Taking Google's QUIC For a Test Drive

agizis writes "Google presented their new QUIC (Quick UDP Internet Connections) protocol to the IETF yesterday as a future replacement for TCP. It was discussed here when it was originally announced, but now there's real working code. How fast is it really? We wanted to know, so we dug in and benchmarked QUIC at different bandwidths, latencies and reliability levels (test code included, of course), and ran our results by the QUIC team."

Fuck you, site.

Javascript required to view *static* content?

No.

Learn how to write a webpage properly.

Re:Fuck you, site.

Yeah I like how it teases you first with the content THEN disappears...

Re:Fuck you, site.

[GameboyRMH]

Fun trick: Copy the address into your URL bar, hit enter and then very quickly hit Escape.

Javascript isn't technically required to view the page (as shitty as that would be). They're just being dicks.

Re:Fuck you, site.

[Derek+Pomery]

Heh. I was trying to read this from work 'cause, well, it is exactly the sort of work relevant stuff it is worth checking out.
Stupid firewall here was stupid and blocked their site (as instant messaging or some other stupidity). No prob, I switch to ssh + tmux + w3m (where I have like 30 tabs open) and open it. Aaaaand hit their lame redirect. Luckily, hitting back was sufficient to solve that in w3m.

Re:Fuck you, site.

LOL.

Re:Fuck you, site.

Completely agreed.

Another way to get around this besides the quick esc-hitting is to install https://addons.mozilla.org/en-US/firefox/addon/requestpolicy/

Re:Fuck you, site.

Slashdot, news for luddites...

Re:Fuck you, site.

All I get is the article and a notice saying "NoScript blocked a <META> redirect inside a <NOSCRIPT> element: ...", but maybe that's just because I'm using NoScript and RequestPolicy to un-fuck the web.

Re:Fuck you, site.

[Cajun+Hell]

It looks like they know how to do it, and are just actively hostile:

<noscript>
<meta http-equiv="refresh" content="0; url=/no-javascript/" />
</noscript>

The content is really on the page; they just added it a little more to it (went to extra trouble!), to make their site fail.

I guess browsers need "pay attention to refresh" to become an opt-in option.

Re:Fuck you, site.

[kwark]

"I guess browsers need "pay attention to refresh" to become an opt-in option."

If you have noscript installed it is optional, can't remember if I disabled the noscript html element or that is the default

Re:Fuck you, site.

You're going to be a *very* unhappy camper in the next couple of years. Frontend frameworks that render views entirely in javascript are beginning to become popular, and search engines are becoming better at indexing sites using such methods. I've never understood people who disable javascript by default. Almost nothing works without it. Take off the tinfoil hat and enable javascript.

Re:Fuck you, site.

[Zaelath]

Says the ad agency shill?

It's not broken...

[Joining+Yet+Again]

...but Google said something.

Let's fix it!

Re:It's not broken...

[ThatsMyNick]

It is broken. Google just made a bad solution. Doesnt mean the problem doesnt exist.

Re:It's not broken...

TCP is far from not broken. TCP for modern uses is hacks upon hacks at best. Everyone knows this.

The problem is coming to an agreement as to what is the best way to get away from this to optimize things best.
SPDY worked fairly well, god knows what is happening there. It helped fix a lot of lag and could cut down some requests by more than half with very little effort on part of the developers or delivery mechanisms.
This... yeah not sure what is happening there either.

TCP is far from useful. It is terrible for most things in fact. It is sadly all we have because we got used to it. Just like we got used to using paper instead of computers. So much for the future.
TCPs abuse is on levels worse than the web being used to deliver the internet through it instead of the web being another service on top of the internet like it originally was.
Both are huge problems that won't be fixed overnight. And both are problems that do need serious fixing as bloat is constantly increasing every 2years in service deployment. It is a headache for us developers and a headache for the network guys even more so. My poor friend, I feel bad for the things I do to him.

Re:It's not broken...

It IS broken in some ways, just read the bechmark link ... Google hasn't fixed it yet though.

Re:It's not broken...

[golanmachello]

TCP is far from not broken. TCP for modern uses is hacks upon hacks at best. Everyone knows this.

I think most of the people screaming "TCP is broken!" are those with lots of bandwidth who have very specific uses. TCP seems to work quite good for almost everything I have thrown at it. I have a low latency 500kbps down / 64kbps Internet connection and do mostly SSH and HTTP. I am able to saturate my link quite well. I don't know if the QUIC guys are thinking about a significant portion of the population who simply can't get >1.5Mbps connectivity to their homes. In fact their slides seem to indicate they are more wasteful of bandwidth - a risky tradeoff IMHO.

Re:It's not broken...

[profplump]

Actually non-Google studies suggest the SPDY is only marginally helpful in decreasing page load times unless there's aggressive server push of dependent documents AND favorable parameters and network conditions for the underlying TCP connection. For example, SPDY does very poorly on lossy connections, particularly with the default TCP recovery settings. And even server push has problems -- in addition to requiring configuration it bypasses the client cache mechanism, and on low-bandwidth connections the additional data transfer may overwhelm the other savings SPDY.

Don't get me wrong, I think SPDY is a good idea in general. But it's still built on TCP and subject to the limitations thereof. If it were built on a reliable message-passing protocol instead the application layer of SPDY would be significantly simpler and network performance would improve in a number of common cases.

Re:It's not broken...

[profplump]

TCP has limitations even on links like yours. In fact many of the limitations of TCP are worse on lossy, low-bandwidth links than on faster, more reliable ones. And the fact that you can saturate your link is not evidence that TCP isn't slowing you down -- given enough ACKs I can fill any pipe, but that doesn't mean I'm transferring data efficiently.

Also be careful how you characterize "wasteful of bandwidth". For example, a typical TCP over a typical DSL connection would be unusable without the FEC correction provided at the link layer; when tuned correctly that "wasted" bandwidth used for duplicate signaling actually increases throughput significantly by eliminating retransmissions. FEC is actually a very common technique in purpose-built across-a-high-bandwidth-pipe WAN acceleration technology, and can be useful even when your packet loss rate is quite small.

Re:It's not broken...

Oh please that "double" signalling - ie the second layer that provides lossless connection to the application is just going to be pushed up into the application layer. Not saying there's not a different solution there, but don't confuse layer 2 reliability between two points and reliability end to end at layer 4 and above.

Re:It's not broken...

[grmoc]

To be clear, the solution isn't even done being implemented yet-- the project is working towards achieving correctness still, and hasn't gotten there yet. After that part is done, the work on optimization begins.

As it turns out, unsurprisingly, implementing a transport protocol which works reliably over the internet in all conditions isn't trivial!

Re:It's not broken...

[grmoc]

I'd be curious to see that/those study-- can you tell which one/ones it is (so I can go read 'em and fix stuff?)
I thought I was aware of most of the SPDY/HTTP2 studies, but that is becoming more and more difficult these days!

Re:It's not broken...

[grmoc]

Part of the focus is on mobile devices, which often achieve fairly poor throughput, with large jitter and moderate to large RTTs. .. so, yes there is attention to low bandwidth scenarios.
Surprisingly, QUIC can be more efficient given how it packs stuff together, but there this wasn't a primary goal.
Think about second-order effects:
Given current numbers, if FEC is implemented, it is likely that it would reduce the number of bytes actually fed to the network, since you end up sending fewer retransmitted packets than you send FEC packets since the FEC packets allow for any one packet in the range of packets it covers to be reconstructed!

Re:It's not broken...

[Cramer]

"packet loss rate"? That depends entirely on what's causing the loss. If you receive packet 1, then packet 3, and never see any piece of packet 2, unless you've devoted a significant amount of space for FEC (that covers more than just the current packet, i.e. the next packet...) then packets 1 and 3 will not be enough to create packet 2 -- esp. when packets can be variable size. HOWEVER, if you are receiving a partially corrupted packet 2, then any error-correction contained within it may allow it to be fixed. But then, any Network Engineer(tm) will quickly tell you're correcting errors at the wrong place: you are correcting a layer2 or layer1 problem at layer 3. In other words, if you are seeing corrupt IP packets, your network is broken. RF technologies ALREADY implement [F]EC because they are known to be operating over a noisy unstable medium. (ATSC (ota tv), 8VSB (us cable tv), DSL, DOCSIS, 2G, 3G, 4G, DVB-everything, etc., etc., etc. Hell, even FIBER has error-correction, and that's the most stable medium we have.) FEC at layer 3 is, stupid.

