[tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Should traffic protection be mandatory to implement? (Issue #48)
"Overcash, Michael (CCI-Atlanta)" <michael.overcash@cox.com> Wed, 24 July 2024 12:49 UTC
Return-Path: <michael.overcash@cox.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3330C180B7E for <tsvwg@ietfa.amsl.com>; Wed, 24 Jul 2024 05:49:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cox.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D_cHUpW18S6l for <tsvwg@ietfa.amsl.com>; Wed, 24 Jul 2024 05:49:28 -0700 (PDT)
Received: from BYAPR05CU005.outbound.protection.outlook.com (mail-westusazon11010010.outbound.protection.outlook.com [52.101.85.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8307BC180B71 for <tsvwg@ietf.org>; Wed, 24 Jul 2024 05:49:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=sQ6QzBf25Hg14LXYLTV5/uhTBvpyOkWhjjJdm49uQrUEdONUfB5UdHj5PVQObV0QeDmefP4eKjTQbxmjXz1o0expLEfzPqr7CBpUfKSsbA+cVhbNBETzeK8Fa/q0e9P1LgisyoGbAWyRPOZVVtGWkyazmuWU+KhipZ6ghCpauxWP4aj8H6Hfgz3CHJpwRT28XGsISg3GYcyf2pxelcm5cJCDV8ffNS32SKjiN/wVZ0vJpUw98SZV3ZaT1liiRWTbUF4O+Wc4FlS2XEgMwkV8xUR4Fd7zBYqp353hbOr5GnQmDq1f97EjVqc36sItNmSI4+J3u6Duh/MfRtr1Tlk3pQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=a0U3EjW6DBJiS8LTPKe58TsRU2kiHqyvbMsjvWimQPY=; b=QmhXAmhrEsCdE7KsMHwUvu+2FPX6xU4AKUheLVikluZ62UwfJKAephnyOXtFle7gIicefw0/O+HsDbsPljUqdK/b7rzxXRpjrX2ECZJeKnZe7qguCEUax3kOG0YjBpDNc1ap69kVDvbE9ovA9MsEUFxzD6L8s0q3BaVzgIFZGPVzKGvt2p2fCteKWDokMgmdtYJGpiRwR9rDYjetA1GdOwyPxdRNPQ6YXxCAZpQ8Q/NldnKr5Ak5oifyoFQAhDx86xBZF6PU1O/N+OaTQu9OykjBgjVa5rMpdFEx6KchwTFYFP8KbKzjjqIuNFjvlgsPpmsfp/yTes2Rm/0wdYOAdg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cox.com; dmarc=pass action=none header.from=cox.com; dkim=pass header.d=cox.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cox.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=a0U3EjW6DBJiS8LTPKe58TsRU2kiHqyvbMsjvWimQPY=; b=jo4Fls62yl+xxHnp8kTlReZIYwzObX01509m5pUZPqMW/LKSgiMiyliy/h5Y8sNk2ZOtA1jYzyKmCPVvoDL81BzFjW82OJd56YtdWJ773UOswHJo9//loXh/KgcMOr7+n4U+vAds369z9gxDhqvH1JXMdltYK4aAXVVzgBgxsf4=
Received: from LV2PR01MB7622.prod.exchangelabs.com (2603:10b6:408:17a::5) by SA3PR01MB8547.prod.exchangelabs.com (2603:10b6:806:39b::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7784.20; Wed, 24 Jul 2024 12:49:26 +0000
Received: from LV2PR01MB7622.prod.exchangelabs.com ([fe80::e322:240:7ebd:b162]) by LV2PR01MB7622.prod.exchangelabs.com ([fe80::e322:240:7ebd:b162%3]) with mapi id 15.20.7762.027; Wed, 24 Jul 2024 12:49:26 +0000
From: "Overcash, Michael (CCI-Atlanta)" <michael.overcash@cox.com>
To: Sebastian Moeller <moeller0=40gmx.de@dmarc.ietf.org>, "tsvwg@ietf.org" <tsvwg@ietf.org>, "Black, David" <David.Black@dell.com>, gwhiteCL/NQBdraft <reply+AB2VULW2XRH6MPK23ABRZQOEVLRFREVBNHHI5USV5Y@reply.github.com>, gwhiteCL/NQBdraft <NQBdraft@noreply.github.com>
Thread-Topic: [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Should traffic protection be mandatory to implement? (Issue #48)
Thread-Index: AQHa3ZSAFdDT1PumLUeEX8IOC7vQzrIF1GYg
Date: Wed, 24 Jul 2024 12:49:26 +0000
Message-ID: <LV2PR01MB7622DEBFDC0223096F6768CC9FAA2@LV2PR01MB7622.prod.exchangelabs.com>
References: <gwhiteCL/NQBdraft/issues/48@github.com> <gwhiteCL/NQBdraft/issues/48/2244060936@github.com> <MN2PR19MB404591B9BAA1AEED7BBB900983A92@MN2PR19MB4045.namprd19.prod.outlook.com> <LV2PR01MB7622B7EA53C95951987C9B0B9FA92@LV2PR01MB7622.prod.exchangelabs.com> <26D2AD7F-108B-4655-87F6-EF5E127B3BB8@gmx.de>
In-Reply-To: <26D2AD7F-108B-4655-87F6-EF5E127B3BB8@gmx.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cox.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LV2PR01MB7622:EE_|SA3PR01MB8547:EE_
