Internet-Draft QUIC Path Management December 2024
Gage Expires 7 June 2025 [Page]
Workgroup:
QUIC Working Group
Internet-Draft:
draft-gage-quic-pathmgmt-00
Published:
Intended Status:
Experimental
Expires:
Author:
W. Gage
Unaffiliated

QUIC Path Management for Multi-Path Configurations

Abstract

This document defines path management procedures for QUIC that operate independently of the connection management procedures defined in RFC9000. The path management procedures enable a multipath configuration between endpoints by allowing QUIC packets associated with any connection identifier to be transported over any of the paths established between the endpoints. As a consequence, the principles and operations of RFC9000 are retained regardless of the path used to a convey QUIC packet.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 7 June 2025.

Table of Contents

1. Introduction

Architecturally, one may consider two models for data transport over multiple paths: model (A) is a collection of uni-path connection constructs while model (B) is a uni-path connection construct operating over a collection of paths.

Model (A) is like multipath TCP [MPTCP] that uses multiple TCP connections, one for each of the paths. Model (B) is like a single TCP connection operating over a layer 2 link aggregation group [LAG]. In model (B), a TCP segment can be transmitted in an IP datagram over any of the links in the LAG.

In model (B), path management is distinct from connection management. Conceptually, a connection entity sits on top of a path management entity. A packet transmitted by a connection entity is redirected over one of the available paths by the path management entity. A packet received over any of the available paths is redirected by the path management entity to the connection associated with the packet. The addition, removal and maintenance of paths is handled by the path management entity in a way that is transparent to the connection entities.

    +--------------+  +--------------+
    | connection X |  | connection Y |
    +--------------+  +--------------+
           |                 |
    +--------------------------------+
    |        path management         |
    +--------------------------------+
        |          |              |
   +--------+ +--------+     +--------+
   | path 1 | | path 2 | ... | path n |
   +--------+ +--------+     +--------+
Figure 1: Model (B)

This document describes multi-path QUIC procedures using model (B). In particular, a QUIC packet can be sent over any of the available (and unrestricted) paths. Since connection identifiers are independent of path, a QUIC packet received over any path is processed in the same way as a packet received over the single path construct of [RFC9000] -- i.e. there is a single application data packet number space and an ACK received over any path contains unambiguous packet numbers. While congestion control must clearly be path-specific, connection management, key management and packet loss recovery are not path-specific.

1.1. Conventions

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

1.2. Terminology

This document uses the following terminology:

path:

an association with the 4-tuple of an IP/UDP datagram (source IP address, destination IP address, source UDP port, and destination UDP port). The term "path" is used for consistency with other multipath protocols such as [MPTCP] since, in fact, an endpoint has no knowledge of the path a datagram follows through the network beyond the first hop to a network access point.

PathID:

path identifier.

PMQUIC:

path-managed QUIC (as defined in this document).

session:

a collection of QUIC connections and paths used to exchange QUIC packets between two endpoints.

1.3. Notation

This document uses the field notation defined in [RFC9000] and quoted below:

Individual fields use the following notational conventions, with all lengths in bits:

x (A): Indicates that x is A bits long

x (i): Indicates that x holds an integer value using the variable length encoding described in [RFC9000] Section 16

x (A..B): Indicates that x can be any length from A to B; A can be omitted to indicate a minimum of zero bits, and B can be omitted to indicate no set upper limit; values in this format always end on a byte boundary

x (L) = C: Indicates that x has a fixed value of C; the length of x is described by L, which can use any of the length forms above

x (L) = C..D: Indicates that x has a value in the range from C to D, inclusive, with the length described by L, as above

x (L)...: Indicates that x is repeated zero or more times and that each instance has a length of L

2. Multipath Management

Connection migration to a new path is already supported in [RFC9000]. While [RFC9000] only defines communication over one path at any given time, path-managed QUIC (PMQUIC) provides multiple paths between session endpoints where the paths can be simultaneously active and used to exchange QUIC packets. PMQUIC also provides facilities to explicitly manage the use of paths.

PMQUIC is based on several basic design points:

PMQUIC changes the path management mechanisms specified in Section 9 of [RFC9000]:

In addition, PMQUIC changes several QUIC path-specific procedures described in [RFC9002]:

3. High-level Overview

PMQUIC enables the simultaneous use of different paths to exchange non-probing QUIC frames. This differs from [RFC9000] where the connection migration procedure selects only one path to exchange non-probing frames.