Forward error correction, requires foreknowledge of data. In order to send packet 1, I have to already have packet 2, which means a data stream has to be delayed by at least one packet. This works for things like voice and video, because a delay of one small, fixed size frame is unnoticeable by a human. For HTTP, this might work for all but the last packet of a response (with padding), but requests are usually far too small.

Re:It's not broken...

[Cramer]

They're adding error-correction at layer-3+ because they cannot add it to the media layer (i.e. correct a broken/unstable LTE network) where it belongs. They want to pack more data into each packet in the hopes that it's one of the xx% that actually gets through. It may ultimately improve throughput ("goodput") on a broken network, but it's not going to reduce the amount of total traffic -- it will, in fact, increase it, a lot. And it's an increase for *everyone*, *all the time*. (how much "fec" does it take to recreate a 1500byte packet? or 512B? All because your carrier is dropping 5 out of 100 packets. Let's say 33% FEC overhead; that's 133 packets to carry what would otherwise be 100 packets of data. Without FEC, you had to send 105 packets for every 100 packets.)

TCP (esp. HTTP) already does most of what they're recreating in QUIC... encryption: check (SSL), compression: check (deflate), congestion control: long list of CHECK, multiplex stream: check (multicast), FEC: not necessary (and QUIC isn't doing it yet)

Re:It's not broken...

[wolrahnaes]

You are entirely correct, but you seem to have missed the point. FEC at layer 3 is intended to handle the fact that some layer 2 networks are broken or unreliable and neither we users nor Google or any other content provider have any control over that.

Sometimes you're on a 25,000' above-ground DSL line that stretches in the heat of the sun and sends the SNR to hell. Sometimes the WiFi AP is just a bit further away than you'd want. Sometimes you're on a cell phone or other mobile data connection traveling down the highway (as a passenger of course), all the while changing signal conditions force mode changes and sometimes radio changes, not to mention tower handoffs.

In any of those cases think of how frustrating it is when your signal fades and you're stuck waiting as the important document and/or cat video you were downloading gets tossed in to turtle mode by a few lost packets. You have no control over the layer 2 shittiness, be it provider profit calculations or physics getting in the way the choices are either suck it up or deal with it elsewhere. In this case they decided that the latter may be beneficial.

Re:It's not broken...

[grmoc]

I think that you're forgetting that packet loss on a TCP stream incurs a retransmit.
So, when there is 33% loss, you end up sending rexmits with an overhead of 50% (33% of the first 33% lost would also be lost, etc. so the series of sum of (p^i) where p ==1/3 and i goes from 1->infinity converges at 50%)

In any case, you end up with an overhead of packets/bytes on the wire with rexmits as well.

With XOR based FEC, it takes one FEC packet at MTU size to recreate any one lost packet in the range of packets covered by the FEC. This means that, so long as your flow is long enough, FEC becomes potentially superior at recovering data, as the FEC can cover a longer range packets, making multiple-packet-recoveries possible. This really depends on the length of the flow, however, and it is certainly true that FEC by itself is never sufficient.

Comparing the two:
FEC: is good since it has a probability of removing an RTT before the application can interpret the data. It is not as great when one focuses on bandwidth efficiency in a non-loss case. It can potentially do better in terms of bandwidth efficiency than rexmit at higher loss rates since the FEC packet can deal with any one packet being lost within the range.

Rexmit: is good since it uses no additional bandwidth in the no-loss case. It is potentially a fair bit worse when there is loss (the internet seems to average ~1.5% packet loss) in terms of latency for the application, and it isn't great in terms of bandwidth efficiency when loss is occuring.

Both FEC and rexmit seem like reasonable loss recovery mechanisms, each excels at different parts of the curve.

Re:It's not broken...

[Cramer]

No, I didn't. With 100 packets out, 5 drops means 5 more packets have to go out :: 105 packets to carry 100 packets of content. (this assumes an efficient tcp stack that will correctly queue and reassemble out of sequence packets.) Yes, those drops will slow throughput by any annoying amount. However, the alternative, FEC, adds a rather large amount of overhead to every single packet. At one end of the spectrum, this overhead accounts for a large amount of throughput. (eg. on a fairly clean path) At the other end, throughput will be crap - period - because of the extreme high loss rate. In this case, smaller packets would better than a boatload of error correction data. (eg, DSL interleaved mode)

first impression

[watcher-rv4]

Right now, seems that QUIC is not that quic.

Re:first impression

[bprodoehl]

Yeah, with the current state of the code, and for the scenarios we tested, that's about right. Google's big focus is on doing a better job of multiplexing streams and reducing the amount of round-trips required to establish the connection and stuff. So our test scenario, of pulling down a 10MB psuedorandom file, is a scenario that's near and dear to our hearts, but isn't at the top of Google's TODO. I suspect that flipping on forward error correction is a simple thing, and changing the maximum congestion window size to better overcome the Long Fat Network problem shouldn't be too bad, either.

Re:first impression

[plover]

Is Google's focus on making serving up the traffic more efficient? Obviously if it improves the client experience it's a win, but I would imagine they'd be more invested in a way to pump 2,000 QUIC streams out of a box that can only handle 1,000 TCP/HTTP streams today.

Re:first impression

[grmoc]

That is a complicated question :)

Hopefully this mostly answers it:

The goal is to not be worse than TCP in any way. Whether or not we'll achieve that is something we won't know 'till we've achieve correctness and had time to optimize, and then time to analyze where and why it performs badly, then iterate a few times!

Re:first impression

[lgw]

I know a shipping solution, commonly deployed, that already meets the goal of not being worse than TCP in any way. You can probably guess what it is.

Re:first impression

[SpaceLifeForm]

Yeah, but the tape drive is dying, and the station wagon has bald tires.

Re:first impression

I'm with lgw on this one, no one should ever try to make a better version of something that already exists! Preposterous!

Re:first impression

[lgw]

Hey, he didn't say his goal was "better". Honestly, when someone says "my PowerPoint is better than your shipping solution" I sort of tune out. You need something fundamentally better to be worth talking about for a huge change in deployed tech, and even in the case of e.g. IPv6 vs batshit crazy NATting it's an uphill battle.

Better on Paper, Worse In Reality

I understand the limitations of TCP, and although QUIC may look good on paper, the benchmarks provided in the link provided show that in every test QUIC failed miserably and was far worse than TCP. So the real-world benefits of QUIC would be what then? Once Google has a protocol that actually out-performs the tried and true on every front then bring it to the party, otherwise just stahp already.

Re:Better on Paper, Worse In Reality

[Joining+Yet+Again]

The private sector always does a better job, you fucking heathen.

Re:Better on Paper, Worse In Reality

[game+kid]

Yeah. Google is breaking the internet, selling off its users, and generally being a Facebook parody, and YouTube co-founder Jawed Karim had something (however brief) to say about it. It's a case study in why selling off your internet startup that happens to fulfill your life dreams and customer needs should be a worst-case scenario, not a bloody business model.

Re:Better on Paper, Worse In Reality

[bprodoehl]

Its pretty nice that the code is actually in a state that anyone can download, build, and benchmark things they care about, and the stuff presented in the IETF slides (in TFA) is really interesting about how they can use Chrome to A/B test parameters in the protocol, to see which actually work out. Presumably that's just for folks that hop in to chrome internals and enable QUIC, but who hasn't done that already? ;)

Re:Better on Paper, Worse In Reality

[grmoc]

Right now QUIC is unfinished, so I hesitate to draw conclusions about it. :)

What I mean by unfinished is that the code does not yet implement the design; the big question right now is how the results will look after correctness has been achieved and a few rounds of correctness/optimization iterations have finished.

