IETF Logo Mail Archive

Re: [tsvwg] L4S dual-queue re-ordering and VPNs

Sebastian Moeller <moeller0@gmx.de> Wed, 05 May 2021 21:21 UTC

Return-Path: <moeller0@gmx.de>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A24F3A21E5 for <tsvwg@ietfa.amsl.com>; Wed, 5 May 2021 14:21:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.648
X-Spam-Level:
X-Spam-Status: No, score=-1.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hqbd3D6zyXhj for <tsvwg@ietfa.amsl.com>; Wed, 5 May 2021 14:21:04 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8B503A21E4 for <tsvwg@ietf.org>; Wed, 5 May 2021 14:21:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1620249655; bh=GAYT1xGPcAINpaiIx7d/fzsnwNLfkPsngoHSIEyh0zc=; h=X-UI-Sender-Class:Subject:From:In-Reply-To:Date:Cc:References:To; b=kwcEhOOSqiyqvwBPl891sLeFznkppT5Vsqkj6eNI9vQGFV0okraO3/SFwZ/3fZYRi GSdcmQo8+jGf5sBDRFrmIEkYVnrn8Vm7qz8DsxZHzv7NiMhDb6G977Cb4YD2xdc8/7 0v0x3IGmJVJ8Wd7bpirZkBDcGU0/uINGa0ra1ZyU=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.42.229] ([77.1.189.73]) by mail.gmx.net (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MiacR-1l1EVU0ZfT-00flVb; Wed, 05 May 2021 23:20:55 +0200
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.20\))
From: Sebastian Moeller <moeller0@gmx.de>
In-Reply-To: <68F275F9-8512-4CD9-9E81-FE9BEECD59B3@cablelabs.com>
Date: Wed, 05 May 2021 23:20:53 +0200
Cc: TSVWG <tsvwg@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <1DB719E5-55B5-4CE2-A790-C110DB4A1626@gmx.de>
References: <68F275F9-8512-4CD9-9E81-FE9BEECD59B3@cablelabs.com>
To: Greg White <g.white@CableLabs.com>
X-Mailer: Apple Mail (2.3445.104.20)
X-Provags-ID: V03:K1:OAP59aTiqV7VqKt/fqMS1UP1Eu5ipWW7PVX9A6LLjpuZTESk6Ii OC1ZO6D0624ibh9dMKa2xs5W+IYV89FWaeHAvsPsxld6ok+e4IPnZ4I+w7LAqEG9UTbtSrv j4HdHXl6IEKQPVWmBV4HlE5dzsgWUU8YA4xIZ2O0xDpj10bOw+tE3AWxCHYb1OK/dIfyHfs E3Y2yI5H0LV5dNiAwDbZA==
X-UI-Out-Filterresults: notjunk:1;V03:K0:c7WM3kq8yS4=:XGNqTAgnfPBGWdgKsqDiVp zdYmeOkPpidL1+IlK773aPwonYfdLXyEVT1WTCX389SAj4WO952NRnPIjF3FR7H1f+XgRZYnh JalDkuQ4FZ6Hf0g/JAdQjdDc2v6k7HFhvNGdDc0GXb4sL+5TX0LQKtj9LY5GNWxj1rrafhBLC ea+ETf7R9MwSa2zp9Kc1yhKMj4i2ls+QZYga1M2EGSszfEAqr90B7qcRJZ1VDMPOOWT9RbduS BFkk+rytwiGOsi7b/nJxqDGMMNoldPxyL5N1toIfuNshcQfGZkQaWdxpSpcy3ICJ+MVaLJ6nG cmhwSbIJ9wqFL+cXZgI4U+Vx+m1EY/j3deXVElqLwz6ceZhlntFbrfEYCmmJCageZEDlKPp5t 4ZH8POHFZl99OIqTf1Pd6BWRKa/tjPjJJnvOI4Ixs2rhVIOUIEjGAHYe1QN9FLTSDt5nLmgBj 804uF4+SQznbz2oFGQTW9A0TI5y8cecTERRyKcbwvMz4GWqxTJN07C/8U87KP51Z6eicU4ZtU 8kl7vWeBsl0E0H3o/B7OdS0TKY/cmluOVuNh17DHn2JkapHPUFScYQjiRmIZghKaXZ86JtgcJ P3HQpV+6EhR8JBntLXeDo8aIb6vDgEQTHR2pdR1GKYJTIFHBbFf2eiTQw/kgSTgJtvwHPo6WF O2yhzXdUG0JuVdZfV+6Wxn1TTRXNLB1TAE2A2l+etxSXDsHbleBkCpUG0HGjxdDuwrn39QsWy xN9KqkpJt7ROBIiWfqdsdKi8Kq23ZhhN6OlYjRjlpZ5OyK+RB8KkB+U0vb9A68dFb4orwkCls nlJaqHcRkGMjJRFMwz2Wp2hHH0Tc7fFDV5RnNnAZefQaVF84apYitldNLqgoFS6YYKxpERQtc molgZo2wupH4eFrgMLf20EboaL+0K34jkh/dZdxigX4EcZOHHqTa2DB95AENL32Cv9Q2HmcMe WQP6T8YoBzX/mkT+Y389b7QYG0sSVv/uJPEvwpqavB3b4GjK9E/8haGJN1rSNRg/HjDIiOnG2 6Zfam3SYD0X9OLeqSEnayNqSrGy4TjYJfyz4dl6xLDVucTqNrkzHxzHwWKUxabpiXUwyYMX5S fbQjDSaNxsZ9CcTWGNI2x2hIzpcKrWCX8lwEm4ZGcLNCMFhRq+wvHdHSiYM1aaEAnbT7L7/O8 bQHDyVgQ0q1JyYaNLB4yviFktHi2WoIhkSCzsQGlKuc6T/LHrrdaQl1Cmfzwp/C2ySZ9E=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/e7Z3uUkD8iVuQfQ9zq1J9G-yDD8>
Subject: Re: [tsvwg] L4S dual-queue re-ordering and VPNs
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 May 2021 21:21:09 -0000

