Join GitHub today
More Connection ID Space #2736
Although it is quite late in the day for this objection, I find that we already bumping up against the limits of the 18 byte connection ID.
Inevitably, this touches on some issues we're exploring in the quic-load-balancers draft, which isn't adopted, and many of you are no doubt happily ignoring.
There are basically three uses of the 144 bits of CID entropy in QUIC-LB:
QUIC-LB is already taking 2 of these last bits for config rotation, which allows server pools to incrementally deploy new CID keys or encoding schemes. So we're down to 14 bits.
The public entropy is useful for a growing pile of trusted hardware devices that are presumably not going to perform CID decryption. On f5 boxes, we have a hardware disaggregator for the many dataplane processors and threads that are operating. Today, we'd use perhaps 8 of the bits, but in future architectures even 14 might not quite be enough.
And now, having chatting with Manasi Deval from Intel after her Prague talk about hardware offload, I'm fairly sure we're going to need 4 to cheaply encode the connection ID length, at least for servers that want to use this service.
If we ever wanted a solution that allowed multiple tiers of load balancing, which is not currently in scope for QUIC-LB, we don't have nearly enough space.
While I think that existing use cases can just barely make do with what we have, it is a bad sign if something in the invariants is already constraining use cases.
Offline in London, we've circulated a number of possible approaches to this, but the first-order discussion is a willingness to reopen the invariants. If so, there are a couple of solutions that won't break existing load balancer deployments.
I'm happy to write a PR if this is the consensus.