Only one thing.

[Richy_T]

Paragraph 1 of RFC:

User SHALL register for Google Plus

Re:Only one thing.

[allo]

MUST

slide design

Wow, those slides are HIDEOUS. I'm guessing that's one of the default themes for the Google Apps slideshow thing... it's gotta be one of the worst, though.

Re:slide design

LCARS interface from Star Trek:TNG, so probably not a default

And free ddos

[Ubi_NL]

The current problem with UDP is that many border routers do not check whether outgoing udp packages are from within their network. This is the base for DNS based ddos attacks. They are very difficult to mitigate on server level without creating openings for Joe job attacks instead... Standardizing on udp for other protocols will emphasize this problem

Re:And free ddos

Why the fuck isn't that handled at IP level?

Re:And free ddos

[plover]

How would this be worse than a SYN flood attack today?

Re:And free ddos

[WaffleMonster]

The current problem with UDP is that many border routers do not check whether outgoing udp packages are from within their network. This is the base for DNS based ddos attacks. They are very difficult to mitigate on server level without creating openings for Joe job attacks instead... Standardizing on udp for other protocols will emphasize this problem

This is incorrect. Ingress filtering is a global IP layer problem.

TCP handles the problem with SYN packets and SYN cookie extensions to prevent local resource exhaustion by one sided SYNs from an attacker.

A well designed UDP protocol would be no more vulnerable to this form of attack than TCP using the same proven mechanisms of TCP and other better designed UDP protocols (DTLS).

DNS can also be fixed the same way using cookies but seems people are content to make the problem worse by implementing DNSSEC and ignoring the underlying issue.

Re:And free ddos

[skids]

Because the ISPs can barely manage to tape the BGP infrastructure together in a stable fashion; there are numerous problems encountered when to ask a L3 router to perform at the speeds demanded at peering locations, and keeping a full trust mesh of ASNs and IP prefixes is beyond the state of the art (you have to not only know who's advertisements you can trust, but who's readvertisements of who's advertisements you can trust, etc, etc.) Both strict and loose reverse-path filtering are rarer to find in use the deeper towards the midddle of the network you go. Then there's IPv6's larger address space on top of that....

Re:And free ddos

[skids]

It's in-effect correct because there are lots of UDP protocols designed before the general concept of "do not amplify unauthenticated solicitations with a larger reply" finally sunk in. (Or at least, sunk in among more serious protocol designers/implementers.)

Re:And free ddos

[WaffleMonster]

It's in-effect correct because there are lots of UDP protocols designed before the general concept of "do not amplify unauthenticated solicitations with a larger reply" finally sunk in. (Or at least, sunk in among more serious protocol designers/implementers.)

The parent was making a point against QUIC because it used UDP. It is a false statement. QUIC has appropriate mechanisms to prevent unsolicited mischief.

What DNS, SNMP, NTP and god knows what else did way back then have nothing at all to do with the topic at hand.

Re:And free ddos

[Cramer]

They don't check them for TCP either. TCP handshake breaks if you lie about your address, 'tho. For a SYN flood attack, it doesn't matter.

Thank you

[TFoo]

The Internet has needed a standardized reliable UDP protocol for many years. There have been many attempts, but hopefully this one will stick.

Re:Thank you

[whoever57]

The Internet has needed a standardized reliable UDP protocol for many years. There have been many attempts, but hopefully this one will stick

It has existed for decades. It's called TCP.

Did you RTFA? This new protocol appears to have little to no advantages over TCP and significant disadvantages under some circumstances.

Re:Thank you

[bprodoehl]

Definitely a work in progress, and the scenario tested is outside of Google's main focus. I suspect that things will get a lot better in the weeks and months to come.

Re:Thank you

[fatphil]

> reliable UDP protocol

You want a reliable *unreliable* datagram protocol protocol?
Sounds like something guaranteed to fail.

Everyone tries to reinvent TCP. Almost always they make something significantly worse. This is no exception.

Re:Thank you

[bprodoehl]

Maybe, but this still looks really promising. They've made a few really smart decisions, in my opinion.

1) Avoid the usually-doomed-from-the-start approach of starting at the standards committee level. Frame up the project, and let some really smart engineers go nuts. Take what works to a standards committee, and save the time that you would've spent arguing over stuff that might or might not have worked.
2) Make it work with the existing Internet infrastructure. Making everyone adopt a new TCP stack is probably not going to happen. I'm looking at you, Multipath TCP.
3) Do it in the open. Let geeks like me poke around with it so I can complain that it doesn't speed up my file transfers over crappy Internet connections yet.

Re:Thank you

[profplump]

TCP is a stream protocol. UDP is a message protocol. They have different limitations and features and aren't always suitable for the same purposes. How do you expect to participate in a discussion about the limitations of TCP if you can't be bothered to learn even the basics of the existing protocols?

Re:Thank you

[grmoc]

bprodoehl is absolutely correct-- the code is unfinished, and while the scenario is certainly one which is worried about, it isn't the focus of attention at the moment. The focus at the moment is getting the protocol working reliably and in all corner cases... Some of the bugs here can cause interesting performance degredations, even when the data gets transferred successfully.

I hope to see the benchmarking continue!

Re:Thank you

[skids]

Making everyone adopt a new TCP stack is probably not going to happen.

Neither is it likely to happen that a true multipath helper will be built into core routers (e.g. something that uses TTL counters to determine when to take the second/third/etc preferred route in their route table and leaves the job of computing preferable paths to the end systems.) Which means what really needs to happen... won't. We've reached a technological glaciation point where the existing install base is dictating the direction of technology, rather than the other way around.

Re:Thank you

[serviscope_minor]

veryone tries to reinvent TCP. Almost always they make something significantly worse. This is no exception.

No, you misunderstand. The GP wants a reliable protocol like TCP but with datagram boundaries perserved like UDP. That's not a particularly unreasonable thing to want since the packet boundaries do exist and it's a pain to put them into a stream.

In fact some systems provide exactly such a protocol, the Bluetooth L2CAP protocol, for example. It's quite appropriate for the ATT protocol, for example.

Re:Thank you

[TFoo]

No, you really don't understand what this is useful for. They aren't "reinventing TCP" because they think they can do it better: they have a different problem domain and can do better than TCP for their specific problem.

TCP insists on strong ordering of data: it provides reliability AND ordering. Sometimes you don't want both of these, and giving up one or the other can get you big benefits.

For example, there are many classes of problems where you want reliability but are willing to lessen the ordering requirements (networked gaming is a common example) because you want the lowest possibility of latency. By not requiring a strict ordering you can avoid stalls and get data sooner: when a packet is lost in TCP the driver has to buffer the data until it gets retransmitted. For a concrete example, if packet #99 in a TCP stream is dropped, even though your machine has received packets 100-2000 it can't give them to your application until 99 has been retransmitted....since the TCP contract is for strict ordering. This leads to significant latency effects under packet loss, and is one of the reasons why people use UDP.

Re:Thank you

[lgw]

There's nothing fundamental to the TCP transport to make "several files in parallel" faster than "several files serially" between two endpoints. It's frankly bizarre that you're addressing that problem by discarding TCP.

And anyone who does invent a better protocol and doesn't work "TRUCK" into the acronym gets no respect from me!

Re:Thank you

[grmoc]

Wait, what? :)
Where was that claimed?!

In any case:
TCP's implementations are almost without fail doing per-flow congestion control, instead of per-session congestion control/per-ip-ip-tuple congestion control. This implies that, if loss on path is mostly independent (and that is what data seems to show), per-flow congestion control backs off at a constant factor (N where N == number of parallel connections) more slowly than a single stream between the same endpoints would.

So, indeed, sending several files in parallel has a potential for going faster when on links with independently correlated packet loss.

This sucks, by the way, because it makes the lives of those folks working on HTTP2 more difficult.