x-ms-office365-filtering-correlation-id: 5441acce-f2d2-4b46-9267-08dcabdf0ccd
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|4022899009|7093399012|1800799024|376014|38070700018;
x-microsoft-antispam-message-info: tERenm/he5YpioCXLsXsIHXeSdb5QE/uPttAJ0tG/0YRPx1a8GXgxBih1+lz37RSJl8xpVHG7HVQB9L4GaZNRWOEoOPLGG/XJFUccSxXBgTY3+PGPXebLbUugiWHNzEsb2KgLGUUdw7LFKhk74Th+klerSIzZJdPoGQMzxMKoorF25pOhTy9OvkQZuXSSSM8KhJrPecyPkna6wWT4II01qdGvxMIbKIeqzrfE7xcX2uJv6Qb8dTWQp3D4+/q5OcwRDnctYryS6QGbh+znCxCb8JyoGOFkQQuW3+yzjC6DlXaaVg1lvgKXzmg5BLM9toS71ANl/CpSZds9K1UNh+yAXSS7ysfJgAnQt7IYHhrzbgKPpJzbBdnP7OY7fSGTG0tN4x3lRhViVcjkPSJAP44Kw+lwrozrTb1X7bJ+xZ+5pdzyFdoK/+eVHo7WrLL/n1fsPrzbECBZa4pItyneA1pwncymvm3g88yKJDc/qd7zX9dBVkSNe4VsrUtRXJkTyN3WCghoBmOfVwpD0zeL3UDkd7jjmYb+8LaVzB+5mIPe8sj/4ZHRBe8+PMz2q3nbZAkCaOaJOpUUYgoSiH873LevWHmVgbTn7n0BUFyreBQ26zi0LvBjEUlW14UM/kgddt72SCE3jQk/mPXOAA2C2FPaTGtCkIPAZZam5kUWJYZJ2W5AyfeaYDR/fBSpj259uen3D4k5onGzish4mGsY8cq4krqZAFUpvz8iv+l0TF4Y4naiLsl9EqTu05I8CIjWU3tZ1c+OqttkN0Z+692KMe36Yk5GDzOQIcqQUBm9g2tbuMPlwd1zaqh2FBeySfQiXUzvq3cel7mDNV3qZ6iPMEm593MdyV/YXHg4zMvJUiGsq3U0OCffCB1Ejol3oXJgR+8QGwnvERlEWXl6oCiWc4y2UlhOIvIiLlU/pLDJXDkdbDNw75Yxyajw+vmAmEwSe5gyMD3iyJeg8UPauEoOvvAY2e+iWEaI6XD6QrdyIO3KiUS+BfW9ZxJfDzgOVmjDsT6+maZmyzHm5d1/1UAb+SA1VilVgthNpPMrDyrd75KOiZQs+F9Mnhjgde2gq8FDyKhq1Yqwry+fCLVh8TjYg1oG+UeBVbljeQM1A57c5sOhxOrA5dZEzYqvxhKv6HszI/ZTxyZC6uv0ZoGR20sYc9YP+kp/aCfdS0CwpZ8LMopePEH54sfarD7I5Jt7LgW2Chi5zKyYdD37wmKivH+paeggHlMZBjO7+4lj3S8yINzaNgQGd/D+3SPFlKfGB21t3x1ZM8hgs2ABzrcZj6H4+0UGJLThTgFfF05G6B0A7JHBt2qeoANmSNZTJoIylHM+0ZcRWyb1FSVxuhbpsB4OxySrGIWFg0k+RhJgJl7HUAXE7agR0fMIR55mt63BMpER2Dj1BnYM3Z4Qiw45qLLU8sDxg==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LV2PR01MB7622.prod.exchangelabs.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(4022899009)(7093399012)(1800799024)(376014)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 3vTUgF8+gUZ5j4Gh3wC/EDP1uhgMls+SCf0xooPzK5pF4SLDD7eoK+LIzribaZR6IaTIeTG30mYj7QlZl5LDo0lXEaVE+00sgwspdy85VL8zyPXuVLpW8Uu9RxD4aujIAsrHl9LxfBqrEnXCFzcdH4UBTT/RDHuQAkA2LV3FTsvNVhNqm0uQr0T4cf/vcxEypkhOj5mtEl77jLShVWeRttSdsNS2JQUY2pML8sEcuLbzi0799BmUL9HePocdAlVgk+8kcGHEFIeeeYJkC3Bx7rMvwHYczwkimR1rLMrjN6/PirgD8gDO4e9almkzXV8rdR+SqE5+kmzQI4PsXde9txkZXjBiQ9w6IcrADwnb51cVYIyA38RYhLXvQophOUqfigIZ7r9I2yBqI6VaTz5iqsA0JBhDkpkTBjx6STkJhvu05Gg3H/qWiR+o9gRlRc93VAC6Ny1L9D/mTOoSiB7tqa1jEL/3jCSOEV+dz6lCRoFq4XJwbFhveWfywrNUN4cb0VGT49M3oAItgHGWHQdX/gAmz9xU07HZdwrIodkP8NYsujyD5UxrNgW+82dJuLz+1WmNCdKHbZOpB0qJdnU7g8dRZikXcZ4FJH85BMgh7KToiNLJpr1egbm0GJgMOmAC7sXBFTxchkhVEthxKFUzNJKU2DzjHoz7rJreRMAGuBt13Mq9oXr94525vrONa8D7v2jmM/Bd/TO6Mzwt0xDOXtKtCcEuTudUM8kEaxyZUHHUt44gmYBX7dzAKI9cpdLNaIeFrHpeQQ7LaBw50c8J47zSElcFZQbLBvmLfiq009WI7qzy6JY8P2N+iLNtwzZMM7KE4apIDlY9HJuAJtK+w1a/7ONXky3Az3XruHJfEYYeNNP91hFCe/Dl9mklIMeGmXZIEvsoo08FBSkR/m6l/fqmSpQXscH+thqWV75ZrpnMqfVIIJKsv8DgMjNXecIo5kml2JOXZHjuO1i0/Z4yOpZ+jCka8MLAtFNbkLL/0JkmFdpbmCIalDK9Ns3rmD/4/4LRPcOqj+B8E0LHcsSs5+0QuXtfwK5y6LmViNr44L2cOkUwaQkz7bd1Pngsz9T9wza9vljIYWlSWEV5iBP6uMPNO2By+pLYgFr5IzNgACapRh3wGd1d2yFKJolDntj6rBCZfFCAMt/ySVLyhZ92DYdBeIGfkMbrEJrXuINQb34X51qEM1a1FGCuywihblDCY+iWXBRBWjw7ZmdSoNSXWD7G0MkknjDIB2asLQaQpirCqsn26ygj11eJhKwlfX0eGSk4XnjmHIJCs0v4tCpAZhwa5OOUh+LK5YhaC+Kz/f9JVKDU8vHgbHcnzF08Fbgn0YNgDhld0gHVy5HGaq5bYXGjrD6PzsfnEi3bsVZUY8mER3vLKKniyt73zGErrIRCEEGyqh5gXk4uHeDnKqUoN8JIw0jNW9bVv+QGaRGyqjgOCn8EjcZCl8cv9Tt/c6EDphDiu4GVKgn2OKxYVCMsd/bHUN8CnamZ81QY3IL8TNq66YBsq8jzYvn8k5dIdI3PcAHMqCwPhbtyJC1QagreIPFFdasLuLJSdpM/xvLvlUjoNrlE/RYGyQA8VmmGLyrKulXj7r5ZyeXfC8otUB5rGA==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cox.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LV2PR01MB7622.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5441acce-f2d2-4b46-9267-08dcabdf0ccd
