Re: Proposal: a new WRAP UP capsule from Ben Schwartz on 2024-07-09 (ietf-http-wg@w3.org from July to September 2024)

From: Ben Schwartz <bemasc@meta.com>
Date: Tue, 9 Jul 2024 19:37:36 +0000
To: David Schinazi <dschinazi.ietf@gmail.com>, Lucas Pardue <lucas@lucaspardue.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <SA1PR15MB43706FB732C8F277D7FE4E78B3DB2@SA1PR15MB4370.namprd15.prod.outlook.com>
I agree, an "I support WRAP UP" signal is not very useful for the server.  It's useful for the server operator, to try to answer questions like:

* Do enough of our clients support WRAP UP that we should invest some effort implementing it?
* Is our implementation of WRAP UP working correctly?
* How long a grace period do we need to offer to reach 99% graceful termination among supporting clients?

--Ben
________________________________
From: David Schinazi <dschinazi.ietf@gmail.com>
Sent: Tuesday, July 9, 2024 1:39 PM
To: Lucas Pardue <lucas@lucaspardue.com>
Cc: Ben Schwartz <bemasc@meta.com>; HTTP Working Group <ietf-http-wg@w3.org>
Subject: Re: Proposal: a new WRAP UP capsule

Thanks all. Regarding adding a signal to indicate client support, I agree with Lucas: the policy will enforce a hard limit set by policy, no matter what the client does. I don't think the proxy would change its behavior if it knew whether

Thanks all.

Regarding adding a signal to indicate client support, I agree with Lucas: the policy will enforce a hard limit set by policy, no matter what the client does. I don't think the proxy would change its behavior if it knew whether the client supported this.

Regarding capsule vs h2/h3 frame, that's an interesting question. Fundamentally, this signal is intended to flow from proxy to client - even if it has to go through intermediaries between the proxy and client. If we use an h2/h3 frame, we would have to define it such that intermediaries need to understand it and forward it down the chain. We'd also lose h1 support. And intermediaries that use h1 on the back end aren't uncommon these days. Because of these reasons, I think a capsule makes more sense. That said, this does require the capsule protocol to be in play. I think this ties in to the conversation we've been having around connect-tcp and whether to use capsules there.

In terms of my token-limited use case, I think the best design for large uploads/downloads is to use multiple separate proxied requests leveraging range requests or resumable uploads. The alternate REFRESH_TOKEN design would work too, but it has the downside of not working when the proxy is going down for maintenance.

David

On Tue, Jul 9, 2024 at 8:38 AM Lucas Pardue <lucas@lucaspardue.com<mailto:lucas@lucaspardue.com>> wrote:


On Sat, Jul 6, 2024, at 01:03, Ben Schwartz wrote:
I think this is a reasonable idea.  Two questions come to mind:

1. Should this have a signal?  Right now there's no indication from the client about whether it supports this frame.  That makes it difficult for the server to understand whether the frame is working as intended.  Did I not give a long enough grace period, or are these clients running long because they don't recognize the capsule?
I think the outcome is the same either way, a proxy can give a hint to a client using the capsule and it might not be able to do anything with it anyway even if understood. The proxy still needs to enforce its policy on when to shut the thing down.



2. Should this be a stream-scoped HTTP/2+3 frame type?  There are lots of cases of streaming requests and responses that might encounter some kind of limit in HTTP, including WebSocket, WebTransport, and even plain old POST and GET.  Should "this stream is getting too long for me" be a built-in function of HTTP?
I'm not sure. I think it depends on the direction of nessage travel and what the limit applies to.

One example we have is in resumable uploads, where we've defined an upload-limit header [1] that applies to resources, not streams. An upload can span multiple requests, and we indicate the limits of individual requests and aggregate size

What single transaction cases would a frame help? For a large download, telling the client to wrap up isn't much good because it cant do anything, you could just reset the stream.

WebSocket is a bidi pipe and similar to MASQUE flows., I could see wrap up applying there. The capsule seems like it would work too.

[1] https://httpwg.org/http-extensions/draft-ietf-httpbis-resumable-upload.html#section-8.2<https://urldefense.com/v3/__https://httpwg.org/http-extensions/draft-ietf-httpbis-resumable-upload.html*section-8.2__;Iw!!Bt8RZUm9aw!5D2F-R2U09uUsHaJTNnEX9Xq4f_TvBt5L2Hmm7KlH2kvxPvjgnHkmRihnSxEq7Uouma5RPOk3H-vkQizjtgb$>

--Ben

________________________________

From: David Schinazi <dschinazi.ietf@gmail.com<mailto:dschinazi.ietf@gmail.com>>
Sent: Friday, July 5, 2024 6:29 PM
To: HTTP Working Group <ietf-http-wg@w3.org<mailto:ietf-http-wg@w3.org>>
Subject: Proposal: a new WRAP UP capsule

Hi HTTP enthusiasts, Over in MASQUE land, as we're deploying our two-hop proxies, we decided we needed to put a cap on how many bytes we'd allow per token-authenticated connect-udp tunnel. Enforcing a hard limit is easy, but the issue

Hi HTTP enthusiasts,

Over in MASQUE land, as we're deploying our two-hop proxies, we decided we needed to put a cap on how many bytes we'd allow per token-authenticated connect-udp tunnel. Enforcing a hard limit is easy, but the issue is that if the proxy aborts the tunnel halfway through, the web browser could be halfway through a proxied request. Since the browser doesn't know if the half-finished request was acted on or not, it can't retry it, so it has to surface the error to the user. Instead, we want the proxy to be able to warn the browser that this will happen soon, so that the browser can establish a new tunnel with a new token, and start sending new requests there. Conceptually this is a little like GOAWAY, but instead of "please wrap up this connection", it's "please wrap up this tunnel stream". It uses capsules, since this is a message from proxy to client. Here's a draft with diagrams:

https://datatracker.ietf.org/doc/draft-schinazi-httpbis-wrap-up/<https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-schinazi-httpbis-wrap-up/__;!!Bt8RZUm9aw!5D2F-R2U09uUsHaJTNnEX9Xq4f_TvBt5L2Hmm7KlH2kvxPvjgnHkmRihnSxEq7Uouma5RPOk3H-vkV2Dmq1-$>
https://davidschinazi.github.io/draft-schinazi-httpbis-wrap-up/draft-schinazi-httpbis-wrap-up.html<https://urldefense.com/v3/__https://davidschinazi.github.io/draft-schinazi-httpbis-wrap-up/draft-schinazi-httpbis-wrap-up.html__;!!Bt8RZUm9aw!5D2F-R2U09uUsHaJTNnEX9Xq4f_TvBt5L2Hmm7KlH2kvxPvjgnHkmRihnSxEq7Uouma5RPOk3H-vkZyAeSrI$>

I'd love to hear your thoughts.

Thanks,
David
Received on Tuesday, 9 July 2024 19:37:46 UTC