A PMQUIC session between endpoints starts with a standard QUIC handshake over an initial (default) path. As indicated by [RFC9000], an endpoint MUST NOT attempt to activate a new path before the handshake is confirmed. The endpoints use a new max_active_paths transport parameter during the initial cryptographic handshake to negotiate the use of path management capabilities (Section 12.1). The max_active_paths transport parameter indicates support for path management operations and limits the maximum number of active paths that can be used between the endpoints.

To add a new path to an existing PMQUIC session, a client starts a path validation on the chosen path. A new path can only be used to transport non-probing frames once the path has been validated using mechanisms similar to those described in Section 8 of [RFC9000]. New PM_CHALLENGE and PM_CHALLENGE_RESPONSE frames are used to validate the path and to assign an identifier to the path. A new PM_STATUS frame may be used to control use of a path and a new PM_ABANDON frame may be used to abandon a path between endpoints, preventing further use of that path to exchange QUIC packets.

PM_STATUS and PM_ABANDON frames include a path identifier that is assigned to the affected path, allowing the frame to be forwarded over any of the (allowable) paths active at the time of transmission.

PMQUIC operations do not change the basic operations described in [RFC9000]. In particular, none of the following procedures described in [RFC9000] are affected by the use of multiple paths:

However, changes to [RFC9002] procedures are required to deal with path-dependent characteristics such as path MTU size, RTT and congestion.

4. Path Identification

A path is associated with the 4-tuple of an IP/UDP datagram (source IP address, destination IP address, source UDP port, and destination UDP port). However, PMQUIC explicitly assigns an identifier to each path to decouple path management from the 4-tuple of the IP/UDP datagram used to transport a QUIC packet.

A path identifier is an integer assigned to a path by an endpoint that unambiguously identifies the path within the session from the perspective of that endpoint. The initial (default) path (i.e. the path used for the exchange of QUIC initial and handshake packets) is implicitly assigned path identifier (PathID) 0 (zero) for the client and PathID 1 (one) for the server. Other than PathID 0 and PathID 1, each endpoint independently selects the path identifier that it wants to assign to a new path and communicates the chosen PathID to its peer in a PM_CHALLENGE/PM_CHALLENGE_RESPONSE transaction.

An endpoint MUST choose a different PathID for each path in the session -- i.e. a path identifier assigned to one path MUST NOT be reused by the endpoint as the identifier for a different path within the session. For example, a PathID may be a monotonically increasing value, or a randomly generated value, or a sequence of bytes with some internal structure. Since each endpoint independently selects its path identifier, the two endpoints may choose different PathIDs to refer to the same path. A server MAY choose to use the PathID provided by the client in the PM_CHALLENGE frame or the server may choose a different PathID.

A received path identifier that is invalid MUST be treated as a connection error using transport error code Error_pmInvalidPathID (Section 9).

If the 4-tuple associated with a QUIC connection changes without the use of path validation (Section 5.1), this is considered a passive migration event (e.g. due to a NAT rebinding) and is outside the scope of this document -- i.e. it is already covered by [RFC9000].

QUIC connections exist and are managed independently of paths. An outgoing QUIC packet may be transmitted over any of the available and active paths, subject to any constraints that may have been placed on path usage by either of the QUIC endpoints (Section 7). Similarly, an incoming QUIC packet received over any path will be processed according to [RFC9000], as though it had been received over a uni-path transport between the QUIC endpoints.

5. Path Activation and Removal

PMQUIC provides mechanisms for adding new paths to a session and for removing unused or unusable paths from a session.

5.1. Path Activation

To initiate communications over a new path, an endpoint MUST send a PM_CHALLENGE frame in the first QUIC packet conveyed over the new path. The PM_CHALLENGE frame contains a new path identifier (PathID) and an unpredictable nonce (Section 10.1).

The PM_CHALLENGE frame is encapsulated (in a QUIC packet) in an IP/UDP datagram where the 4-tuple of the datagram corresponds to the new path. Discovery of an endpoint IP address and UDP port is outside the scope of this document.

To protect against correlation of communications across different IP addresses, it is RECOMMENDED that an endpoint use a new destination connection identifier in the QUIC packet containing the PM_CHALLENGE frame. The new destination connection identifier would have been previously provided by the peer endpoint in a NEW_CONNECTION_ID frame ([RFC9000] Section 19.15).

