Minutes interim-2024-moq-16: Wed 16:00
minutes-interim-2024-moq-16-202408071600-00
Meeting Minutes | Media Over QUIC (moq) WG | |
---|---|---|
Date and time | 2024-08-07 16:00 | |
Title | Minutes interim-2024-moq-16: Wed 16:00 | |
State | Active | |
Other versions | markdown | |
Last updated | 2024-08-07 |
minutes-interim-2024-moq-16-202408071600-00
Bluesheets: 7 August 2024 Virtual MOQ Interim
- Martin Duke, Google
- Alan Frindell, Meta
- Daniel Fay, Meta
- Mathis Engelbart, TUM
- Will Law, Akamai
- Luke Curley, Discord
- Ian Swett, Google
- Mo Zanaty, Cisco
- Erik Herz, Vivoh
- Dinesh Adhithya, Zoho
- Victor Vasiliev, Google
- Manish, Dyte
- Mike English, id3as
Minutes
Hybrid interim
- 1-3 Oct
- Move from NYC to MA?
- Akamai offered to host
- Martin will send last note to list before final decision
MoQT Issues
(PR#491)
- Ian: Start with PR about MAX_SUBSCRIBE_ID (PR#491)
- Is this the right direction?
- Note that if we had MAX_SUBSCRIBE_ID and MAX_ANNOUNCE_ID we
might get rid of role - Alan: Not sure if it is required to limit announces
- Will: Could get rid of role anyway. Just because you need protection
from bad endpoints anyway. - Martin: I could drop announces
- Ian: No default limit, initial one communicated in handshake. If you
exceed it, connection gets closed. New MAX_SUBSCRIBE_ID parameter
in setup handshake. and new frame to udpate. Similar to QUIC. - Luke: We don't have subscribe state machine. Do you have to
unsubsribe to stop using flow control. How to get more credit. - Ian: Implementation detail, similar to QUIC. If you never increase
id, you never get more credit. - Will: ABsolute count right?
- Ian: Yes, closing doesn't change anything because it's the max ID.
- Martin: That simplifies state machine.
- Will: Mechanism for negotiating more?
- Ian: Expect that if you close the peer wuold provide more when you
close a subscription. - Will: Can you explicitly ask for it?
- Ian: No. Allows to open more based on resource situation.
- Mo: Not sure mirroring QUIC is good. In our context, relays don't
have knowledge about content. Default to 0. How would subscriber
know how the relay is going to do flow control since it is dependent
on the implementation of the specific relay. - Martin: Subscriber doesn't infer anything, sender decides based on
his resources. - Mo: Sender is relay here, relay has no idea of dynamics of traffic
because it doesn't know the actual application. That's different
from QUIC where the endpoints are the application and know what's
going to happen. Imagine relay to relay and may need to allow many
more subscribes compared to endpoints. - Will: Based on the resources of the relay you can request more.
- Mo: No, there is no request message for more credits.
- Will: Subscribe would ask for more
- Mo: No seems to be protocol error if subscribe for too much.
- Martin: If max is 5 and client subscribes for 4, than relay should
provide more credit. - Mo: But that's dependent on relay implementation
- Martin: In QUIC there's a blocked message which we could also mirror
if we think we need it. But I think relays could do the right thing
here. Would be fine with having blocked messages. - Mo: Biggest issue is that default depends on who the relay is
talking to. small limit is fine for end subscriber but not for
another relay. - Martin: What about basing it on auth in setup? To identify relays
and end subscribers. - Alan: Do you have an alternative proposal?
- Mo: Having a request or something like that would make sense so you
don't have to wait for implementation decision to provide more
credit. - Victor: This is improvement over current situation which is like if
i have a limit, I will just send subcribe error if client subscribes
to too many. Alternative is like not have any limit which is a bad
idea. This PR just makes perfect sense. Practical differences as to
why flow control in MoQT is different from flow control in HTTP 3.
HTTP 3 try to send requests and reply comes back based on default
100 requests limit. Expectation is that those will be immediately
processed. In MoQ there's a good reason to have 1000 active
subscribes at a single time. I believe we should document
considerations about limits but merge this. - Will: Why line 1702 says you should close the whole session instead
of just deny the one subscribe that exceeds the limit. - Ian: Simplifies debugging.
- Will: You get a subscribe error.
- Victor: But it is a protocol violation
- Ian: Closing with error code makes it much easier to find
implementation error. Experienced recently in QUIC implemenation - Will: Will make it difficult to build fault tolerant systems. There
might be race conditions leading to accidentally over subscribing. - Ian: Max increases when it sends it and receiver must receive it
before using credit. - Martin: As chair, acknowledge Mo's concerns and propose merging it
and [...] - Mo: Why do we need any machinery at all. Maybe signal when limit
reached and client can try again later. don't need to mimic QUIC
here. - Will: WebTransport invented same kind of message to signal a hint.
MoQ could do something similar. - Luke: QUIC flow control works well once implemented even though it
sounds complicated on paper. Waiting and trying again is bad. Please
write down alternative flow control mechanisms. I think we will end
up with a similar mechanism. I like it to be fatal error as well. - Martin: Alternative proposal is to not have an explicit message and
only error if limit is exceeded. Do people besides Mo prefer this?
No one raising their hand. Mo was that correct? - Mo: Yes. Add subscribe error: "flow control"
- Alan: Relay can still do that but tell the peer when it is going to
happen in advance. Every relay has some limit and you set it in
advance vs. blowing up after it reached the limit. - Will: It doesn't have to blow up
- Luke: But the limit is still there
- Will: What if [...]
