proposal: Resolving the SVC resolution issue #4388
Description
Status: Draft
Note that this proposal is not finished yet. There are some TODOs, and we probably want some PoCs to validate the claims.
Resolving the SVC resolution issue
Currently, we have a process that is called SVC (service) resolution in the
SCION control plane exchanges. Its purpose is to resolve the address of a
SCION control plane service. This is done by sending a packet with an SVC
destination address to the target AS. The response contains the address where
the service is reachable (technically a map from protocol to address, but for
now we have ever only supported one protocol)
TODO: Why SVC resolution is an issue
Uses
SVC resolution has currently the following two uses:
-
Bootstrapping communication to remote AS
Given we are at a very deep layer in the networking stack, we cannot rely on
many other systems during bootstrapping. To establish SCION control plane
connections, we need to talk to services whose addresses we do not know
beforehand. The connection is stream oriented, thus we need packets to
consistently delivered to the same server. SVC resolution is a way to achieve
this. However, currently, I don't see the use case. -
Bootstrapping SCION path from One-Hop paths
Currently, during beaconing, One-Hop paths are used to send the SVC resolutions
the responses are sent using a full SCION path, which allows the SVC resolution
client to bootstrap a valid SCION dataplane path.
Both of these two uses can be achieved in a different manner. Use 1 can be
solved in various different ways, we do not necessarily need SVC resolution.
Use 2 is not obviously necessary. If we still require it, we could also decouple
it from SVC resolution.
Background
TODO: Add more background
- How we got here?
- Packet based RPC stack -> move to stream based approach
- Limitations of quic-go
Proposal 1 - SVC resolution free communication
One key observation is that we are using QUIC in our SCION control plane
protocol. During the design of QUIC, a lot of thought went into connection
migration and resumption. Every QUIC packet carries a connection
ID. Different
connections are de-multiplexed based on their connection ID, and not based on
the addresses of the packets. The connection ID can also be used by load
balancers to infer where the packet should be sent to. E.g.,
quic-lb
attempts to standardize a scheme to encode routing data in the connection ID.
We can leverage this fact in our SCION control plane too. In the world of QUIC
connections, resolving an address first to establish the connection is
unnecessary. As long as the packets get routed to the same server, it will
manage to identify the connection by the connection ID. The destination address
is irrelevant. Thus, the client can simply establish a QUIC connection with an
SVC destination address. This has been proven to work with
#4387 that simply drops SVC
resolution when dialing gRPC connections for the SCION control plane. All
packets from the client contain an SVC address as the destination. The reply
packets contains the real server address.
:::{note}
In theory, the client could change the destination address after it has received
the first response. However, in the past this has been proven to be hard in
practice because various parts of the quic-go implementation have assumptions
that the destination address does not change. It is also not required, thus,
I would advocate for not doing it.
:::
Keeping Backwards Compatibility - De-multiplexing
Simply dropping SVC resolution is not an AS internal change, the whole network
needs to adapt. Naively switching on this new behavior would lead to
interruptions, which is not feasible given our productive deployments.
However, there are two key observations here:
- Other than dialing the QUIC connection, neither the client nor the server
change at all. - SVC resolution requests can be distinguished from QUIC packets. They UDP
payload of a SVC resolution request is empty (0 bytes), every QUIC packet
carries some information and the UDP payload is never 0 bytes.
To keep backwards compatibility, we can use these observations. We initialize a
packet connection that passes all non-empty payload packets further up the stack
to the QUIC server, and all empty payload packets are treated as SVC resolution
requsts. Luckily, we have implement something like this in the past which can be
used as inspiration:
svc.ResolverPacketDispatcher.
With this change, the control server will open a single UDP/SCION socket and
handle SVC resolution and regular QUIC connections on the same socket. This allows
a two phase rollout plan: First upgrade the whole network with the server side
changes, then enable the client side. We could even do a "happy eyeballs" approach
and try both at the same time.
Supporting Multiple SVC Destinations
In current deployments, there is usually only one control/discovery service
reachable from any given border router. However, in the future, we might want to
support setups where multiple instances can be reached via a border router. This
is still possible. In such a setup, the connection ID will encode the target
instance. (e.g., with the
quic-lb
scheme). This will allow for consistent routing across the different QUIC
packets of the same connection. Given we do not have such a use case yet, we do
not need to handle it right now. Implementation may vary, but they are AS
internal implementation details. Every as can decide how to do this without
affecting any other AS in the network.
Drawbacks
This proposal relies on the fact that we are using QUIC. It is crucial that we
have connection IDs, such that connections can be identified and routed
consistently. This is a slight layer violation.
Alternatives Considered
TODO