The peer endpoint confirms use of the new path by sending a PM_CHALLENGE_RESPONSE frame (Section 10.2) that echoes the received nonce and provides a local PathID as a reference for the path (Section 4). Again, it is RECOMMENDED that the peer endpoint use a new destination connection identifier in the QUIC packet containing the PM_CHALLENGE_RESPONSE frame.

In implementations with decoupling between the path management and connection management entities, the PM_CHALLENGE and PM_CHALLENGE_RESPONSE frames MAY be sent in a QUIC packet using a current connection identifier. An endpoint can disable this behaviour by including a disable_path_migration transport parameter in the initial cryptographic handshake (Section 12.2). An endpoint using a zero-length connection identifier MUST NOT include a disable_path_migration transport parameter in the initial handshake.

The peer endpoint may refuse use of the new path by not sending a PM_CHALLENGE_RESPONSE in response to the PM_CHALLENGE or by sending a PM_CHALLENGE_RESPONSE with a path status parameter (Section 11.4) set to Status_NotAvailable.

If the initiating endpoint does not receive a confirming PM_CHALLENGE_RESPONSE frame, it may transmit a new PM_CHALLENGE frame using the same (or a different) IP/UDP 4-tuple but MUST use a new PathID and a different nonce.

To guard against reception of a PM_CHALLENGE frame in an IP/UDP datagram with a spoofed source address, an endpoint receiving a PM_CHALLENGE frame on a new path SHOULD send its own PM_CHALLENGE frame in an IP/UDP datagram that is separate from the IP/UDP datagram used to convey its PM_CHALLENGE_RESPONSE frame.

5.2. Path Removal

To terminate communications over an established path, an endpoint sends a PM_ABANDON frame (Section 10.4) containing the PathID of the path to be abandoned. A PM_ABANDON frame may be transmitted over any path that is active (and allowable) at the time of transmission. Abandoning a path has no effect on a QUIC connection.

If the endpoint does not receive an ACK to the QUIC packet containing the PM_ABANDON frame, the PM_ABANDON frame may be retransmitted over the same or a different path.

The reason for abandoning a path may be one of the following (Section 14.5):

  • Reason_Failing

    indicating that the path is failing (e.g. the path is experiencing excessive transmission errors);

  • Reason_Lost

    indicating that the path is no longer available to the endpoint;

  • Reason_NoAck

    indicating that the endpoint failed to received ACKs for QUIC packets transmitted over the path;

  • Reason_Timeout

    indicating that a idle timer expired with no QUIC packets transmitted or received over the path;

  • Reason_MaxData

    indicating that the maximum amount of data allowed to be sent on the path has been reached.

  • Reason_Unspecified

    indicating that the reason is unknown or is otherwise unspecified.

6. Path Maintenance

Once a path between endpoints has been validated, PMQUIC provides mechanisms for defining and updating operational parameters related to the path.

6.1. Path Transmission Status

An endpoint may indicate its initial path transmission status in a PM_CHALLENGE frame (Section 10.1) or in the corresponding PM_CHALLENGE_RESPONSE frame (Section 10.2). By default, the initial path transmission status is Status_Available (Section 6.2).

Subsequently, an initiating endpoint may send a PM_STATUS frame (Section 10.3) to inform its peer endpoint of the desired status of a path (Section 6.2) and, optionally, to indicate the precedence assigned to the path by the initiating endpoint (Section 6.3).

Each PM_STATUS frame includes a status sequence number that is generated by the initiating endpoint; each endpoint maintains it own status sequence number. The status sequence number MUST be a monotonically increasing value and MUST NOT be used more than once within a session.

If the initiating endpoint does not receive an ACK to the QUIC packet containing the PM_STATUS frame, the PM_STATUS frame may be retransmitted over the same or a different path but MUST include a new status sequence number.

The receiving endpoint MUST ignore an incoming PM_STATUS frame if it previously received another PM_STATUS frame with a status sequence number equal to or higher than the status sequence number of the incoming frame.

If the receiving endpoint does not agree with the status change, the receiving endpoint may send a PM_STATUS frame to inform the initiator of its desired status of the path.

A PM_STATUS frame may be transmitted over any path that is active (and allowable) at the time of transmission.

6.2. Path Status

The status of a path may be set to one of the following:

  • Status_Available

    indicates that the path may used for transmission of a QUIC packet.

