idnits 2.17.1 draft-krasic-quic-qcram-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 150: '... but the decoder MUST ensure that HB i...' RFC 2119 keyword, line 194: '...f indexed header fields MUST block the...' RFC 2119 keyword, line 201: '...the remainder of the header block MUST...' RFC 2119 keyword, line 214: '...een, the decoder MUST evict all entrie...' RFC 2119 keyword, line 225: '... of thresholding MAY be applied that c...' (4 more instances...) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 3, 2017) is 2458 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 357 -- Possible downref: Non-RFC (?) normative reference: ref. 'QUIC-HTTP' -- Possible downref: Non-RFC (?) normative reference: ref. 'QUIC-TRANSPORT' ** Obsolete normative reference: RFC 7540 (Obsoleted by RFC 9113) Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 QUIC C. Krasic 3 Internet-Draft Google 4 Intended status: Standards Track August 3, 2017 5 Expires: February 4, 2018 7 Header Compression for HTTP over QUIC 8 draft-krasic-quic-qcram-02 10 Abstract 12 The design of the core QUIC transport and the mapping of HTTP 13 semantics over it subsume many HTTP/2 features, prominent among them 14 stream multiplexing and HTTP header compression. A key advantage of 15 the QUIC transport is it provides stream multiplexing free of HoL 16 blocking between streams, while in HTTP/2 multiplexed streams can 17 suffer HoL blocking primarily due to HTTP/2's layering above TCP. 18 However if HPACK is used for header compression, HTTP over QUIC is 19 still vulnerable to HoL blocking, because of how HPACK exploits 20 header redundancies between multiplexed HTTP transactions. This 21 draft defines QCRAM, a variation of HPACK and mechanisms in the QUIC 22 HTTP mapping that allow QUIC implementations the flexibility to avoid 23 header-compression induced HoL blocking. 25 Status of This Memo 27 This Internet-Draft is submitted in full conformance with the 28 provisions of BCP 78 and BCP 79. 30 Internet-Drafts are working documents of the Internet Engineering 31 Task Force (IETF). Note that other groups may also distribute 32 working documents as Internet-Drafts. The list of current Internet- 33 Drafts is at http://datatracker.ietf.org/drafts/current/. 35 Internet-Drafts are draft documents valid for a maximum of six months 36 and may be updated, replaced, or obsoleted by other documents at any 37 time. It is inappropriate to use Internet-Drafts as reference 38 material or to cite them other than as "work in progress." 40 This Internet-Draft will expire on February 4, 2018. 42 Copyright Notice 44 Copyright (c) 2017 IETF Trust and the persons identified as the 45 document authors. All rights reserved. 47 This document is subject to BCP 78 and the IETF Trust's Legal 48 Provisions Relating to IETF Documents 49 (http://trustee.ietf.org/license-info) in effect on the date of 50 publication of this document. Please review these documents 51 carefully, as they describe your rights and restrictions with respect 52 to this document. Code Components extracted from this document must 53 include Simplified BSD License text as described in Section 4.e of 54 the Trust Legal Provisions and are provided without warranty as 55 described in the Simplified BSD License. 57 Table of Contents 59 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 60 2. QCRAM overview . . . . . . . . . . . . . . . . . . . . . . . 3 61 2.1. Example of HoL blocking . . . . . . . . . . . . . . . . . 3 62 2.2. How QCRAM minimizes HoL blocking . . . . . . . . . . . . 3 63 3. HPACK extensions . . . . . . . . . . . . . . . . . . . . . . 4 64 3.1. Header Block Prefix . . . . . . . . . . . . . . . . . . . 4 65 3.2. Hybrid absolute-relative indexing . . . . . . . . . . . . 4 66 3.3. Preventing Eviction Races . . . . . . . . . . . . . . . . 5 67 3.3.1. Blocked Evictions . . . . . . . . . . . . . . . . . . 5 68 3.4. Handling Stream Resets . . . . . . . . . . . . . . . . . 5 69 3.5. Refreshing Entries with Duplication . . . . . . . . . . . 6 70 3.5.1. Mandatory Entry De-duplication . . . . . . . . . . . 