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jul 2024 12:49:26.0483 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9feebc97-ff04-42c9-a152-767073872118
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TbPqhOq31WKDHSQa3nXQ+DFKWO3PkI8RtqLdMp4JlGmkJvdI5uT0OXyZQdbPLGngQb6RpP0vvUfrGwl4Ery4dQL/vmxjjxRei5lI+A1hWPc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR01MB8547
Message-ID-Hash: 2AWHAY4JI6SETR2AWP7DYMXZJG3XPLZH
X-Message-ID-Hash: 2AWHAY4JI6SETR2AWP7DYMXZJG3XPLZH
X-MailFrom: michael.overcash@cox.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tsvwg.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Black, David" <David.Black@dell.com>, tsvwg IETF list <tsvwg@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Should traffic protection be mandatory to implement? (Issue #48)
List-Id: Transport Area Working Group <tsvwg.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/n3yI1RRMfBVL0oosESqyyVb5Zn4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Owner: <mailto:tsvwg-owner@ietf.org>
List-Post: <mailto:tsvwg@ietf.org>
List-Subscribe: <mailto:tsvwg-join@ietf.org>
List-Unsubscribe: <mailto:tsvwg-leave@ietf.org>
> I wonder, what makes you believe that L4S is so special that abuse will not happen? Abuse needs an incentive. Can anyone think of a way to abuse L4S that provides a benefit to the abuser? (Other than the intended benefit of improved latency of course.) -- Michael Overcash Principal Architect, CPE Premises Engineering, Cox Communications -----Original Message----- From: Sebastian Moeller <moeller0=40gmx.de@dmarc.ietf.org> Sent: Wednesday, July 24, 2024 2:41 AM To: tsvwg@ietf.org; Overcash, Michael (CCI-Atlanta) <michael.overcash@cox.com>; Black, David <David.Black@dell.com>; gwhiteCL/NQBdraft <reply+AB2VULW2XRH6MPK23ABRZQOEVLRFREVBNHHI5USV5Y@reply.github.com>; gwhiteCL/NQBdraft <NQBdraft@noreply.github.com> Cc: Black, David <David.Black@dell.com>; tsvwg IETF list <tsvwg@ietf.org> Subject: Re: [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Should traffic protection be mandatory to implement? (Issue #48) See [SM] below... On 23 July 2024 21:52:11 CEST, "Overcash, Michael (CCI-Atlanta)" <michael.overcash=40cox.com@dmarc.ietf.org> wrote: >I don't think you've really fully addressed Greg's main point here. > >"if the NQB queue is configured as specified (i.e. with a shallow buffer), there is a disincentive for QB applications to mis-mark their traffic because they will see excessive packet drops." > >Traditional QoS/Priority approaches created an incentive to cheat by creating a "fast lane" for latency sensitive services. This is emphatically not how L4S and other similar AQM based methods work. [SM] Both DualQ and the low latency DOCSIS scheduler it was based upon are at their core (conditional) priority schedulers. This is pretty much the same technology that in traditional QoS approaches is used to implement higher priority fast lanes. L4S adds a few heuristics to ameliorate this (like the coupling between the queues) but for these to work traffic in the L queue needs to respond properly to CE marks. So if we think about reasonably well-paced mischievous traffic that happens to be application limited to under the default 80 to 90% capacity share of the L-queue that ignores CE marks, this will pretty much get its way without suffering adverse effects. I predict that if you deploy an non-policed priority scheduler into the wild, people will find ways to abuse it. I wonder, what makes you believe