IETF Logo Mail Archive

Re: [tsvwg] FQ & VPNs

Ingemar Johansson S <ingemar.s.johansson@ericsson.com> Sat, 20 February 2021 18:43 UTC

Return-Path: <ingemar.s.johansson@ericsson.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06A493A1640 for <tsvwg@ietfa.amsl.com>; Sat, 20 Feb 2021 10:43:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.671
X-Spam-Level:
X-Spam-Status: No, score=-2.671 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.57, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sjSy12At-xho for <tsvwg@ietfa.amsl.com>; Sat, 20 Feb 2021 10:43:01 -0800 (PST)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2073.outbound.protection.outlook.com [40.107.22.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7AFB3A163F for <tsvwg@ietf.org>; Sat, 20 Feb 2021 10:43:00 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CrnOYDi7LgBfLU4RaI2DCIgPEvUzb/JLarfL1oSJKuoSH9HHjyTgjludfK8IElViqL9kwfO8qK2+MBZ7lTxOE4pK6W9tV/uPIEtijFShSQCkCcPGRQRqRDzUwNvv8UVNMOyyvznGWitbUJ9xfthUGLfW6Ac/xTd4GXhfk/A6CeDIRzbXrwSycs0k5FOWlxN0N48C/vIEFHrNtPPMq+9afoOWiRUsz2lfgUb2npAIqfVLy8GCK8/xSQKZLZpic41k+spUjTTvlkow3QFCjIpt9aalvUBUz1mrM25pu6gzR/v+sMkgHbJ+c66AG4UX3i1xzlyj+E/EBRYbtn2DsSKfsw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+cgLqS9OgQjenpoF4QyPiiC1jiYfXlDyksuWIM5pzeg=; b=fVB5aaXCdjXq2AjiADbS8uK0rJJ3h1AsirTdCSPEYXo6GwZhEunJH6H7U7HOnHcENOELpCBiugLxlPyQAMPzjyobWoI9lAa0qOJQiwYGYxSB7kK8045lbqJd4EPZZmFLd9oWKUg3qlCNefOWzGLQnicTMppHn2CRjSkjZutaN82qz1CfUy2/qcLQMHzvbMtpDND/GvmtFfeqaGtwEl8Njrc/JD337uLLtatTBpFROmIkq/ySZ8jf8lOmWka2KHETObiRPznK1AAkPg7aMkXZRasI/c5RD5044UhoETyY+4ZTWWhE/x9GScgoFZYQmYp2pyLSE6ZQrsM1JUarissowg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+cgLqS9OgQjenpoF4QyPiiC1jiYfXlDyksuWIM5pzeg=; b=rWiM4kQLxfFUjYoiL8SZHbsRQhLMhMyxCqDuYM6zpss5p54hIy13vMlkJKmV7C2Y8cGonh5UDs+hexW2HWx10uXyEhu3gwJkw59/83Za3xDMMXpXv6xnxoJZwnxrScx2ssAvJ5Wp5WE42T9ElaOORdRAA/uP11B/gQXp+jQngYk=
Received: from HE1PR0701MB2299.eurprd07.prod.outlook.com (2603:10a6:3:6c::8) by HE1PR0701MB2298.eurprd07.prod.outlook.com (2603:10a6:3:6d::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.11; Sat, 20 Feb 2021 18:42:57 +0000
Received: from HE1PR0701MB2299.eurprd07.prod.outlook.com ([fe80::494d:6160:61fd:5b1]) by HE1PR0701MB2299.eurprd07.prod.outlook.com ([fe80::494d:6160:61fd:5b1%9]) with mapi id 15.20.3890.009; Sat, 20 Feb 2021 18:42:57 +0000
From: Ingemar Johansson S <ingemar.s.johansson@ericsson.com>
To: Dave Taht <dave.taht@gmail.com>, Bob Briscoe <ietf@bobbriscoe.net>
CC: TSVWG <tsvwg@ietf.org>, Jonathan Morton <chromatix99@gmail.com>, Ingemar Johansson S <ingemar.s.johansson@ericsson.com>
Thread-Topic: [tsvwg] FQ & VPNs
Thread-Index: AQHXBxaqQomJ8SowS0azevj3vl+bUqpgOKaAgAAGrYCAAQ438A==
Date: Sat, 20 Feb 2021 18:42:57 +0000
Message-ID: <HE1PR0701MB2299CF42CA83576C86070BB0C2839@HE1PR0701MB2299.eurprd07.prod.outlook.com>
References: <161366419040.16138.17111583810851995947@ietfa.amsl.com> <BF0810D9-E742-4FCB-90B1-6957551B585D@heistp.net> <b222bbdf-70ae-3e5b-b122-1160299fb4e2@bobbriscoe.net> <E7CC88FA-F064-4B72-BAA9-8BE40F7AF040@gmail.com> <52cb434a-bd91-6260-7be9-85bdbd07b625@bobbriscoe.net> <BCAB7068-A10A-4FC4-9719-E300F644262C@gmail.com> <43f43fa2-69c4-bc10-3ffb-e95e41809335@bobbriscoe.net> <4835a3cd-4d88-68ac-d172-1e21bc42a150@bobbriscoe.net> <CAA93jw7_yvkqU-uxHkbHkO2g_RFmzCmJcxQhMJcBQjo=+QMh=w@mail.gmail.com>
In-Reply-To: <CAA93jw7_yvkqU-uxHkbHkO2g_RFmzCmJcxQhMJcBQjo=+QMh=w@mail.gmail.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [83.227.122.88]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c19fb5df-b2b1-472b-23b5-08d8d5cf575b