6 71 4. Performance considerations . . . . . . . . . . . . . . . . . 6 72 4.1. Speculative table updates . . . . . . . . . . . . . . . . 6 73 4.2. Fixed overhead. . . . . . . . . . . . . . . . . . . . . . 7 74 4.3. Co-ordinated Packetization . . . . . . . . . . . . . . . 7 75 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7 76 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 77 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7 78 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 79 8.1. Normative References . . . . . . . . . . . . . . . . . . 8 80 8.2. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 8 81 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8 83 1. Introduction 85 The QUIC transport protocol was designed from the outset to support 86 HTTP semantics, and its design subsumes most of the features of 87 HTTP/2. Two of those features, stream multiplexing and header 88 compression come into some conflict in QUIC. A key goal of the 89 design of QUIC is to improve stream multiplexing relative to HTTP/2, 90 by eliminating HoL (head of line) blocking that can occur in HTTP/2. 91 HoL blocking can happen because HTTP/2 streams are multiplexed onto a 92 single TCP connection with its in-order semantics. QUIC can maintain 93 independence between streams because it implements core transport 94 functionality in a fully stream-aware manner. However, the HTTP over 95 QUIC mapping is still subject to HoL blocking if HPACK is used 96 directly as in HTTP/2. HPACK exploits multiplexing for greater 97 compression, shrinking the representation of headers that have 98 appeared earlier on the same connection. In the context of QUIC, 99 this imposes a vulnerability to HoL blocking as will be described 100 more below (Section 2.1). 102 QUIC is described in [QUIC-TRANSPORT]. The HTTP over QUIC mapping is 103 described in [QUIC-HTTP]. For a full description of HTTP/2, see 104 [RFC7540]. The description of HPACK is [RFC7541]. 106 2. QCRAM overview 108 Readers may wish to refer to [RFC7541] Section 1.3 to review HPACK 109 terminology, and [QUIC-HTTP], Sections 4 on "HTTP over QUIC stream 110 mapping" and 4.2.1 on "Header Compression". QCRAM extensions to 111 HPACK allow correctness in the presence of out-of-order delivery, 112 with flexibility to balance between resilience against HoL blocking 113 and compression ratio. 115 QCRAM is intended to be a relatively non-intrusive extension to 116 HPACK, an implementation should be easily shared within stacks 117 supporting both HTTP/2 over (TLS+)TCP and HTTP over QUIC. 119 2.1. Example of HoL blocking 121 The following is an example of how HPACK can induce HoL blocking in 122 QUIC. Assume two HTTP message exchange streams "A" and "B", and 123 corresponding header blocks "HA" and "HB". Stream "B" experiences 124 HoL blocking due to "A" as follows: 126 1. HPACK encodes header field "HB[i]" using an index that refers to 127 a table entry that resulted from header field "HA[j]". 129 2. "HA" and "HB" are delivered via distinct packets that are 130 inflight in the same round trip. 132 3. "HB"'s packet is delivered but "HA"'s is dropped. HPACK can not 133 decode "HB" until "HA"'s packet is successfully retransmitted. 135 2.2. How QCRAM minimizes HoL blocking 137 Continuing the example, QCRAM's approach is as follows. 139 1. "HB[i]" will not introduce HoL blocking if "HA[j]" was delivered 140 in a prior round trip. To identify this case, QCRAM assumes that 141 QUIC transport surfaces acknowledgment notifications to the HTTP 142 layer, and that the QCRAM encoder can rely that acknowledged 143 headers have been received by the decoder. 145 2. "HB[i]" may be represented with one of the Literal variants (see 146 [RFC7541] Section 6.2), trading lower compression ratio for HoL 147 resilience. 149 3. "HB[i]" may be represented with an Indexed Representation. This 150 favors compression ratio, but the decoder MUST ensure that HB is 151 not decoded until after HA (see blocking in Section 3.2)). 