that L4S is so special that abuse will not happen? The shallow-buffer queue is not a fast lane [SM] Indeed it is not the shallow buffer but the underlaying priority scheduler, but IMHO that distinction is not all that important, the gist is l4s attempts to deploy a priority scheduler into the wild where the main admission control is whether a flow set the ECT(1) ECN codepoint. This is a rather risky proposition, and IMHO not helped by arguing that the priority scheduler itself is an implementation and not an architechtural feature of l4s... (l4s really needs a priority scheduler explicit or implicit, as that is exactly what it promises to do, prioritise ECT(1) packets over other packets and treat them to lower queuing delay, but I understand that I appear to be in the rough with this analysis). and will only improve latency performance for endpoints that implement the appropriate algorithms. An endpoint that tries to "cheat" will just end up policed and will experience worse performance. [SM] How? And what if that flow is well paced and stays below the l-queue capacity share, how can you assert that this flow will reliably get targeted by the policer? Keep in mind that queue protection has no concept of relative throughput of flows , but only looks at the queuing a flow causes. That is the goal of an attacker, likely getting an unfair throughput advantage is only policed indirectly. This is not what I would consider robust and reliable engineering... >Why would anyone go out of their way to use the shallow-buffer queue to get worse performance? [SM] Again, what makes you so certain an attacker would get worse performance? > >I don't think it is productive to rigorously define "shallow buffered" here. The exact buffer depth is a function of the algorithm and vendor implementation. > >I also don't think it is necessary or helpful to try to solve for malicious actors here. Any malicious actor can fill up queues and crowd out other traffic simply by sending high rate UDP. Shallow buffers are not uniquely vulnerable here. On the contrary, there is no buffer so large that a malicious actor cannot easily fill it. [SM] I gently disagree you can always opt to drop packets even before putting them into a queue. > >Just my two cents... > >Michael Overcash >Principal Architect, Cox Communications michael.overcash@cox.com > >From: Black, David <David.Black=40dell.com@dmarc.ietf.org> >Sent: Tuesday, July 23, 2024 11:12 AM >To: gwhiteCL/NQBdraft ><reply+AB2VULW2XRH6MPK23ABRZQOEVLRFREVBNHHI5USV5Y@reply.github.com>; >gwhiteCL/NQBdraft <NQBdraft@noreply.github.com> >Cc: Black, David <David.Black@dell.com>; tsvwg IETF list ><tsvwg@ietf.org> >Subject: [EXTERNAL] [tsvwg] Re: [gwhiteCL/NQBdraft] Should traffic >protection be mandatory to implement? (Issue #48) > >[+tsvwg list] > >> I continue to disagree that traffic protection needs to be made mandatory to implement, and I have some suggestions on a way forward that provides a compromise. >This overall direction looks promising, but the suggested compromise is not (yet) good enough. Significant work on the draft will be needed, specifically on items 1 and 4: > >> 1. Necessity: NQB is a shallow-buffered best-effort service. It is understood that performance is not guaranteed for any best-effort service. >I understand the overall intent, and I'm fine with that as a high-level goal/direction. The problem is that in the -24 version of the draft, "shallow-buffered" is an all-but-undefined term. > >To do better, the draft needs to provide a concrete specification of "shallow-buffered" and require that NQB implementations use shallow buffers. If