[tsvwg] Comments on L4Sops [was Adoption call for draft-white-tsvwg-l4sops ...]

Greg White <g.white@CableLabs.com> Mon, 15 March 2021 23:41 UTC

Return-Path: <g.white@CableLabs.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC2193A1314 for <tsvwg@ietfa.amsl.com>; Mon, 15 Mar 2021 16:41:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cablelabs.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id andaiOYmH1Sk for <tsvwg@ietfa.amsl.com>; Mon, 15 Mar 2021 16:41:17 -0700 (PDT)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-eopbgr770137.outbound.protection.outlook.com [40.107.77.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D0C53A1313 for <tsvwg@ietf.org>; Mon, 15 Mar 2021 16:41:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WivkVLjWWwJYhNrmC3+UUURxX+4B3YP0uv8hm0TgfB4SJ1D7lnSdr0DjRtnXNxVIkMaB1KfeQrDMuQV/JmptvMVfYEmvy+O4dGcUN6j1pAfaGYR4d2d/s2xRd0mwD7W168cXjeFnhwzQEUBxRuo06TCCjjK7q/UM/g7ZZg5jA7nzx6H9k//EXuDwT1q1Mny9tAuIRRhtFROBf3VRI9vQu47xcr2WCFVwOXmlPs4uh2yWreHRnQ4Wt7k1lO6xzZl1NudEGDWN9yfks7GwblxLgmnPSnH/FKAxI/b4F/e4zf6vAOUduQ4kimZgtDyeG/Zj4PNBdP9hMRZMGxtIz24saQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kST+k+uIrxZKW46Y2YnQKPBkt822DzbEyQuOFimo+sQ=; b=nSVdaZ8hQXzBnJsZCWK8hrvoW/jBq/cM+gDz/J76SrHLM475k7oYLGGO2EOT6pYFCX9zKAOYHyVAHVYgTGVBHVDoM1Gm+OjmZ4KqXOK33DNbAl/zFWloUmN6I/GyBaSjPY0LpL9J2H+x/ta06SQasnm9GpQqzSutYesJ+a2HbgZULE5+UpnuKeOi62BibqSQF7ZaS0ugRO1NhT9M3hn5BlUnNuQcG17MrnDhJaPEDFlD1NISDoZ9dUhB1nKtXcXmb8H/TxbbkSzovRL68W1bQ9ja1vM0KS8JrBHQSD2RvFtF8dE9ByRf9txh6ajJ90GL0LeoNqJ9slAoJVFI5ZNL9A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cablelabs.com; dmarc=pass action=none header.from=cablelabs.com; dkim=pass header.d=cablelabs.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cablelabs.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kST+k+uIrxZKW46Y2YnQKPBkt822DzbEyQuOFimo+sQ=; b=bhyi6p7JEVyBZtSlbjhKM7b7UxfmntmVAi04UgwYYsLK8orU1GmB5wvUTQheNbc36rnjL/PV528viGekfks1DTn+Zih5fvXoYCtOcrlKghe7r0EQkKqLIA4T7hmEBWEkC4v9yY3NPH8C3YloZQw0E5c+tAgTJI65m+AfkjToi/7PmXB9RETCq6lcxNF+cCAupehH6pSCspYYp6Pje4A8nB5Ke59tSA58E2MjhbWn68yh+EM2yYKIq8Cc2at2Wa890WB9PVK7RjJazlunwnMfxsCd/JCGltM8ifIORy7lch2Oi9gHDpGnSyld3Q2LfDgvEjeD/7kuXK+LFYXMsx6pmQ==
Received: from CY4PR06MB2821.namprd06.prod.outlook.com (2603:10b6:903:130::11) by CY4PR06MB2805.namprd06.prod.outlook.com (2603:10b6:903:132::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.32; Mon, 15 Mar 2021 23:41:15 +0000
Received: from CY4PR06MB2821.namprd06.prod.outlook.com ([fe80::fd1d:5577:b489:745c]) by CY4PR06MB2821.namprd06.prod.outlook.com ([fe80::fd1d:5577:b489:745c%10]) with mapi id 15.20.3933.032; Mon, 15 Mar 2021 23:41:15 +0000
From: Greg White <g.white@CableLabs.com>
To: Jonathan Morton <chromatix99@gmail.com>, "tsvwg@ietf.org" <tsvwg@ietf.org>
Thread-Topic: Comments on L4Sops [was Adoption call for draft-white-tsvwg-l4sops ...]
Thread-Index: AQHXGfSwsnFFVZlJJ0eRX0tuXHj7og==
Date: Mon, 15 Mar 2021 23:41:14 +0000
Message-ID: <FC0AE9F0-0F85-441E-B555-51A5B6A6A009@cablelabs.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.44.20121301
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=CableLabs.com;
x-originating-ip: [73.243.9.160]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f4767346-ce68-421c-8117-08d8e80bd2ba
x-ms-traffictypediagnostic: CY4PR06MB2805:
