Network Working Group | M. Kuehlewind |
Internet-Draft | B. Trammell |
Intended status: Informational | ETH Zurich |
Expires: July 15, 2017 | January 11, 2017 |
Applicability and Management of the QUIC Transport Protocol
draft-kuehlewind-quic-appman-00
This document discusses the applicability and manageability of the QUIC transport protocol, focusing on caveats impacting application protocol development and deployment over QUIC, and network operations involving QUIC traffic.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 15, 2017.
Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
QUIC [I-D.ietf-quic-transport] is a new transport protocol currently under development in the IETF quic working group, focusing on support of semantics as needed for HTTP/2 [I-D.ietf-quic-http] such as stream-multiplexing to avoid head-of-line blocking. Based on current deployment practices, QUIC is encapsulated in UDP and encrypted by default. This means the version of QUIC that is currently under development will integrate TLS 1.3 [I-D.ietf-quic-tls] to encrypt all payload data including all header information needed for for stream-multiplexing and most on the other header information. Given QUIC is an end-to-end transport protocol, all information in the protocol header is not meant to be mutable by the network, and will therefore be integrity- protected to the extent possible.
This document serves two purposes:
The words “MUST”, “MUST NOT”, “SHOULD”, and “MAY” are used in this document. It’s not shouting; when they are capitalized, they have the special meaning defined in [RFC2119].
In the following subsections we discuss specific caveats to QUIC’s applicability, and issues that application developers must consider when using QUIC as a transport for their application.
QUIC uses UDP as a substrate for userspace implementation and port numbers for NAT and middlebox traversal. While there is no evidence of widespread, systematic disadvantage of UDP traffic compared to TCP in the Internet [Edeline16], somewhere between three [Trammell16] and five [Swett16] percent of networks simply block UDP traffic. All applications running on top of QUIC must therefore either be prepared to accept connectivity failure on such networks, or be engineered to fall back to TLS, or TLS-equivalent crypto, over TCP. These applications must operate, perhaps with impaired functionality, in the absence of features provided by QUIC not present in TLS over TCP: The most obvious difference is that TCP does not stream multiplexing and there stream multiplex would need to be implemented in the application layer if needed. Further, TCP by default does not support 0-RTT session resumption. TCP Fast Open can be used but might no be supported by the far end or could be blocked on the network path. Note that there is at least evidence of middleboxes blocking SYN data even if TFO was successfully negotiated. Moreover, while encryption (in this case TLS) is inseparable integrated with QUIC, TLS negotiation over TCP can be blocked. In case it is RECOMMENDED to abort the connection.
We hope that the deployment of a proposed standard version of the QUIC protocol will provide an incentive for these networks to permit QUIC traffic. Indeed, the ability to treat QUIC traffic statefully as in Section 3.5 removes one network management incentive to block this traffic.
QUIC provides for 0-RTT connection establishment (see section 3.2 of [I-D.ietf-quic-transport]). However, data in the frames contained in the first packet of a such a connection must be treated specially by the application layer. Since a retransmission of these frames resulting from a lost acknowledgment may cause the data to appear twice, either the application- layer protocol has to be designed such that all such data is treated as idempotent, or there must be some application-layer mechanism for recognizing spuriously retransmitted frame and dropping them.
[EDITOR’S NOTE: discuss defenses against replay attacks using 0-RTT data.]
QUIC’s stream multiplexing feature allows applications to run multiple streams over a single connection, without head-of-line blocking between streams, associated at a point in time with a single five-tuple. Streams are meaningful only to the application; since stream information is carried inside QUIC’s encryption boundary, no information about the stream(s) whose frames are carried by a given packet is visible to the network.
Stream multiplexing is not intended to be used for differentiating streams in terms of network treatment. Application traffic requiring different network treatment should therefore be carried over different five-tuples (i.e. multiple QUIC connections). Given QUIC’s ability to send application data on the first packet of a connection (if a previous connection to the same host has been successfully established to provide the respective credentials), the cost for establishing another connection are extremely low.
[EDITOR’S NOTE: For discussion: If establishing a new connection does not seem to be sufficient, the protocol’s rebinding functionality (see section 3.7 of [I-D.ietf-quic-transport]) could be extended to allow multiple five-tuples to share a connection ID simultaneously, instead of sequentially.]
