IETF Logo Mail Archive

Re: [tsvwg] Disable ECN on VPNs, really?

"De Schepper, Koen (Nokia - BE/Antwerp)" <koen.de_schepper@nokia-bell-labs.com> Wed, 18 November 2020 10:39 UTC

Return-Path: <koen.de_schepper@nokia-bell-labs.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31B583A1782 for <tsvwg@ietfa.amsl.com>; Wed, 18 Nov 2020 02:39:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eDRJPTeo2PQ4 for <tsvwg@ietfa.amsl.com>; Wed, 18 Nov 2020 02:39:09 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60136.outbound.protection.outlook.com [40.107.6.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFD403A1780 for <tsvwg@ietf.org>; Wed, 18 Nov 2020 02:39:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=N3UTnhNjjos49bFu7k5IBNo6QIux5mZ2Spy9CzmKqVl5UBF4hJABD7iYwfBUAo6jndFGzczto10q+wozIQRM1oJA13D+WDVVAIxAIaD/ya0kDb0qB+FCtm4bD0Q/58NgSWaT3rJv6Fm+lw7kL+yXqRbHBjP0Nx3hJpceROKpOj4CTlhXPxSEBPePwCrMw+rQiqL2Q0VXC8pTINNWHZSwJaTAeRYGTAL219S83gMkMzSbpG3DozWFak84drEpt6DjshigpW5751LYhUubDJHmr3kVG3Vo0DVYwyygxpLUX1vL1ou24f3nL8qv0HbLGOrKUps++lpuiNxkYoliFdKOaQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8xdADNfsevNctbGs53UqFpzjrLp/Kn8bI0OKf4ikrD0=; b=CQjRsNqHRk31O+A6pRY3R0+pFItTSMjrjuZmgezyby5t3lFUEOAYJG6Zmk7j8D6zLy9l6YUKtGVMcjwiT1UV0BCtdQEet/NB1/YNFLlYVMd9JGYpSIcyybalB73KP+7azgT6krARBcbseNcT2vE6H1wYvkeDcw3D07deAtrD4JNpVjujuvUFAZmLa9sRE1ldb0adtFX7+eWX5stnETHNVBkYoKf3+OMN4KC4J3Ag+SB6MfLaBmuTRRkfKWsgTpH3HF0u3SEHvO40fgAisISirXPXNY0F04ePRkZVDKLGJXD/JuRAgE77b20H4yCgd3FQQH5FtSLi9aJEUy58pL6DLA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia-bell-labs.com; dmarc=pass action=none header.from=nokia-bell-labs.com; dkim=pass header.d=nokia-bell-labs.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8xdADNfsevNctbGs53UqFpzjrLp/Kn8bI0OKf4ikrD0=; b=wUPZCALrua/aWqJThvo7A8DKBnKKWz2cqFblhQNjVhztLoyMQnwgLbfkWey95BmIYP/K3/rZPzULJ0jQ0IfNROSs1WeyPN9QDm5sJBTKMI4CZ9WX7rfXV/77jD3AM2SJGp1TF2Fu/PYNbxJVEKZoo+lRsEQeEvuJv2u8V+ar8pE=
Received: from AM8PR07MB7476.eurprd07.prod.outlook.com (2603:10a6:20b:24e::12) by AM0PR0702MB3636.eurprd07.prod.outlook.com (2603:10a6:208:1d::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.15; Wed, 18 Nov 2020 10:39:06 +0000
Received: from AM8PR07MB7476.eurprd07.prod.outlook.com ([fe80::e966:7a41:b22a:1560]) by AM8PR07MB7476.eurprd07.prod.outlook.com ([fe80::e966:7a41:b22a:1560%4]) with mapi id 15.20.3589.019; Wed, 18 Nov 2020 10:39:06 +0000
From: "De Schepper, Koen (Nokia - BE/Antwerp)" <koen.de_schepper@nokia-bell-labs.com>
To: Sebastian Moeller <moeller0@gmx.de>, tsvwg IETF list <tsvwg@ietf.org>
Thread-Topic: [tsvwg] Disable ECN on VPNs, really?
Thread-Index: AQHWvY6KN2050lN/YUCqWucNgu7VB6nNsj+g
Date: Wed, 18 Nov 2020 10:39:06 +0000
Message-ID: <AM8PR07MB7476D5789213C029A27C2228B9E10@AM8PR07MB7476.eurprd07.prod.outlook.com>
References: <B5C557FF-4631-4C2D-9A86-C498B357ED8D@gmx.de>
In-Reply-To: <B5C557FF-4631-4C2D-9A86-C498B357ED8D@gmx.de>
Accept-Language: nl-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmx.de; dkim=none (message not signed) header.d=none; gmx.de; dmarc=none action=none header.from=nokia-bell-labs.com;
x-originating-ip: [2a02:1810:1e00:cb00:210b:63c2:20dd:546d]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 1db6864c-cc4a-43d5-1b9f-08d88bae2cf1
x-ms-traffictypediagnostic: AM0PR0702MB3636:
x-microsoft-antispam-prvs: <AM0PR0702MB3636E3B80D4144F64DC72051B9E10@AM0PR0702MB3636.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: aDeg5+oiuhoBI8oOKKL74eaworAHluWG+zXQ7AM3yJlIK96bv23R12kuJjpB9/EH5o3pjsnlu7Av0RE2lMRzPlmR4DGNL+IQtGiAnopeSGaba2YMVlM2gzsMx51shJ8LQdPqQUpvM3+GD0cJl7RTeARRkrSUm8D8v2m5s7KTq2yGuIdmbBbHn0eemisXtCwTvXr8+fZQtJhYrenovuhEyr1/ogYY5fDEAFNrj06d4ZK8ZMLSXbOWKNdmU8OQnI3kekpup9iBamC8+t7pPSNvHPJMZIGelpSY19nku6sa3Htsf8EePcjbtUFKz2FSQtZ+cSSuYgTVOIo+MMH3j8hDyw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM8PR07MB7476.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(136003)(376002)(396003)(366004)(346002)(8936002)(66446008)(316002)(33656002)(83380400001)(478600001)(5660300002)(55016002)(2906002)(71200400001)(8676002)(9686003)(86362001)(66476007)(110136005)(52536014)(186003)(64756008)(66946007)(66556008)(76116006)(53546011)(7696005)(6506007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: 29tSw3rJQMtGaBkkJomK5RBcRdzvjufcQfSQuFEerHUxp4yO9EB6Iqpe1U10EbHQwLJx/Rg07BwjzwHYYNMxOHpviO3p0Ni7Rk9qLS7LV32mEGLq1poPpTBqil6BZ+1XcN7Jzjvf//U0yzivIlVBQIcnRXFmItDfPFy50uvArxVqM6V0Q9wJGOMzyYkIJvlqbTQc/N91Xzaoaf/zJI5kAneIPlYAdM/qEO1rbbCV+o1YV2gXvh1NI7kXucKf+tEQRb558Vd7Y7zfaHPR/oLY9XdduJKHOm1wPqZooeNin8ADnlI3VEDZkMr3/LfCPDNMk+IqYJXgBGe70x7mLk+JKRCnDHsT1SZsrRsdmddwRLsUMgb3Vq+QdN2PGd+JjL7HiCyjvWTPN5g584xaol+1MfAP4BjYAW+pnJNdowAQl18VfOylXGtK9miy/GppHsWWAdqm17R2WZtaNpmsX1ooN8VvWRsfae1Zpw3QXSxyvL701zokTielYWG5Qemc+I7+nB3WqbVXkaBq2lqVcMWELtZg4SNYsZsbbi/OL2Ve2iPZ3KKbn8u2ZsL1fVbOK+4bgFmtzDFNhiTEQt8Y2hywdMKTY9voa6//NkAosV5II/8KD2YE6ZIdJt46XwnoV7b2Zr736lRSSvHlirV0p/kPISRAX7dd7rZEy84k+RIWaV5IHDPvRiJOM2mdu0BD4TgWGs7IL+lZmNaLjF5lL4JreaLQQyFP+qgAXxB0iUo0aD2VbBzg6MCcVv2od+mVDqFmsmU1Z0j0xfKRQ0w20uaJaTqEHabN4eKcEiaYwzmbKKlqqVCSlPBsDowDL8IJPCiXCGDVUaDX0Ppsg8agecJeQ4jN8U0CTp0mfFeSOpUWwyqLaJSFKMelBOufYowUFOGE27U6rbTxkqkqwm8no9ZZ2i54G8abcpUfZIJlPMPFWem0RmWHez5he2u7fnwALJZzkk/pxGg7HTfdLskziOJF1Q==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nokia-bell-labs.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM8PR07MB7476.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1db6864c-cc4a-43d5-1b9f-08d88bae2cf1
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Nov 2020 10:39:06.6857 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: K3K22DIw1/qSNnynsns9iXKy2r/w+Wx6Ssl6GNSumaYma82XM0J0mvDz8A8QVidwxGEP4q81WsMHV3+k4zWW73T2ZE5eTkG8tA80xKEtMlxu+ggm7Cli1IsQNruEiY1D
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR0702MB3636
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/is6cgAPJioJhAIzZEIJx3LuHyrs>
Subject: Re: [tsvwg] Disable ECN on VPNs, really?
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2020 10:39:10 -0000