x-microsoft-antispam-prvs: <CY4PR06MB2805B2ECF4F76DD9000EACB0EE6C9@CY4PR06MB2805.namprd06.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: rgxAKs1eCQu6W6yoR0GS2QozUrVgDW33bNz+iQ1KgU/3pCVcaH7lKStrnJ9+KKTLISZgUn89PGXeGgeC/8AplCLseexzayhIk5vciL6yMSq4A70mp0k1CEk7UFbzYjo6PZmIZ0Yo5rafR/YTY3SONT6N8yqjgz9FRRe8z+lYM07ncU+m3ZafyViUWEPL7qyMLMc9CWz7hordrClhxJq0vzWCPDvOrh7jKQcCJR2+nXQANLPwAMdHvsQETmnrmiZVtq+BvuE+mhbYg7envOSMAkFzgQAAeL+mj7NWo+UpJ4hna+dDDj/glQ9xKPQ0szI6ewEJ7J+wCwQ3awzXev3s43PGN60mG1Fl4sZxmtb9TEOQCrQHZRbJuvzFal+RNJign33vDABQL3x/u14JNYNcUCvSbXUQlGq0TeDvstJvmm4TvCDQDyIx/R4h+nrh/ghn8RA0ody3cDS1I75QH3Kz81V6kXAuhQVEE7zaet5C420w+jlJeiVmAA5h3ilGbgG5rZViySxG2NqRS/0iLkfMKVWNN+QcBu4fQn48RfBbJNhK5u4dh4vHFslNqrH9/8xIFsLwK4U3bRzalPmlJEsnoo2+dWiZ+QLaWXQQ58SdOjR0b7LhUF7vcswVYLgYUjslJ5IlO1HNGn7v8W6mASP8UeQNoP3ivLKpxWfO1TwbZ0I=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CY4PR06MB2821.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFS:(39850400004)(136003)(376002)(346002)(396003)(366004)(76116006)(66446008)(66476007)(5660300002)(6512007)(26005)(66574015)(36756003)(186003)(86362001)(66556008)(66946007)(71200400001)(2906002)(316002)(110136005)(83380400001)(2616005)(478600001)(33656002)(8676002)(8936002)(64756008)(6506007)(53546011)(6486002)(32563001)(85282002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: Ka90tSC97o74v/AsG0skgXhoV+E3TwEGMBJh8ZIWEp68/E0ysssthlZBsGJ0rUmXRXB6ee4OoRGLHrIiPeu5iaVA+9JMIiKItHnySdNoh1idLRzDUUDgGDLKp6ocGl0K2+N0IsSVCKLT2iwKXNnk6jUpDCS7RI5vRnNNV7xjI7hmZSyu/vUAjx02XqNPSVkwxTm/yf8ERqMt/6QjmLcLLsL4fGnG7tVmOtQeDcxqjQnRLlKAdbvY6qE0jdgik81JiVbnnC00YVLcqqWaOGIOn6JD5PKXLEWuepuwF9ybZJnci7zniIjWvdnCaqaA5EIJDN7qdpsCRPG+bVJqjtUbtf8p8de87J7KiWa4dD+pSenj1CqLXFOIF5mYh+gwYOGt8++ClQx0GwbjTznXAeqI5RdiGihlMG3OMoe0CaZfzIRCZ2d7uXoPzervvUDGddMHX0lTAb+2ExHBI5kXAxa5J5IJfRC44R9zI8c6zZJe3nlkdT9o/IVIgz+TqJQNRR+6nh4Z6DmPcMUmNgrza3Q59d4FC7plyEVwSDDIQ9SFW+rgywiYsZnMdwJw5k3QtianA9rzi7I0vkcRfFHcvwXsHeH3CeubadEHYXtHxEcwxPQMk+mnPEJBYXOBTjeEvEebsx3PfhWiCPKOnNE1XEG7l7+6NPG476E7xBsNzP1aoEeybHIxWo3Hb7m2roti/dUsvnYRiP/N2QCbWlsflkut7qMrHNfsNVHkpGZvinNDS5j6CMsgXG4dYu/VIKzr2W3uZmpPLCkwwZr4EPjuet5VaYwqWuyiftDvd4iKgJluSQCFiJNNBf9gXTi+Oyo2DxjXFsqZvZZ91Bai6LWthUYywUmjfiKyTucix+AftFoLvzvvnGRJWznhvb4NIR9QJu7WIvXjzenzbptr6yZZ+ClQMMMU9sDrhXtH2U7gX38MFv8Tnj/WFfh0YJ9mw8E+pYFWlu/boNbjlDdGOuiuhDrwdmMpzQ/IrI2oQlyMo4dWPm9sv0mmEsHfO4qMppn5cjawu+R/za4Els0dHSLn6fDZG6jMFCNeSyk1XrIEqVCtNwNJlr1urJ1FKKO9kTHxdrVXw00pc0PJJGclGUFjXc2G/QPchtV+diUt+QTOSwYV6mYjCunVgNsQrCWcmB2bV3q0cBgSPMQ1vCrRCjcdZ0z7TQLSkfz/MNsMLQOfB1dHED2D8Sl+4uma7yRiVKUOQ6+h5tIC4BK0dWqh658yc21ZujkXtv8uLFoU0HX/cMnja+IiK9ixwTz2tVKpH6T2wbRAI+Pg2lke6Cj3NHHJufp1OernBGMugzMEQ8qia14e8ypbClKC+RirdXF96XHS8b7c
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <32AA741F018EB040A20003F185F67F4B@namprd06.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: cablelabs.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CY4PR06MB2821.namprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f4767346-ce68-421c-8117-08d8e80bd2ba
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Mar 2021 23:41:14.9648 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ce4fbcd1-1d81-4af0-ad0b-2998c441e160
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: f4uVb4PfuRW1+KOTKVU4JhRdj3or0GjIbvwpjaxWPy6bsj/zTwmlTeRp+T+AVn6l0QV3Opb43j0ul79MgmSb4g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR06MB2805
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/Yvwom2UoLYn6PeXyoxE7CaQhSaQ>
Subject: [tsvwg] Comments on L4Sops [was Adoption call for draft-white-tsvwg-l4sops ...]
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Mar 2021 23:41:19 -0000