153 3. HPACK extensions 155 3.1. Header Block Prefix 157 In HEADERS and PUSH_PROMISE frames, HPACK Header data should be 158 prefixed by a pair of integers: "Fill" and the "Evictions". "Fill" 159 is the number of entries in the table, and "Evictions" is the 160 cumulative number entries that have been evicted from the table. 161 Their sum is the cumulative number of entries inserted. Each is 162 encoded as a single HPACK integer (8-bit prefix): 164 0 1 2 3 4 5 6 7 165 +-+-+-+-+-+-+-+-+ 166 |Fill (8+)| 167 +---------------+ 168 |Evictions (8+)| 169 +---------------+ 171 Figure 1: Absolute indexing 173 Section 3.2 describes the role of "Fill" and Section 3.3 covers the 174 role of "Evictions". 176 3.2. Hybrid absolute-relative indexing 178 HPACK indexed entries refer to an entry by its current position in 179 the dynamic table. As Figure 1 of RFC7541 [1] illustrates, newest 180 entries have smallest indices, and oldest entries are evicted first 181 if the table is full. Under this scheme, each insertion to the table 182 causes the index of all existing entries to change (implicitly). 183 Implicit index updates are acceptable for HTTP/2 because TCP is 184 totally ordered, but it is is problematic in the out-of-order context 185 of QUIC. 187 QCRAM uses a hybrid absolute-relative indexing approach. The prefix 188 defined in Section 3.1 is used by the decoder to interpret all 189 subsequent HPACK instructions at absolute positions for indexed 190 lookups and insertions. It is also used for evictions (Section 3.3). 192 As was defined in Section 2.2 case 3, the encoder has the option to 193 select indexed representations that are vulnerable to HoL blocking. 194 Decoder processing of indexed header fields MUST block the 195 encompassing header block if the referenced entry has not been added 196 to the table yet. 198 To protect against buggy or malicious peers, a timer should be used 199 to set an upper bound on such blocking and in treat expiration of the 200 timer as a decoding error. However, if the implementation chooses 201 not to abort the connection, the remainder of the header block MUST 202 be decoded and output discarded. 204 3.3. Preventing Eviction Races 206 Due to out of order arrival, QCRAM's eviction algorithm requires 207 changes (relative to HPACK) to avoid the possibility that an indexed 208 representation is decoded after the referenced entry is already 209 evicted. QCRAM employs a two-phase eviction algorithm, in which the 210 encoder will not evict entries that have outstanding (unacknowledged) 211 references. The QCRAM encoder maintains a counter as entries are 212 evicted, which is the cumulative number of evictions so far, 213 "Evictions" (Section 3.1). On arrival at the decoder, if "Evictions" 214 is higher than previously seen, the decoder MUST evict all entries at 215 or below. Unlike HPACK where the decoder follows the same logic as 216 the encoder to perform evictions, in QCRAM the decoder evicts 217 exclusively based on the encoder's explicit guidance. 219 3.3.1. Blocked Evictions 221 In some cases, the encoder must forgo eviction by selecting a literal 222 representation (blocked eviction), namely in the event that the entry 223 subject to eviction _is_ referenced by one or more unacknowledged 224 header frames. To assure that the blocked eviction case is rare, a 225 form of thresholding MAY be applied that constrains selection of 226 Indexed representations, such that the oldest entries in the dynamic 227 table will largely be evictable. The constraint is applied when 228 encoding header fields: comparing the cumulative position (in bytes) 229 of the matching entry to a threshold, categorizing oldest entries 230 (past threshold) as at-risk. Avoiding references to at-risk entries, 231 the encoder SHOULD use an Indexed-Duplicate representation instead 232 (see Section 3.5). 