Not so quickly extending QUIC
QUIC is a UDP-based transport protocol that forms the foundation of HTTP/3. It was initially developed at Google in 2012, and became an IETF standard in 2021. Work on the protocol did not stop with its standardization, however. The QUIC Working Group published several follow-up standards. Now, it is working on four more extensions to QUIC intended to patch over various shortcomings in the current protocol — although progress has not been quick.
QUIC serves as a replacement for TCP and TLS with several interesting benefits. Combining the handshakes involved in establishing a connection and encrypting it allows QUIC to reduce the number of round trips required before applications can send data — to zero, in some cases. Combining encryption with the transport layer also allows QUIC to hide details of connections from intermediate routers ("middleboxes"). QUIC also supports sending multiple independent streams over the same underlying connection. This ability is useful for applications like web servers that want to transfer related resources over the same connection without a dropped packet in one stream delaying the rest — a problem with TCP known as head-of-line blocking.
Load balancing
One interesting feature of QUIC is connection migration, which allows computers to seamlessly change IP addresses while maintaining a connection. QUIC packets all contain a connection identifier, which can be used to determine which connection the packet is part of, even if it comes from an unexpected source address. This poses a challenge for load balancers, which usually determine how to forward packets based on the IP addresses and port numbers of the source and destination. The connection ID is one of the few unencrypted parts of a packet — to allow servers to tell what encryption key should be used with a packet — so a QUIC-aware load balancer can use the connection identifier instead, but this interacts poorly with another aspect of QUIC: connection ID rotation.
QUIC permits a server to supply a client with a pool of connection IDs for a
given connection, in order to reduce "linkability
". If a QUIC connection remains
open for a long time — for example because it is being used to place an ongoing
phone call — an attacker could use the connection ID of the packets to track the
user as they move between different networks. To mitigate this, a client that
knows it is about to change networks (for example, because it is about to switch
from a cellular connection to WiFi) can start using a new connection ID from the
pool when it switches. The server, which knows what connection IDs it provided
to the client, can continue serving the connection with no interruption.
Any non-participant in the connection sees the source IP address, port number, and connection ID change simultaneously, making it difficult to recognize the new flow of packets as being part of the same connection. Unfortunately, this includes any load balancers sitting in front of the server, which have no way to recognize that the packets involved ought to be routed to the same server that handled the initial request.
The QUIC Working Group is trying to enhance load balancing with a new standard for securely encoding load balancing information in the connection ID. Servers using this new standard create connection IDs by combining a server ID and a cryptographic nonce, and then encrypt the resulting string using a key shared with the load balancer to produce a connection ID. This key needs to be provided to the server and the load balancer by whoever is configuring the system. When the load balancer receives a packet, it attempts to decrypt the connection ID and then forward the packet to the relevant server. The standard also includes provisions for handling version updates or key migration.
In June 2023, Martin Duke, one of the authors of the new standard,
said that the draft "is mostly ready, but we've put it on ice until it
gets deployed somewhere
". There have been several small changes since that
time, but it is not clear when the draft will be ready to take the next step
toward being an IETF standard: being proposed to the Internet Engineering
Steering Group (IESG) for consideration.
Multipath
There are several areas where TCP still has an advantage over QUIC. One of those is multipath support. Multipath TCP connections can send data on different network paths simultaneously — for example, sending via both WiFi and cellular data — to provide better throughput than either path permits individually.
The in-progress QUIC multipath extension would adapt QUIC's connection-migration mechanism to allow multiple paths to be in use simultaneously. Currently, when a computer starts sending packets for an existing connection on a new path, that's taken as a sign that the previous path ought to be abandoned. If the connection is set up with the enable_multipath option, sending packets on a new path would instead add that path to the connection and permit both to be used simultaneously.
One complication is with network address translation (NAT) rebinding. QUIC identifies paths by the IP addresses and ports of the source and destination. Unfortunately, these parameters are not always stable for a given path. Some routers perform NAT, allowing multiple computers to share a single IP address. When a TCP connection passes through such routers, the router can watch the TCP session establishment, and keep the same external port mapped to the same internal IP address for the duration of the connection.