Morons

UDP is for messages (eg. DNS) and real time data. TCP is far superior for bulk data because of the backoff mechanism, something they want to work around with that UDP crap.

QoS works perfectly with TCP because of TCP backoff.

So much wrong with this idea it makes my head hurt. It is OK to run game servers with UDP. It is OK for RT voice or even video to use UDP. It is not OK to abuse the network to run bulk, time insensitive transfers over UDP, competing with RT traffic.

What is the problem? Too many connections for 1 resource each? Too many TCP handshakes? You know, there was this idea about PIPELINING. Perhaps improve that a little to reduce 200 tcp connections to maybe 3 or 5, instead of piping data over UDP. But that would be too easy - why not invent your own network stack instead :S

What are people at Google smoking?

Re:Morons

[bprodoehl]

Oh, you should definitely read up on the docs. Yes, they care about backoff mechanisms and generally not breaking the Internet, a LOT. By moving to UDP, they can work on schemes for packet pacing and backoff that do a better job at not overwhelming routers. And they can get away from all the round-trips you need to set up a SSL session over TCP, without sacrificing security.

Re:Morons

The only reasonable comment in the entire post.

Re:Morons

[profplump]

The back off mechanism is one of the problems they're trying to fix. Internet protocols need some way to control bandwidth usage, but there are a lot of limitations with the existing options in TCP. And if your RTFA you'd see they intend to provide alternative mechanisms to regulate bandwidth, addressing both the continuing need to avoid flooding and the limitations of TCP's back off mechanisms.

Plus stream protocols are inefficient when transferring multiple items (which is the typical use case for HTTP) and require more complicated parsing in the application layer (which is bad for security, among other things). Reliable message passing, as opposed to streaming, makes a lot of sense for use in web browsers and similar applications.

And for that matter, modern end-user DNS is a arguable a poor use case for UDP. Most hosts issues DNS requests against only a small number of resolvers (often only 1 or 2), frequently issue a number of requests in rapid succession, and generally retry if there is some network failure rather than just accepting the loss. Given those restraints a reliable transfer mechanism is very desirable and there's very little cost to doing a once-per-boot connection setup to the DNS resolver. UDP makes more sense for the peer-to-peer style system in place at higher levels (and around which DNS was designed) but that's just not the case for end-user DNS.

Re:Morons

Oh, you should definitely read up on the docs. Yes, they care about backoff mechanisms and generally not breaking the Internet, a LOT. By moving to UDP, they can work on schemes for packet pacing and backoff that do a better job at not overwhelming routers. And they can get away from all the round-trips you need to set up a SSL session over TCP, without sacrificing MUCH security.

There, fixed that for you.

Re:Morons

[WaffleMonster]

The back off mechanism is one of the problems they're trying to fix. Internet protocols need some way to control bandwidth usage, but there are a lot of limitations with the existing options in TCP.

Like? Please be specific. This thread is getting old quick with people saying "TCP sucks" going on and on about how it just sucks without ever citing any technical justifications why that is so.

There are tons of congestion algorithms
http://en.wikipedia.org/wiki/TCP_congestion-avoidance_algorithm

and extensions
http://en.wikipedia.org/wiki/TCP_tuning

for TCP.

Re:Morons

[grmoc]

TCP doesn't suck.

TCP is, however, a bottleneck, and not optimal for all uses.

Part of the issue there is the API-- TCP has all kinds of cool, well-thought-out machinery which simply isn't exposed to the application in a useful way.

As an example, when SPDY or HTTP2 is layered on TCP, when there is a single packet lost near the beginning of the TCP connection, it will block delivery of all other successfully received packets, even when that lost packet would affect only one resource and would not affect the framing of the application-layer protocol.

Re:Morons

[phayes]

Please go read TFA. Congestion control is part of the proposed protocol & not all transport needs the dual three way handshake and round trip latency that TCP imposes - sequence numbers & congestion control look to be more than enough for some.

Re:Morons

[WaffleMonster]

TCP is, however, a bottleneck, and not optimal for all uses.

I think this is obvious to everyone. Hammers are not optimal for all uses. TCP provides an ordered reliable byte stream. Not all applications require or benefit from these properties. Using the right tool for the right job tends to provide the best results.

TCP has all kinds of cool, well-thought-out machinery which simply isn't exposed to the application in a useful way.

.. more general statements where specifics would be most helpful ..

As an example, when SPDY or HTTP2 is layered on TCP, when there is a single packet lost near the beginning of the TCP connection, it will block delivery of all other successfully received packets

What are you referring to specifically? Is this before or after established state? Are you talking about some kind of SYN cross where data sent in the same round as SYN where SYN is lost but not subsequent data? What is the missing packet at issue and why do you believe the current behavior is wrong or not optimal? What is the role of congestion avoidance in your decision?

I think there are huge amounts of room for improvement in TCP. At the very top of my list is TFO and ICW hysteresis. If adopted more generally they would offer significant additional value. Drafts and code for the most part are already out there. TFO has been available as a socket option in Linux for a year or so already.

even when that lost packet would affect only one resource and would not affect the framing of the application-layer protocol.

HOL is always solved by multiple concurrent streams. With TCP TFO for example concurrent requests go out on the wire without having to pay out a single RTT in advance for connection setup of of subsequent streams. Does not get much cheaper than free.

Re:Morons

[grmoc]

TCP implementations are very mature. As impementors, we've fixed most/many of the bugs, both correctness and performance related. TCP offers reliable delivery, and, excepting some particular cases of tail-loss/tail-drop, knows the difference between packets that are received but not delivered and packets that are neither received nor delivered.
TCP has congestion control in a variety of different flavors.
TCP has various cool extensions, e.g. MPTCP, TCP-secure (not an RFC, but a working implentation), TFO, etc. etc.

You said streams. I agree that HOL blocking is solved by multiplexing over something, whether that be streams or connections, or messages.

That being said...
HOL blocking is NOT NOT NOT NOT NOT NOT NOT NOT solved with concurrent *connections*, because while doing so solves the HOL blocking problem, it opens up a greater number of cans-of-worms.
If one creates many connections:
I don't want to see more congestion in the connection startup phase since we're creating 60 connections (not an exaggeration) each with between 1-10 packets. I don't want to see poorer congestion avoidance because of the multiple connections. I'm tired of having each one of these connections land on a different server, and losing all ability to optimize what resources are being sent vs inlined because of the complexity inherent in attempt to rectify this. I don't want to have to expand the congestion window on X connections with short flows. I don't want to have to deal with tail-drop on X flows, etc. etc.

Re:Morons

[grmoc]

And sorry if I sound frustrated about it... I am *really* frustrated by the current state of the world w.r.t. parallel connections. It makes my life such a pain in the butt!

Big mistake

[gmuslera]

The problem with that UDP proposal is that the IETF may not get it.

Re:Big mistake

[wonkey_monkey]

And if they do, they won't acknowledge it.

Benchmarking premature; QUIC isn't even 100% coded

[grmoc]

As someone working with the project.

The benchmarking here is premature.
The code is not yet implementing the design, it is just barely working at all.

Again, they're not (yet) testing QUIC-- they're testing the very first partial implementation of QUIC!

That being said, it is great to see that others are interested and playing with it.

it is google

I don't care about the speed just yet. Tell me how this screws with my privacy first.

UDT

[dmbasso]

Hmmm, several posts, yet no mention of UDT so far. It would be nice if the benchmark included it.

Re:UDT

[bprodoehl]

I can take a look at incorporating UDT to the benchmarks going forward. The test scripts are all in github, but I'm not all that familiar with UDT. It looks like UDT4's sendfile/recvfile examples would drop in pretty nicely.

Re:UDT

[dmbasso]

I'm not familiar with UDT as well, but coincidentally, I'm about to design/implement a protocol that has to work over UDP, for hole-punching (it is a p2p application). I haven't decided yet if the dependency on UDT is justified, and I wasn't aware of QUIC.

So if you could include UDT in future benchmarks, I would appreciate. Btw, thanx for the work so far.