this specification of "shallow-buffered" requirements is done well, it should lead to corresponding (hopefully minor) revisions of the incentives framework discussion that result in an acceptable resolution to points 2 and 3 on Incentives. > >OTOH, the comment that "performance is not guaranteed for any best-effort service" appears to have missed the point. I definitely agree that the draft is not guaranteeing any performance for NQB traffic, but this line of reasoning is claiming to guarantee non-performance(!) for QB traffic that uses (abuses) the NQB service. Specifically, the claim is being made that a shallow-buffered NQB service provides a sufficient non-performance guarantee to ensure that QB traffic has nothing to gain (and quite a bit to lose) by using (abusing) the shallow-buffered NQB service. The detailed requirements for sufficiently shallow buffers that realize that non-performance guarantee need to be specified and mandated, e.g., in Section 5.1 of the draft. > >> 4. Security: The incentives above don't address malicious sources. >> While traffic protection is the remedy for this, some network environments have other ways to address malicious sources (e.g. only approved applications are deployed in the network, or traffic conditioning is performed at the network edge). > >Proceeding in this direction ... if traffic protection is not mandatory to implement, then the draft will need to restrict NQB implementation and usage (using "MUST" and "MUST NOT" or equivalent RFC 2119 keywords) to network environments that have "other ways to address malicious sources." The nature and/or results of those "other ways" will need to be specified in a sufficiently concrete fashion that a network operator can readily determine whether or not her network has sufficient "other ways to address malicious sources." > >Turning to the suggested compromise: > >> Specifically, the suggestion is that we address your concern about >> abuse of the code point by adding a mandatory requirement that NQB PHB implementations provide statistics that can be used by the network operator to detect whether abuse is occurring. >> These statistics could be as simple as packet and drop counters. >That could work in combination with a solution to the "4. Security" problem suggested above. By themselves, requiring collection/provision of statistics is not sufficient to resolve the security problem. > >> Regarding the paragraph in 5.2 discussing situations where traffic protection is potentially not needed, we could rework the paragraph ... >That would help ... after the security problem (4) is resolved (see above).. > >The bottom line is that items 1 (e.g., What is the concrete specification of "shallow-buffered" ?) and 4 (e.g., What are other ways that are sufficient to address malicious sources?) need to be addressed. > >Thanks, --David > >From: gwhiteCL ><notifications@github.com<mailto:notifications@github.com>> >Sent: Monday, July 22, 2024 9:03 PM >To: gwhiteCL/NQBdraft ><NQBdraft@noreply.github.com<mailto:NQBdraft@noreply.github.com>> >Cc: Black, David <David.Black@dell.com<mailto:David.Black@dell.com>>; >Mention <mention@noreply.github.com<mailto:mention@noreply.github.com>> >Subject: Re: [gwhiteCL/NQBdraft] Should traffic protection be mandatory >to implement? (Issue #48) > > >[EXTERNAL EMAIL] > >@dlb237 [github.com]<https://urldefense.com/v3/__https:/github.com/dlb237__;!!LpKI!jyiVIyRb0wHGFj6E5pa6Rm73RYDbMxjO3w3_EPIu0Igv6c7N8-NWOQisrmDR8o9RxjsUqJKazSDQ4_HKgrTj_EGiYA$> I continue to disagree that traffic protection needs to be made mandatory to implement, and I have some suggestions on a