From a5241b69840374b9aa510061dc2a06f02575101c Mon Sep 17 00:00:00 2001 From: mirjak Date: Thu, 13 Feb 2020 16:11:58 +0100 Subject: [PATCH 1/4] Add handling of all packets marked as CE This is actually a behaviour that has been observed a few time on the Internet. In TCP this case is encounter as ECN will be disabled if the SYN is CE marked (as the SYN should always be Not-ECT these days). I just realised that this validation is rather easy to detect if any Not-ECT have been sent, I think it would be good to mention is explicitly. --- draft-ietf-quic-transport.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 92a6072f0d..8e0df161c4 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -3517,6 +3517,13 @@ use the following steps on receiving an ACK frame to validate ECN. corresponding ECT codepoint that are newly acknowledged in this ACK frame. This step detects any erroneous network remarking from ECT(0) to ECT(1) (or vice versa). + +Another special case is when all packets are indicatd as CE marked, +independtly of the initial codepode used, including Not-ECT. In this case +it could be a network element overwriting the ECN field of all packets and +thereby potentially concealing actual congestion information. Especially, +when it is recognized that Not-ECT packets get remarked to CE, ECN marking +should be disabled and any received CE feedback should be treated with caution. Processing ECN counts out of order can result in validation failure. An endpoint SHOULD NOT perform this validation if this ACK frame does not advance From 4112f50a3c530a47bfded1eeaaf71943be2ed204 Mon Sep 17 00:00:00 2001 From: mirjak Date: Fri, 14 Feb 2020 11:35:58 +0100 Subject: [PATCH 2/4] Update draft-ietf-quic-transport.md Co-Authored-By: Martin Thomson --- draft-ietf-quic-transport.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 8e0df161c4..bc0c393d8d 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -3518,7 +3518,7 @@ use the following steps on receiving an ACK frame to validate ECN. This step detects any erroneous network remarking from ECT(0) to ECT(1) (or vice versa). -Another special case is when all packets are indicatd as CE marked, +Another special case is when all packets are marked ECN-CE, independtly of the initial codepode used, including Not-ECT. In this case it could be a network element overwriting the ECN field of all packets and thereby potentially concealing actual congestion information. Especially, From d6ca8a869a454d1cc434904f5bf93cd69195c341 Mon Sep 17 00:00:00 2001 From: mirjak Date: Fri, 14 Feb 2020 11:36:10 +0100 Subject: [PATCH 3/4] Update draft-ietf-quic-transport.md Co-Authored-By: Martin Thomson --- draft-ietf-quic-transport.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index bc0c393d8d..4f52d3b519 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -3519,7 +3519,7 @@ use the following steps on receiving an ACK frame to validate ECN. vice versa). Another special case is when all packets are marked ECN-CE, -independtly of the initial codepode used, including Not-ECT. In this case +independent of the marking used, including Not-ECT. In this case it could be a network element overwriting the ECN field of all packets and thereby potentially concealing actual congestion information. Especially, when it is recognized that Not-ECT packets get remarked to CE, ECN marking From 4886482ddea3d3fc25269f1731f3d0e1d2afdaff Mon Sep 17 00:00:00 2001 From: mirjak Date: Mon, 17 Feb 2020 12:30:11 +0100 Subject: [PATCH 4/4] Update draft-ietf-quic-transport.md --- draft-ietf-quic-transport.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/draft-ietf-quic-transport.md b/draft-ietf-quic-transport.md index 4f52d3b519..1e00b64623 100644 --- a/draft-ietf-quic-transport.md +++ b/draft-ietf-quic-transport.md @@ -3518,12 +3518,12 @@ use the following steps on receiving an ACK frame to validate ECN. This step detects any erroneous network remarking from ECT(0) to ECT(1) (or vice versa). -Another special case is when all packets are marked ECN-CE, -independent of the marking used, including Not-ECT. In this case -it could be a network element overwriting the ECN field of all packets and -thereby potentially concealing actual congestion information. Especially, -when it is recognized that Not-ECT packets get remarked to CE, ECN marking -should be disabled and any received CE feedback should be treated with caution. +Another special case is when all packets are marked ECN-CE, independent of the +marking used, including Not-ECT.If this is caused by a network element +erroneously overwriting the ECN code point field, it will also conceal actual +congestion information. Therefore, if a peer indicates that all received packets +are ECN-CE marked, endpoints MAY treat this as an ECN validation failure and +ignore any ECN-CE counts in acknowledgments. Processing ECN counts out of order can result in validation failure. An endpoint SHOULD NOT perform this validation if this ACK frame does not advance