Internet Engineering Task Force 113, 21 Mar 2022

Previous Meeting Next Meeting

⏯

youtube image

►

From YouTube: IETF113-MASQUE-20220321-1330

Description

MASQUE meeting session at IETF113
2022/03/21 1330

https://datatracker.ietf.org/meeting/113/proceedings/

A

A

B

I wouldn't necessarily tie all that together, but.

A

A

A

B

B

Good afternoon, everyone and welcome to mask, I will hand it off to the chairs. Now.

C

All right, thank you, david welcome to mask in vienna and or online specifically and online, because please go join the on-site tool if you're in the room and have not yet already.

C

Just a quick reminder that this session is being recorded, we've got a link in this slide or in its equivalent pdf to both the on-site tool and the fully remote video stream.

C

If you do not join the on-site tool, you won't be on the blue sheets, so make sure you do that you can enter the queue in both tools with the raise hand, button and leave it with the lower hand button.

C

If you are on site, make sure that you enter the virtual cue, because that's the only place where we will be dequeuing, someone from, although you will need to get up to speak at the actual physical microphone.

C

If your remote, when your turn comes just press, the microphone button to send audio and press it again to stop sending audio.

C

This is the ietf notewell, especially as it's monday. Please make sure that you've read it recently. These are the terms under which we collaborate here at the ietf.

C

We've got some helpful links to our agenda and other notes in here. This is mostly for the pdf later and our agenda today. First things: first, we need a jabber scribe and a note taker.

C

Somebody willing to volunteer to reflect notes at the in person or virtual mic and or take notes.

C

Thank you. Alan we've got a jabber scribe someone to take some notes.

B

All right, who else can help with minutes here? We need that to get started. People.

B

Thank you all right, martin lucas. Thank you. So much.

C

B

That's martin thank.

C

C

Appreciate that, let's take a quick second to bash the agenda, if anybody would like to reorder or move things around, what we've got up are our main active drafts, so we've got h3 datagrams in connectudp and then, after that we will be doing some ip proxying support and calling it a morning.

C

All right, that means david.

D

All right I'll try to share locally.

C

All right take us away.

B

One second: I'm trying to get the clicky to work.

B

Good afternoon, wow really have to eat this thing good afternoon, vienna and good morning good evening, good middle of the now the entire rest of the world. Thanks for coming to mask so my name is david scanasi and I'm going to be talking about http, datagrams and connect2udp.

B

So, first off quick note about the hackathon. We had a quick table which lars decorated to also make a mask table. This joke never gets old.

B

We didn't quite get interrupt in the room, but we did amusingly with the latest drafts, since they're wire format compatible with the previous ones. uh Assuming you just disabled contacts, uh we already have a drop which I copied the matrix from last time, so we're already in good shape implementation wise, even those those are pretty new, only came out two weeks ago, but let's do a quick recap of where we are um so.

B

The focus of these two drafts is to build connect udp, which is like the http connect method, but for udp instead of tcp.

B

um There is interest in other places to do datagrams as well, so we split into two draft, the first one being http datagrams, which is used, for example in web transport and then the second one being connect udp, which has a dependency on http datagrams.

B

So over the course of the last year and a half we redesigned, I think a total of four or five times I lost count after a while. The core design of this. um So since we were kind of going in circles, we decided to go with another approach. We formed a design team which met a few times and we came out with an output at an interim a few weeks ago and got consensus.

B

So all that was good, that's been merged, and now we have these new drafts, so I'm going to quickly go over what the drafts do right now.

B

So a first part that is in the http datagrams draft is the capsule protocol.

B

So the capsule protocol runs on the data stream, which is what we call the data that goes after the headers, so in http, 2 and http 3. That's the data frames http1 it's after the two new lines after the header block and it's a bidirectional sequence of tlvs, and it's meant to be end to end.

B

If there are any intermediaries in the middle and any method can choose to use it or not, connect udp does, and so that allows it, for example, to um to send datagrams um and there's a little header that we added as well. So you can tell in terminaries uh that the capsule protocol is in use- it's not mandatory, but it exists and intermediaries are able to translate between versions of http like they do for other methods and for http datagrams.

B

The difference between those and the quick datagram frames is that the http datagrams are associated with a currently open, http request stream. So what that means is they're always tied to an open, client-initiated, bidirectional stream, um and so you can still send them kind of think of it as a sidecar, but datagrams don't exist in a vacuum. They're always tied to a request, and so the formatting is there on the right.

B

So when you send a quick frame um that is the quick datagram frame, it has the quarter stream id in it, followed by the http diagram payload. So we divide it by four, because all the client initiate bidirectional stream. Ids are multiples of four and we also introduce a datagram capsule, so capsule being a sequence of tlvs, the t have an inn registry and we define a single one which is which means datagram. So if you receive one of those, it means the same thing as receiving this datagram quick frame and quick.

B

You generally will want to use the um the datagram frame, but if you're using http, 1 or http 2, this allows you to still support things like connect udp over older versions of http and yeah that works for all known versions of http.

B

uh So the the biggest point of contention that we had in http datagrams over the last year and a half was extensibility and demultiplexing and what we had with context. So the consensus that we landed on was to take that out of that http datagramsdraft and put it inside connect2udp.

B

So that means that, for example, for webtransport, it doesn't have this feature because they didn't see a need for it.

B

So when it comes to hdb datagrams we're pretty much done, uh we've resolved all the issues um we'd like to move forward because that unblocks other working groups like web transport- and I think we're ready for working group last call so I'd like to kind of pause here and ask like the chairs what they think or anyone on the floor. If they have thoughts or comments.

B

Not seeing anyone get up in the room chairs, what do you think.

C

I think we're looking pretty good.

C

um I think we'd generally be aiming to initiate a last call for this on the list after this meeting, but that is also a massive thanks to a whole lot of folks who have put a lot of time and effort into this, especially before our previous interim and a lot of that stuff. So a thank you for that, and uh now that the slate is looking pretty clean, um we're probably going to go and start a last call right after this meeting wraps up.

B

Thanks eric, I see maria in the cube.

E

Yeah hi, um is it working here.

B

It's working, but please state your name mia.

E

Coolivin um yeah, I think this looks pretty good, it's pretty clean and it's probably ready, and what I would like to see is have at least one draft that uses the extension and you know think of it a little bit more about if we did it right at the end,.

B

So there is no more extensibility in http datagrams. The extensibility is inside connect2udp. Oh.

E

Sorry, I thought we're talking about both of them. Well,.

B

Right now we're just talking about http.

E

No that's easier. Okay,.

B

Okay, but uh hold that thought I'm gonna keep going then for connect udp um any other thoughts from anyone on http datagrams. Before I switch over to connect udp.

F

C

Sorting out the cue um just wanted to ask: is there anybody who thinks that we should not move hb datagrams forward without connect, udp or anything else, because I think our intent here is to move hp datagrams forward, especially because there's other working groups that are depending on it sooner and then continue to wrap up, connect, udp and then connect ip afterwards.

C

Excellent, I will take that as a resounding silence. Thank you.

G

Awesome all right yep, um so I I definitely think we're ready for working for last call. I would just uh note as hgbis chair that when we send that out, let's also send a note to the http group to also review since there may be some folks in there who haven't been paying super close attention, and it would be great to get their review kind of alongside the rest of working group.

C

Yes, absolutely thank you.

B

Awesome thanks: okay, moving on to connect udp, so connect2dp, it is not an http method. We, it was in the earliest version of the draft and we kind of kept the name, but it is now an http upgrade token.

B

So http upgrade tokens allows you to use a mechanism in http, one called upgrade where you send an upgrade header. With this token. So in this case we picked connect udp and then it replaces the protocol on the wire with something different.

B

So that, in this case, is the capsule protocol in http, 2 and http 3 hp upgrade tokens are used for something called extended, connect where you send a method of connect and a protocol of connect udp- and this is documented for http, 2 and rfc8441, and we have a draft uh for the same thing: http 3 that has already been approved by the asg. So we have a normative dependency on that, but we see this draft as happening before connect2dp anyway, so we don't see a problem there.

B

Then, on the topic of extensibility, we kept the concept of context ids from the previous http datagram drafts and we moved them into connect udp.

B

So if you look at the wire format image here on the right after the quarter stream id, which is part of the http datagram layer, you have a context id also a variant, quick, rfc, 9000 variable length, integers and we define a specific meaning to context id 0, which means udp payload. So every time you see one that has zero. You put that in your udp socket and vice versa.

B

When you receive a packet on that socket, you put it in a datagram and send it back to the client and all other numbers exist for extensibility, and we decided that they are dynamically allocated, which means that each like both the client and the server have a way to generate new numbers that haven't been used before the simplest one. Is you just keep a counter, so you start at two and you return two and then four and then six on the client and same with odd numbers.

