IETF Logo Mail Archive

[tsvwg] Not responding to ECN AQMs in the core (was: Related to "Non-L4S traffic abusing the L-queue" discussion during the interim)

Bob Briscoe <ietf@bobbriscoe.net> Thu, 19 May 2022 00:06 UTC

Return-Path: <ietf@bobbriscoe.net>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C0FBC1D34E9; Wed, 18 May 2022 17:06:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=bobbriscoe.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t7TIdpLAAJlN; Wed, 18 May 2022 17:06:24 -0700 (PDT)
Received: from mail-ssdrsserver2.hostinginterface.eu (mail-ssdrsserver2.hostinginterface.eu [185.185.85.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87A75C180A98; Wed, 18 May 2022 17:06:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bobbriscoe.net; s=default; h=In-Reply-To:From:References:Cc:To:Subject: MIME-Version:Date:Message-ID:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=TlqDLfK+sy8AzxJvV8RPndC5CN5PTmVZD/I2m1o4ScQ=; b=3v4IYMBv2AhCYi43OC/RWB41/I MiQMxrdJB5WK5bmrxoLhlgzn4VjX9BWeki9BhtEe4WUkCxFEu/AM3pzwaIV2I+acbhYGlbb8Wd5rm D7SONAPPNypbBXTGz2j2qIoWHUp9U8pyNkUsDJRocKizgdpiI1B1UJ62Y5WvmYztMqCv01W9bgQYS SLok1wzIeEnjsEdNV4OBHoj7XGZwvaJn6an18JKOnCw4e67/HWyYMpLKxf8h7P33UCKZ81bemZoKB ZnjnxCLkJtr0DYiTCWROWd/EvJb6HERWD8BijlYkAktieB0a6b5Hzdql1WV5Cu7vTWsT+g84NV7XJ e9jV1wLA==;
Received: from 67.153.238.178.in-addr.arpa ([178.238.153.67]:48288 helo=[192.168.1.11]) by ssdrsserver2.hostinginterface.eu with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from <ietf@bobbriscoe.net>) id 1nrTgL-0000vf-NV; Thu, 19 May 2022 01:06:18 +0100
Content-Type: multipart/alternative; boundary="------------0IqwBco0If56H04CfCZgyCXr"
Message-ID: <be608850-ba22-9232-488e-de3ed8410b66@bobbriscoe.net>
Date: Thu, 19 May 2022 01:06:18 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1
Content-Language: en-GB
To: Sebastian Moeller <moeller0@gmx.de>
Cc: tsvwg chairs <tsvwg-chairs@ietf.org>, tsvwg IETF list <tsvwg@ietf.org>
References: <AM9PR07MB7313D5AAF6B9D66C74CC35A1B9369@AM9PR07MB7313.eurprd07.prod.outlook.com> <MN2PR19MB40458624D266CDB54009AB19833E9@MN2PR19MB4045.namprd19.prod.outlook.com> <AM9PR07MB731311A9E4532FD501B5D94CB93E9@AM9PR07MB7313.eurprd07.prod.outlook.com> <AC61D119-FE97-4386-8FF0-A7783FA01522@gmx.de> <AM9PR07MB7313C0978D8B8306169409CCB9009@AM9PR07MB7313.eurprd07.prod.outlook.com> <B2CBEFEF-FF1F-45E8-8FE5-247E4BB00623@gmx.de> <d5d87c4c-6f40-c277-2968-0452275be98f@bobbriscoe.net> <CAH8sseS2za1RE5Fo4sp5BVYSV711_rascFosMyOstzw3Y-NKaA@mail.gmail.com> <3f023d33-ab47-b2c3-1477-716d1c337de3@bobbriscoe.net> <CAH8sseTwtzSL0q94twbQf8On8WOi0jRvkigcSc6QMDxnrKNu7A@mail.gmail.com> <7516be91-763f-a578-5035-d5cf7b34c2a0@bobbriscoe.net> <CAH8sseS0-Xn_ahCnLv-gtLOnKPdnhZZcj8nC9KfZ4L4z+O6WNg@mail.gmail.com> <0d3d6784-f9a0-71c0-3079-0fb551a40cb5@bobbriscoe.net> <806b5979-cf1e-3e4c-9cb1-9602d84a417d@bobbriscoe.net> <05DD45D2-74CB-4ADC-8762-8DBA61E10198@gmx.de>
From: Bob Briscoe <ietf@bobbriscoe.net>
In-Reply-To: <05DD45D2-74CB-4ADC-8762-8DBA61E10198@gmx.de>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - ssdrsserver2.hostinginterface.eu
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bobbriscoe.net
X-Get-Message-Sender-Via: ssdrsserver2.hostinginterface.eu: authenticated_id: in@bobbriscoe.net
X-Authenticated-Sender: ssdrsserver2.hostinginterface.eu: in@bobbriscoe.net
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/zBlE6jqPvlRreAim6kDAEy26GYY>
Subject: [tsvwg] Not responding to ECN AQMs in the core (was: Related to "Non-L4S traffic abusing the L-queue" discussion during the interim)
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2022 00:06:29 -0000

Sebastian,

I've changed the subject line, as you've changed the subject away from 
Jonathan's scenario.
See [BB] inline..

