IETF Logo Mail Archive

Re: [tsvwg] Dual-Q Pol[i]cing

"Rodney W. Grimes" <ietf@gndrsh.dnsmgr.net> Mon, 25 May 2020 16:49 UTC

Return-Path: <ietf@gndrsh.dnsmgr.net>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 506953A0DCA for <tsvwg@ietfa.amsl.com>; Mon, 25 May 2020 09:49:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.622
X-Spam-Level:
X-Spam-Status: No, score=-1.622 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.276, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c6orC-zFLjyk for <tsvwg@ietfa.amsl.com>; Mon, 25 May 2020 09:49:09 -0700 (PDT)
Received: from gndrsh.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 910783A0DC9 for <tsvwg@ietf.org>; Mon, 25 May 2020 09:49:09 -0700 (PDT)
Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1]) by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id 04PGn8f9081026; Mon, 25 May 2020 09:49:08 -0700 (PDT) (envelope-from ietf@gndrsh.dnsmgr.net)
Received: (from ietf@localhost) by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id 04PGn8WW081025; Mon, 25 May 2020 09:49:08 -0700 (PDT) (envelope-from ietf)
From: "Rodney W. Grimes" <ietf@gndrsh.dnsmgr.net>
Message-Id: <202005251649.04PGn8WW081025@gndrsh.dnsmgr.net>
In-Reply-To: <CACL_3VFSaN3MKhqoyvT+FCK2WWQsYSisN2U57-i=cs_qCxjLbw@mail.gmail.com>
To: "C. M. Heard" <heard@pobox.com>
Date: Mon, 25 May 2020 09:49:08 -0700
CC: Paul Vixie <paul@redbarn.org>, TSVWG <tsvwg@ietf.org>
X-Mailer: ELM [version 2.4ME+ PL121h (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/bXjcyzVXdYb8Pnp9XVbw15b-2ro>
Subject: Re: [tsvwg] Dual-Q Pol[i]cing
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 May 2020 16:49:11 -0000

> On Mon, May 25, 2020 at 8:50 AM Paul Vixie wrote:
> > On Monday, 25 May 2020 10:00:30 UTC Sebastian Moeller wrote:
> > > ... Is everybody else convinced that L4S offers a sufficiently
> > > safe design and was tested with the to be expected level of adversarial
> > > traffic patterns to confirm the design's safety in the real-world?
> >
> > so, no, i am not convinced, but that doesn't matter. what matters is that
> > if there is an input signal marked on a flow, datagram, packet, or segment
> > which would cause my routing or switching equipment to behave differently,
> > such as choosing one of two "dual queues", then i will likely never enable
> > it, and if i do enable it i will bleach that mark out of inbound traffic
> > from the WAN.
> 
> Because it may inform the conversation, is your current policy to disable ECN
> marking and/or to bleach ECN bits out of inbound traffic from the WAN? Per
> RFC 3168, those bits are intended to affect drop vs mark behavior of routers.

Unsolicited, but useful data.

Netflix says they shall not turn on ECN in there services because they do
not trust the network, which is another case of the issue stated above.

Yandex says they shall not turn on ECN due to an unfairness issue, which
I am now starting to fully understand.  ECN can be gamed, plain and simple,
so ECN without a FQ or some other form of protection can lead to network
abuse.  It is rather simple to create a transport that claims to support
RFC3168 marking, and then have it simply ignore ECE.  Pete Heist, I believe,
has posted data on this, and no one has even responded to it.

So in answer to your question Mike, for me, I would feel at liberty to bleach
ECN entering my AS should I find it being gamed, and might just do so
out of safety until I can be sure that proper protections are in place.

IMHO, this WG should take a serious hard look at some of these issues
and possibilities, nothing in L4S removes those status quo's, and again
IMHO, this dooms it to the same fate as ECN in some rather large parts
of the internet.  SCE suffers from this less so in that it is almost
always coupled with either a FQ or AFQ AQM which does infact at least
mitigate the above issues.

It appears to me that one can not safely deply any ECN system without
some form of queue protection.   And yes, including RFC3168.

> Mike Heard
-- 
Rod Grimes                                                 rgrimes@freebsd.org

v2.23.0 | Report a Bug | By Email