way forward that provides a compromise. Here are some of the reasons why I disagree: > >1. Necessity: NQB is a shallow-buffered best-effort service. It is understood that performance is not guaranteed for any best-effort service. For example, the IETF doesn't mandate that implementations of the Default PHB provide mechanisms to police/prevent applications from inducing delay and/or loss. > >2. Incentives: As I wrote in #47 (comment) [github.com]<https://urldefense.com/v3/__https:/github.com/gwhiteCL/NQBdraft/issues/47*issuecomment-2215318283__;Iw!!LpKI!jyiVIyRb0wHGFj6E5pa6Rm73RYDbMxjO3w3_EPIu0Igv6c7N8-NWOQisrmDR8o9RxjsUqJKazSDQ4_HKgrT6fDk_CQ$>, even without traffic protection, if the NQB queue is configured as specified (i.e. with a shallow buffer), there is a disincentive for QB applications to mis-mark their traffic because they will see excessive packet drops. So, I disagree with your assertion that the incentives framework fundamentally depends on the presence of traffic protection. Traffic protection as defined in DOCSIS Queue Protection [ietf.org]<https://urldefense.com/v3/__https:/www.ietf.org/archive/id/draft-briscoe-docsis-q-protection-07.html__;!!LpKI!jyiVIyRb0wHGFj6E5pa6Rm73RYDbMxjO3w3_EPIu0Igv6c7N8-NWOQisrmDR8o9RxjsUqJKazSDQ4_HKgrSwpL2vsw$> arguably provides less of a disincentive for inappropriate marking than would be the case in the absence of QP, because it results in significantly less packet loss for the offending application. > >3. Incentives: Incentives apply more broadly than on a hop-by-hop basis, and also generally apply more broadly than on a path-by-path basis. In other words, a QB application developer would (generally) need to make a decision as to whether to mark their packets as NQB without specific knowledge whether the traffic would be subjected to traffic protection or not. So, again, I disagree with the assertion that the incentives framework fundamentally depends on the presence of traffic protection. > >4. Security: The incentives above don't address malicious sources. While traffic protection is the remedy for this, some network environments have other ways to address malicious sources (e.g. only approved applications are deployed in the network, or traffic conditioning is performed at the network edge). > >I definitely agree that traffic protection is the preferred implementation, but I disagree that it needs to be made mandatory to implement. > >As a compromise, I'd like to suggest that we strengthen the recommendation around the implementation of traffic protection, and eliminate some of the language that seems of offer rationales to ignore that recommendation, futher I'd like to suggest that we mandate some mechanism that a network operator can use to detect and avoid abuse. > >Specifically, the suggestion is that we address your concern about abuse of the code point by adding a mandatory requirement that NQB PHB implementations provide statistics that can be used by the network operator to detect whether abuse is occurring. These statistics could be as simple as packet and drop counters. This requirement would ensure that operators who configure the NQB PHB have the ability to track the amount of packet drop that is occurring due to traffic overrunning the shallow buffer, and then take action if they feel as though the PHB is causing more issues than it is solving in their environment. Those actions could include disabling the PHB, identifying and dealing with the sources of malicious traffic directly, or pursuing a feature request with the equipment manufacturer to add a traffic protection function. > >In addition, I think we