234 3.4. Handling Stream Resets 236 The QCRAM encoder has the option to select representations that might 237 require blocking (Section 2.2 case 3), but the decoder must be 238 prevented from becoming hung if the stream associated with the 239 referenced entry is reset. On stream reset, the QCRAM encoder MUST 240 check if the stream has unacknowledged headers, and if so resend them 241 on the Control Stream ([QUIC-HTTP] Section 4.1). If header blocks 242 are resent on the control stream, duplicate arrivals are possible due 243 to reset-acknowledgment races. The decoder MUST ignore duplicate 244 header block arrivals, which is straightforward because of 245 unambiguous indexing (see Section 3.2). 247 3.5. Refreshing Entries with Duplication 249 0 1 2 3 4 5 6 7 250 +-+-+-+-+-+-+-+-+ 251 |0|0|1|Index(5+)| 252 +-+-+-+---------+ 254 Figure 2: Indexed Header Field with Duplication 256 _Indexed-Duplicates_ are treated as an Indexed Header Field 257 Representation (see [RFC7541] Section 6.1), additionally inserting a 258 new duplicate entry. [RFC7541] allows duplicate HPACK table entries, 259 that is entries that have the same name and value. 261 _Figure 2 annexes the representation for HPACK Dynamic Table Size 262 Update (see Section 6.3 of RFC7541), which is not supported by HTTP 263 over QUIC._ 265 3.5.1. Mandatory Entry De-duplication 267 To help mitigate memory consumption due to duplicate entries, HPACK 268 for QCRAM is required to de-duplicate strings in the dynamic table. 269 The table insertion logic should check if the new entry matches any 270 existing entries (name and value), and if so, table accounting MUST 271 charge only the overhead portion ([RFC7541] Section 4.1) to the new 272 entry. 274 Specific de-duplication mechanisms are left to implementations, but 275 using a map in conjunction with reference counted pointers to strings 276 would be typical. 278 4. Performance considerations 280 4.1. Speculative table updates 282 Implementations can _speculatively_ send header frames on the HTTP 283 Connection Control Stream. Such headers would not be associated with 284 any HTTP transaction, but could be used strategically to improve 285 performance. For instance, the encoder might decide to _refresh_ by 286 sending Indexed-Duplicate representations for popular header fields 287 (Section 3.1), ensuring they have small indices and hence minimal 288 size on the wire. 290 4.2. Fixed overhead. 292 HPACK defines overhead as 32 bytes ([RFC7541] Section 4.1). QCRAM 293 adds some per-entry state, to track acknowledgment status and 294 eviction rank, and requires mechanisms to de-duplicate strings. A 295 larger value than 32 might be more accurate for QCRAM. 297 4.3. Co-ordinated Packetization 299 In Section 2.2 case 3, an exception exists when the representation of 300 "HA[i]" and "HB[j]" are delivered within the same transport packet. 301 If so, there is no risk of HoL blocking and using an indexed 302 representation is strictly better than using a literal. An 303 implementation could exploit this exception by employing co- 304 ordination between QCRAM compression and QUIC transport 305 packetization. 307 5. Security Considerations 309 TBD. 311 6. IANA Considerations 313 This document currently makes no request of IANA, and might not need 314 to. 316 7. Acknowledgments 318 This draft draws heavily on the text of [RFC7541]. The indirect 319 input of those authors is gratefully acknowledged, as well as ideas 320 from: 322 o Mike Bishop 324 o Patrick McManus 326 o Biren Roy 328 o Alan Frindell 330 o Ian Swett 332 o Ryan Hamilton 334 8. References 336 8.1. Normative References 338 [QUIC-HTTP] 339 Bishop, M., Ed., "Hypertext Transfer Protocol (HTTP) over 340 QUIC", August 2017. 342 [QUIC-TRANSPORT] 343 Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based 344 Multiplexed and Secure Transport", August 2017. 346 [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext 347 Transfer Protocol Version 2 (HTTP/2)", RFC 7540, 348 DOI 10.17487/RFC7540, May 2015, 349 . 351 [RFC7541] Peon, R. and H. Ruellan, "HPACK: Header Compression for 352 HTTP/2", RFC 7541, DOI 10.17487/RFC7541, May 2015, 353 . 355 8.2. URIs 357 [1] https://tools.ietf.org/html/rfc7541#section-2.3.3 359 Author's Address 361 Charles 'Buck' Krasic 362 Google 364 Email: ckrasic@google.com