x-ms-traffictypediagnostic: HE1PR0701MB2298:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <HE1PR0701MB22982EFAF5B08337B01744EEC2839@HE1PR0701MB2298.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:2958;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: dmZjJzewaGTOuXKHJcymYD+xQm8oygyz4gZkmjDXg8OT9c8LzYmUh9tlgsXy7ZJObjAOI4bMTAdze9OzQCe/W/jM4PQ6DtnvLKfizdgdLfO3bHwBCxJSNw0+SjogZ9wSK3jz6RY0Aybwuco0vKBBURjPyp61fQtpKJre5UXeDFED5bJ8ax/gp5j7Gik7OHTzAw/bZ7XAwVWnp9KJ0Nb6Jj+IL4UJ//PjYQTQ2z9Ua+8Gx4Xjv6dj/g8sX3F0azyYgkcBK9NOsxwj2kxfdqO+bFB6ansb7k0MmaLj3JfWAVWhFhahW3kIuTTediq8Z1ktl2RctrISwTCDJTPvlJn0kmoagB6bN/h4uMA1HwrTAdLFiWpI6V3ynDc3Rrk4FiZ2i6wFhWraI4U7PXeY+NXrOxJC0nwksK+MM8vO7Zap9gQKo+l9FCEgY7m5ASlA+2od2seCfcqC11ez76HRxL9PjxUZpVTMhOVzO9fhRdTfrrmRooZJsoHYhZlfqhLApMklrmW1wsrJRbWpdWnzEIG48wHMVwv61uTE+EkuZVyqeRGfCVvKlkyjd+w65CnGzUYiip7a7jY1Y7goZ5iJWYhYb+vypyKFFBOyZUPHo7w0j68=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB2299.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(136003)(396003)(376002)(39860400002)(366004)(99936003)(26005)(9686003)(110136005)(4326008)(54906003)(186003)(33656002)(83380400001)(86362001)(5660300002)(66556008)(66946007)(52536014)(53546011)(66476007)(66616009)(6506007)(66446008)(8936002)(316002)(64756008)(76116006)(966005)(478600001)(71200400001)(107886003)(8676002)(2906002)(7696005)(55016002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: limgMpnIIn+jb8nFMEfMwpnnNbfGL9Io3QhSPBp/QB3sk/vU5cpOKe9ZnkvTkSqF7xDuNuYFm4AEYIW5B5lkggkNvC83UKoSzizXrg6gAt2OaLk+XsegjbQL7bUytZmrEdIRF04AY1kLCut+IEx0Y09iBbyFKAHcgCqoLkNwFgnS8/kd7KdOo5ra0SFPYRMieNayHEqfrD6wSxV8lri8gpLyWObosibxgtI4HMKJkKFrMZMWjlUGP457So7/GBuvOCFFtXUwaRMiYaRg0+qgZ9fC7gEa+1HlHDUnZBeBerBpLNHotkNS5TXWaHHf3KOIGHGrT8jFbmbwRSRHEwK27XhEZG9iE8IfQhq+MpSIROZHgESlEurcRULgeTeq/LNijNNvorCQnzqY41DUidBs8q2BY11SU7Z2LqbUEVcelbYtH+5tevPIz+r5Mu3qj/tf1/TwZL1u17HHLERMtLxxnlBNmaa8Uu/01oIbVjECAapPhWhDYjnbkHmJ/MJfQ7ZdoAaCDYOodwnpnkUGptucc9+JQAmF5gIrDC1vBwJeesIc94vVvo4te+ZHjRnBKjcLhc2LnDlGBIdBcKz08NdNq6TVKCMtPIekpYi0bpLISjO6qloLHSIYriB4eFaXCoKwwoac5sao6ZExfLAvOrzr9XfYvw2FAKtZiEVjPMCjFZEnQ9WeeFgnI1LGvKh8yXquyST/sqnQU1hOw+BOiNH8FCZslkmGlDbx/ft45aefE0+W9WId60s9dZqSrZoftFoYlpUnc0yxPtqHYViLuWxW4BIQ+j7W+3MGLEJse4mFQNQj5bhisf8sQn498R7L0R28F5ZFnvAa9NTe6svEG4iEchqclICRmOiCiM2YKfNp9IuTKQRa4wu+HjPuAwSSni6AV1jQNVAi6akSg+kADO71DJqk0V9EKNP9RU/cZSMMDx+gTrUOKW4gmc0kQWHDccf7eELPcRGjz0HpMfh7dll/yGpK1d7SsiQwSZlN8hVJG9JtokrqRbYCyf0SNJZBWdmSbQSke/Xk/cT0iQe1TO027nsuCskKdL2BpVq2Uo9siF9MZtBfKBwSOsmD9r75w2JjDbWne/u0l7Vyy6IoVh0o1/wabFZatFgLS2iuS/DBj9sjXNKK0IluQyGaf58zCXTQB0noDyvKBN1Wai5Okdv266dYpsudKyzf1n8z5wdjtcYcltIvxILIS+UoQL6we4bd2ND7QzgtFPZGw44M9LM7p608PTUIk5/KX2/2rrLENKW64zd+iRgo736AO/d+ArfAer+lLZN/1bJu2bqlL6GXsM99IKDB4HgtcHDBQPH+dumWDhSBTHi/dBr0ZRTciQ9a
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0228_01D707C0.956C7FB0"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB2299.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c19fb5df-b2b1-472b-23b5-08d8d5cf575b
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Feb 2021 18:42:57.2492 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Fl3Q25sz1XwW+cBQrfJ36N6mjTIkKJmlFX4VMaLKIZhZlNeK663veIsg3VDn4vLsqb9KD6pxUPkA5xnSAjskkPIuWTVPUUDRFfSbM45xDQPxvtbRe/HfQbpgtKZBfCMr
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2298
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/Llfkjbg1EkpHbGv2bfP4lWYnK80>
Subject: Re: [tsvwg] FQ & VPNs
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Feb 2021 18:43:03 -0000

