Re: [tsvwg] Packet Loss Signaling for Encrypted Protocols: draft-ferrieuxhamchaoui-tsvwg-lossbits

<> Thu, 11 July 2019 10:19 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3AF8012017D for <>; Thu, 11 Jul 2019 03:19:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nq8KCfVqVMF3 for <>; Thu, 11 Jul 2019 03:19:30 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EDC1C1200D6 for <>; Thu, 11 Jul 2019 03:19:29 -0700 (PDT)
Received: from (unknown [xx.xx.xx.66]) by (ESMTP service) with ESMTP id 45ksVS1rLDz4wjJ; Thu, 11 Jul 2019 12:19:28 +0200 (CEST)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.70]) by (ESMTP service) with ESMTP id 45ksVS184Mz8sYp; Thu, 11 Jul 2019 12:19:28 +0200 (CEST)
Received: from OPEXCAUBM24.corporate.adroot.infra.ftgroup ([fe80::b43f:9973:861e:42af]) by OPEXCAUBM33.corporate.adroot.infra.ftgroup ([::1]) with mapi id 14.03.0439.000; Thu, 11 Jul 2019 12:19:23 +0200
From: <>
CC: "Lubashev, Igor" <>, tsvwg <>, "FERRIEUX Alexandre TGI/OLN" <>, Tom Herbert <>, RONTEIX JACQUET Flavien TGI/OLN <>
Thread-Topic: [tsvwg] Packet Loss Signaling for Encrypted Protocols: draft-ferrieuxhamchaoui-tsvwg-lossbits
Thread-Index: AdU1z13vAPi6st6TRKOd3SUsz+4ZFQAC+e4AAAPfX4AAAW3TAABS/NfTABoD0oAACx5QYA==
Date: Thu, 11 Jul 2019 10:19:23 +0000
Message-ID: <11035_1562840368_5D270D30_11035_470_2_5d4094c8-f1b1-46d1-929c-43f9dbb20487@OPEXCAUBM33.corporate.adroot.infra.ftgroup>
References: <> <> <> <> <f62eb747-ad70-45e4-bc2f-94eeddf4d693@OPEXCAUBM6F.corporate.adroot.infra.ftgroup> <> <787AE7BB302AE849A7480A190F8B93302EAC9D66@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302EAC9D66@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_5d4094c8f1b146d1929c43f9dbb20487OPEXCAUBM33corporateadr_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [tsvwg] Packet Loss Signaling for Encrypted Protocols: draft-ferrieuxhamchaoui-tsvwg-lossbits
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 11 Jul 2019 10:19:33 -0000

Hi Med,

We’ve tried using UDP trailers to support our loss bits some months ago, and some L4 equipment just drop packets with non-empty UDP trailers.
So, it seems that using UDP surplus area is not really a viable option either.



Envoyé : jeudi 11 juillet 2019 08:53
À : Tom Herbert
Cc : Lubashev, Igor; HAMCHAOUI Isabelle TGI/OLN; tsvwg; FERRIEUX Alexandre TGI/OLN
Objet : RE: [tsvwg] Packet Loss Signaling for Encrypted Protocols: draft-ferrieuxhamchaoui-tsvwg-lossbits

Hi Tom,

Actually, there is no new problem to solve for TCP (and some of the other protocols you mentioned). Existing techniques are OK, see for example the discussion in

Supplying these bits at the network layer would be ideal, but as you know there is no such common layer. IPv6 extensions will be obviously specific to IPv6 and similar extensions to IPv4 would be needed… which is more challenging given that no viable option is left in that space.

The UDP surplus area solves that problem for both IPv4 and IPv6. Obviously, it applies when UDP is used as underlying transport which covers the QUIC case and many encap protocols relying upon UDP for NAT traversal, entropy, etc. matters.


De : Tom Herbert []
Envoyé : mercredi 10 juillet 2019 18:28
Cc : Lubashev, Igor; HAMCHAOUI Isabelle TGI/OLN; tsvwg; FERRIEUX Alexandre TGI/OLN
Objet : Re: [tsvwg] Packet Loss Signaling for Encrypted Protocols: draft-ferrieuxhamchaoui-tsvwg-lossbits

On Tue, Jul 9, 2019, 1:44 AM <<>> wrote:
Hi Tom,

I do think there is a value in structuring this as a 2-stage effort:

(1)This draft, as it currently stands, which sketches the overall framework. I do see a value in having this generic framework document without going into details about which signal channel is used.

(2)Applicability document(s)(?) which will focus more on how to convey these bits: HBH is an option for IPv6, but I suggest to explore the “surplus area” (udp-options) as this may be valid for both v4/v6.

The UDP surplus area is only useful for UDP. It doesn't help TCP for instance (or SCTP, DCCP, IPsec, etc.). This is why information belongs in the common network layer; we don't have to worry about how to support network visible information in each and every possible transport protocol.