  • Status_Backup

    indicates that the path should not be used for transmission of a QUIC packet if another path exists in a Status_Available state. This path should only be used if no other path exists in a Status_Available state.

  • Status_Blocked

    indicates that the initiating endpoint has reached the maximum transmitted data limit imposed by a previously received Parameter_pathMaxData path parameter (Section 11.1). The receiving endpoint may increase the maximum data limit (and change the status of the path) using a subsequent PATH_STATUS frame (Section 10.3).

  • Status_NotAvailable

    indicates that the path should not be used for transmission of a QUIC packet. Unlike an abandoned path (Section 5.2), a path with Status_NotAvailable may be moved to Status_Available or Status_Backup when and if allowed by operational considerations.

6.3. Path Precedence

A path precedence is a variable-length integer value that may be used to distinguish between paths when scheduling the transmission of a QUIC packet:

  • in general, a path with a higher precedence value is preferred over a path with a lower precedence value;

  • multiple paths may be assigned the same precedence value;

  • congestion control may override precedence to allow transmission over a less congested path;

Each endpoint independently determines the precedence of a path and communicates that precedence to its peer (Section 11.3). The use of the local and peer path precedence values by an endpoint is beyond the scope of this document.

6.4. Path Congestion Control

Congestion control is applied per path, as described in [RFC9002] Section 7. QUIC packets sent on one path do not affect the congestion state of another path.

6.5. Path RTT Measurements

Round-Trip Time measurements are performed per path, as described in [RFC9002] Section 5. In general, different paths may exhibit different RTTs.

6.6. Path Maximum UDP Payload Size

By default, the maximum UDP payload size for a path is the max_udp_payload_size transport parameter defined in [RFC9000] Section 18.2.

The maximum UDP payload size for a path can be adjusted by including a Parameter_pathPayloadSize (Section 11.2) in the list of path parameters in a PM_CHALLENGE frame (Section 10.1) or in a PM_CHALLENGE_RESPONSE frame (Section 10.2).

If a Parameter_pathPayloadSize is included in a PM_CHALLENGE frame, this value takes precedence over the max_udp_payload_size transport parameter.

If a Parameter_pathPayloadSize is included in a PM_CHALLENGE_RESPONSE frame, this value must be less than the value included in (or defaulted by) the PM_CHALLENGE frame and takes precedence over the value included in (or defaulted by) the PM_CHALLENGE frame.

The mechanism used by an endpoint to determine maximum UDP payload size for a path is beyond the scope of this document. For example, the value may be determined by pre-configuration, by using a Path MTU Discovery (PMTUD) mechanism, or as a property of the endpoint.

7. Packet Scheduling

A QUIC packet may be scheduled for transmission over a given path only if:

An endpoint SHOULD schedule a transmission over a path with Status_Available. If this is not possible, the endpoint MAY attempt a transmission over a path with Status_Backup.

If more than one path is eligible for transmission of a packet, the algorithm used to select the path is beyond the scope of this document. An implementation may, for example, use the precedence value provided in a PM_CHALLENGE, PM_CHALLENGE_RESPONSE or PM_STATUS frame (Section 6.3).

Precedence should only used to distinguish between paths with the same status -- i.e. between paths with Status_Available or between paths with Status_Backup.

8. Packet Loss Detection and Recovery

QUIC senders use acknowledgements to detect lost packets and a probe timeout (PTO) to ensure acknowledgements are received. Loss detection through acknowledgements is performed as described in [RFC9002] Section 6.1.

Timer-based loss detection ([RFC9002] Section 6.1.2) must recognise that different paths may exhibit different RTTs (Section 6.5) and SHOULD adjust the packet loss time threshold to accommodate those differences. Probe timeout ([RFC9002] Section 6.2) requires derivation of a PTO period that should also accommodate the different RTT that may be experienced over different paths.

The mechanism used to accommodate those differences in path RTT is beyond the scope of this document.

9. Path Management Connection Errors

This document extends the QUIC Transport Error Codes of [RFC9000] Section 22.5 with the following values (Section 14.6):

Path management connection errors MUST be processed according to [RFC9000] Section 11.1.

10. Path Management Frame Types

PMQUIC procedures utilise four new QUIC frame types -- PM_CHALLENGE, PM_CHALLENGE_RESPONSE, PM_STATUS and PM_ABANDON:

10.1. PM_CHALLENGE frame

When an endpoint (typically a client) wants to enable use of a new path, it initiates path validation by sending a PM_CHALLENGE frame over the new path. This is analogous to the use of a PATH_CHALLENGE frame in [RFC9000].