On 18/05/2022 14:28, Sebastian Moeller wrote:
> Hi Bob,
>
>
>> On May 18, 2022, at 15:09, Bob Briscoe<ietf@bobbriscoe.net>  wrote:
>>
>> 	But did you test my scenario as well:
>> 1) home internet access link with fixed rate of say 250/40 limiting the maximum rate of a sender to 250
> 2) TCP flows with correct drop response but with an "artificial" (as in not actively negotiated between the endpoints) ECT(1) marking,
> 	so the flow(s) will respond to drop but will ignore CE-marks (after all the endpoints did not negotiate ECN usage)
> 	From the perspective of these flows congestion control is clearly not disabled.

[BB] So we're talking about a sender that sets ECT but doesn't respond 
to ECN markings. I don't know why you are so keen to be able to describe 
that as "Congestion control is not disabled," but I'll ignore that 
little quirk, just so we can get to the point...

> 3) traversing a backbone/peering/transit link with an active L4S-AQM where the total capacity is such that 250 is well below the L4S share (as expected from the relative scheduler weights for the two classes) but where the expected capacity of our flows under investigation is << 250 (that is where the operator of the link does not intend to give our flow(s) that much capacity).

[BB] To repeat what I think you are saying back to you for 
confirmation... I think you mean that other flows are filling the 
peering/etc link such that their throughput << 250Mb/s. But if the flow 
from the ECT1 source that is ignoring CE markings reaches 250Mb/s it 
won't exceed the point where the DualQ's WRR scheduler would limit the 
L4S class as a whole.

[And, just to be totally clear, I'm assuming you mean a DualQ Coupled 
AQM at the peering link (you said L4S-AQM, but the DualQ is not the only 
L4S-AQM).]

> To me it looks like these flows will now get close to 250 Mbps (that is they will be limited by the access links capacity) by ignoring the CE marks and not driving the L-queue or C-queue into overload and will push out other L4S and non-L4S flows to give up capacity. What am I missing here?

[BB] You're not missing anything in theoretical cases....

...except, in practice, network operators size backbone/peering/transit 
links such that under normal traffic conditions they are not the 
bottleneck. Which means that, when they /do/ become the bottleneck 
(which they can when traffic conditions are not normal), any individual 
flow will only have limited scope to outcompete the other flows in that 
core bottleneck before it becomes bottlenecked in its own access again. 
This is why network operators only deploy per-customer schedulers at one 
point for each customer - the access edge of the network. Put the other 
way, this is why network operators are willing to allow sender 
congestion control to share out the capacity of backbone/peering/transit 
links without a per-customer scheduler, even tho senders could disable 
their congestion control.

A numerical example explaining this is given in Appendix D of the tech 
report "Classic ECN AQM Fall-back 
<https://arxiv.org/pdf/1911.00710.pdf>". The appendix is titled "Core or 
Peering Link with Shared-Queue Classic ECN AQM". It goes on to show how 
most networks are designed so that even a core bottleneck caused by two 
anomalies at once gives individual flows little scope for outcompeting 
other flows.

> Mind you the same flow in the C-queue would respond to drops just as expected....

[BB] If the C queue supported RFC3168 ECN, a flow setting ECT0 but not 
responding to CE markings would outcompete other competing flows, 
whether L4S or Classic, just the same.

That's because this isn't an L4S-specific problem...

...If an RFC3168-ECN-capable shared queue is at the 
backbone/peering/transit bottleneck, any flow that sends ECT, but 
doesn't respond to CE markings will take more capacity than all the 
other responsive flows that it competes with (whether they are 
ECN-capable or not). And it would most likely fill its access link 
before driving the ECN AQM into overload (when it would start using drop 
on ECT packets). Again, the protection against extreme advantage here is 
the limited scope for advantage before the users that are taking 
advantage of the situation become bottlenecked by their own access capacity.

> If I understand correctly L4S-AQM at peering or in the backbone is one of the envisioned use-cases, so how is that not a problem, given that it typically should hold that
> edge access capacity << core capacity
> and also
> edge access capacity << transit/peering capacity

[BB] Because, as explained (in particular in the example referenced 
above), networks are sized to limit the scope for outcompeting other 
flows in a core bottleneck before the bottleneck for those flows shifts 
back to their access link.

>
> I think I have asked this question before, but do not remember the answer.
>
> Regards
> 	Sebastian
>
>
> P.S.: This just exposes the optimistic design of trusting an arbitrary marker bit instead instead of classifying flows by observed behavior.

[BB] The scenario you've given is equally applicable to RFC3168 ECN, and 
indeed, it is also applicable to non-ECN scenarios, where a sender does 
not respond to drops. The essence of the advantage is the 
unresponsiveness to congestion signals. And, when the bottleneck is in 
the backbone/peering/transit, the protection of the per-customer 
scheduler in edge access nodes is equally applicable whether the signals 
that are being ignored are L4S ECN, Classic ECN or drop.

You're trying to find scenarios where the DualQ does not become 
overloaded by unresponsive flow(s). In all those cases, responsive flows 
respond to congestion signals (whether ECN or losses) and unresponsive 
flows don't. Then you get unequal flow rates. That's not a new problem, 
it's 'just' the well-known advantage of unresponsiveness, which L4S 
doesn't change. And I've shown how networks are designed to limit the 
impact if it occurs at a backbone node.

It's only when the unresponsive flows drive the responsive flows to 
their minimum that the bottleneck starts to use loss to /shed/ load, 
rather than just to signal to responsive flows. That's why we ensured 
the DualQ detects this shift into overload state and starts dropping ECT 
packets.

-- 
________________________________________________________________
Bob Briscoehttp://bobbriscoe.net/

v2.23.0 | Report a Bug | By Email