B

But we don't mandate exactly how you do that, for example, if some future implementation wants to um reserve the uh low warrant numbers which only take one byte encoding for some things, they can do that and give them out of order. So that's kind of all we do to specify them and uh from the thoughts that we've had for our extensions. This seems to be powerful enough to enable any extension that we thought of, because you can, for example, create an extension that adds information to udp.

B

Let's say ecn bits and just define a new context id for that, or you could define a context id that sends information. That's unrelated to a specific packet. Let's say you received icmp, which is not tied to a udp packet, necessarily.

B

And so we we introduce in this draft the concept of registration, um which means that we, when an endpoint decides okay, I've picked number four and number four means this: that's how it informs the peer of that format of those formats or that format in those semantics, um and we don't specify registration exactly. We say that you can use http headers. We say that you can use new capsules, uh because headers are kind of simpler, you're guaranteed to have them like during the request response cycle.

B

Capsules are more powerful if you need, for example, for something like compression where you don't necessarily know what the value is at the request response time, you can add them later, so you have the option to do both, but we don't define how to do it. We say: okay, we leave this as an exercise for future extensions, and I kind of want to pause on here, because I know some folks had thoughts.

B

My personal preference is to kind of keep it like this. I would keep this rather keep this draft simple and allow us to move it forward more quickly, but I want to pause here and make sure that the working group agrees with that statement.

B

I see ben schwartz in the queue.

B

H

Hi, uh oh boy, echo, that's exciting, so uh yeah, I'm one of the people who has expressed some concern about this.

H

You know I tried to drop a draft that sort of made use of this and found that I ended up writing a lot of boilerplate to explain how this registration and negotiation worked and that I was getting lazy and leaving out parts of it that I thought I could probably get away with not dealing with like deregistration or handling error cases, uh and so I I worry that we're going to end up in a situation where, where we have extensions that all have slightly different ways of registering- and many of them are missing, important error handling and garbage collection, uh cleanup type functions and we don't get as much code reuse as we could.

H

That said, I am okay with this. uh I think that maybe the right approach here is to pretty quickly try to come up with some um extensions that we think really do things right and provide a template that um that, hopefully, subsequent extensions can follow.

B

Thanks ben, that makes sense, uh ted.

D

uh Chad, hardy speaking, I I agree with you that probably you you will have use cases where you want to uh other http, headers or capsules, but I think what you probably should do now is pick the one you think will be the most useful quickly put that in the draft and note in the draft that the other might be defined as a later extension.

D

That means you don't define both paths as a later extension. You end up with something in the in the draft that says this is a mechanism that is known to work with the workout issues.

D

That ben was alluding to so that somebody who wants to say: okay, I'm gonna, I'm gonna, do this with an http header knows how it works, and somebody who decides that they really need a capsule knows that. Well, I need all of the things that are in that plus whatever the capsule needs, um but that also means I'm defining extension as the cost of my going off the base spec. Now um I I would actually say, for the reasons you already elucidated, that htv headers would be the one I would put into the graph.

D

Now, if you are going to put one into the draft- um and I I think functionally you're- not going to be able to put this complexity off long since you're going to want to do this soon, so you might as well tackle it now, you could put it in a different document if that helped you, but I would do it now.

B

Thank you. I, my personal preference is to keep it in a different document, because, oh I see ted gives me a thumbs up, because uh the use case that we have for actually putting this in production doesn't need extensions just yet and it'll be easier to interoperate with folks. If we have a standard for like that, what we need, but having um a draft for this, that we start right away, sounds great to me honestly.

B

um Thank you. Ted uh mike bishop is next.

I

Okay, do I have audio yet.

B

uh We can hear you but you're, very quiet. uh You have to eat the mic.

I

Okay, so I'm going to, I feel somewhat hypocritical, because the h3 draft does kind of say you have to figure it out, but it gives you a suggested mechanism which is sending a setting and defining a setting. As part of your extension, you don't really have settings here, so I'm not sure how you would how you would hand wave this away. I feel like it needs to be defined.

I

It also helped in h3 that we had several extensions that were already in progress when we wrote that.

I

So I think a separate document would be fine, but we do need to start it, and we do need to actually define this and not just leave it for each implement each extension to figure out how they want to build it.

B

Thanks uh so on the topic of you know, like the analogy we've set with settings, um we have an equivalent which is http headers, so, let's say and and you're right there.

B

Maybe in this draft we kind of add a bit of text explaining um that's what you use, but since the capsule protocol is only in use and http datagrams are only in use after the http request and response have been received, you can negotiate any kind of extension by sending them in headers, so that gives us kind of our extensibility joint for negotiation and then the the context id allow the rest thanks mike martin seaman.

J

I'm wondering how extensions compose you've already mentioned, uh ecm bits and in the draft there's a example extension for timestamps, so you would have one context for the ecnbits one context id for timestamps. What happens if I want to send both ecnbits and timestamps? Do I need another context id for that.

B

That's a great question, so when we talked about it, uh that's how you would do composibility of extensions is say. uh If I want to send both uh the ecn bits and the timestamp I define. I use this to be defined negotiation. To say this context. Id means a udp payload with first ecn bits and then the timestamp and then the udp payload uh martin, duke.

K

uh Martin, duke google, as an individual, um so uh like obvi headers, you know requested responses are a pretty obvious extension joint, but I will say the downside of that. Is that you can't um you can't use the extension necessarily in the first flight uh depending on you know the specific extension, if I, if I send a if I want to send a request with this extension negotiation and then immediately send datagrams with this thing, like I don't know the cert that the server can accept them. So it's a downside.

K

It's not a show stopper, but.

B

um So that's a very good question and we actually have a solution to that. I think in the draft and I need to double check that if that's written down or just in the back of my head- but all we need to say is that you drop context ids that you don't know, and so you can, let's say as a client uh yeah. We called this zero rtt extensibility in previous meetings. If anyone remembers, but the idea is, if you want to send something in your first flight, you can like send your.

B

I want to use this extension in the header and in in another header, say context. Id4 means this new extension and then you send a datagram on context id4. If the server supports it, it says with its server response: headers yep. I support this and then it processes the datagram, and if it doesn't that header gets ignored, the datagram gets ignored and it's it's lost. Oh.

K

Sorry, the datagram is ignored. Yes,.

B

And uh but that is a good point, I will double check. It all relies on saying that you just ign silently ignore a context id you don't know just drop them and I need to double check if that's actually in the draft. um If anyone has it open, let me know, but otherwise we should say that.

K

So I mean I guess okay, so I mean the ecn case is the one that that um you know. I certainly have my mind and that certainly sounds fine, but what you're describing is also a an attempt to use. Your rtt essentially gives you a 1rtt penalty, which also is not great um and I'm pointing at problems. Here I don't have a solution, but uh I'd encourage you to like think a little more about if there's some way to like a more robust system for this.

B

So there used to be in the draft, and the kind of consensus of the design team was that this was sort of too complicated, so it was removed and that's kind of we ended up with the current design. I I personally want preferred that feature, but I think I kind of agree in hindsight with the rest of the working group that you know keeping this simple, even though we might have some edge cases like that is probably worth it in the long run.

K

B

Cool eckers in the queue.

L

Yeah I mean on the topic of the hierarchy of sensibility, because I understand the mechanics of information. Oh that's a great thing for you, isn't it I'm just gonna keep talking to your head after afterwards, yeah.

B

um Sorry yeah, I have a really hard time hearing you. Can you speak closer to your microphone? Maybe slow the acoustics aren't great, and it's probably because I'm behind the speakers here.

L

Yeah um hard for me to get much closer without like having my face attached to my camera, um so um on the topic of you know having accessibility in the first flight. um You know, as I understand the mechanics inspiration um you either have to that's great. I have the echo on your title: did you guys echo cancellation.

B

I need to put the microphone down sorry.

L

um Well, it's not helping, um so I understand the mechanics of the xero rtd sensibility here um unless you have mandatory extension, even if these sensors are self-describing, you can't use them guaranteed in the first flight if they're aside might reject it and so as a practical matter, the most you could possibly do is announce them in the first flight and then have and then still have the in your behavior that you described here. um I suppose you could have extension persistent from previous handshakes.

L

The way you are those your rtg features, but I, as far as I can tell physics in the situation just dictate that there's no way to be absolutely sure the attention would be acceptable in the first flight and start using it for anything that is critical path and will cause disaster. If it fails, am I correct about that.

B

um I wouldn't say it's a disaster. If it fails, I would say the datagram gets lost. So if it's something critical, let's say you want to send your quick initial in a udp packet for this, and you want to send it with ecnbits and the server the proxy doesn't support the ecn extension it's going to drop, that datagram, tell you and then you're going to back so you're going to lose a round trip for that connection, establishment and that's pretty bad.