Hi Jonathan,

I think you've misinterpreted the intent of the draft a bit.  Maybe there is an opportunity for further clarification in the draft itself, but fwiw I'll try to explain it better here.  

Accurate real-time, in-band detection of RFC3168 by an L4S congestion controller is what you are referring to in your first item labeled 1.  If such an algorithm were generally agreed to be simple and reliable, then it could be argued that there wouldn't need to be an L4Sops draft. The detection algorithm that was studied earlier was found to suffer false positives at low data rates or high RTTs (though the referenced 'fallback' paper does discuss another approach for in-band detection that warrants looking into).  While the draft intends to include in-band detection as a potential option, it recognizes that it isn't the only solution.  I think there is confidence that out-of band tests can be reliably performed that determine whether RFC3168 bottlenecks exist, and this information can be used to make decisions about deployment and use of L4S.

Further, I don't agree that network operators are always "innocent bystanders" in your taxonomy.  Some might be, but others are definitely not.  I think it is totally appropriate to provide guidance to network operators that want to participate in L4S but have RFC3168 deployed in their networks.    

-Greg



On 3/15/21, 4:35 AM, "tsvwg on behalf of Jonathan Morton" <tsvwg-bounces@ietf.org on behalf of chromatix99@gmail.com> wrote:

    I do not think this document is ready for adoption in its current form.  Let me explain why, and suggest some ways it could be improved.

    L4S has a fundamental incompatibility with conventional AIMD traffic in the presence of RFC-3168 ECN AQMs, just like DCTCP upon which it was based.  L4S therefore requires mitigations to ensure that the harm caused by this incompatibility is minimised to an acceptable level.  Since the harm is primarily caused to "innocent bystanders" rather than "involved participants" or "interested observers", the acceptable level of harm and risk is especially low, and the mitigations need to be correspondingly robust.

    However, robust mitigations are not what l4s-ops currently describes.  Most of the measures described fall into three categories:

    1: Reliance on detecting an RFC-3168 AQM and disabling the L4S behaviour, using heuristics that have not yet been shown in a reliably working state, even under lab conditions.  It is impossible to state that such a heuristic can be relied upon until such a showing has been made.  A previous attempt at implementing such a heuristic was unsuccessful and is now disabled by default in the reference implementation.  Hence, the reliability of such a heuristic would necessarily be a subject of the experiment, not the primary safeguard.