Re:UDT

i just want to mention, that when i was playing with UDT i noticed that by default it doesn't use smaller udp packets for limited MTU connections with or without mss clamping on tcp. and so there's a potential issue with hole-punching - generally speaking, hope punching is more necessary on ADSL etc connections that often have limted mtu. so you may want to cap udp size at 1200 bytes or something so that it'll generally work through vpns, and ADSL connections. it may be possible to detect when this is necessary, but it may not be worthwhile depending on your application.

in my own testing of UDT i discarded it for a few reasons:
  a: it's a bit of a pita to get tcp like behaviour out of it, the thing that was biting me is i want connections that open/close.
  b: although it's fast on wan connections, it struggles to get gigabit speeds on local lan.
  c: connection initiation performance is worse than tcp, along with the mtu issue.

in a way tcp fast open improves tcp connection speed, and there's a lot of segment offload etc in modern ethernet cards, but most lack proper udp acceleration. as we move from gigabit to 10 gigabit and infiniband tcp often outperforms udp for local connectoins with lower cpu utilisation. and falls back to slower connections with window tuning and so forth.

for p2p i'd recommend doing something more like what utorrent etc do. i think it was called utp? it scales up the size of packets gradually, and is optimised to minimise creating latency on the connection. although most people seem to tune for too large an increase in latency you can reduce that.

i started working on my own udp like stuff which was going to act like tcp multipath. but now it seems tcp multipath is implementing similar things. but what i want really is nice ways to be able to hop between various connections and find good paths that goes across multiple networks, and side with the cleanest paths when possible. i've always hated how p2p etc ends up sending to the other side of the world and then ignores close peers. i was thinking it'd be cool to do optimisation stuff on top of bittorrent and act as a semi bittorrent cache of kinds automatically pulling in bits in advance by predicting what friendly peers want. so that you can use a close fast connection to boost p2p speeds.

Re:UDT

[dmbasso]

Interesting. Thank you for the info.

UDP vs TCP

As a newish developer who knows only the minimum I need to about TCP/IP protocol, I was surprised that this, and a number of common things (apparently games, streaming video) use UDP at all. I thought it was basically just used for ping.

Out of curiosity can anyone point out good books for learning more about how to implement applications that use TCP/IP including udp in ways other than the common ssh/http/ftp connections.

Re:UDP vs TCP

[NotSanguine]

As a newish developer who knows only the minimum I need to about TCP/IP protocol, I was surprised that this, and a number of common things (apparently games, streaming video) use UDP at all. I thought it was basically just used for ping.

Out of curiosity can anyone point out good books for learning more about how to implement applications that use TCP/IP including udp in ways other than the common ssh/http/ftp connections.

ICMP is used for ping, friend. I recommend the Comer books. Also, I'd also recommend that you read the IP, UDP and TCP specs.

Re:UDP vs TCP

[T.E.D.]

The general gist is that UDP and TCP both have kind of an ideal mileu. UDP is great for small packets that you want delivered with a minimum of overhead, and if the packet is late, lost, or out of order, it won't kill anything.

TCP is great if you are sending large amounts of data at once, between a pair of systems, and in situations where its important not to lose packets or get them out of order, and you don't care that much if this takes a little extra time (occasionally perhaps a lot of extra time) to accomplish. Also good in situations where you'd like to know when your partner on the other side goes away for some reason.

Most applications are going to be in-between somewhere, so you have to make a decision. For example, if your packets are small and need to be delivered quickly, but you also need reliability, you might go with TCP just to get that reliability. Alternatively, if you can get away with it, you might instead go with UDP, but use dedicated links between the systems and a handshaking protocol at your application layer to prevent collisions.

Alternatively, you might do what Google is doing, and try to reimplement TCP's reliability in your application layer on top of UDP. The thing about UDP is that you can always reimplement any parts of TCP you need on top of it.

Re:UDP vs TCP

[profplump]

UDP isn't used for ping either. You're thinking of ICMP -- a lower-level protocol than TCP or UDP. ICMP is *almost* part of the IP layer; technically it uses IP for data transfer, but IP also depends on it for control messaging.

Re:UDP vs TCP

[profplump]

UDP and TCP have different uses; one isn't better than the other, they just do different things.

UDP is message-based. When I send a UDP message the remote end either gets the whole message or none of it. This can make parsing in applications a lot easier; rather than putting delimiters into a stream and trying to pick apart the data as it comes in in chunks I can be sure that I'm always working with a complete message, and the messages can by of different types/sizes/etc. as dictated by my application-layer needs. But there's a maximum size for messages, and if I need to send more data than fits in a single message it's up to my application to ensure they get put into the right order when they are received.

UDP is unreliable, in that if a UDP packet gets drop the message is lost and no notification is made to the sender. Often this is bad, but in certain instances it is valuable. One such instance is data with a short lifetime, such as games or streaming media. If I'm in the middle of a game and a packet gets dropped it doesn't do me any good to get that packet 2 seconds later -- the game has moved on. This unreliable nature also makes UDP simpler; there's no need to setup a "connection" to send UDP data -- you just slap an IP address on the packet and send it along, and the other end will get it or not and use it or not and you don't have to care. So if you're writing a server that will handle billions of clients UDP has a lot less overhead as it doesn't have to keep track of billions of "connections" (or have billions ports available).

TCP is a streaming protocol. You put data in on one end and it pops out in the same order on the other. This is great if you're sending a single file -- you can be sure the other end will get all the bits in the right order. But it also means if you have something important to say you have to wait in line until all of the preceding data has been transmitted, possibly including things that will be expired by the time they are received. It also means your application-layer protocol has to have some method to separate messages if you send more than one thing over a single connection.

TCP has reliable delivery. Often this is a good thing, as the sender can be sure the receiver got all the data (and got it in the right order). But in order to make the protocol reliable the receiver must acknowledge each and every packet from the sender, and the sender and receiver must store information about each other so they can keep track of this ongoing bi-directional connection. So there's at least a couple of round-trip exchanges necessary to setup a TCP connection, and when you connect to a server it must have a free TCP port number for each and every client it's connected to, and enough memory to keep track of all of the connections.

QUIC (and several other new-ish protocols) are proposing a sort of compromise protocol -- a protocol that's both message-based and reliable, and frequently that allows messages of any size. Such protocols provide the delivery assurances of TCP without the waiting-in-line issues the streaming model can produce, and they reduce the amount of setup overhead by allowing clients to open a single connection to the server and fetch many different things.

Re:UDP vs TCP

Can you please explain how a protocol that allows 10 files of 100 bytes to arrive any better if they are sent one at a time, 1 byte from each one round robin or some random sequence is an advance in networking ?

You have to wait for all 1000 bytes to arrive to be done - does not matter what order they arrive kind of like bittorrent for file xfer.

Re:UDP vs TCP

The TCP SERVER can have a maximum of one (1) TCP port open for almost any number of clients. I'm not sure where you're going with that...

alpha is, if your pages are all 10MB single files

[raymorris]

As I understand it, QUIC is largely about multiplexing - downloading all 35 files needed for a page concurrently. The test was the opposite of what QUIC is designed for

    TCP handles one file at at a time* - first download the html, then the logo, then the background, then the first navigation button ....

QUIC gets all of those page elements at the same time, over a single connection. The problem with TCP and the strength of QUIC is exactly what TFA chose NOT to test. By using a single 10 MB file, their test is the opposite of web browsing and doesn't test the innovations in QUIC.

* browsers can negotiate multiple TCP connections, which is a slow way to retrieve many small files.

Re:alpha is, if your pages are all 10MB single fil

[bprodoehl]

Yes, you're absolutely right that this left out stream multiplexing, but it did test QUIC's ability to handle packet loss. Seeing as how QUIC is aiming, at a high level, to fix problems in TCP and make the Internet faster, I think the test is fair, and I'm excited to see how things improve. There are other scenarios in the tests in Github, including some sample webpages with multiple images and such, if anyone is interested.

Thanks. What were web page results?

