IETF Logo Mail Archive

Re: [tsvwg] Disable ECN on VPNs, really?

Sebastian Moeller <moeller0@gmx.de> Wed, 18 November 2020 13:21 UTC

Return-Path: <moeller0@gmx.de>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E121B3A18A5 for <tsvwg@ietfa.amsl.com>; Wed, 18 Nov 2020 05:21:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Level:
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s9rSC5uPc__r for <tsvwg@ietfa.amsl.com>; Wed, 18 Nov 2020 05:21:27 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F05953A18A4 for <tsvwg@ietf.org>; Wed, 18 Nov 2020 05:21:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1605705683; bh=olZzXCM/eJksaZQBiX/5tbXpkZkNwKPKva96RbCN2V8=; h=X-UI-Sender-Class:Subject:From:In-Reply-To:Date:Cc:References:To; b=c7aNgPqniYBAPwwuQ3H8/Rv5swgyDCgKvQBLDuKElfsLbPPPqBMdAdhZeq34EYHbH /t/Y6Gje1FijzAjmYqZKnPjx5KwW8x/n5Ek+jn764b141yj5OhuNmwbIat5b471CP7 ZJMIjDidm7ZI9+qIFR7KUmfR9UVlXps38zZIh21w=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.250.102] ([134.76.241.253]) by mail.gmx.com (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MhD6W-1k2Rk11cKg-00eNgp; Wed, 18 Nov 2020 14:21:23 +0100
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
From: Sebastian Moeller <moeller0@gmx.de>
In-Reply-To: <AM8PR07MB7476D5789213C029A27C2228B9E10@AM8PR07MB7476.eurprd07.prod.outlook.com>
Date: Wed, 18 Nov 2020 14:21:11 +0100
Cc: tsvwg IETF list <tsvwg@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <43895164-6E68-453B-8B57-5BF5FBFD26E5@gmx.de>
References: <B5C557FF-4631-4C2D-9A86-C498B357ED8D@gmx.de> <AM8PR07MB7476D5789213C029A27C2228B9E10@AM8PR07MB7476.eurprd07.prod.outlook.com>
To: "De Schepper, Koen (Nokia - BE/Antwerp)" <koen.de_schepper@nokia-bell-labs.com>
X-Mailer: Apple Mail (2.3445.104.17)
X-Provags-ID: V03:K1:ywlJXsDac+EuuSaDbiPJllRoI7Olm0MuWbG4dSyuYYCeWFsaGvd 6Rgn3bFqgNdJjb113w5SDo0id+i6IWz5ONC4EMnwNoYcw8xgcmGRyNKH30lxLkrd15Cq35e wSGy7Z6Q1MocmDMqbMLWKp+YqZAilC67RWpOXDrcqnAmWhndiOMRXQyQVi7t8ZgIMxcyMAK W+UnvfOAbLckgrcr3pzow==
X-UI-Out-Filterresults: notjunk:1;V03:K0:/y0h1Uh+E+4=:XebcIC3S1Fv60zbKk1brwr PclQYHgXHrA4uj0yygSw+nwJ2uPQ0mA0/bkvkRbZiQ9S0k/wfdq5GQV+TDI+XVz/D5h/EY1eH cKdqZ0bFRSJaEJAOU3Cuk2vuZz4KXFJl0dImo1OtTCT+u/xrATTJOHsvz3onTnE7PB4YC5tZv zfG72xWAyM+qQHKGd/JAoUW9+ydEDn0HkstQEd12uDHzcRdhcpSo0+gd8KC1OGiWhJga4rt5e uBxNOYNJYTUyl3zYztH9Heya6mya1J9H+FhC1ZaahqDQeOGO5zuUYxQX0twmTuW9UzeHeodm2 G/3uRFk7EoWEFF7fz8MnXfu8NNR0X9dqGdHnVEFcmQSzlsWV2fYA6rtZiKn+NEcz4bhTQBgGe qeToX27OUgB/SEj5ySwNq9DxRgAReIXN6twHcLp/Ki/T7NhKgnVUv31fKO/TQB7RfROAs/OnT sk3D566XA6Kl7kh9VgJGvouxoiPtFG2xHIj4ROd5aVReZ5RvqCEcWAFQxq/vRlJ9Yna77Bo/S v+8ljt85KheEVlCyaWas+T6khMtun8DIsCV0ISr5q57VRshju7txjR010oSvyU2sMG3ZtZiZC oM8UTbFQ/0sWPcMTvuVci+C6xRD4LqLqy0XBdbagoISprdvpIekg7KA2bpPNtHFiWyU6c3nKo GLGdBdPLcCHrxuA8P8WKZxSpzCfc4ct5w3r06RUuR5UTAm74ub4Y2X5Q7HkzE3s6pHZ3B09sL Og/yHwP5DVCLmmJe5UfXxcICrgmF7bPrbBp2tQB4cJpcMSsUJKbiOJ7JutBxUWNTrHXqlJ+Lo iz0BsCXt2hnEddgk76X7By6fXQAFUKmsKdSx13i1dmdpKwjnnJcNSq53m2lJLniYLnW1oXCRB EemJyDstVOcis1FZ0jCw==
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/hHZPjEnVdIT0s6xWjeqLWGqasbk>
Subject: Re: [tsvwg] Disable ECN on VPNs, really?
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2020 13:21:29 -0000