This section discusses those aspects of the QUIC transport protocol that have an impact on the design and operation of devices that forward QUIC packets. This section is concerned primarily with QUIC’s unencrypted wire image, which we define as the information available in the packet header in each QUIC packet, and the dynamics of that information.
QUIC is a versioned protocol. Everything about the header format can change except the mechanism by which a receiver can determine whether and where a version number is present, and the meaning of the version number field itself.
The rest of this document is concerned with the public header structure of the version of the QUIC transport document that is current as of this writing.
In the current version of the QUIC protocol, the following information are optionally exposed in the QUIC header:
All information in the QUIC header, even if exposed to the network, is integrity protected, therefore a device on the network path MUST not change these information. Altering of header information would fail any integrity check, leading to packet drop at the receiver.
A flow might change one of its IP addresses but keep the same connection ID, as discussed in Section 3.1. [EDITOR’S NOTE: What does that mean for the network, if anything (given the connection ID is only rarely present)?]
Packet numbers are monotonically increasing. Packets containing retransmissions as well as packets containing only control information, such as acknowledgments, will get a new packet numbers. Therefore pure control and retransmission packets are impossible to distinguish on the wire.
While loss detection in QUIC is still based on packet numbers, congestion control by default provides richer information than vanilla TCP does. Especially, QUIC does not rely on duplicated ACKs, making it more tolerant of packet re-ordering.
Stateful network devices such as firewalls use exposed header information to support state setup and tear-down. In-line with [I-D.trammell-plus-statefulness] (which provides a general model for in- network state management), the presence of a Connection ID on QUIC traffic can be used as an association/confirmation signal; QUIC’s public reset may be used as a partial one-way stop signal.
[EDITOR’S NOTE: note public reset changes for state management may be desirable: two-way stop as in [I-D.trammell-plus-statefulness] has nice properties.]
Given packet numbers can be expected to be exposed on most packets (expect public reset but that terminates the connection anyway), packet numbers can be used by the network to measure loss that occurred between the sender and the measurement point in the network. Similarly, out-of-order packets indicate upstream reordering. Unlike with TCP, there is no way to measure downstream loss and RTT passively.
[EDITOR’S NOTE: the addition of a simple packet number echo would allow passive RTT measurement and partial passive downstream loss/reordering measurement. Packet number echo can be sampled at the echo-side (i.e. one-in-N packets or 1/p packets can carry an echo) for efficiency tradeoff, if necessary.]
[EDITOR’S NOTE: in-network devices can inspect and correlate connection IDs for partial tracking of mobility events.]
This document has no actions for IANA.
Especially security- and privacy-relevant applicability and manageability considerations are given in Section 2.2, Section 3.2, and Section 3.3.
This work is partially supported by the European Commission under Horizon 2020 grant agreement no. 688421 Measurement and Architecture for a Middleboxed Internet (MAMI), and by the Swiss State Secretariat for Education, Research, and Innovation under contract no. 15.0268. This support does not imply endorsement.
[I-D.ietf-quic-transport] | Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed and Secure Transport", Internet-Draft draft-ietf-quic-transport-00, November 2016. |
[RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997. |
[Edeline16] | Edeline, K., Kuehlewind, M., Trammell, B., Aben, E. and B. Donnet, "Using UDP for Internet Transport Evolution (arXiv preprint 1612.07816)", December 2016. |
[I-D.ietf-quic-http] | Bishop, M., "Hypertext Transfer Protocol (HTTP) over QUIC", Internet-Draft draft-ietf-quic-http-00, November 2016. |
[I-D.ietf-quic-tls] | Thomson, M. and (. (Unknown), "Using Transport Layer Security (TLS) to Secure QUIC", Internet-Draft draft-ietf-quic-tls-00, November 2016. |
[I-D.trammell-plus-statefulness] | Kuehlewind, M., Trammell, B. and J. Hildebrand, "Transport-Independent Path Layer State Management", Internet-Draft draft-trammell-plus-statefulness-02, December 2016. |
[Swett16] | Swett, I., "QUIC Deployment Experience at Google (IETF96 QUIC BoF presentation)", July 2016. |
[Trammell16] | Trammell, B. and M. Kuehlewind, "Internet Path Transparency Measurements using RIPE Atlas (RIPE72 MAT presentation)", May 2016. |