Internet-Draft QUIC failover March 2023
Kozuka Expires 2 October 2023 [Page]
Workgroup:
QUIC
Internet-Draft:
draft-kozuka-quic-failover-latest
Published:
Intended Status:
Informational
Expires:
Author:
M. Kozuka
Okayama University

Multipath QUIC Path Failover Mechanism

Abstract

The proposed path failover mechanism provides a seamless way to recover from path failures in Multipath QUIC. It allows the protocol to take advantage of multiple paths while maintaining reliability and security. The implementation and deployment of this mechanism should be done with careful consideration of security and performance.

About This Document

This note is to be removed before publishing as an RFC.

The latest revision of this draft can be found at https://masa-koz.github.io/quic-failover/draft-kozuka-quic-failover.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-kozuka-quic-failover/.

Discussion of this document takes place on the QUIC Working Group mailing list (mailto:quic@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/quic/. Subscribe at https://www.ietf.org/mailman/listinfo/quic/.

Source for this draft and an issue tracker can be found at https://github.com/masa-koz/quic-failover.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 2 October 2023.

Table of Contents

1. Introduction

Multipath QUIC provides improved network performance and reliability by using multiple network paths concurrently. However, if one of the paths fails, it can cause a disruption in the communication. This document proposes a path failover mechanism for Multipath QUIC, which allows it to recover from path failures seamlessly.

2. Conventions and Definitions

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

3. Path Failover Mechanism

Multipath QUIC uses multiple paths to transfer data concurrently. Each path has its own metrics, such as RTT, available bandwidth, and congestion level. These metrics are monitored by the sender using the Path Quality Estimation (PQE) framework. When a path failure is detected, the sender chooses a new path to transfer data. The sender detects a path failure when the path metrics show a significant degradation. This can be caused by a network outage or congestion. If the path metrics remain degraded for a certain duration, the sender assumes the path has failed and triggers the failover mechanism. When the failover mechanism is triggered, the sender selects a new path to transfer data from a list of available paths. The selection criteria can be based on various factors, such as available bandwidth, RTT, and congestion level. The sender also considers the path diversity to choose a path that is different from the failed path. After selecting a new path, the sender checks whether it is valid by sending a connectivity check packet. If the path is valid, it starts sending data on the new path. If the new path also fails, the sender repeats the failover mechanism with a different path.

4. Security Considerations

The failover mechanism should not compromise the security of the communication. The selection of a new path should not leak information about the failed path or the communication itself. Therefore, the selection criteria should not depend on any information that can be obtained by an eavesdropper. The connectivity check packet should be authenticated to prevent spoofing attacks. The sender should verify the authenticity of the packet before deciding to use the new path. The sender should also limit the number of failover attempts to prevent denial-of-service attacks. The failover mechanism should not introduce any new vulnerabilities to the Multipath QUIC protocol. Therefore, it should be thoroughly tested and reviewed before being deployed.

5. IANA Considerations

This document has no IANA actions.

6. Normative References

[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/rfc/rfc2119>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/rfc/rfc8174>.

Acknowledgments

TODO acknowledge.

Author's Address

Masahiro Kozuka
Okayama University