Hi Koen,



> On Nov 18, 2020, at 11:39, De Schepper, Koen (Nokia - BE/Antwerp) <koen.de_schepper@nokia-bell-labs.com> wrote:
> 
> Hi Sebastian,
> 
> Indeed, a better solution would be to support L4S in those deployments. Are there any constraints in doing so?

	[SM] Well, once it is settled that L4S is a) safe for the rest if the internet, and b) actually delivers on its promises in more than the Eye-Ball to CDN drag-race course there might be a rationalt to do so. At the current time with all the papered over mis designs n L4S I can not in good conscience recommend anybody to use L4S at all. The decrease of average queueing delay from 5ms to 1ms is going to be less of a bonus point until all the rate fairness kinks are ironed out first.
	But the one thing L4S has going for it, establishing of some kind of AQM at the ISP side of customer's access links, works just as well with bleached ECT(1). Sure single queue PIE is not my preferred AQM, but it certainly beats the ~100ms delay-under-load-increase, my ISP's current traffic shaper induces. That will certainly help with ingress shaping, as now the back-stop is leaps and bounds better than a FIFO.


> It seems to be installable/upgradable packages, not?

	[SM] Who, do you think is going to create and maintain such packages? Team L4S certainly not, your intent is clear in the context of long-term support, or rather lack thereof (like sending of TCP Prague for interested parties to fix/further develop). 

Best Regards
	Sebastian


> 
> Koen.
> 
> 
> -----Original Message-----
> From: tsvwg <tsvwg-bounces@ietf.org> On Behalf Of Sebastian Moeller
> Sent: Wednesday, November 18, 2020 10:38 AM
> To: tsvwg IETF list <tsvwg@ietf.org>
> Subject: [tsvwg] Disable ECN on VPNs, really?
> 
> Dear list,
> 
> in today's tsvwg session chat, Mirja proposed that home-users could simply disable ECN negotiation for VPN tunnels to accommodate rfc3168 AQMs on the path and L4s flows in the tunnel.
> That is certainly an option, as would be to try to disable L4S for all home nodes or trying tp bleach ECT(1) on egress and ingress).
> 	Currently e.g. SQM (distributed as an OpenWrt installable package) employs an ECN fq_AQM at the ingress of home links to great success. The rationale to use ECN here is, that all packets entering the ingress AQM have already traversed the true bottleneck, so dropping them would simply just waste the "transmit slot" on the bottleneck that they already used-up and it would even delay the initiation of the please-slow-down signaling, as we need a few dupACKs to detect congestion from drop, while CE is more immediate (this is a simplification, sure).
> 	In short even classic ECN on a home link's ingress has immense value, and that is true for all packets, including packets in a tunnel, as these also consumed transmit slots when the AQM needs to decide whether to drop/mark. And more, that is an already deployed solution out in the field that works pretty well, you might want to try it ;) before declaring it obsolete and exchange it with the yet unproven promises of L4S.
> 
> Best Regards
> 	Sebastian

v2.23.0 | Report a Bug | By Email