This approach doesn't work with QUIC for two reasons. Firstly, QUIC is a relatively new protocol, and many existing routers do not have code to handle it. Secondly, QUIC encrypts many details about the connection in order to avoid interference and reduce linkability. This means that NATs need to fall back to the same non-connection-aware approach used for other UDP protocols: establishing a mapping when they see an outbound packet, and then expiring that mapping after a timeout. An overloaded computer, lost packet, or misconfigured NAT can cause that timeout to expire even though there is an active QUIC connection. In turn, this causes the NAT to select a different outgoing port for the next packet, making the path appear to change.
In existing QUIC, the server would consider this to be a connection migration, and continue without problems. With the multipath extension, the server would instead add the new path to the connection, but still send some data on the old path, which would be dropped by the NAT. To overcome this, multipath QUIC requires that clients changing to a new path use a new connection ID, as described above. Therefore, if the server sees a path change with the same connection ID, it can identify the change as a NAT rebinding event and stop sending packets to the old address.
Another concern is packet numbering and encryption. QUIC uses the packet number of each packet in a connection as a cryptographic nonce when encrypting the contents of the packet. But with multiple simultaneous paths in use, packet numbering becomes more complicated. Using a single sequence of packet numbers for all the paths in a connection makes it difficult to tell when a packet has been dropped, or when the packet has simply been sent via another path, making calculating the reliability and congestion of different paths difficult. The authors of the multipath extension chose to simplify implementations by using a separate set of packet numbers for each path in a connection. This in turn requires changes to how packets are encrypted, in order to prevent any nonces from being used multiple times.
There are several other considerations that have needed hammering out in order to ensure that multipath QUIC is viable. The draft has gone through many rounds of revision, and is still under development by the working group. There is a session planned to discuss it in more detail at the upcoming IETF meeting in March.
Acknowledgment frequency
Since QUIC is designed as an alternative to TCP, it needs to take care of data integrity and congestion control itself. To ensure that all sent data is received, both ends of a QUIC connection send acknowledgment messages. Right now, these messages are sent for every second packet. This is a compromise between sending acknowledgments too quickly (wasting resources) and too slowly (preventing the congestion control algorithms from responding promptly to changes in the network).
Unfortunately, not every QUIC connection has equivalent needs. Some asymmetric internet connections have reduced receiving bandwidth when packets are being sent, making acknowledgments more costly. Some devices have constraints on battery power or transmission frequency. Some devices are connected via reliable paths that don't have noticeable jitter or loss. Devices in all of these situations would benefit from sending fewer acknowledgments.
Unfortunately, sending fewer acknowledgments cannot be done unilaterally, because the computer on the other end of the connection will interpret this to mean that the data ought to be retransmitted, or at least that the round-trip time of the path is much worse than it is. Omitting acknowledgments can still work if the other participant in the connection is expecting it, however.
The draft acknowledgment frequency extension allows the participants in a connection to request changes in the acknowledgment mechanism. Systems using the extension can set the maximum number of packets or amount of time that can occur before an acknowledgment is sent.
The extension also adds an IMMEDIATE_ACK message, to explicitly request that the other side of the connection send an acknowledgment upon receipt. A large section of the document is dedicated to detailing when implementations may want to use IMMEDIATE_ACK messages to ensure that delayed acknowledgments don't cause unnecessary slowdowns.
The extension is theoretically ready to move on to the next step of
standardization, because its
last call for comments ended in October 2023 without prompting another revision.
The authors of the extension have not moved forward with the next step in the
IETF's standardization process, however,
prompting Gorry Fairhurst — one of the working group members —
to ask on the mailing list in mid-February "Is this document finished or is it
waiting for action based on issues?
", but there has been no response.
Partial delivery
QUIC allows separate streams multiplexed over the same connection to fail independently — an eventuality that might occur in, for example, a video conference where one participant has problems while others do not. When only one stream experiences a problem, the server can send a RESET_STREAM message to signal to the client that a particular stream was affected. When this happens, QUIC says that the client should discard any data received for that stream so far, and the server should not respond to retransmit requests for the data.
This is a problem for protocols like the draft WebTransport standard, which send some initial data that must be received reliably on a stream, but that still wish to have streams be resettable. The QUIC Working Group is addressing this use case with a draft QUIC extension that defines a RESET_STREAM_AT message. This would allow a server to reset a stream, while specifying that data before a particular offset should still be retained or rerequested if it is lost in transmission.
The draft is nearly ready to be made a published standard, with the last call for comments ending on February 8. The IETF mandates some additional process before the standard is presented to the IESG for potential publication, so it still may be some time before it is adopted.
