Most active commenters

    ←back to thread

    313 points carlos-menezes | 15 comments | | HN request time: 1.239s | source | bottom
    Show context
    cletus ◴[] No.41891721[source]
    At Google, I worked on a pure JS Speedtest. At the time, Ookla was still Flash-based so wouldn't work on Chromebooks. That was a problem for installers to verify an installation. I learned a lot about how TCP (I realize QUIC is UDP) responds to various factors.

    I look at this article and consider the result pretty much as expected. Why? Because it pushes the flow control out of the kernel (and possibly network adapters) into userspace. TCP has flow-control and sequencing. QUICK makes you manage that yourself (sort of).

    Now there can be good reasons to do that. TCP congestion control is famously out-of-date with modern connection speeds, leading to newer algorithms like BRR [1] but it comes at a cost.

    But here's my biggest takeaway from all that and it's something so rarely accounted for in network testing, testing Web applications and so on: latency.

    Anyone who lives in Asia or Australia should relate to this. 100ms RTT latency can be devastating. It can take something that is completely responsive to utterly unusable. It slows down the bandwidth a connection can support (because of the windows) and make it less responsive to errors and congestion control efforts (both up and down).

    I would strongly urge anyone testing a network or Web application to run tests where they randomly add 100ms to the latency [2].

    My point in bringing this up is that the overhead of QUIC may not practically matter because your effective bandwidth over a single TCP connection (or QUICK stream) may be MUCH lower than your actual raw bandwidth. Put another way, 45% extra data may still be a win because managing your own congestion control might give you higher effective speed over between two parties.

    [1]: https://atoonk.medium.com/tcp-bbr-exploring-tcp-congestion-c...

    [2]: https://bencane.com/simulating-network-latency-for-testing-i...

    replies(11): >>41891766 #>>41891768 #>>41891919 #>>41892102 #>>41892118 #>>41892276 #>>41892709 #>>41893658 #>>41893802 #>>41894376 #>>41894468 #
    1. skissane ◴[] No.41891768[source]
    > Because it pushes the flow control out of the kernel (and possibly network adapters) into userspace

    That’s not an inherent property of the QUIC protocol, it is just an implementation decision - one that was very necessary for QUIC to get off the ground, but now it exists, maybe it should be revisited? There is no technical obstacle to implementing QUIC in the kernel, and if the performance benefits are significant, almost surely someone is going to do it sooner or later.

    replies(3): >>41891946 #>>41891973 #>>41893160 #
    2. ants_everywhere ◴[] No.41891946[source]
    Is this something you could use ebpf for?
    3. lttlrck ◴[] No.41891973[source]
    For Linux that's true. But Microsoft never added SCTP to Windows; not being beholden to Microsoft and older OS must have been part of the calculus?
    replies(2): >>41892046 #>>41892802 #
    4. skissane ◴[] No.41892046[source]
    > But Microsoft never added SCTP to Windows

    Windows already has an in-kernel QUIC implementation (msquic.sys), used for SMB/CIFS and in-kernel HTTP. I don’t think it is accessible from user-space - I believe user-space code uses a separate copy of the same QUIC stack that runs in user-space (msquic.dll), but there is no reason in-principle why Microsoft couldn’t expose the kernel-mode implementation to user space

    5. astrange ◴[] No.41892802[source]
    No one ever uses SCTP. It's pretty unclear to me why any OSes do include it; free OSes seem to like junk drawers of network protocols even though they add to the security surface in kernel land.
    replies(5): >>41892937 #>>41892986 #>>41893372 #>>41893981 #>>41895474 #
    6. kelnos ◴[] No.41892937{3}[source]
    Does anyone even build SCTP support directly into the kernel? Looks like Debian builds it as a module, which I'm sure I never have and never will load. Security risk seems pretty minimal there.

    (And if someone can somehow coerce me into loading it, I have bigger problems.)

    replies(2): >>41893439 #>>41895319 #
    7. supriyo-biswas ◴[] No.41892986{3}[source]
    The telecom sector uses SCTP in lots of places.
    8. conradev ◴[] No.41893160[source]
    Looks like it’s being worked on: https://lwn.net/Articles/989623/
    replies(1): >>41896868 #
    9. spookie ◴[] No.41893372{3}[source]
    And most of those protocols can be disabled under sysctl.conf.
    10. jeroenhd ◴[] No.41893439{4}[source]
    Linux and FreeBSD have had it for ages. Anything industrial too. Solaris, QNX, Cisco IOS.

    SCTP is essential for certain older telco protocols and in certain protocols developed for LTE it was added. End users probably don't use it much, but the harsware their connections are going through will speak SCTP at some level.

    11. lstodd ◴[] No.41893981{3}[source]
    4g/LTE runs on it. So you use it too, via your phone.
    replies(1): >>41894177 #
    12. astrange ◴[] No.41894177{4}[source]
    Huh, didn't know that. But iOS doesn't support it, so it's not needed on the AP side even for wifi calling.
    13. rjsw ◴[] No.41895319{4}[source]
    I added it to NetBSD and build it into my kernels, it isn't enabled by default though.

    Am part way through adding NAT support for it to the firewall.

    14. j1elo ◴[] No.41895474{3}[source]
    SCTP is exactly how you establish a data communication link with the very modern WebRTC protocol stack (and is rebranded to "WebRTC Data Channels"). Granted, it is SCTP-over-UDP. But still.

    So yes, SCTP is under the covers getting a lot more use than it seems, still today. However all WebRTC implementations usually bring their own userspace libraries to implement SCTP, so they don't depend on the one from the OS.

    15. throawayonthe ◴[] No.41896868[source]
    also looks like current quic performance issues are a consideration, tested in section 4. :

    > The performance gap between QUIC and kTLS may be attributed to:

      - The absence of Generic Segmentation Offload (GSO) for QUIC.
      - An additional data copy on the transmission (TX) path.
      - Extra encryption required for header protection in QUIC.
      - A longer header length for the stream data in QUIC.