Dave, Jonathan

Getting back to the subject. 

Quoting Jonathan " However, I would remind you that neither SFQ nor fq_codel can distinguish between flows carried inside an encrypted tunnel, so this cannot be relied upon alone to make L4S safe.  Pete's data shows significant tunnelled traffic, much of which is probably due to people working from home and using VPNs to access a corporate network."

This line of reasoning makes me confused.
Section 6.2 in RFC8290 ( https://tools.ietf.org/html/rfc8290#section-6.2) clearly says that fq-codel will not deliver its intended benefits for encrypted tunnels. If ISP's still rely on fq-codel to do it´s job well even though a substantial share of the traffic is VPN, then that is of course a problem. But I see that only as an fq-codel problem.

So what I cannot at all understand.. Why should a known problem (or read design feature) in fq-codel (or SFQ) be interpreted as something that makes L4S unsafe ?. 

/Ingemar



> -----Original Message-----
> From: tsvwg <tsvwg-bounces@ietf.org> On Behalf Of Dave Taht
> Sent: den 20 februari 2021 02:22
> To: Bob Briscoe <ietf@bobbriscoe.net>
> Cc: TSVWG <tsvwg@ietf.org>
> Subject: Re: [tsvwg] FQ & VPNs
> 
> It takes an awful lot here for me to bother to reply to a thread.
> 
> > Here is an algorithm to find the truth. Take one of your emails, and do a diff
> with the previous email in the thread. Then the other person's text that you
> silently deleted (as above) will invariably be the truth.
> 
> Here is a better algorithm to find the truth. Purchase any of dozens of
> commercial routers today running cake or fq_codel, or the thousands
> available via reflash to openwrt/dd-wrt/tomato construct a repeatable
> experiment, and publish the code and results. The results from running,
> repeatable, code trumps theoretical objections every time.
> 
> The evenroute v3 and edgerouter X series are pretty good bases for
> experimentation.
> 
> Wilful ignorance, and the lack of a willingness to construct repeatable
> experiments is not science. If you have a point to make, make it with a
> repeatable experiment against running code, please.
> 
> Tuning out again.
> 
> >
> >
> > Bob
> >
> > --
> >
> __________________________________________________________
> ______
> > Bob Briscoe
> https://protect2.fireeye.com/v1/url?k=e8b458ab-b72f6049-e8b41830-
> 86073b36ea28-0086813e29ae2dfb&q=1&e=e1b27d62-c59c-43ba-b512-
> e8cf13c35f2c&u=http%3A%2F%2Fbobbriscoe.net%2F
> 
> 
> 
> --
> "For a successful technology, reality must take precedence over public
> relations, for Mother Nature cannot be fooled" - Richard Feynman
> 
> dave@taht.net <Dave Täht> CTO, TekLibre, LLC Tel: 1-831-435-0729

v2.23.0 | Report a Bug | By Email