B

So I think in general, probably when we get around to writing the ecn drafts we might say unless you have a reason to know that the proxy supports ecm like you're saying maybe we remember it, I would just like not use it in the first flight because it could cost you a round trip, but the the failure mode is just that datagram gets lost, it doesn't get misparsed.

L

Right, I think you and I are the same nature. What I'm thinking is you can't use extensions for anything where, if it was um where, if it was lost, it would cause good.

B

L

Okay and I think we're on the same page.

B

B

Thank you um all right, um so it sounds like what I'm getting from the room is folks are overall okay in not having this draft define the whole system, but that we should start work on a separate draft to actually define how to do registration, and that sounds great to me uh all right now for everyone's favorite game, let's close some github issues, um so uh one of the things that I didn't discuss too much yet is how you configure clients so for http connect uh like you know, either in the proxy settings of your computer or os or of your browser you put in a proxy host and path, sorry, host and port.

B

um What we do instead for connect udp and the connect ip draft for that matter, copies that as well, is we put in a uri template, and so it's kind of a thing that looks like a uri which has these magic variables target host and target port that anytime, the client wants to do a connect, udp request it swaps them out for the actual host and part that it wants to talk to. uh So here are three examples on the slide. um Uri templates are a little bit complicated.

B

uh We added some text uh pretty recently. I forgot if it got into the last draft two weeks ago, or I think I might have landed that pr uh before after the draft caught off so sorry, I added a paragraph that tightens up the rules on the ui templates, so you can't use some of the really crazy and hard to parse syntax in there, um and I think that makes it a lot more wieldy.

B

However, one thing we thought of was a lot of existing os's have a ui where you can only put in the proxy host input you can't put in a new uri and we kind of probably want to work with those.

B

So the draft defines something called a default uri template, which is, if your ui kind of has this limitation, here's the uri template you should use. So it's pretty simple. You just use the proxy host call in the proxy port and three slashes with the target sword and target post there, um and I think it was eric nygren who filed an issue and saying well, should this use dot well known? um I don't personally care much. Does anyone have opinions on which way we should go here?

B

Do we keep the current one which is short or we do we move it to something a dot? Well known? um I see ben schwartz in the queue go ahead. Ben.

H

Hey, I think that well known, is correct here.

B

Sorry, you see.

H

That again, a bit slower, I think, dot well known, is the correct place for this.

B

Okay, anyone else have opinions.

B

Empty plus ones in the chat, apparently thank you. Okay, uh the one that I put up there dot well known, slash, smash, slash, udp, slash, target host target port. Does that work for everyone.

B

I see rajiv in the queue go ahead.

M

Yes, uh one point that I have is uh in many cases uh a lot of intermediary hosts, um especially proxies and cdns, to have some special handling logic for well-known, which we already use for a number of other protocol uh activities. So do you think this might uh you know be something that interacts badly with existing rule sets around the taught, well-known path.

B

um So I don't know so thanks for your question, I don't know if I have a great intuition for that, um my gut feeling is you probably want well you're going to need some special handling for this path if you're doing connect udp like this is fairly different from most http existing http methods, so probably having that well known, maybe makes that easier. But in our implementation, like we, don't have any specific rules that tie to the well-known prefix so.

M

The problem- maybe some text in the draft around the fact that this might be something that interacts with existing rules and implementers should uh you know, maybe just keep an eye out for such interactions could be part of the draft. Just as a warning to people who are, you know, implementing functionality around.

B

Okay, thank you. Yeah.

M

That makes sense.

B

We can add some uh some text to make sure people don't get it wrong.

B

All right, uh unless anyone objects, I'm gonna write a pr to move to that uh well-known path at the bottom.

B

All right and now for another fun, one um so for http 2 we use extended, connect and the method there is connect for http one we use upgrade um upgrade works in theory uh with any http method um and whatever we put in there doesn't really have semantics, because we could say it's whatever any proxy that correctly implements this spec we'll handle it doesn't matter.

B

We don't get any information out of the method.

B

The draft currently says we should use connect for consistency with what we do for h2 and h3 and eric, I believe, pointed out that um we should use get because that or maybe we can use git because that's more consistent with what websocket uses when it does upgrade, which is kind of the really only widely depe deployed use of connect of upgrade that I am aware of um lucas pointed out on oh yeah.

B

We discussed this at the last itf meeting and kind of the consensus was, let's ask the https working group, so I wrote an email and got zero replies. So clearly they care and lucas pointed out that connect might cause more deployment concerns.

B

So how about we just use, get if anyone.

H

B

Thoughts or opinions please come to the mic.

B

Mt is in the queue go ahead.

N

uh Audio going out everyone, um so it's casual by default, so I think there's the possibility that very stupid cash might accidentally um cash something, but it shouldn't. But I'm gonna be okay as well. Whatever.

B

So sorry, I didn't quite get all that the audio is surprisingly bad from the front here uh you kind of ended with whatever.

N

So I put it in the chat, but if you have a cache that I could get out from.

O

O

So empty said: what about a caching proxy that falsely caches all gets.

B

Caches, I heard hashes. Thank you, okay.

B

This is really terrible.

B

No, that that's that's a that's a real concern.

B

Lucas since you're the one uh who was preferring get to connect you wanna, come say something because it's it's true that get is marked as casual, whereas connect is not.

P

Hello, I'm lucas, can you hear me? Yes? Yes,.

B

P

um I mean the problem would exist for get websocket upgrade then, like I, what I like about using get is the symmetry and the asymmetry between h1 doing what it does and h2 and h3 doing what they do and how it works already for websocket.

P

If we, if we followed this, it would at least at least, if there's caveats drawn out in caches for websocket today, they could still look at the upgrade header, even if they didn't look at the content and just say: oh, you know this isn't cacheable, even though it probably is uh in this. With respect to the connect. You know, the it's connect is just weird and trying to build something new on top of it with 1.1.

P

Doesn't fill me with a lot of confidence if we had to probably again could carve out another caveat for it, but it just seems like I think this or that whatever yeah oh.

B

I'm very much in the whatever camp uh thinking more about caching, um so this is for the case of some box that doesn't support this, so they're, probably gonna send a 404 or some other kind of error if they cache that that's not a problem, because the answer is going to be the same. Every time.

B

Eckers in the queue.

L

I'm just having a little trouble understanding what the scenario in which this needs to be a problem is someone lay it out for me.

B

So the idea is, if you're talking to and granted it's an odd scenario. Let's say you set your proxy settings to, I don't know davidskenazi.com, I don't support connect udp on there. Yet uh the same server runs mask.that's different um and you try to do this. You're gonna get some. You don't want the proxy to catch fire. uh You want it to properly say nope.

B

I don't support this go away and we're trying to think about like in all cases, it's nothing really too bad, but we want to find the least dramatic way for the proxy to fail. I guess.

L

Oh okay, I I feel like my response to this. As to every other concern about proxies, did not speak. This problem is don't do that you don't accidentally get connected to a proxy which has the wrong semantics. You mistyped or you're misconfigured, so I actually do not care the proxy and the process you shouldn't catch fire with any data sent to it.

L

Obviously, but um you know I don't care if it hangs indefinitely um and you have to wait to time it out because, like that's a misconfiguration, so I just I just don't understand how the situation arises. So I don't understand why using kind of.

B

You're right, it's a theoretical concern to some extent, I'm with you. There.

B

M

Q

That was a terrible idea. I apologize everyone.

B

Q

What I was going to say.

B

Is I can't hear you and from the looks on in the room, we can't hear you at all if you could maybe type it in the chat.

M

B

Then someone can come.

M

Can you hear me now is this? Is it better now.

B

Yes, that's much better! Thank you.

M

Okay, great so just moving a little closer to the mic, so I I was just making a point that a lot of uh you know: network transition and edge devices like firewalls or intercepting proxies have traditionally had very different uh conceptions, and uh you know security rules around gets and connects because of the way they've been used. Like you said traditionally, 1.1 and you know, prior connect has always been something that was a tunneling system and it's a very different security handling than any request with the get you know method.

M

So that might also be something that a lot of people have been changing.

M

uh You know because of web socket, but I don't see that having changed uh so much so it might actually make sense for us to stick with connect because that's closer to the kind of uh you know, security handling that people expect around this kind of traffic again, just for just a thought over here.

B

Okay, thank you.

R

uh Eric, I think, is it theoretical. I think what really comes into play is, if you start having um multi um multi-tenant services. So if you have, for example, a cdn node that wants to be handling various things, is it the traditional connect method does not have good um multi-tenancy support and becomes really messy and having the connect method have different semantics between extended connect and non-extended connect, especially in a multi-tenant environment, gets extra messy.

R

I think margin suggestion of post if that works, might also address this well.

B

Oh, my only problem with post is then I can't resolve this with a coin flip anymore. I need a like three-sided dice. um How do people feel about post? That's fine by me, because I'm think I'm very squarely in the eckers camp of this will never happen and at least speaking for myself- and I think quite a few others we're never going to actually implement this over h1 we're going to use h2.