Conclusion
These potential improvements to QUIC promise to make the protocol more useful and performant, especially for devices with asymmetric or intermittently available links. Unfortunately, progress on these improvements has not exactly been quick. Christian Huitema, a long-time contributor to QUIC, expressed frustration with the working group's progress:
In the old days, the IETF was prone to find a solution that was good enough, ship it, gather experience, and then revise the standard later to fill in the gaps. If we had followed that process, we could probably have published a QUIC Multipath RFC last year, or maybe the year before — the draft 6 was definitely good enough, and the previous draft was probably OK as well. But we have decided instead to discuss all details before approving the draft. The result will probably be better, although gathering experience sooner would also have helped improve quality. In any case, the process is not quick.
It's uncertain how long it will take the IETF to finalize the new standards. In the meantime, QUIC adoption is growing, with support available in one form or another in every major browser. One of the key concerns of QUIC's designers was avoiding protocol ossification, but QUIC's anti-ossification design choices will be of little use if further improvements to the protocol are stymied by the slow-moving nature of the standardization process.
Posted Mar 6, 2024 18:49 UTC (Wed)
by Cyberax (✭ supporter ✭, #52523)
[Link] (11 responses)
Posted Mar 6, 2024 20:07 UTC (Wed)
by josh (subscriber, #17465)
[Link] (7 responses)
Posted Mar 6, 2024 20:13 UTC (Wed)
by Cyberax (✭ supporter ✭, #52523)
[Link] (6 responses)
Right now, QUIC doesn't allow that. You can have multiple server addresses, but once the connection is made, it can't be migrated to another server endpoint. There's also no control of which DNS address should be used for the connection.
Posted Mar 7, 2024 0:07 UTC (Thu)
by kilobyte (subscriber, #108024)
[Link] (5 responses)
Posted Mar 7, 2024 0:14 UTC (Thu)
by Cyberax (✭ supporter ✭, #52523)
[Link] (4 responses)
Posted Mar 7, 2024 8:52 UTC (Thu)
by pomac (subscriber, #94901)
[Link] (2 responses)
Posted Mar 7, 2024 11:08 UTC (Thu)
by intelfx (subscriber, #130118)
[Link] (1 responses)
Incorrect. They both provide similar guarantees to the user. QUIC is not UDP, QUIC is _on top_ of UDP (and even then it’s merely a technicality, QUIC is wrapped in UDP to make it compatible with all the middleboxes).
In nature QUIC is an L4 protocol providing reliable connection-ful communication, just like TCP.
Posted Mar 14, 2024 3:54 UTC (Thu)
by marcH (subscriber, #57642)
[Link]
True but...
> (and even then it’s merely a technicality, QUIC is wrapped in UDP to make it compatible with all the middleboxes).
... that does not imply implementing QUIC on top of UDP was some kind of ugly hack purely to pass middleboxes. UDP was designed to be IP + almost nothing else to give UDP users the freedom to implement "transport" features themselves and that's exactly what QUIC (and other UDP users) do. QUIC does it in a very generic and re-usable way but that does not demonstrate QUIC somehow "misuses" or abuses UDP.
Posted Mar 15, 2024 9:36 UTC (Fri)
by matttbe (guest, #129626)
[Link]
Like with many apps, it is already possible to use SSH with MPTCP thanks to "mptcpize" tool: mptcpize run ssh (...)
The main reason why OpenSSH doesn't support MPTCP is simply because its maintainer doesn't want to support, even if the code has been shared: https://github.com/openssh/openssh-portable/pull/335
SSH in MacOSx does support MPTCP: https://github.com/apple-oss-distributions/OpenSSH/blob/m...
Posted Mar 7, 2024 10:41 UTC (Thu)
by paulj (subscriber, #341)
[Link] (2 responses)
The restriction that path migration can only be initiated by clients seems somewhat artificial to me. Given that both sides have exchanged key material and packets can be strongly authenticated to at least belong to the same peer as the one involved in the initial handshake, I don't see why the RFC says the client should discard server packets from unknown IPs. Particularly given the RFC is explicit that 0-length CIDs (i.e., no "Connection ID", so the src(IP,port)/dst(IP,port) 4-tuple is the ID of the connection used to demux packets and associate to internal QUIC connection structures) can not be expected to work with any kind of path migration. (The whole CID thing in QUIC is a bit of a mess and a wart IMO).