can delete the words in section 10: "but recognizes that other options might be more desirable in certain situations." so that the recommendation to implement traffic protection isn't watered down. > >Regarding the paragraph in 5.2 discussing situations where traffic protection is potentially not needed, we could rework the paragraph to emphasize that the decision by an implementer to not implement traffic protection might limit the deployment/usage of their NQB PHB implementation to a small subset of potential sitations, and it would put the onus on the operator to monitor usage and take remediations manually rather than automatically dealing with misbehaving traffic. We can also add text to more fully specify the implications of ignoring the recommendation. That, I think, would strengthen the SHOULD as opposed to offering rationales for ignoring it. > >- >Reply to this email directly, view it on GitHub [github.com]<https://urldefense.com/v3/__https:/github.com/gwhiteCL/NQBdraft/issues/48*issuecomment-2244060936__;Iw!!LpKI!jyiVIyRb0wHGFj6E5pa6Rm73RYDbMxjO3w3_EPIu0Igv6c7N8-NWOQisrmDR8o9RxjsUqJKazSDQ4_HKgrRJn3skGw$>, or unsubscribe [github.com]<https://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AB2VULQNPSLLSSFSGIZRZP3ZNWTVRAVCNFSM6AAAAABKRH2VICVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENBUGA3DAOJTGY__;!!LpKI!jyiVIyRb0wHGFj6E5pa6Rm73RYDbMxjO3w3_EPIu0Igv6c7N8-NWOQisrmDR8o9RxjsUqJKazSDQ4_HKgrRNUJ0Ebg$>. >You are receiving this because you were mentioned.Message ID: ><gwhiteCL/NQBdraft/issues/48/2244060936@github.com<mailto:gwhiteCL/NQBd >raft/issues/48/2244060936@github.com>> -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
- [tsvwg] Re: [gwhiteCL/NQBdraft] Should traffic pr… Black, David
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Overcash, Michael (CCI-Atlanta)
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Greg White
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Black, David
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Black, David
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Livingood, Jason
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Black, David
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Livingood, Jason
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Livingood, Jason
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Sebastian Moeller
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Black, David
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Overcash, Michael (CCI-Atlanta)
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Livingood, Jason
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Black, David
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Greg White
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Black, David
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Sebastian Moeller
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Sebastian Moeller
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Sebastian Moeller
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Livingood, Jason
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Sebastian Moeller
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Greg White
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Jonathan Morton
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Overcash, Michael (CCI-Atlanta)
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Livingood, Jason
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Black, David
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Sebastian Moeller
- [tsvwg] Re: [EXTERNAL] Re: [gwhiteCL/NQBdraft] Sh… Sebastian Moeller