B

We have to implement h2, because some networks block udp and quick and h3, but h2 or h1, is inside tls, so, like the only place where this will probably be used over h1 is inside someone's network between their front end and their back end and if they're implementing this they're going to fix their network to their firewalls to make it work. So I really don't care about the answer. Let's just pick one. um Does anyone object to post.

L

Yet again seems gross.

L

That was my objection to get too.

L

I guess I don't understand eric, I mean I don't like love connect, but I don't understand eric's point about why.

B

um So the I I think it comes down to someone who wants to deploy this on some back end when they have like some appliance in the middle like a firewall or something that's going to treat it weirdly, and I think that's where the fears come from, um like I think um I'm I'm not entirely sure to be honest, um empty.

N

Oh good job, um so I think the key here is that, as soon as you upgrade header on the request, it doesn't know what the method is. What we've heard from people is, if you happen to use connect in combination with upgrade, they don't know what will happen as in if things might explode.

N

So I'm happy to avoid correct, uh but then and look at the look at just anything else.

B

uh Okay, well, we have someone who wants connect and someone who wants anything but connect. This is going great um mike bishop.

I

um So I think the the issue with connect is that http handles connect very weirdly. Basically anything else.

I

The method points to a resource connect points to the target, and so what eric was alluding to is something we talked about in hgv before, and I think here before that it might be nice if there were a different method that was connect like but are good at extended connect.

I

However, I feel like if finding a new method might be a challenge here, and it might be a bigger fight than the mass working group wants to take on. If we have to do a hack of combined boost is a reasonable hack.

I

If we want something, that's not a hack, I think we define a new method.

B

Okay, that is yet another option, thanks uh ben.

H

Ben schwartz, I was going to put in a word for a new method, extended connect. I think the cause of confusion here is that the upgrade path in http is nominally optional for the server.

H

So the the server is always within its rights in principle, to say, never mind your upgrade. I'm going to answer the request as you sent it, and if we send a connect method with a thing that follows it that isn't a host and port, then the the server that tries to do the thought that ignores the upgrade header is faced with a malformed request, which seems kind of ugly.

H

So I think that's why people are looking for some kind of method like get or post where at least that would be a well-formed request. Even if it's nonsense, but a new method would let us have you know clear semantics and possibly say something like upgrade: is mandatory with this method.

B

Thanks ben um uh cheers was my mic was before ben, I think yep there we go ecker.

L

Yeah mt persuaded me so I'm I guess I'm fine with anything, but it including non-connect things.

B

Okay, thank you. That's that's helpful, because at the end of the day, a lot of these considerations remember this is upgrade so an http upgrade. You no longer have like the similar things that you would expect from the rules so upgrade like connect or like weird abnormalities in http land- um and you know just thinking about this more like these problems exist for websockets like it's not like days haven't been solved like if someone wants to deploy websocket today, they need to fix this.

B

So if they want to deploy connect, udp just point at oh, the guy next door deployed websocket asked them how they did it. um So, let's make me lean towards there at the end of the day. Honestly, I really don't care as long as we pick one uh lucas.

P

Hello, lucas again, um just I guess, adding more flavor to my um not liking connect. It's that you know the. If you read the spec that defines the connect method, it says this is. This is how you should handle it, and- and this is what you do and if you're a server that doesn't want to do that, then you you don't and you reject it and you might even just say anything that has the connect verb in in this part of the the bytes that form the request.

P

I'm just going to instantly respond with no like this. This doesn't make sense on my deployment, my infrastructure now, if, if you add a well actually, if you add a upgrade header, you need to read that thing and then maybe also look at the contents and maybe decide to do something else.

P

It might be too late for them to even bother wanting to change, but meanwhile they might well already handle websockets and would just take that parsing path and added a new handler for a new value in the upgrade header, and it all makes sense so, just from a purely like, I would need to analyze this and and understand the security considerations.

P

It's it's a no op if you were to use, get because it's already been done for some kinds of deployment.

B

Okay, thank you, yeah, that that sounds sensible to me. uh Tommy.

G

All right yeah, I just got in cued to say that I've been convinced by this discussion that we should just go with get connect clearly as problems and as I mentioned in the chat, I don't think the overhead of trying to use a new method or even using a method other than get which isn't being used with upgrade today is worth the effort. Considering that we don't really expect this http one use case to really ever be used in the wild. um So it's not worth going through allocations or paving new ways for it.

B

Thank you, tommy yeah. I fully agree with uh having less work for the editor, because that's me uh so I'd very happily not create a new method. uh Martin duke.

K

Very briefly, like um I will just like say, get because um of the wisdom of the agents who did it with websockets, and maybe there was a good reason and beyond that. Just like be consistent with the approach we have, but more than that, this is starting to smell like a bike shed. Since everyone agrees, it's a corner case that may never actually come up we're spending an awful lot of time legislating this. Maybe we can take it to the list if there's other stuff.

B

B

uh You are muted, php.

S

No, I'm not muted, I'm on the wrong microphone. We can hear you what we can do, I'm just wondering why you're doing 1.1 at all I mean if you, if you think this is a corner case. You think it's you know. You've got a complicated enough spec already. Why not just get rid of it. If people need to downgrade let them sort it out.

B

um That that's a reasonable point. uh I suggested that a few years ago and we got some pretty like clear working group consensus that we wanted to support h1. uh So we decided to do it, accepting the fact that we didn't want to spend too much time on it.

B

So um what I'm getting from this discussion is that the folks who were against gets seemed to at least some of them seem to have been convinced that get seemed fine and a lot of whatever we don't care. Please move on this hurts and I would like to not have to take out the hat of consensus because that always works, so I'm gonna propose we go with connect. Can anyone like really really not live? Sorry with get with get sorry, whoops.

B

We I'm going to propose that we move forward with get here. Can anyone absolutely not live with that.

B

Okay, then we shall go with get. Thank you very much for our traditional mask bike shed of the of the week and was my next light button, not working so fun. Fact that was the last issue on the connect udp draft. That's why we spent so much time on it, even though it wasn't very interesting, and so this is my favorite slide, because it's fun um we've managed to resolve all remaining open issues on connect udp.

B

Where do we go from here? um I'd be inclined to perhaps also move it to working group last call we're in good shape. We have multiple implementations. This is out in production for some folks.

B

Can we like start that working last call chairs? What do you think.

C

C

No worries uh thinking that a last call is probably appropriate for this as well. Let's try to wrap up kind of the issues that we're resolving here today and get that out for folks to to look at, but I think is you know when we are rapidly approaching the point of having nothing more to do for this one, and it would be good to get that stamped and wrapped up.

B

Yeah, and as with other, like you know, this is part of our process. Working group last call also kind of motivates people to read the drafts and I'm sure they'll come. You know, that'll get a bunch of review, which is also what we need. So I think we're in we're in good shape.

B

Okay, I that was it with my slides and so as we're clearing that out of the working group. I think we can start focusing on connect ip, which, if I understand it, is the next presentation.

B

Thanks everyone for listening.

G

All right, hello, everyone, I'm tommy pauly and I am going to be sharing our other adopted draft, which is connect ip or ip proxy support for http, and this is a collaboration between myself and the folk at google and erickson who had had previous proposals around connect, ap and we had merged the document before, and we have a pretty quick update today.

G

So the main change in the last version of the draft was just to update things to align with the changes that you've already heard about in http datagrams and connect udp.

G

A lot of it is very much mirroring connect udp um as far as how it uses um the datagram formats how it has support for context or extensibility the existing work we had done for the capsules to negotiate uh the different ip address routes and address assignments, not all remained the same as it was before.

G

So we really have two open issues that we want to go through today. That are interesting problems still to solve, and then the other point I'll mention is that we do need more interop testing on this. So far, a lot of the work has been done around basic http datagrams and connect udp.

G

Those as we see are getting pretty mature, and now I think it's going to be useful for implementations who are working on mask to start playing with connect ip and doing interrupt testing.

G

I can say for my own implementation: this is again still a to do to really get ready for interop, but if you're interested in doing that, let's talk collectively about that and prepare for a checkpoint at some interim or at least by the next ietf meeting, so that we can get some good experience with this protocol all right. So, let's dive into those open issues.

G

The main one which is interesting is mtu handling, and this is something that, in general, you have to deal with with encapsulating protocols and proxies to some degree.

G

uh People need to think about it for connect udp, but this is really an interesting problem for connect ip specifically and the problem which uh was raised in an issue that david wrote up, is that you can have cases where you have a small, quick packet size. That is the actual kind of tunnel, and it may be too small to actually hold the minimum mtu.

G

That's required for ipv6, which um you know not only is it annoying to not be able to hold large packets, but it actually becomes a protocol violation or like you essentially, can no longer use this as an effective tunnel for ipv6.