[raymorris]

Thank for that info, and for making your test scripts available on Github.
I'm curious* what were the results of web page tests? Obviously a typical web page with CSS files, Javascript files, images, etc. is much different from a monolithic 10 MB file.

* curious, but not curious enough to run the tests for myself.

Re:Thanks. What were web page results?

[bprodoehl]

In some of the web page scenario tests, HTTP over QUIC was about 4x faster than HTTP over TCP, and in others, QUIC was about 3x worse. I'll probably look into that next. The QUIC demo client appears to take about 200ms to get warmed up for a transfer, so testing with small files over fast connections isn't fair. After that 200ms, it seemed to perform as one would expect, so tests that take longer than a couple seconds are a pretty fair judge of current performance.

wherever you go, there you aren't

[epine]

Those fuckers at www.connectify.me redirected my connection attempt to
http://www.connectify.me/no-javascript/ so that even after I authorized Javascript for their site I was unable to navigate to my intended destination (whatever shit they pulled did not even leave a history item for the originally requested URL).

This sucks because I middle-click many URLs into tabs I might not visit until ten minutes later. It I had a bunch of these tabs open I wouldn't even have been able to recollect where I had originally been. In this case, I knew to come back here.

Those fuckers at www.connectify.me need to procure themselves an Internet clue stick PDQ.

Re:wherever you go, there you aren't

[Agripa]

You're browsing it wrong.

Re:alpha is, if your pages are all 10MB single fil

[CyprusBlue113]

As I understand it, QUIC is largely about multiplexing - downloading all 35 files needed for a page concurrently. The test was the opposite of what QUIC is designed for

    TCP handles one file at at a time* - first download the html, then the logo, then the background, then the first navigation button ....

QUIC gets all of those page elements at the same time, over a single connection. The problem with TCP and the strength of QUIC is exactly what TFA chose NOT to test. By using a single 10 MB file, their test is the opposite of web browsing and doesn't test the innovations in QUIC.

* browsers can negotiate multiple TCP connections, which is a slow way to retrieve many small files.

What the hell are you talking about? You're conflating HTTP with TCP. TCP has no such limitation. TCP doesn't deal in files at all.

Nerfing congestion avoidance for increased profits

[WaffleMonster]

May I be so bold as to suggest graphs citing only x performance improvement for protocol y are insufficient, harmful and useless measures of usable efficiency. We know how to make faster protocols.. the challenge is faster while preserving generally meaningful congestion avoidance. This part is what makes the problem space non-trivial.

Look at TFA and connectify links it is all performance talk with total silence on addressing or simulating congestion characteristics of the protocol.

Having sat in on a few tcpm meetings it is always the same with google... they show data supporting by doing x there will be y improvement but never as much enthusiasm for consideration of secondary repercussions of the proposed increased network aggression.

My personal view RTT reductions can be achieved thru extension mechanisms to existing protocols without wholesale replacement. TCP fast open and TLS extensions enabling 0 RTT requests thru the layered stack...experimental things for which "code" exists today can provide the same round trip benefits as QUIC.

What google is doing here is taking ownership of the network stack and congestion algorithms away from the current chorous of stakeholders and granting themselves the power to do whatever they please. No need to have a difficult technical discussion or get anyones opinions or signoff before droping in a new profit enhancing congestion algorithm which could very well be tuned to prefer google traffic globally at the expense of everyone elses ... they control the clients and the servers...done deal.

There are two fundamental improvements I would like to see regarding TCP.

1. Session establishment in the face of in band adversaries adding noise to the channel. Currently TCP connections can be trivially reset by an in-band attacker. I think resilience to this necessarily binding security to the network channel can be a marginally useful property in some environments yet is mostly worthless in the real world as in-band adversaries have plenty of other tools to make life difficult.

2. Efficient Multi-stream/message passing. Something with the capabilities of ZeroMQ as an IP layer protocol would be incredibly awesome.

Re:Benchmarking premature; QUIC isn't even 100% co

[shrikel]

Well they should at least wait for a beta rather than alpha.

Re:Benchmarking premature; QUIC isn't even 100% co

Benchmarking for the sake of bug testing should happen al the time.

Benchmarking for the sake of a story could be useful. That is what Phoronix is all about, for the most part.

But, testing for your own use cases, as these guys say they are testing in TFA, before the developers say it is even implemting the actual design is pointless.
To then publish the results is simply moronic.

Read up on QUIC. if (tcp && http) stream==

[raymorris]

> You're conflating HTTP with TCP.

I'm discussing how HTTP over TCP works, in contrast to how it works over QUIC.
TCP provides one stream, which when used with HTTP means one file.

QUIC provides multiple concurrent streams specifically so that http can retrieve multiple concurrent files.

Re:alpha is, if your pages are all 10MB single fil

I haven't RTFA and I don't know much about QUIC, but if it's what you suggest...

As I understand it, QUIC is largely about multiplexing - downloading all 35 files needed for a page concurrently. The test was the opposite of what QUIC is designed for

        TCP handles one file at at a time* - first download the html, then the logo, then the background, then the first navigation button ....

...then it sounds like a really horrible idea. If I click on a link will I have to wait for 20MB of images to finish downloading before I can read the content of a webpage, only to find out it wasn't what I was looking for anyway?

SCTP

[andy753421]

I'm no networking expert, but does anyone know how this compares to SCTP?
And have they taken various security considerations into account, e.g. SYN floods?

Re:SCTP

[grmoc]

It is similar in some ways, and dissimilar in other ways.
One of the outcomes of the QUIC stuff that is considered a good outcome is that the lessons learned are incorporated into other protocols like TCP, or SCTP.

QUIC absolutely takes security into account, including SYN floods, magnification attacks, etc.

Meant for Denail of Service Attack Denial?

[EngineeringStudent]

When I look at the Goodput vs. Bandwidth being capped for QIC, and the statement that most folks don't use more than that, my thought was "so why does it exist in TCP?".

Is this something exploited primarily by hackers but not giving any value to normal humans?

Pacing, Bufferbloat

[MobyDisk]

The slides refer to a feature called "pacing" where it doesn't send packets as fast as it can, but spaces them out. Can someone explain why this would help? If the sliding window is full, and an acknowledgement for N packets comes in, why would it help to send the next N packets with a delay, rather than send them as fast as possible?

I wonder if this is really "buffer bloat compensation" where some router along the line is accepting packets even though it will never send them. By spacing the packets out, you avoid getting into that router's bloated buffer.

From the linked slides:

Does Packet Pacing really reduce Packet Loss?
* Yes!!! Pacing seems to help a lot
* Experiments show notable loss when rapidly sending (unpaced) packets
* Example: Look at 21st rapidly sent packet
        - 8-13% lost when unpaced
        - 1% lost with pacing

Re:Pacing, Bufferbloat

[WaffleMonster]

The slides refer to a feature called "pacing" where it doesn't send packets as fast as it can, but spaces them out. Can someone explain why this would help? If the sliding window is full, and an acknowledgement for N packets comes in, why would it help to send the next N packets with a delay, rather than send them as fast as possible?

I wonder if this is really "buffer bloat compensation" where some router along the line is accepting packets even though it will never send them. By spacing the packets out, you avoid getting into that router's bloated buffer.

Yes essentially it is a hedge against future probability of packet loss. I don't know about QUIC but with TCP statistically more packet loss tends to present toward the end of a window than start therefore normally more expensive to correct.

Re:Pacing, Bufferbloat

[grmoc]

What seems likely is that when you generate a large burst of back-to-back packets, you are much more likely to overflow a buffer, causing packet loss.
Pacing makes it less likely that you overflow the router buffers, and so reduces the chance of packet loss.

TCP does actually do pacing, though it is what is called "ack-clocked". For every ACK one receives, one can send more packets out. Since the ACKs traverse the network and get spread out in time as they go through bottlenecks, you end up with pacing.... but ONLY when bytes are continually flowing. TCP doesn't end up doing well in terms of pacing out packets when the bytes start flowing and stop and restart, as often happens with web browsing.

