[tsvwg] L4S re-ordering considered harmful? (VPN edition)
Sebastian Moeller <moeller0@gmx.de> Mon, 03 May 2021 07:44 UTC
Return-Path: <moeller0@gmx.de>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8A693A0E84 for <tsvwg@ietfa.amsl.com>; Mon, 3 May 2021 00:44:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Level:
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bbtJmNAYj0D9 for <tsvwg@ietfa.amsl.com>; Mon, 3 May 2021 00:43:58 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDA233A0E83 for <tsvwg@ietf.org>; Mon, 3 May 2021 00:43:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1620027835; bh=wWbVrWSq8DDNLuFDZZ30MA3NFnoxY0o8UHvS2yrU8Fs=; h=X-UI-Sender-Class:From:Subject:Date:To; b=DJ3tXS3iVaUzcqDVOSUDgExa3Pti4EnBdXnRQjvsPHVttfsHcAzpd/p/BvWoz8FZz ey3zIDzKvw1txrqGYEFEI46gWq6saBh8k8Nztc8X+fasX1wB17ApkF3YqOnPXOtzej snDpehOPiZLoVpM1z16cstXqIestTI3cJiYZul/4=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.250.105] ([134.76.241.253]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MK3Rs-1lrHpl0WWE-00LXb4 for <tsvwg@ietf.org>; Mon, 03 May 2021 09:43:55 +0200
From: Sebastian Moeller <moeller0@gmx.de>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.20\))
Message-Id: <0FE23D63-AFC9-4347-ABAD-03949A2F1F2F@gmx.de>
Date: Mon, 03 May 2021 09:43:54 +0200
To: TSVWG <tsvwg@ietf.org>
X-Mailer: Apple Mail (2.3445.104.20)
X-Provags-ID: V03:K1:IA2y/0xfJ9pv0y+XVaMi9l3m/n2SfCIZK4w0h+UxYR/UA6ipFzs hheAu0qYGX5PPlyCXqRE9/uX413/Xdcr9IEjzbGUQd9aubDf1YS+fhklIuSm+ChE1IPbIQP 2kWRN3vNzHpnhjlPTRAHBrRcFwf39R2ayxdMnAGtRvs6jlhaT+VG2Nab713CuSfiQkiAwkk 3Vp7RAaAp5AoA2pmMXyVw==
X-UI-Out-Filterresults: notjunk:1;V03:K0:2BNqz+890kA=:PwLcwdwJpSo3GHwD4IHuay 508W7GqDUNzb3OqK6Gy4fOW6txtO3Xz/JpZRqGd4SI6F2jnLPYAGPjOJR3P3xyjrmlutmKe/C fLXn6egxuM/33upF5dxa3OS9r5vjYBDV9KV1W6KMRCF45iypJh0iCT3RDfbyWy4KRKx+D3JhO CsjjbYSAghr8YDkn2X9yYp6nManu9HpFvGmZ6+yVgkWPG45aIFPThH2LVuuVFlHjXw2DwLuo2 VLRT0dSdQdoCiITjG5o+yen+FOPI1KGWxpcbAwNZaYq6FvcQWyZgqn4k8XqB72wSZ/4WXQPKq dZKzu5PJ75ujQA6WUyl3+mJf4ZaXOJhgsMkJUliiJJJBgyQq+4dEkkQjRABB5ahKnS7b6qwCn Mw/nsKBxxPc/buR2X3ofNrszUN7BBCKYGVUsVnvdsaNoLqvSqGY+YTzk8v8pOkTXD2yf9ESjB qd5SDstGPjBKrVxD+gh4ygXNU5x8JofLO26W5Lqq/cQcK7mu3p6zy3zBrpHYyf3rq3Enp3bR5 cgJqHR1/9lTpG8Edm9xsUY8wOr7CQElfsmQoMdR/SffhhFk4j7/E2Y6z/bz7HRRMl9V9YipWJ dWE0T3HqfZ8W+YR8u96cAyKnpPgyeXDNnE10IprJ+qNoHs/robfFGJEqVNMhQLoqyM2jzkeC2 JqpK9YJmhDEJQHmh7snVwJQod/50olzxqRcKeQOdslzwPiDAu7QDiPLRD8FjttRDyLzizBcO1 XPEEAGwf4NHKEtTeGT/PQPaMGnb5rdKzbx+M74lEPn25RlWo/LrMsrrnsWnB5EIT3XJzeVaAC pRSqtz8R62auCl08RPdPdQbhH43+pdphefC1/K8SF34jifYgK9l7aBtqennlVUIRo460vzamd yjMWr8Es51y1B0YuB/F77amOMfrSMYCL/jiKGgdRLwlmWxBG1g2AH2bkUvBHsBgqxNqA6AGOk 4bQecq5Fv28di9yjpSjv+4oVhhLPH1YbP94U5RSYm07JH0BnaEvxssX7AwMeDOaR1qyd0jvQ1 JwSJkZTi7I/gW+fGKseFJlOgm7eVtQGrAVr9oj9XrZ/cQDICQy9iD3JaTOKAnYLP7+whThFgK WM6X6qsivP7b1GlQ9XeRHNQme9ynUEukgk80HV4AwqTJ39rU7XpjEWMYIKjcYkbhGqMqlFgXA 4B3YmUrD/eibBhp9RwS/Me8Mn4DI6H12q/hx+ADzT1gA3wJ/0jmeqrCmLvpQfsmbpyqYs=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/rZPPVFnTjF3VfGGe7o_4TygmzQ0>
Subject: [tsvwg] L4S re-ordering considered harmful? (VPN edition)
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 May 2021 07:44:03 -0000