G

So I give two examples here of some of the sizes that you could expect. The first one is, if you're, on a normal 1500 byte mtu link.

G

If you do the calculations and figure out how much room you have, assuming that you have relatively small stream id numbers, etc and packet id numbers, you have plenty of room for a minimum ipv6 packet. You can actually have a pretty large packet going through here um over 1400 bytes.

G

However, if you have the minimum quick packet size, then you are not going to be able to hold the minimum ipv6 packet size inside it, and this is particularly interesting because some quick implementations will start uh with the a minimum packet size and try to explore up, which means that there may be times during your quick connection lifetime in which you aren't going to be able to tunnel certain packets and then later you would be able to.

G

So this is really an open question and I'd love to hear people's opinions. I don't have a particularly strong opinion here of what should we do when we run into this case, um you could have a failure on the request stream, essentially saying if you are trying to do a connect, ip request and you're using ipv6, and the other side knows that it's effective mtu is too small. It will generate an error.

G

You could essentially fail over by saying: if you have these unreliable datagrams going by that won't be able to fit, you could make them reliable by putting them inside datagram capsules and spreading them out over multiple, quick packets, which could have lots of interesting consequences.

G

You could have extra signaling, essentially within the capsule stream, or something else to say: hey, I'm dropping packets or I wasn't able to send packets and then practically. We should probably do this as well as the other things.

G

There should be a recommendation that if you are using a quick connection for connecting ip, you really should be starting it with at least around 1 300 bytes of mtu, starting with the minimum 1200.

G

If you're, trying to use it for a tunnel is not going to be a great idea, and even in cases where today we're using connect ip sorry connect udp with quick, we start with more than 1200 because we want to be able to send large datagrams.

G

So what what do people think? Let's see we have some folks in the queue? Let's start with ben.

H

D

H

We should uh hold on I'm gonna mute the room. I think that the core specification here, the connect ip draft itself, should should essentially note this as a problem.

H

You know be very clear about about the issue here and and essentially note what is required to ensure that the inner stream is ipv6 compliant and not attempt to solve the problem of of stuffing oversized packets in in the case where the mtu doesn't fit. I I do think that we should solve that as a working group, but we should solve that as an extension to connect ip.

G

So, to be clear, like looking at kind of the options here, I kind of interpret that as being like the last one. Just saying you really should have your tunnel be big enough if you want to use ipv6, otherwise, you've done something wrong and you need to figure it out or have an extension.

H

Yeah, that's that's a fair summary. Okay.

G

All right, thank you. Ecker.

G

We could just restrict ourselves ivy.

L

M

L

Seriously, I think again, if you advertise yourself that you're an ipv6 carrying tunnel, then you have to carry um then you have to carry a minimum to use by packets. Everything's, just gonna fall apart, um so um um the um uh so I think that's right. Question number comes and what what do we do? um um You know uh I'm not a huge fan of experimentation. Reassembly. um I I think you know um you know I I'd like to be sure of correction and we actually need that in practice um before before we do it.

L

um So I think really, the question: is you know, um distribution between so between these you know between between these options. You propose right. um The first is kind of like I mean I guess I guess. Maybe you can imagine doing that if you say like well, I can only negotiate 1100, so I'm gonna allow ipv4 and not v6. um It's not like a totally crazy thing to say, um though they're pretty gross um um the um um I. I don't think we should. I don't know the adding capsules is the right answer.

L

um So I think um you know this last point is really an implementation point. um You know, I think I think I guess what I would say is that we should say if someone asks for ipv6 and you can't do you know 1280 and you ought to reject it and then you must reject it and like we strongly advise you to like use it, and and so it's your job, to negotiate up to the right, the right size, whatever that size is, and we strongly advise you to do that by using large initials.

L

But otherwise it's going to take additional round trips. So I think that the only the only mandatory piece is that it is that you must reject if you can't carry the ipv6 minimum, but then some personalize, with strong advice about how to get to the point where you are carrying, where you're able to carry that minimum.

G

Okay, so that sounds like a combination of this first line of you have a description of here's, how you send an error back if you do the wrong thing, but then also focus on the advice of the right way to do it of starting with the larger side. That's my suggestion. Yes great, I like it lorenzo.

F

Hello, um I haven't heard of this ipv4 thing that you're talking about, but uh the uh so I mean, like you, have a problem. If the link that you're running on and has an empty of 1280, because then you're like the.

R

F

Option is just infeasible you, you basically go back to the first one, which I assume is unacceptable.

G

I mean like we need.

F

Something is it. Is it a doubter attack? Is it a downright attack if the if the network, because like the network you're visiting, could be intentionally sending a you know, I don't know right like hey. My network is 1280, so you can't use connect ip on my network, my network, my rules, do you want that? I don't know.

G

Or you can now only access the ipv4 internet through this tunnel.

F

Like I said, I don't want to, I don't know what this ipv4 thing is that you're talking about so yeah.

R

F

I think it's either so you you could have a combination which is basically like. I think I think the last one is good because it's the one with the least complexity, but you have to have.

F

If you don't want to do number one, which I think you you basically is a downgraded attack, then you basically need to have a fallback mechanism, and the question really is like: once you have the fallback mechanism, then why do the? Maybe you can do the fallback mechanism first and use the last one as an optimization? I don't know, but you don't have a good solution either way.

G

Yeah, you know one if I kind of combine the feedback I'm hearing from people you know one option would be that we would. You know.

R

G

Do the last line have a way to fail it, as with the default of this draft does but then to ben's point. You know, allow an extension and another document to describe if you're, in an adversarial situation or if you really need to get this packet through because you're on a tiny link. But you also need to do ipv6.

G

Here's a flag to do something like that number two, but that's going to require a bit more work and analysis of the implication of splitting up packets.

G

M

Look hi guys. Can you hear me.

B

Yeah, okay, so my.

M

D

B

Quiet for the room, if you can speak a bit closer to your microphone again. My point here is.

M

More on the lines of uh you know, we should not be failing any traffic unless it's, uh you know an absolute essential, and there is no way of getting that paper too, especially considering the fact that mpu changes may happen, um there may be an intermediary isp link somewhere that goes down and can be routed to an alternate link that just happens to have a lower um mpu and suddenly I'm in a situation where an existing connection.

M

You know uh it basically ends up getting dropped because of a complete means somewhere that I don't have control okay and it's not happening at the initiation of the connect that I can take off. Am I negotiating an mpu uh with my path to the remote because my path may not be starting, so I think the correct uh handling for this really should be uh allow the connection uh you know where a parked mtu.

M

uh You know, issue crops up, wherein we don't fit in it to allow segments to fragment and reassemble up that opens its whole whole can of worms but probably pair that, along with some sort of error, signaling saying: hey, um your packets are being fragmented. uh Maybe at uh you know, you may even want to put in a hop count or whatever else, but the idea is uh to have the uh stender get some notification that yes, there's fragmentation happening.

M

So therefore, there's a degradation in the performance of uh you know the tunnel, but the tunnel doesn't fail unless you know it absolutely has to.

G

M

And it's up and it's up to the end point to say: okay, if I see fragmentation, maybe I I make a decision as uh one of the tunnel endpoints to drop the tunnel and initiate a new uh negotiation to see. If I can probably get the mtu back up, maybe maybe a new connect, you know, bypasses some connection tracking gets onto a different link. You know cross your fingers and hope, but the point is that uh a running session may degrade because of an mpu uh shrinkage, but it should not fail.

M

You know, that's my opinion on this.

G

One question to you: rajiv: actually before you go, um would you be fine with specifying essentially this fragmentation, reliability behavior as an option or extension that you could essentially say during setup like I support this.

M

That would work that that should work. You know again, you know the question should be. I I believe that um having a flag might be useful. If someone wants to explicitly, you know disable it, but I still believe it should be the default option. Our default should always be try to get the traffic through. uh You know, as best you can.

M

But if someone really wants to ensure a certain level of performance or a certain level of reliability and does not want partial packets and stuff like that, give them the power to turn it off. That's all the more power to the you know, implementer.

G

Yeah, okay, thank you, I'm a bit tempted to say. Instead, you know that it's something that would be an opt-in, but it can actually be an opt-in that would apply. We could also define it for connect udp for cases where you'd have very small mtu's there and you need to fragment data.

M

Anywhere with similar behavior, this makes sense. Okay,.

G

Thank you all right, mike.

I

Of the opinion that we should try and get it through, it seems like if you're already, building on top of capsules and http datagrams, then having a datagram capsule is a relatively small vist. I may be mistaken about that.

I

um So I would think the simplest path is to say that your connection should have a large enough datagram or a large enough yeah mtu to be able to carry these without using um a capsule.

I

But if you need to then use stuff in a capsule and keep going.