Re:Pacing, Bufferbloat

[Above]

Reducing packet loss is not always a good thing. Packet loss is mechanism that an IP network uses to indicate a lack of capacity somewhere in the system. BufferBloat is one attempt to eliminate packet loss with very bad consequences, never throw packets away by queueing them for a very long time. Pacing can be the opposite side of that coin, send packets so slowly loss never occurs, but that also means the transfer happens very slowly.

When many TCP connections are multiplexed onto a single link the maximum aggregate throughput is achieved with 3-5% packet loss. Less and there are idle points on the line, more and there is self synchronizing congestion collapse.

What's really amusing here is the notion that pacing is the fix for BufferBloat. That's sort of the two wrongs make a right theory; break per link queueing with BufferBloat and then break senders by making them all painfully slow.

This is not the answer.

Re:Pacing, Bufferbloat

pacing is often bad, it may help .. but it tends to make networks perform worse when lots of people use it. i think it's probably best only used in combination, where it's only pacing some of the data. so 75% becomes in a burst, and 25% is paced.

Re:Pacing, Bufferbloat

[aitchisonbj]

the problem with packet loss on the last packets is that tcp/ip only resends packets after a timeout due to lack of ack, or after acknowledging earlier packets multiple times signifying a gap. so if you send 8 packets of data for a typical web page it's way worse if you lose the 8th packet than the 3rd packet. (linux defaults to an initial window size of 10 packets now, windows defaults to 8192 bytes, linux to 14600 bytes. so in linux that would arrive in one round trip time for the data, one one round trip time for the connection setup normally. and in windows three round trips. but when there's packet loss, linux will normally wait for one or three seconds to resend the unacknowledged last packet. i think there's been a recent change to just resend the last packet extra earlier. maybe with the estimated rtt rather than the timeout value.

Re:Pacing, Bufferbloat

[aitchisonbj]

looks like this is what i was thikning of http://lwn.net/Articles/542642/ http://tools.ietf.org/html/draft-dukkipati-tcpm-tcp-loss-probe-01

Re:Pacing, Bufferbloat

[Cramer]

Actually, packet pacing is *REQUIRED* for UDP if you want your packets to arrive even remotely in the order they were sent.

Re:Pacing, Bufferbloat

[CyprusBlue113]

The slides refer to a feature called "pacing" where it doesn't send packets as fast as it can, but spaces them out. Can someone explain why this would help? If the sliding window is full, and an acknowledgement for N packets comes in, why would it help to send the next N packets with a delay, rather than send them as fast as possible?

I wonder if this is really "buffer bloat compensation" where some router along the line is accepting packets even though it will never send them. By spacing the packets out, you avoid getting into that router's bloated buffer.

From the linked slides:

Does Packet Pacing really reduce Packet Loss?
* Yes!!! Pacing seems to help a lot
* Experiments show notable loss when rapidly sending (unpaced) packets
* Example: Look at 21st rapidly sent packet

        - 8-13% lost when unpaced

        - 1% lost with pacing

Well, if you're sending UDP, and your server is connected to a gig link, and the next link between you and the server is 1m, and the buffer size of the device is 25ms...

Sending data over 25k, you might as well set packets 18+ on fire, because they sure aren't making it to the destination unless you delay them accordingly.

Hold on

[Psicopatico]

I think I'll wait for QUICv6, thanks.

Re:Nerfing congestion avoidance for increased prof

[MobyDisk]

I tend to agree. I am glad that someone is trying to create a better TCP. If they fail, we validate that TCP is a good idea. If they succeed, then we can have a better protocol.

If the QUIC exercise is successful, then the IETF should consider extending TCP to support the relevant features. For example, their point about multiple steams is a good one. Perhaps TCP should define an option to open N simultaneous connections with a single 3-way handshake. Existing implementations would ignore the new option bytes in the header so nothing would break.

If adding FEC really helps, then the same logic applies. Add it. If pacing really helps, then when you get an ack of 10 packets, pace the replies (although I doubt that would really help). But let us add these things only once they are proven to work.

You make a good point about poor congestion control causing wide-scale harm, but that problem exists today. Anyone can create any protocol they want, as long as it is built on TCP or UDP. This has always been the case and so far no one has managed to create a protocol that destroys the internet... yet. :-) Although no one as powerful as Google has tried. And certainly some protocols have brought down LANs due to inefficiency (Windows file sharing).

Re:Read up on QUIC. if (tcp && http) strea

So then don't you just need http to transfer multiple files at the same time over 1 stream?

this is like replacing ethernet with something more reliable because dns queries fail over udp sometimes. You're wrenching on the wrong protocol.

Handled at layer 7

[sl4shd0rk]

Are you friggin nuts? This seems to imply that any filtering at the kernel level will need to unwrap all the application specific jibber-jabber in this protocol to determine wtf it's supposed to do with it. That would be quite costly in terms of performance. No, I don't trust applications to handle the security of packet data coming in. Especially when some entity wants to bury support for the protocol in their own web browser. This just smells like all kinds of Hell naw .

Re:Handled at layer 7

[grmoc]

There are definitely people and opinions on both sides of the fence on this.

Unfortunately, though performance might improve with access to the hardware, wide and consistent deployment of anything in the kernel/OS (how many WinXP boxes are there still??) takes orders of magnitude more time than putting something into the application.

So.. we have a problem: We want to try out a new protocol and learn and iterate (because, trust me, it isn't right the first time out!), however can't afford to wait long periods of time between iterations/availability.

Hopefully the project will drive us all towards solutions to these problems that are generic, usable for any new protocol, and which actually work!

Re:Handled at layer 7

[skids]

No, I don't trust applications to handle the security of packet data coming in.

In fact you do, unless you're running a pretty top notch L7 DPI box. And even then,,,

Besides, these days everything that's an app must be considered good and trustworthy. How else can we expect you to turn over all your data to criminals, much less corporations?

Re:Benchmarking premature; QUIC isn't even 100% co

[grmoc]

The benchmarking itself is awesome-- it is good to have people playing with it.

Concluding things right now, when the implementation is working towards correctness instead of optimality, however, is potentially misleading.

Re:Nerfing congestion avoidance for increased prof

[WaffleMonster]

If the QUIC exercise is successful, then the IETF should consider extending TCP to support the relevant features. For example, their point about multiple steams is a good one. Perhaps TCP should define an option to open N simultaneous connections with a single 3-way handshake. Existing implementations would ignore the new option bytes in the header so nothing would break.

While TCP is ancient there has been continuous work to improve it over the years. I think most people throwing stones here have not taken the time to look around and understand the current landscape. Indeed many ideas in QUIC are good ones yet not a single one of them are something new or something that had not been implemented or discussed in various WGs.

Regarding multiple streams what effectively is the difference between this and fast open? I send a message the message arrives and is processed immediately without a round trip... with a scenario like that what is even the point of something labeled "multi-stream"?

You make a good point about poor congestion control causing wide-scale harm, but that problem exists today. Anyone can create any protocol they want, as long as it is built on TCP or UDP.

TCP congestion is normally implemented within the operating system where user space does not have access or visibility into scheduling of transmission.

UDP mostly used for low bandwidth exchanges or inherently rate limited realtime communications. Most of these applications sport non-existent or insufficient congestion coverage. For example a bit torrent client without built in queue management or where you have neglected to set rate limits will easily saturate any network link to the point of being unusable. UDP congestion is a problem it just is not that big of a bandwidth consumer to have a large scale impact where it can be a threat to the network.

To be clear I don't think Google is at risk of bring about a congestive apocalypse. The potential risk I see takes the form of excessive aggression for competitive advantage.

Re:alpha is, if your pages are all 10MB single fil

[grmoc]

The benchmark looked well constructed, and as such is a fair test for what it is testing: unfinished-userspace-QUIC vs kernel-TCP

It will be awesome to follow along with future runs of the benchmark (and further analysis) as the QUIC code improves.
It is awesome to see people playing with it, and working to keep everyone honest!