The question of how to allow different IPs for the /initial/ packets - handshake - is a question of rendezvous. And that's somewhat outside the bailiwick of QUIC. You answered the question yourself mostly in another reply - that's down to DNS really. It's not really the place of a transport protocol to try replicate / replace DNS.
That said, other protocols have specified their own IP-independent rendezvous protocols. Like Bittorrent and its magnet links, using P2P distributed hashing schemes. But you can understand why a protocol targeting web use cases (HTTP, RTP, etc.) didn't want to step away from DNS.
Posted Mar 7, 2024 19:33 UTC (Thu)
by Cyberax (✭ supporter ✭, #52523)
[Link] (1 responses)
Well, the passage in the RFC 9000 that specifically prohibits it (9.6):
> Migrating a connection to a new server address mid-connection is not supported by the version of QUIC specified in this document. If a client receives packets from a new server address when the client has not initiated a migration to that address, the client SHOULD discard these packets.
Yes, it's an artificial limitation for no good reason. But that's what we have right now.
Posted Mar 8, 2024 10:24 UTC (Fri)
by paulj (subscriber, #341)
[Link]
Basically, the connection /can/ migrate to another server IP at /any/ point in the connection. It's just limited to that IP being the one in the preferred address option, sent in the initial handshake, because the server may not initiate path probes (it doesn't have additional IPs for the client, for one thing).
However, there is no hard reason in QUIC why path migration could not be done by either side, at any point, if you add an extension that allows for better 2-way address discovery; and/or allows the server to send path probe packets on new IPs and have the client accept them. Indeed, I think I made that modification to a QUIC implementation, in the course of other work (if I didn't, there's no reason I couldn't have anyway - as I had already had to modify the packet->connection association code to be more flexible). ;)
I can see why, for simplicity, they wanted to pin down the server side to the initial IP(s) (the one the client connected to and the preferred address advertised). But there's nothing really fundamental that requires this.
Posted Mar 6, 2024 21:58 UTC (Wed)
by pwfxq (subscriber, #84695)
[Link] (5 responses)
Theory, meet the real world.
Posted Mar 6, 2024 22:36 UTC (Wed)
by josh (subscriber, #17465)
[Link] (2 responses)
Posted Mar 7, 2024 5:02 UTC (Thu)
by buck (subscriber, #55985)
[Link] (1 responses)
Just riffing here, though. I don't know QUIC, i have no idea if it's possible to support in hardware or if that's just anathema to the software-eats-the-world ethos of potential working group sponsors, and hope someday it will appear in a QUIC Illustrated book. Until then I'm grateful to have the author's explanation, as he continues to impress me not only with the range of topics he covers but also with his technical mastery of them coupled with the ability to explain them at just the level of detail that suits me to a T, even when I know nothing, which is some kind of amazing sleight of hand.
Posted Mar 7, 2024 14:37 UTC (Thu)
by daroc (editor, #160859)
[Link]
As for QUIC hardware offload — the working group is actually paying specific attention to that. One of the provisions in the load balancing specification is ensuring that connection IDs which exactly fit into one AES-ECB block are encrypted in a way that should make it easy for hardware to handle the decryption.
Posted Mar 7, 2024 16:39 UTC (Thu)
by Wol (subscriber, #4433)
[Link] (1 responses)
The problem being, in the real world, your typical device abuses that knowledge so much that there's a reason most high level protocols have migrated to running atop http(s), to HIDE that knowledge so intermediate devices can't break them!
All the intermediate device NEEDS to know, is where that packet is headed, and how to get it there.
Cheers,
Posted Mar 7, 2024 17:21 UTC (Thu)
by paulj (subscriber, #341)
[Link]
That said, it is a bit of pain that congestion control state is hidden in QUIC. (The spin bit doesn't really cut it). Network debugging is a lot more difficult. There's a case to be made that the PNO and ACKs should still be in plain text (but still authenticated to prevent modification).
Not so quickly extending QUIC
Not so quickly extending QUIC
Not so quickly extending QUIC
Not so quickly extending QUIC
Not so quickly extending QUIC
Not so quickly extending QUIC
Not so quickly extending QUIC
Not so quickly extending QUIC
Not so quickly extending QUIC
Not so quickly extending QUIC
Not so quickly extending QUIC
Not so quickly extending QUIC
Not so quickly extending QUIC
Not so quickly extending QUIC
Not so quickly extending QUIC
Not so quickly extending QUIC
Not so quickly extending QUIC
Wol
Not so quickly extending QUIC