N

G

B

David gennazi, google, um my thinking here, is that a network with an mtu kind of that that low is for the outer one is kind of barked right um and we know how to handle those networks uh that are borked another example of a borked network. It's one that doesn't allow udp. uh When that happened, we switched to connect ap over http 2..

B

So I like that last approach of saying you know if you want to do ipv6 over connect ip yeah just have initials big enough that if the network is worked, we don't use it that way, and that's just really simple in practice. That's what I think I'll implement and everyone's happy, uh like figuring out other things seemed like really complex and given how much time we spend on simple issues, I'm terrified at the idea of how much time we'd send on complex ones. So let's keep it simple.

G

Cool uh gory, and if people as they're done being in the queue could remove themselves from the queue that'd be great.

T

All right gory, I'm just joining the queue, um the okay, so we went through this when we did dplp mtud, which wasn't kind of trivial, because there was lots of these cases, and this is that final case of what do you do when it doesn't work? So, let's.

R

T

Back to the beginning, I think the last bullet here is the right thing to do. You know just send a big packet across it and see if it works of the right size.

T

Yeah I mean, if you need a few extra bites check it out, make it work right if you, if it doesn't work what what the heck do you do I mean: do you want to fragment and reassemble here and then somebody tries dplp pmtud over the top and tries to figure out the fact that it's not broken, and then you get kind of brokenness twice or I don't know so, there's a warning kind of like don't do this at multiple levels.

T

Second thing: the third thing is, um as you go down these numbers, especially with ipv4 and udp you're, going to hit barriers. So if the path changes, it will change that mtu. If you start getting uh into the bigger numbers, so you've got a problem there as well. The past might not stop working later on, so we have to detect that somehow and if detecting it simply means it doesn't stops working then maybe that's a good signal to the app.

T

So maybe simple is okay.

G

Yeah that you may need to close your stream if your mtu drops yeah.

T

Yeah, you have to figure out lack of connectivity and just close the stream.

G

K

Yeah all right, martin, duke google, um as an individual, uh so this strikes me is like not a new problem. I mean ipv6 or ipv6 tunnels have it and I'm not like an interior guy at all, but presumably there's some sort of received wisdom on how to handle this sort of case, and maybe we should maybe we should take it. um Secondly, like this, certainly quite a cute connect ip. This also exists, I think is somebody already said: connect udp and um I'm I'm.

K

I know we just closed connect udp but like if, if there's something we decide, we should do here. Like uh I mean we could have a reference which would be sad or we could just like cut and paste the text or something. But um this is not just a connect, udp problem or connect ip problem. Rather thanks.

G

um What one comment I would have about solutions at other layers of tunneling is you know there is something we need to do here, just because with a connect, ip request stream, it is a bit more stateful as a proxy here, and we do need to just know. How do we spell the semantics of the error handling in http right.

Q

B

Can I just jump in as co-author um to answer martin. This problem is specific to connect ip in the sense that ipv6 has a minimum mtu of 1280.

B

for connect, udp, that's not necessarily the case, um and so for those you can still have things be functional right.

K

Yeah for certain use cases, but like, for instance, if it's an ipv6 only proxy. uh You obviously have this problem and of course you know, as you know, with quick.

B

K

B

Know so I like that, if it's ipv6 only where, underneath or inside the tunnel inside the tunnel, that only applies to connect ip.

G

I I it's just so it may be a clear and cleaner example would be a a network that only lets you do 1200 by quick packets and then the connect udp you're trying to do over. That is itself to a quick server, and then you wouldn't be able to get the minimum quick packet size.

K

Yeah, that's the simplest example I'll try and generalize it, but, as I think about it, maybe that doesn't work but nevertheless yeah so clearly they connect udp use cases where it's just plain old gdp running like tiny little packets and you don't care, but um there's still a problem here as we're looking here to all tunnels. When you know sometimes the tunnel will break your.

R

K

Because of packet size.

E

Mia coolevin, um I would like to at least see or work on a solution that uses capsules. We have these capsules, we have this reliable streams and just putting some ip packets on that doesn't mean that it's ip fragmentation for me. I think it should just work. I don't think it's as complicated as we think, and if it's easy, we should do it.

N

Okay, thank you.

G

F

Lorenzo again, I'm going to disagree with myself. um I think that uh everything.

G

Should be ipv4.

F

Yeah, um I I think yeah we have this problem. I think we have this problem with connect udp, unless you want to go into like saying that udp is a stream. I don't really know if it is, I think it probably isn't.

F

um So what I would say actually is um the last one okay, so the last one is like all of these are more complex than just to fail, but if it's, unless failing in any situation, is acceptable, then we need to then simplifying the implementation means only sporting one way to do it and that basically means number two actually so basically like.

F

If you're implementing you want it to work the same way all the time, regardless of what happens to you and so like rajiv's point earlier, was like yeah, the network can send you a packet too big at any time, and now the ip stack is obliged to send a smaller packet. What do you do to that connect? Udp? Do you fail it suppose? You return an error to the to the app, but that's that's also pretty bad right. It's kind of even like a denial of service vector right.

F

So at that point you know, I think something. Basically, I I I'm going to display my ignorance here. I don't know why the the capsule must be reliable. You know, can you make it like? Is that the problem.

G

So the way the way a capsule works is that these are it's essentially it's a way to put your datagram on the uh this, the quick stream on the http stream, that is, the reliable stream because you're not able to send it within one packet. So you have to send it across multiple.

F

Right, so you see so it forces you to enable retransmission.

F

Is that the problem yeah.

G

F

And there's no there's no way to make it like unreliable.

G

Just to put a fragmentation, you could you will you could introduce fragmentation right like you, you could have like a separate fragmentation mode of putting it through unreliable in that that's its own. Can of forms.

F

I I guess I would say like whatever we do, however, we do it, it should be the same thing all the time. Yeah.

J

F

Implementation, simplicity, otherwise you end up with these dark corner cases that, like you, only happen sometimes, and you get consider ip fragmentation. It's like the the boon for security research is everywhere. You know as soon as you.

R

Look at it there's.

F

A bunch of like you know, corner cases overlapping. You know negative lengths, so I think you know might as well just do it all the time, basically fragments everything all the time. As long as you can get the.

G

F

Overhead to minimal, then I think you're, okay,.

G

I mean the benefit of putting it over a capsule is even though you have the extra re-transmission, it's extremely simple, and it doesn't have all the caveats that fragmentation would yeah ecker.

L

Yeah, I'm like super yeah about putting it over a little bit more reliable um that changes the entire conduction dynamics once you accept it like. We took the packets now um now you've dual conditioning hole made out, so that seems like extraordinarily undesirable, um unnecessarily reduction, control for google engine systems now right. um um This is sort of an issue for udp, as people are saying, but every mvp system I know um either either assumes a minimum I mean so.

L

First of all, like um you know, people don't build gdp systems to play, work or ipv6, um because that would be silly and so um so every udp system that I'm familiar with has to be able to handle. um You know packet sizes that um that go down the ball because you have to like uh still I mean, or you have to just say, I'm going to fail over. I can people people small ipv4 links right um so like. If you look like these, you see a lot handshake.

L

For instance, it's willing to negotiate download below below a thousand um the um I'm gonna say if you, if you don't do that, you're like operating at like you know, risk of life. The thing that's not working in general, right, um um the I mean, I'm I'm not on the long run, fragmentation it's my knowledge. The problems of fragmentation are largely um due to attempts to do um passive packet inspection by um by stateful ip inspectors um and that and because we're encrypting things- that's largely not the case here.

L

um So I'm I'm most concerned about that. um I guess I would also observe that, like this is putting them in castles in fragmentation. It's like this is a different form of fragmentation that treats them in infrastructure. I mean it's inherent in a quick stuff in any kind of like any kind of system that breaks them, puts it back together again whether it has retransmission or not.

R

L

Is like a form of fragmentation, so I don't really understand why one would think that, like it'd be substantially better to have like a reliable, like you know, I mean in fact there's no data loss, um you know fragmentation and, um and- and- and uh you know we just really might reach this mission- identify behaviors right.

L

So um if I think the question we have to ask is: can the system ship at all without having some mechanism for handling in this case, um and I think the question and then the question becomes, I think you know how bad is it um you know so, as we've already just described it's possible to discover um at the beginning whether your path handles this um and the question becomes. Can your path shift in a way that you do not have you no.

R

L

Handle them to you and does that cause like some sort of goofy um goofy problems right. um You know I think mt was worried about that. um I'm perhaps lost worried about it. um You know my instinct, I think, would be to say: let's try feeling about this and I see if people encounter problems and if they do.

L

We can always add a mechanism for doing this, um but I think if we think we have to do something, then we should just do we just need to do a fabrication, reassembly system because, like it's like yeah, because.

G

It's the minimum change. So what one is.