Re:alpha is, if your pages are all 10MB single fil

[grmoc]

AC, don't worry.
TCP is simply a reliable, in-order stream transport.
HTTP on TCP is what was described, and, yes, not the best idea in today's web (though keep in mind that most browsers open up 6 connections per hostname), but that is also why HTTP2 is working on being standardized today.

Re:Benchmarking premature; QUIC isn't even 100% co

[grmoc]

Nah; it is valuable for many people to be doing this benchmarking even with the current state of code. .. it just requires careful explanation of what the benchmark entails!

Concluding that buggy-unfinished-QUIC is slower than TCP is absolutely valid, for instance.
That isn't the same as QUIC being slower than TCP (at least, not yet!)

Re:Read up on QUIC. if (tcp && http) strea

[serviscope_minor]

Actually not quite.

IP provides a bnuch of packets: there is no port number.

TCP and IP provide multiplexing over IP by introducing the port number concept.

Re:Thank you - THIS

[Havokmon]

> reliable UDP protocol You want a reliable *unreliable* datagram protocol protocol? Sounds like something guaranteed to fail. Everyone tries to reinvent TCP. Almost always they make something significantly worse. This is no exception.

I once worked at a company that made Parking Meters - and accepted credit cards at them. They sent their data over https, and had random issues with timeouts.
It turns out they would format their data in (very descriptive) XML, and discovered an excessively large file combined with an SSL handshake over crappy 2g connection took too long to transfer the data (it didn't help the programmers 'forgot' they hardcoded a timeout, so if the comms was just slow, it would throw a generic error and they blamed Apache for it).

In any case, the offshore dev team's solution was to create a UDP client/server protocol of their own.

It was working nicely when I left, and was PCI Compliant, but at that point we had no way to reliably monitor communications from the perspective of the meter because we (SysAdmins in charge of the backend systems) would have had to write proprietary code from non-existing documentation just to replicate what used to be a simple HTTP POST.

Some things look great, but aren't thought out all the way ...

Re:alpha is, if your pages are all 10MB single fil

[sjames]

One does wonder though how it would compare vs. an extension to keepalive that truly multiplexes OR that allows queueing requests in the event that the web server might be able to do something useful if it knows what it will be sending next.

There may be cases where FEC is useful at the protocol layer, but it seems like the link layer is amore likely to be the right place for it. The link knows what sort of link it is and how likely it might be to lose data. That would also mean that if there are multiple lossy links, the error correction would be refreshed at each hop and so gain effective reliability.

The more interesting idea is using uuids to permit continued communication as a mobile device hops from one network to another. That can theoretically be done at a lower level but given the least common denominator behavior of providers, that won't happen in practice.

I certainly don't mind is someone wants to play around with protocols though.

Re:Read up on QUIC. if (tcp && http) strea

[lgw]

Sadly ports are dead, and we're watching them get re-invented. We've gone from the web being a service built on the internet, to the internet being a service build on the web (well, on port 80/443). Security idiots who mistook port-based firewalling for something useful have killed the port concept, and now that we're converging on all-443-all-the-time, we have to re-invent several wheels.

yes you rewrite http and while you're at it

[raymorris]

Yes, you just need to redo http. While you're redoing http, you make several improvements.
As you improve http, you realize the biggest performance issues for http come from the fact that it's limited by the requirement that sends and recieves via an ancient protocol that wasn't designed to carry http. Http doesn't run atop TCP because it's a good fit - on runs atop http because that's what was available.

I think it's more like designing automobiles 3.0, designed to go 300 MPH, and realizing that if you want 300 MPH vehicles, you might need to make some significant changes to highway design.

well yeah, html then css, js, images concurrently

[raymorris]

Yeah, I assume that's obvious. Send the html first, then css, js, and images concurrently.

Also, I hope you don't browse too many pages with 20MB of images. :)

Pipelining

You know, there was this idea about PIPELINING.

Yes, it'd be nice if they'd take that idea a little more seriously. Some years ago I looked into it and it makes a hell of a difference.

The basic problem that pipelining solves is that even with keep-alive connections, you've got a minimum download time equal to your round-trip ping time for each file you download. If you visit a web page, and it has 100 images, and your ping time to the site is 500 ms because it's on the other side of the planet, you're going to wait 50 seconds to download that page over a single HTTP connection regardless of how small the files are. This is because the web browser requests one file, then waits to receive it before requesting the next file. Pipelining solves the problem by allowing the web server to say "hey, go ahead and send all the requests at once if you want to." It's also trivial to implement, in most cases requiring no changes whatsoever, as the web server has no interest in reading from the socket until it's responded to the previous request anyway. The idea that you wouldn't be able to just send all of the requests immediately is actually kind of silly.

At the time I tested it, I found it to be far faster than my web browser making multiple simultaneous connections to a test web site I set up, although my test was a bit incomplete: I was comparing the time the web browser took to load the page to the time it took me to receive all of the data after sending all of the requests over a single HTTP connection, as I couldn't find a web browser at the time that supported pipelining and so I just piped all the request headers through the 'hose' command. (The problem with that test is that it ignores time the web browser spends doing other things, like decompressing JPEG images, which is far from trivial.) Never the less, I was comparing a web page that took 30 seconds to load over a single connection to receiving all of the data almost instantly, so I'm pretty sure most of the improvement I saw was from utilizing pipelining.

Re:Nerfing congestion avoidance for increased prof

I support your views that the selfish speed measurements in TFA fail to capture the design constraints of a TCP replacement, but I don't think your characterization of Google's involvement in the tcpm list is a fair one. They are not at all ignorant of the design constraints, as you can see from their paper. The tcpm threads I've read look more like heckling bike-shedders who, at best, may have done a little research a decade ago, and are now directing their intellectual efforts toward being obstructionist to the only people left doing real research. What TCP research is there outside Google, which is practical, and useful to the web? The other problem is the baseline of strangling conservatism founded from a self-aggrandizing position of "responsibility," which is not consistent with the track record of this area of research: overconservatism probably played a part in the congestion-collapse of the Internet in the 80's which you arrogant eggheads then scrambled to fix. It was not the case that the default resistance to any change in TCP saved the internet, nor is it remotely true that we're unaware of risky corner-cases existing in TCP now that most proposals aim primarily to smooth out, nor is it even true we're not beginning to see the effects of these corner-cases to an extent that could predict another collapse-like event. How about, this time, we respond to the very real problems we see on the web: video doesn't work, bandwidth isn't fairly divided in the specific low-hanging-fruit case of multiple streams unordered with respect to one another, cellular networks discard half their packets under congestion, TCP adds too much jitter over the network when new applications (even web browsing) benefit from much less jitter than we're seeing. I understand and agree that deconstructionism has some value, but Google isn't the only one risking being "bad for the Internet." You, sir, also risk that, and honestly at this point I trust Google not to break the Internet more than I trust the get-off-my-lawn retirees on tcpm that claim to exist only for said purpose.

Re:Nerfing congestion avoidance for increased prof

You make a good point about poor congestion control causing wide-scale harm, but that problem exists today. Anyone can create any protocol they want, as long as

I disagree with the parent, but not on this basis. Technically-sophisticated hobbyists being able to use any UDP protocol they want is a completely different level of risk to the Internet than the hypotheticals of pushing a new protocol to Chrome stable channel, or to TCP in a Mac OS update, or to Youtube/Netflix/Amazon servers.

Re:Nerfing congestion avoidance for increased prof

[Agripa]

1. Session establishment in the face of in band adversaries adding noise to the channel. Currently TCP connections can be trivially reset by an in-band attacker. I think resilience to this necessarily binding security to the network channel can be a marginally useful property in some environments yet is mostly worthless in the real world as in-band adversaries have plenty of other tools to make life difficult.

Doesn't IPSEC protect against this?

2. Efficient Multi-stream/message passing. Something with the capabilities of ZeroMQ as an IP layer protocol would be incredibly awesome.

Isn't that what SCTP is for?

Re:Read up on QUIC. if (tcp && http) strea

[grmoc]

Yup; True