- Victor: I hear suggestions for rejecting subscribes with error and I
believe there's we [...]. I don't see reason not to ship this PR,
works well in QUIC. It's over engineered because control messages
are oredered which is not even required for this. - Alan: Bad actor just says subscribe for ever and you have rate
limiter to close vs. having defined behavior and remove bad
subsribers. Also solves subscribe/unsubscribe issue. You can reuse
ID 1. - Will: Ack
- Mo: We should have a talk about protection mechanisms overall. Not
convinced this adds protection since we have a single control
channel. Bad actor could send lots of control messages and one would
have to react to all. - Ian: Going back to rapid resets. Sending small messages could make
the peer do a lot of work. - Victor: Sending duplicate subscribe ID should be fatal error. We can
make them sequential. - Alan: Mos point is we should take a holistic approach and we only
solve one with this PR. - Ian: Yes, I think there's more work to be done. This one is most
obvious only. - Martin: Alan, Show of hands?
- Martin: Separate issue to have client hints.
-
Martin: Do you prefer MAX_SUBSCRIBE_ID type solution. Raise your
hand- 7 people
-
Martin: Rais hand if you prefer subscribe error based mechanism
- 2 people
-
Martin: Who would like more discussion?
- 0
-
Martin: Alan and I talk about it offline and go to list?
- Alan: Yes, few opinionated people are missing today. 7 to 2 seems
like rough consensus - Mo: Not completely opposed but think holistic approach seems better.
If this solves it hollistically, I could be convinced, but not yet. - Martin: I can summarize questions on list after meeting.
- Alan: Anyone opposed that we also need a broader analysis of DoS
threads on control messages? We have a lot of issues and should do
small steps. - Mo: On list please make it clear what the semantic change of
subscribe ID is due to this PR, since it now needs to be sequential. -
Martin: Will try but please chime in when I fail to point it out on
the list. -
Martin: Please sig bluesheets.
##
- Ian: We don't have much text about how streams are used. Are there
normative statements that we can already agree on? First one: If
subscribption is cancelled or expired, SHOULD publisher reset open
streams? - Victor: Was trying to write fetch proposal. Should split messages
into control and data messages. Wrote PR for that and we should
renumber stream types. Implemetnation can currently handle any
message anywhere but that doesn't make sense. - Ian: That's PR 503
- Victor: Yes.
- Victor: Might merge text for streams and datagrams.
- Alan: Editorial?
- Victor: Almost. Things that were allowed are not anymore now but
does not matter. - Will: Control stream is bidirectional right and data on
unidirectinoal streams. What about a client opening a second
bidirectional stream. - Ian: Currently illegal in spec.
- Mo: I support split and would go further and split the spaces
themselves. So there's no list of all messages. - Victor: Splits namesapces but doesn't renumber them
- Ian: agree
- Luke: Support it and renumber such that stream header group is only
one byte varint. - Martin: I like having separate spaces. Will be huge pain to
implement properly but would have been better in the first place. - Ian: Ok seems like all think this is going in right direction.
- Alan: Just merge today.
-
Ian: Will do
-
Alan: 10 minutes left
-
Ian: Let's look at ALPN PR
- Ian: WebTransport has ALPN feature. Discussed long time ago so we
couldn't rely on it. Intent here is to use ALPN for both instead of
existing version in SETUP. ALlows to remove some text. - Luke: Is this deployed in chrome?
- Victor: Not yet
- Luke: Can we wait until it does?
- Ian: Practical concern
- Victor: Shipping is blocked on bikeshed of sub-protocol vs. protocol
- Alan: Can IETF figure it out?
- Mo: Protocol has consensus
- Martin: Group has consensus on using ALPN and will after Victor gets
it done. - Luke: As long as we can offer multiple versions. Could then remove
setup round trip - Ian: Setup has other things like auth.
-
Luke: But version is the requirement you need before sending other
messages. -
Alan: Other open PRs? Yes, 497
- Ian: Mostly donon
[Missed some part about 497 due to hedgedoc issue]
- Will: Want to do some special things because it is talking to end
subscriber. - Mo: Intended to capture that content may be e2e encrypted There
should be something informative saying that content may be
encrypted. - Alan: Is there but is lowercase may.
- Mo: About things that are not just relays but not full endpoints. We
have example of a conferencing server that is not a relay and not an
endpoint which we expect to do forwarding but not have knowledge of
content of messages. We should decide if we need a name for that. - Ian: Add text once we need to add features to support those things
- Martin: +1 to Mo, Should merge this.
-
Ian: Will merge
-
Martin: Anything in two minutes?
- Alan: Can talk about subscribe namespace. It changes the definition
of tracknamespace. Currently single string of bytes, change to
sequence of 1 to 32 fields of bytes. So becomes a tuple. That
enables subscribe_namespace message where you use a tuple subset to
subscribe to announce and unannounce messages matching that prefix
of tuples. - Martin: Would those be required to get announces.
- Alan: No, announce is not required. If you have a case with a
million tracks publisher and only some people should receive
announces about some of them. - Mo: I think this goes right direction. Namespace and name was
initially monolithic. If we actually have tuples, we could just make
the whole thing a tuple and don’t need trackname anymore. - Alan: Will also raised the point. We do have distinction to match
for announces vs match full names. This solves one problem, could go
further later.