    2: Requirements placed upon "innocent bystanders" to avoid the harm, mostly by reconfiguring, replacing, or disabling their RFC-3168 AQMs (sometimes in an RFC-ignorant manner).  This is obviously unworkable, since by definition "innocent bystanders" are unaware of the experiment, and even if made aware, are disinterested in doing work to accommodate it.

    3: Recommendation to deploy L4S hosts on networks that have been prepared to receive it.  Which is a step in the right direction.  But this is not accompanied by a corresponding requirement to *contain* L4S traffic to each prepared network.  Without such a requirement, it would be very easy for L4S hosts on different networks, which may individually have been prepared, to communicate over the path between those networks that has *not* been prepared, and upon which the risk of disrupting bystander traffic therefore exists.

    It is perhaps noteworthy that gaps in the second and third classes of mitigation are proposed to be covered by the first class of mitigation.  I also note that there is still an assertion in the text that RFC-3168 AQMs are "rare", which is refuted by recent data.  Finally, in the context of a CDN-ISP pairing for an experimental deployment, the ISP subscribers' LANs and WLANs are technically separate networks that would be difficult to "prepare" for L4S in advance; it would be wise to consider the ramifications of that.

    I also note in passing that a modification of tunnel encapsulation semantics is also proposed.  Given that tunnel implementations are more diverse than RFC-3168 AQM implementations, I also consider this unlikely to be practical, though I haven't studied in detail whether it would be effective if achieved.


    I am currently aware of four theoretical methods of robustly mitigating the risk posed by L4S.  I think that l4s-ops would be considerably improved by proposing that at least one of them be employed as a prerequisite to the L4S experiment actually taking place:

    1: Develop, implement, demonstrate, and open for scrutiny an RFC-3168 detection heuristic that is reliable and prompt enough to serve as a primary safeguard for the experiment.  In my opinion this will be difficult and will take significant time, but is not impossible to achieve.

    2: Deprecate RFC-3168, or amend it to remove drop-equivalent marking of ECT(1) packets, and require the removal of all unmodified ECN AQMs from the Internet.  This is unlikely to get much support given the increasing deployment rates of RFC-3168 AQMs at the present time.  In any case it would take a very long time to eliminate existing RFC-3168 AQM deployments at Internet scale, so I consider this impractical.

    3: Explicitly contain L4S traffic to networks that have been prepared or designated for the experiment.  That could be done by marking all L4S traffic with a designated DSCP at origin, and blocking traffic carrying that DSCP from traversing border gateways into unprepared networks.  This has the effect of making users and administrators of these networks at least "interested observers" and isolating L4S traffic from "innocent bystanders".  Within the designated networks, observing the practical interactions between L4S and conventional traffic would be part of the experiment.

    4: Redesign L4S to shift the risk burden away from "innocent bystanders".  The most obvious way to do so is to implement unambiguous signalling by the network, so that the receiver knows for certain whether it is receiving congestion signals from an RFC-3168 AQM requesting an immediate MD response, or from an AQM of the new type requesting a new type of response.  The risk of performance trouble is then restricted to network nodes that produce the new signals and transport endpoints that understand them - in other words, to the relatively small number of "involved participants" who have the knowledge and incentive to study the problem and find solutions.  The incentives are thus aligned correctly and risks are not "externalised".

    The SCE proposal does exactly that, in a manner that is totally transparent to existing RFC-3168 endpoints and middleboxes.  It becomes practical, for example, to use a Differentiated Services Code Point to differentiate a low-latency service onto a second bearer and provide a single-queue SCE AQM there, while providing a single-queue RFC-3168 AQM (without SCE) on the primary bearer.  Because of the unambiguous signalling, SCE traffic missing the DSCP would still compete on equal terms with conventional traffic, instead of dominating it or being dominated.

    I realise that this last method is not strictly in scope for the l4s-ops draft (and that mentions of SCE tend to raise hackles among L4S proponents), but I include it because it appears to be the most robust mitigation method available.  It also has the advantage of running code being available to try it out immediately.


    I am not hugely optimistic that the l4s-ops draft will incorporate the above advice before the adoption call ends.  But unless and until it does, my position is that it SHOULD NOT be adopted.

     - Jonathan Morton