L

G

I'm getting a lot of echo ah the the case of doing fragmentation over capsules, which I fully agree is fragmentation. It's just like fragmentation with re-transmissions is essentially the exact same behavior that you would have in the case that david mentioned of. If I start big and I have to fall back, I'm falling back to http, 2 and http 2 for connect ip only ever sends them over reliable capsules.

G

So to that end, I could argue that, if I'm having to deal with a world where I have to, I have a fallback to h2, I already need to handle the performance characteristics and everything else of going over reliable captions. That is a reality that we have to deal with.

L

Well, I think, with the argument. I guess you could. I get a fair enough, although I think I turn the argument around and say, if you're going to bother to absorb the pain of like having his wrist and logic um in this case, why not just use h2? um I guess one question. One question I think um you know it's like we're worth asking about, uh I mean is, um you know, um is let's distinguish between detection, and you know I mean it's like I guess like for one of your taxes.

L

What does this actually look like? So so I think um you know um so so so you see so someone says you. A packet looks like at the bear, which is at the very limit before and now and now. For some reason, books of the past shift is no longer it's bollard or limited right, and so packing gets wrapped along the wire somewhere right.

L

um You know induces a should be a quick packet right um and, um and so, um and so so I mean just to recap what I'm saying you think the mtu that you're running over is 1300, but actually it's going down to 12.95 right, and so you send a packet, that's 1297 and it gets dropped right um and so now so so um you know uh so so now what right? um You know um you know uh so so you have to detect that case and you have to fall back to small.

L

You have to know to do something right and that thing now something is either start fragmenting packets or start tearing things down right, um and um I guess so. Let's start with that question is how do you take that case and the way you detect?

L

That case is by repeatedly not getting acts or packets right at the bare limit right and so, um um um and unless you want to do some sort of goofy gtossy thing like somebody gtls does, um is you know when it starts it like says like well started, like you know at like 1280 and said like two or three times, and then it wouldn't work. That's too big!

L

Let's start backing off, that's like not really acceptable, behavior like an ordinary system right and so, um and- and so I just don't understand like like it seems to me like that- um that that you're gonna you're gonna encounter like four or five round trip times before you realize that you have to start fragmenting or doing some other thing right and at that point like what is that really the behavior we wanted would be better to say like it's going to fail, the connection is not tearing things down.

L

So I guess I guess I guess I'm talking myself back into like. I think we should just like fail because, like I think that the situation otherwise is going to be an enormous other time to respond and the response is going to be kind of a pain, yes, um and by the time you already lost a lot of packets right, I mean you may not have lost actually, but you've lost them operationally.

G

All right, thank you. Mario.

E

Yeah me again, um so I think there are possibilities to use unreliable, datagrams and define a context or whatever, where you have like a dependency between different datagrams, and you can only develop them if you have them all or whatever. That is possible, but I think that would definitely be an extension. We have reliable capsules here. I.

R

E

Easy to use, I don't see a benefit from falling back to h2 instead, rather than falling back to capsules, or at least trying to find a solution to fall back to capsules. I think that's a tricky part like when you fall back, but capsules are easy to use and give us what we need.

G

I agree it's very equivalent to falling back to h2, except you just don't have to now bring up an h2 connection to do it. um Okay,.

N

M

That keeps our implementation simpler.

M

Possibility like eric mentioned, of using a two or a three or even a five round trip time, uh michael just figuring out that you need to start enabling fragmentation all that we're.

M

The applications that are using this uh tunnel that now have to understand and deal with the fact that a tunnel that I thought I had set up is basically going to vanish.

M

uh You know out of the blue, because if some network change it has nothing to do with either of the endpoints right so, which means I probably have no visibility on when a tunnel may completely just rip out and die under me and uh all the uh you know, error handling, p, connect all that logic now has to be borne by the application end of things. Okay, so uh you know, while it might be interesting to target simplicity here, there should be some level.

M

uh You know of understanding that if we make it too simple we're not just we're not simplifying the entire solution, we're only simplifying our piece of it and pushing the complexity somewhere else.

M

Yeah, so just that point that I wanted to make over there thank.

G

You thank you and we have lorenzo again.

F

Yeah, just uh just always do everything in capsules, I mean um there's not even a problem traditionally, if you retransmit something reliable, you have like a compounded re-transmits, but if you you know, unless you have like really really really aggressive timers above you, the app will just see no loss and it won't retransmit it's a simpler code path. It runs it's the same all the time, it's the same as udp, probably simplify the implementation and it'll work all the time and again, like the reduce point as well like.

F

If you, if you fail it, uh you can't just fail at the big and you have to fail in the middle and you you basically are introducing the the possibility. The app will see an error halfway through just when it happens to send a large packet or whatever or if the routing changes it's super unfriendly to the app and it like increases the complexity of the overall system right it should. I think it should just work all the time which means yeah. Just just do the same thing. All the time put them in capsules,.

L

Okay, sorry, but I feel like after nothing like that that doesn't solve the problem, because the problem is discovering when you have to think more datagrams, and so just putting them in the capsules. Isn't enough in the answer you need an answer for when, for when the quick connection decides, it has to do with duty discovery or something to go back to our datagram, and so I can kill someone personally, I feel like like this is not like the app.

G

Right I mean you could certainly do something where you know, like let's say I'm doing, quick migration and, like I know I changed mtu and like the tunnel has like a very clear event. Then you could easily say: okay, now I'm going to switch um but yeah it's it's the things that a quick implementation wouldn't.

L

Right, I guess all this thing is like we designed quick right. Quick was designed like quick was designed like. Basically, the assumptions can use for h3 and like h3 like the world, is pretty simple.

L

Like uh you know, if things that don't work, it's like, like you, just tear the connection down and start over again right and like so you know we made it made hand waving it's not about having it work for things that weren't h3, but like we were willing to like accept this kind of failure mode, maybe three, because it didn't matter that much and I guess what I'm saying is if the the argument we're offering is that um the argument here is that we don't want people to take weird mid-connection hiccups right, um then we actually need to find an algorithm to not resolve your connection, real new connection, hiccups and merely saying some of our capitals does not accomplish that, because you're still going to take multiple run trip times before you recover enough to send things in the smaller, the smaller datagrams that they actually actually traverse the network and so like.

L

I think so. I think like if people want to go that route like we need a complete answer.

L

That answer has to like just prescribe enough of an algorithm that, like under unknown topology shifts, which is the alleged problem here, um that you apologize you're, not not aware of um that you still recover properly, because if the answer is like it's no apology shifts just do pmg discovery at that point and if and and if like and then turn the connections down, if you don't, if you don't use these requirements right so um so I think it has to be unknown to politicians and it has to be fast.

L

Otherwise, like someone just took four on trip times and like not how you're happy about that, and- and I know about like and the rediscovery I mean, the retracement timers on, like retired timers- are pretty fast like on these end points um once you have established the run trip time so, like you know, so, if we're going to take, you know if we're going to take four rtt's to discover this, like the other side, is going to return that time period. Yeah.

G

Okay, I think we have drained the queue um we don't have consensus, but we do have a lot of good input. So thank you for all of that. I think it's a very useful discussion, um there's a lot of good stuff on the chat too. So hopefully we have uh the notes that we can go back to in the video we can go back to and we can come up with a proposal for next time and hopefully also we can have implementation experience and actually try some of this out.

G

The one other issue um is related. um It's a broader question about error handling. um What do you do if you receive a packet um in your http datagram? That is something that you will refuse to route.

G

So let's say you set up with your capsules, a very specific route or a limited route, um and now the other side starts sending with an invalid source address that you didn't assign to it an invalid destination. That's not routable, for you.

G

Essentially, you have the options of you can just silently drop it. You can try to drop it and send something back as ip packets within this tunnel as icmp or you can use something at the http layer to send the capsule or close the stream, or do something um kind of at that h3 or h2 level.

G

Do people have opinions on this.

N

M

Here would be to stick with option two uh that most closely mimics what an application would otherwise have seen or if it was communicating on a pair network.

M

So you would expect them to already have the to handle stuff like that and deal with that, and that also, you know, brings out the possibility that you know, especially in case of a property which is not directly application.

M

uh In terms of understanding this natural syndrome, translating it into something that you can in turn communicate to the app so this way you know everything just goes as it could on any other network.

G

All right, thank you. Corey.

T

Hi corey first um two icmps are kind of nice, um peter.

B

Can you speak closer to the mic? Please no.

T

I I can re, do the mic there we go.

T

um Two icmp messages are particularly nice ptb if you translate it correctly, so that when it comes out it's the the quoted payload is actually the one you want to respond to, so it can be verified rather than just a random ptb of the outer tunnel and ttl, because then you can, as an operator kind of debug and figure out what happened with that tunnel and without it, tunnels become very difficult to understand, and this is like a tunnel other stuff, I'm not really so sure about, because I don't know what to do with it.

T

So I'll also be my two recommendations: okay,.

