also generally apply more broadly than on a path-by-path basis. In other words, a QB application developer would (generally) need to make a decision as to whether to mark their packets as NQB without specific knowledge whether the traffic would be subjected to traffic protection or not. So, again, I disagree with the assertion that the incentives framework fundamentally depends on the presence of traffic protection. 4. Security: The incentives above don’t address malicious sources. While traffic protection is the remedy for this, some network environments have other ways to address malicious sources (e.g. only approved applications are deployed in the network, or traffic conditioning is performed at the network edge). I definitely agree that traffic protection is the preferred implementation, but I disagree that it needs to be made mandatory to implement. As a compromise, I'd like to suggest that we strengthen the recommendation around the implementation of traffic protection, and eliminate some of the language that seems of offer rationales to ignore that recommendation, futher I'd like to suggest that we mandate some mechanism that a network operator can use to detect and avoid abuse. Specifically, the suggestion is that we address your concern about abuse of the code point by adding a mandatory requirement that NQB PHB implementations provide statistics that can be used by the network operator to detect whether abuse is occurring. These statistics could be as simple as packet and drop counters. This requirement would ensure that operators who configure the NQB PHB have the ability to track the amount of packet drop that is occurring due to traffic overrunning the shallow buffer, and then take action if they feel as though the PHB is causing more issues than it is solving in their environment. Those actions could include disabling the PHB, identifying and dealing with the sources of malicious traffic directly, or pursuing a feature request with the equipment manufacturer to add a traffic protection function. In addition, I think we can delete the words in section 10: "but recognizes that other options might be more desirable in certain situations." so that the recommendation to implement traffic protection isn't watered down. Regarding the paragraph in 5.2 discussing situations where traffic protection is potentially not needed, we could rework the paragraph to emphasize that the decision by an implementer to not implement traffic protection might limit the deployment/usage of their NQB PHB implementation to a small subset of potential sitations, and it would put the onus on the operator to monitor usage and take remediations manually rather than automatically dealing with misbehaving traffic. We can also add text to more fully specify the implications of ignoring the recommendation. That, I think, would strengthen the SHOULD as opposed to offering rationales for ignoring it. — Reply to this email directly, view it on GitHub [github.com]<https://urldefense.com/v3/__https:/github.com/gwhiteCL/NQBdraft/issues/48*issuecomment-2244060936__;Iw!!LpKI!jyiVIyRb0wHGFj6E5pa6Rm73RYDbMxjO3w3_EPIu0Igv6c7N8-NWOQisrmDR8o9RxjsUqJKazSDQ4_HKgrRJn3skGw$>, or unsubscribe [github.com]<https://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AB2VULQNPSLLSSFSGIZRZP3ZNWTVRAVCNFSM6AAAAABKRH2VICVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENBUGA3DAOJTGY__;!!LpKI!jyiVIyRb0wHGFj6E5pa6Rm73RYDbMxjO3w3_EPIu0Igv6c7N8-NWOQisrmDR8o9RxjsUqJKazSDQ4_HKgrRNUJ0Ebg$>. You are receiving this because you were mentioned.Message ID: <gwhiteCL/NQBdraft/issues/48/2244060936@github.com<mailto:gwhiteCL/NQBdraft/issues/48/2244060936@github.com>>
- [tsvwg] Re: [gwhiteCL/NQBdraft] Should traffic pr… Black, David
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Overcash, Michael (CCI-Atlanta)
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Greg White
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Black, David
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Black, David
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Livingood, Jason
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Black, David
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Livingood, Jason
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Livingood, Jason
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Sebastian Moeller
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Black, David
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Overcash, Michael (CCI-Atlanta)
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Livingood, Jason
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Black, David
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Greg White
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Black, David
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Sebastian Moeller
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Sebastian Moeller
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Sebastian Moeller
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Livingood, Jason
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Sebastian Moeller
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Greg White
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Jonathan Morton
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Overcash, Michael (CCI-Atlanta)
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Livingood, Jason
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Black, David
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Sebastian Moeller
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Sebastian Moeller