Dear All, we had a few discussions in the past about L4S' dual queue design and the consequences of packets of a single flow being accidentally steered into the wrong queue. So far we mostly discussed the consequence of steering all packets marked CE into the LL-queue (and https://datatracker.ietf.org/doc/html/draft-ietf-tsvwg-ecn-l4s-id-14#appendix-B.1 Risk of reordering Classic CE packets: only discusses this point); there the argument is, that this condition should be rare and should also be relative benign, as an occasional packet to early should not trigger the 3 DupACK mechanism. While I would liked to see hard data confirming the two hypothesis, let's accept that argument for the time being. BUT, there is a traffic class that is actually sensitive to packets arriving out-of-order and too early: VPNs. Most VPNs try to secure against replay attacks by maintaining a replay window and only accept packets that fall within that window. Now, as far as I can see, most replay window algorithms use a bounded window and use the highest received sequence number to set the "head" of the window and hence will trigger replay attack mitigation, if the too-early-packets move the replay window forward such that "in-order-packets" from the shorter queue fall behind the replay window. Wireguard is an example of a modern VPN affected by this issue, since it supports ECN and propagates ECN bits between inner and outer headers on en- and decapsulation. I can see two conditions that trigger this: a) the arguably relatively rare case of an already CE-marked packet hitting an L4S AQM (but we have no real number on the likelihood of that happening) b) the arguably more and more common situation (if L4S actually succeeds in the field) of an ECT(1) sub-flow zipping past ECT(0)/NotECT sub-flows (all within the same tunnel outer flow) I note that neither single-queue rfc3168 or FQ AQMs (rfc3168 or not) are affected by that issue since they do not cause similar re-ordering. QUESTIONS @ALL: 1) Are we all happy with that and do we consider this to be acceptable collateral damage? 2) If yes, should the L4S OPs draft contain text to recommend end-points how to cope with that new situation? If yes, how? Available options are IMHO to eschew the use of ECN on tunnels, or to recommend increased replay window sizes, but with a Gigabit link and L4S classic target of around 20ms, we would need to recommend a repay window of: >= ((1000^3 [b/s]) / (1538 [B/packet] * 8 [b/B])) * (20[ms]/1000[ms]) = 1625.48764629 [packets] or with a power of two algorithm 2048, which is quite a bit larger than the old default of 64... But what if the L4s AQM is located on a back-bone link with considerably higher bandwidth, like 10 Gbps or even 100 Gbps? IMHO a replay window of 1625 * 100 = 162500 seems a bit excessive Also the following text in https://datatracker.ietf.org/doc/html/draft-ietf-tsvwg-ecn-l4s-id-14#appendix-A.1.7 " Should work in tunnels: Unlike Diffserv, ECN is defined to always work across tunnels. This scheme works within a tunnel that propagates the ECN field in any of the variant ways it has been defined, from the year 2001 [RFC3168] onwards. However, it is likely that some tunnels still do not implement ECN propagation at all." Seems like it could need additions to reflect the just described new issue. Best Regards Sebastian
- [tsvwg] L4S re-ordering considered harmful? (VPN … Sebastian Moeller