G

So again, multiple people speaking up for doing icmp, signaling and making it tunnel friendly miriam.

E

Sorry, just a clarification: where do you send the icmp message? Isn't it within the tunnel.

G

Presumably, yes right, so you would send it on that datagram with the with the quarter stream id to say you sent this to me and like no.

E

Yeah, so why I mean like this is not visible to anybody right, so in that case I would rather.

G

E

G

Because but it allows, I think, the the person receiving the icmp to do a very simple thing of you know. Let's say they've implemented their quick stack behind like a virtual interface such so. The application actually doesn't have any idea that it is going through a proxy like it's you're, using it as like a vpn tunnel.

G

At that point, if you reinject the icmp into the stack, it could look to the application like they were on this virtual network. They get the icp that they would expect based on the packet that they think they formed um and still generate.

E

An icp message locally, if you really need it.

G

Right so it's yeah at that point, it's a question of: does the server have to do it or does the client side have to do it.

E

It seems like a dependency to a different protocol which is not necessary to me.

B

David I'll, just since I'm next in queue go from here, so I'm lazy, um the!

B

What we're building here is sure a virtual tunnel, but at the end of the day what it is is an ip link and the internet protocol uses icmp when something goes sideways, and so in a way we don't need any normative text here like if, like the two sides of a connect, ip tunnel are ip routers and those are very well defined components in the ip spec and if a router doesn't want to forward something because of its policy because of its mtu, because of anything it fancies, the spec says you send icmp.

B

So that's like what it comes down to. We don't need to invent anything. We don't need to really say anything, perhaps having some implementation guidance of saying by the way. This is how this is done.

B

Like you know, if your stack, pops out an icmp packet, don't freak out seems useful, but like we don't need to design anything new using a capsule or something we already have this in the ip specs.

E

Yeah me again, I agree to that like if we, if you want to use icmp, we maybe give a recommendation, but we don't have to say much because that's like not our business, um I I wonder if there's any benefit of silently dropped because, like silently drop, seems to be an option when there is kind of a security risk or attack risk or whatever. I don't think, that's something we have in this tunnel.

E

So I think it's better to be explicit than being implicit, making sure that the other end know it knows what's happening there and if we really want to make sure that the other end knows what's happening there. We should have a feedback mechanism within our protocol.

B

Well, we already do and that's icmp: why do we need something additional.

G

I think she's just commenting on the option, one that option one is bad.

B

Well, that's fair, but we shouldn't preclude it. I mean just like for ip routers. There are many different cases where you don't necessarily want to signal. Let's say you're under load. um So, like you know giving guidance seems reasonable to me, but at the end of the day, we're sitting on the shoulders of many hundreds of pages of ip specs no need to reinvent those.

E

Yes, if, if you have a have a reason, that's covered by icmp to drop it, you can use icmp. We don't have to care about it's, not our business if you actually drop it, because um that's not what you requested in in the connect request and like I'm, providing you a connect service and I'm I'm believe that, like you're, not doing what what you asked me to do or like what I'm providing to you. Maybe it's good to say this explicitly.

P

B

I agree with that. That sounds like useful guidance.

N

M

You second, what maria just said that uh silently dropping in this particular context, is probably something that would strongly advise the key uh you know in our text.

M

Either in terms of trying to protect the network integrity under either attack or high load solutions, um you know that makes a lot of sense, but in the context of a tunnel environment which we are talking about, this is a much more. uh You know collective use case of general-purpose ip routing uh stuff. You you've actually got an environment where you have a stable endpoint at both ends. Okay and uh you've already negotiated some amount of you know, connection semantics before you've started traffic at this point deciding to silently drop smash.

M

After doing that seems, quite uh you know troublesome for the remote, so I guess that you should always have a mechanism where uh a styling drop should not be allowed unless, in extreme conditions,.

I

G

B

We're not hearing you in the room either philip.

G

L

So I was struck by what david did three minutes ago about standing on hundreds, if not thousands, of pages of rfcs, um and you know it seems to me that this this is an aspect of mask okay like essentially like every other teleporter built and um and and as martin said, it's like, I think her mother, like I guess, I'm really hoping that we can like you know um that we can uh uh like draw no other documents to behave.

L

The way that, whatever those other documents saying you want to do says you want to do um so. I guess I would I would I would kind of like to um so I'm in particular, say invalid source requests like. Why isn't this just like you know, addressable for like ordinary ip address, folder right, um so um you know it's pc, 56 right um so, like um you know why can't we just say behave whatever that has to do so. um You know.

L

um Can we maybe just focus this on topics which are distinct to mask if there are any going to behave, those in chain and just find those behaviors and for everything else, just punt to like whatever the 16 rfc say to do, I mean require some research, um um but you know um but but like that seems like better than trying to like you know, derive a lot from first principles again.

K

uh Martin, duke google, uh so it.

K

Like I guess I don't understand, I mean I went back and looked at the draft just now, and I guess I don't understand the case where we should, where the client could legitimately send a packet with an invalid sorcerer destination, address right, because those things are specified through the capsules or the host request.

G

So right so let's say you: do you do a capsule negotiation? You say the other side says you can send from this source address and you can send to these addresses, but the content of my datagram is a full ip packet, and so I can put bad ip addresses in it.

G

Yes, clearly it's physically.

K

Possible for them to send everything, but that is like great. I.

G

Violate what you told me, I could do yeah.

K

Well, like I mean close, the stream like if people people are are ignoring what the proxy told them to do, then I mean, I think that's I mean quick is a different layer, but in quick like any time you you violated the spec, we just we just kill you and I think that seems totally appropriate. Here I mean icmp is a different world.

K

Where you know you don't have these pre-negotiated things or the the context for icmp is a network a wild west where, like you, don't really know where the pact came from and- and you don't know, what's authorized and what's not but like here, all this stuff is pre-negotiated. The client is authenticated if the client's misbehaving just kill the kill, the stream, if not the connection.

G

I mean there are certainly other cases where you are. You know the other side knows what you're assigned like an ipsec tunnel can assign you something, but also your router will know what addresses you can send from um that they've registered. So there are other cases where you could receive icmp errors.

G

That are equivalent.

K

Fair enough, okay, I mean, like my my argument for, like a general ip case may or may not be 100 correct, but I think the point stands that I I don't. I don't see the downside to just killing the stream.

E

Yeah, actually, if, um if the source address is wrong, there is another option which means would you would be glass just rewriting it silently without letting the endpoint know, um I'm yeah and.

R

Maybe we should.

E

Just not um specify it in a way that this option isn't allowed. I mean it's not necessary recommendation, but in some cases it might be useful and then it would.

G

Only work, if you have a single address, assigned yeah.

E

uh And then the um other option, the other point is: when you have the destination address, that's not allowed in that case, actually just dropping. It might be an option, because that would be the usual behavior. You expect right if a point, if an endpoint is not reachable, you might not get a reply.

E

um However, I think it would be nice to at least have some kind of singing mechanism to tell the other endpoint that something went wrong.

O

Can I uh relay from jabba.

G

O

uh Philip says: inventing a new mechanism makes the world, especially in regulated environments, more complicated, so icmp inside the channel is a good guidance still if we want to signal bad behavior with respect to the tunnel configuration sending the error as a capsule as a protocol, error makes sense and turn it into an icmp on the client side. Make sense.

M

G

That's good feedback.

G

L

So much time sympathetic to connection if people behave wrong. um I think that's a mistake in this case because um uh imagine the case where you have um the version of connect type, basically, two networks together um then.

K

L

While having like any any misbehaving device that which I assure you there are many potentially quite connection, be torn down um yeah, so that's like um you know um in particular, um you know um you know in an imagination where you're actually proxying like like a customer network, and you know- and now you have like thousands of devices, that you don't control and then one of them delicious or non maliciously generates a focus. Ip and the whole thing is torn down.

L

That just doesn't like it's going to have all situations, so um I don't think I think again. This is like some situation where we're standing on the shoulders of giants and we ought to like steal from those giants, and we know how to like. I mean like this. This is like building a transit network so like she behaves the same, but that same one.

L

So I I don't think um I think it's I think you know it's one thing to think like if this is like the version where it's like the customer vpn, in which case I could agree with like martin but like the customer bps are generating bogus things. You know because he's like going and going to euro netflix, then maybe you can tear him down, um but I just don't think I think that they're all matter.

K

I'll concede the point.

G

G

All right, I think, we've trained the queue. um So those are our two open issues, lots of discussion. Thank you, everyone. um The only other thing is if you're interested in doing interop and testing. Let us know these are some of the things we need to work through and we'll see you next time.

C

Right, thank you folks, extra thanks to our note takers and jabber scribes, and we have now come to the end of our agenda. I think we're looking to do some extra interop, as tommy noted, for connect ip as well as folding, in some progress on those issues and with that. Thank you all.

B

Thanks everyone.

A

A

A

A