Hi Greg,

thanks for your response, more below prefixed [SM].

> On May 3, 2021, at 19:35, Greg White <g.white@CableLabs.com> wrote:
> 
> I'm not familiar with the replay attack mitigations used by VPNs, so can't comment on whether this would indeed be an issue for some VPN implementations.

[SM] I believe this to be an issue for at least those VPNs that use UDP and defend against replay attacks (including ipsec, wireguard, OpenVPN). All more or less seem to use the same approach with a limited accounting window to allow out-of-order delivery of packets. The head of the window typically seems to be advanced to the packet with the highest "sequence" number, hence all of these are sensitive for the kind of packet re-ordering the L4S ecn id draft argues was benign...


>  A quick search revealed (https://www.wireguard.com/protocol/ ) that Wireguard apparently has a window of about 2000 packets, so perhaps it isn't an immediate issue for that VPN software?

[SM] Current Linux kernels seem to use a window of ~8K packets, while OpnenVPN defaults to 64 packets, Linux ipsec seems to default to either 32 or 64. 8K should be reasonably safe, but 64 seems less safe.

> But, if it is an issue for a particular algorithm, perhaps another solution to address condition b would be to use a different "head of window" for ECT1 packets compared to ECT(0)/NotECT packets?  

[SM] Without arguing whether that might or might not be a good idea, it is not what is done today, so all deployed end-points will treat all packets the same but at least wireguard and linux ipsec will propagate ECN vaule at en- and decapsulation, so are probably affected by the issue.

> In your 100 Gbps case, I guess you are assuming that A) the bottleneck between the two tunnel endpoints is 100 Gbps, B) a single VPN tunnel is consuming the entirety of that 100 Gbps link, and C) that there is a PI2 AQM targeting 20ms of buffering delay in that 100 Gbps link?  If so, I'm not sure that I agree that this is likely in the near term.

[SM] Yes, the back-of-an-envelop worst case estimate is not terribly concerning, I agree, but the point remains that a fixed 20ms delay target will potentially cause the issue with increasing link speeds...


>  But, in any case, it seems to me that protocols that need to be robust to out-of-order delivery would need to consider being robust to re-ordering in time units anyway, and so would naturally need to scale that functionality as packet rates increase.

[SM] The thing is these methods aim to avoid Mallory fudging with the secure connection between Alice and Bob (not our's), and need to track packet by packet, that is not easily solved efficiently with a simple time-out (at least not as far as I can seem but I do not claim expertise in cryptology or security engineering). But I am certain, if you have a decent new algorithm to enhance RFC2401 and/or RFC6479 the crypto community might be delighted to hear them. ;)

> I'm happy to include text in the L4Sops draft on this if the WG agrees it is useful to include it, and someone provides text that would fit the bill.