Hi Sebastian,

Indeed, a better solution would be to support L4S in those deployments. Are there any constraints in doing so? It seems to be installable/upgradable packages, not?

Koen.


-----Original Message-----
From: tsvwg <tsvwg-bounces@ietf.org> On Behalf Of Sebastian Moeller
Sent: Wednesday, November 18, 2020 10:38 AM
To: tsvwg IETF list <tsvwg@ietf.org>
Subject: [tsvwg] Disable ECN on VPNs, really?

Dear list,

in today's tsvwg session chat, Mirja proposed that home-users could simply disable ECN negotiation for VPN tunnels to accommodate rfc3168 AQMs on the path and L4s flows in the tunnel.
That is certainly an option, as would be to try to disable L4S for all home nodes or trying tp bleach ECT(1) on egress and ingress).
	Currently e.g. SQM (distributed as an OpenWrt installable package) employs an ECN fq_AQM at the ingress of home links to great success. The rationale to use ECN here is, that all packets entering the ingress AQM have already traversed the true bottleneck, so dropping them would simply just waste the "transmit slot" on the bottleneck that they already used-up and it would even delay the initiation of the please-slow-down signaling, as we need a few dupACKs to detect congestion from drop, while CE is more immediate (this is a simplification, sure).
	In short even classic ECN on a home link's ingress has immense value, and that is true for all packets, including packets in a tunnel, as these also consumed transmit slots when the AQM needs to decide whether to drop/mark. And more, that is an already deployed solution out in the field that works pretty well, you might want to try it ;) before declaring it obsolete and exchange it with the yet unproven promises of L4S.

Best Regards
	Sebastian

v2.23.0 | Report a Bug | By Email