De : tsvwg [<>] De la part de Tom Herbert
Envoyé : mardi 9 juillet 2019 04:52
À : Lubashev, Igor
Cc : HAMCHAOUI Isabelle TGI/OLN; tsvwg; FERRIEUX Alexandre TGI/OLN
Objet : Re: [tsvwg] Packet Loss Signaling for Encrypted Protocols: draft-ferrieuxhamchaoui-tsvwg-lossbits

On Mon, Jul 8, 2019, 7:10 PM Lubashev, Igor <<>> wrote:
Thank you for your comments, Tom. I am pleased that you find intent of the proposal admirable -- this is a major purpose of this draft.

This draft is "informational", not "standards track". Its purpose it to recommend a technique that would be adopted for specific protocols in different protocol-specific drafts, possibly in protocol-specific WGs.

As for our experiment, the bits we used were the two most significant bits of TTL (IPv4) and HopLimit (IPv6). That was done mostly for expediency of the implementation and good interoperability on the network.


On one hand, it's good that the signaling is being done in the network layer protocol, that justifies the argument that the mechanism is transport independent or at least transport agnostic. On the other hand, commandeering bits in protocol headers that are already allocated is obviously something that shouldn't be standardized (we've previously seen other attempts to repurpose defined IP fields; stealing bits from the IPv6 flow label seems like a common idea!).

For a longer term solution, the alternative is to use the extensibility mechanisms of IP (options in "legacy" IPv4, extension headers in IPv6). For instance, it would be interesting to define a Hop-by-Hop extension header for the loss signaling. One caveat is that a single HBH option gives at least 32 bits of data to work with, so it makes sense to pack as much functionality into an the option (e.g I'm thinking maybe latency signaling, which also can done in two bits, might be another function in the grand "Transport metrics" option).


Many thanks,

- Igor

-----Original Message-----
From: Tom Herbert [<>]
Received: Monday, 08 Jul 2019, 8:20PM
To: Lubashev, Igor [<>]
CC:<> [<>]; Isabelle Hamchaoui [<>]; Alexandre Ferrieux [<>]
Subject: Re: [tsvwg] Packet Loss Signaling for Encrypted Protocols: draft-ferrieuxhamchaoui-tsvwg-lossbits
On Mon, Jul 8, 2019 at 2:20 PM Lubashev, Igor <<>> wrote:
> Alexandre, Isabelle, and I have just posted a draft on a protocol-independent method for endpoints to signal packet loss to the path, while maintaining end user privacy and resisting ossification.  This method can work for any protocol, but the primary focus is, of course, on protocols that encrypt their headers.
> We think this loss signaling scheme (just takes 2 bits somewhere that are set by the sender) is an appropriate solution for allowing networks to do their job at providing high QoS and ease of troubleshooting without compromising on encrypted protocol goals.


While the intent of the proposal is admirable, I think both the draft
and this description gloss over a critical piece of a protocol, namely
what is the exact protocol that the sender uses to convey the
information and the receiver knows how to unambiguously interpret it.
That is, it's not enough to say that it "just takes 2 bits somewhere
that are set by the sender", in order to produce robust and
interoperable implementations we'll need to know _exactly_ where those
two bits live. In passing the draft mentioned "e.g. two most
significant its of the TTL field in IP (see [IP]) and IPv6 (see
[IPv6]) headers or reserved bits in a QUIC v1 header (see
[QUIC-TRANSPORT]).". I'm not sure which of those are intended to be
implemented and standardized (It's not clear to me that any protocol
solution for such signaling, other that IPv6 HBH headers, can be
robustly defined for such signaling).

> - Igor
> P.S.
>   We've implemented this proposal in some Akamai servers and have been using it to serve actual end-user traffic for a subset of Orange customers.  Orange has implemented passive observer that used this signal to detect and identify loss.  We will discuss and analyze the data we collected at maprg (while the signaling protocol details belong to tsvwg).

Right, so if you've implemented something already then where were the
bits put in the protocol headers?


> -----------------------------------------------------------------------------------------------------------------------------------------------
> A new version of I-D, draft-ferrieuxhamchaoui-tsvwg-lossbits-00.txt
> has been successfully submitted by Igor Lubashev and posted to the
> IETF repository.
> Name:           draft-ferrieuxhamchaoui-tsvwg-lossbits
> Revision:       00
> Title:          Packet Loss Signaling for Encrypted Protocols
> Document date:  2019-07-08
> Group:          Individual Submission
> Pages:          9
> URL:  
> Status:
> Htmlized:<>
> Htmlized:
> Abstract:
>    This document describes a protocol-independent method that employs
>    two bits to allow endpoints to signal packet loss in a way that can
>    be used by network devices to measure and locate the source of the
>    loss.  The signaling method applies to all protocols with a protocol-
>    specific way to identify packet loss.  The method is especially
>    valuable when applied to protocols that encrypt transport header and
>    do not allow an alternative method for loss detection.


Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.