[SM] I wonder whether a section on L4S-OPs a la, "make sure to configure a sufficiently large replay window to allow for ~20ms reordering" would be enough, or  wether the whole discussion would not also be needed in https://datatracker.ietf.org/doc/html/draft-ietf-tsvwg-ecn-l4s-id-14#appendix-B.1 widening the re-ordering scope from the existing "Risk of reordering Classic CE packets" subpoint 3.?

Regards
	Sebastian


> 
> -Greg
> 
> 
> On 5/3/21, 1:44 AM, "tsvwg on behalf of Sebastian Moeller" <tsvwg-bounces@ietf.org on behalf of moeller0@gmx.de> wrote:
> 
>    Dear All,
> 
>    we had a few discussions in the past about L4S' dual queue design and the consequences of packets of a single flow being accidentally steered into the wrong queue.
>    So far we mostly discussed the consequence of steering all packets marked CE into the LL-queue (and https://datatracker.ietf.org/doc/html/draft-ietf-tsvwg-ecn-l4s-id-14#appendix-B.1 Risk of reordering Classic CE packets: only discusses this point); there the argument is, that this condition should be rare and should also be relative benign, as an occasional packet to early should not trigger the 3 DupACK mechanism. While I would liked to see hard data confirming the two hypothesis, let's accept that argument for the time being.
> 
>    BUT, there is a traffic class that is actually sensitive to packets arriving out-of-order and too early: VPNs. Most VPNs try to secure against replay attacks by maintaining a replay window and only accept packets that fall within that window. Now, as far as I can see, most replay window algorithms use a bounded window and use the highest received sequence number to set the "head" of the window and hence will trigger replay attack mitigation, if the too-early-packets move the replay window forward such that "in-order-packets" from the shorter queue fall behind the replay window.
> 
>    Wireguard is an example of a modern VPN affected by this issue, since it supports ECN and propagates ECN bits between inner and outer headers on en- and decapsulation. 
> 
>    I can see two conditions that trigger this:
>    a) the arguably relatively rare case of an already CE-marked packet hitting an L4S AQM (but we have no real number on the likelihood of that happening)
>    b) the arguably more and more common situation (if L4S actually succeeds in the field) of an ECT(1) sub-flow zipping past ECT(0)/NotECT sub-flows (all within the same tunnel outer flow)
> 
>    I note that neither single-queue rfc3168 or FQ AQMs (rfc3168 or not) are affected by that issue since they do not cause similar re-ordering.
> 
> 
>    QUESTIONS @ALL:
> 
>    1)  Are we all happy with that and do we consider this to be acceptable collateral damage?
> 
>    2) If yes, should the L4S OPs draft contain text to recommend end-points how to cope with that new situation? 
>    	If yes, how? Available options are IMHO to eschew the use of ECN on tunnels, or to recommend increased replay window sizes, but with a Gigabit link and L4S classic target of around 20ms, we would need to recommend a repay window of:
>> = ((1000^3 [b/s]) / (1538 [B/packet] * 8 [b/B])) * (20[ms]/1000[ms]) = 1625.48764629 [packets]
>    or with a power of two algorithm 2048, which is quite a bit larger than the old default of 64...
>    	But what if the L4s AQM is located on a back-bone link with considerably higher bandwidth, like 10 Gbps or even 100 Gbps? IMHO a replay window of 1625 * 100 = 162500 seems a bit excessive
> 
> 
>    Also the following text in https://datatracker.ietf.org/doc/html/draft-ietf-tsvwg-ecn-l4s-id-14#appendix-A.1.7
> 
>    "  Should work in tunnels:  Unlike Diffserv, ECN is defined to always
>          work across tunnels.  This scheme works within a tunnel that
>          propagates the ECN field in any of the variant ways it has been
>          defined, from the year 2001 [RFC3168] onwards.  However, it is
>          likely that some tunnels still do not implement ECN propagation at
>          all."
> 
>    Seems like it could need additions to reflect the just described new issue.
> 
> 
> 
>    Best Regards
>    	Sebastian
> 
>

v2.23.0 | Report a Bug | By Email