A PM_CHALLENGE frame (Figure 2) includes the following fields:

   PM_CHALLENGE Frame {
     Type (i) = Type_pmChallenge,
     Initiator_PathID (i),
     Nonce (64),
     Path_Parameter (8..) ...,
   }
Figure 2: PM_CHALLENGE Frame Fields
  • Type

    is set to Type_pmChallenge (Section 14.2).

  • Initiator_PathID

    is the PathID assigned to the path by the endpoint sending the PM_CHALLENGE frame (Section 4).

  • Nonce

    is an unpredictable nonce generated by the endpoint for use in this instance of a PM_CHALLENGE frame (Section 5.1).

  • Path_Parameter

    is a list of path parameters (Section 11) although the list may be an empty list (Section 11.5). Path parameters not included in the PM_CHALLENGE frame assume their default values.

The QUIC packet containing the PM_CHALLENGE frame MUST include PADDING frames to the maximum UDP payload size as defined by Parameter_pathPayloadSize (Section 11.2), if included in the path parameters, or by the default value if not included in the path parameters.

10.2. PM_CHALLENGE_RESPONSE frame

When an endpoint (typically a server) wants to acknowledge use of a new path, it confirms path validation by sending a PM_CHALLENGE_RESPONSE frame over the new path. This is analogous to the use of a PATH_RESPONSE frame in [RFC9000].

A PM_CHALLENGE_RESPONSE frame (Figure 3) includes the following fields:

   PM_CHALLENGE_RESPONSE Frame {
     Type (i) = Type_pmChallengeResponse,
     Initiator_PathID (i),
     Responder_PathID (i),
     Nonce (64),
     Path_Parameter (8..) ...,
   }
Figure 3: PM_CHALLENGE_RESPONSE Frame Fields
  • Type

    is set to Type_pmChallengeResponse (Section 14.2).

  • Initiator_PathID

    is the PathID included in the corresponding PM_CHALLENGE frame (Section 10.1).

  • Responder_PathID

    is the PathID assigned to the path by the endpoint sending the PM_CHALLENGE_RESPONSE frame (Section 4).

  • Nonce

    is the nonce included in the corresponding PM_CHALLENGE frame (Section 10.1).

  • Path_Parameter

    is a list of path parameters (Section 11) although the list may be an empty list (Section 11.5). Path parameters not included in the PM_CHALLENGE_RESPONSE frame assume the (default) values indicated by the corresponding PM_CHALLENGE frame.

The QUIC packet containing the PM_CHALLENGE_RESPONSE frame MUST include PADDING frames to the maximum UDP payload size as defined by Parameter_pathPayloadSize (Section 11.2), if specified, or by the default value, if not specified.

10.3. PM_STATUS frame

An endpoint uses a PM_STATUS frame to signal a change in a path parameter.

A PM_STATUS frame (Figure 4) includes the following fields:

   PM_STATUS Frame {
     Type (i) = Type_pmStatus,
     Receiver_PathID (i),
     Path_Status_Sequence_Number (i),
     Path_Parameter (8..) ...,
    }
Figure 4: PM_STATUS Frame Fields
  • Type

    is set to Type_pmStatus (Section 14.2).

  • Receiver_PathID

    is the PathID assigned to the path by the peer endpoint receiving the PM_STATUS frame.

  • Path_Status_Sequence_Number

    is the sending endpoint's sequence number for this PM_STATUS frame (Section 6.1). d

  • Path_Parameter

    is a list of path parameters (Section 11) that MUST NOT be an empty list (Section 11.5) and MUST NOT include the following path parameters:

Note that the status of the path defaults to Status_Available unless explicitly defined by including a Parameter_pathStatus (Section 11.4) in the list of path parameters.

10.4. PM_ABANDON frame

An endpoint uses a PM_ABANDON frame to to indicate that it will no longer use the indicated path.

A PM_ABANDON frame (Figure 5) includes the following fields:

   PM_ABANDON Frame {
     Type (i) = Type_pmAbandon,
     Receiver_PathID (i),
     Reason_Code (i)
   }
Figure 5: PM_ABANDON Frame Fields
  • Type

    is set to Type_pmAbandon (Section 14.2).

  • Receiver_PathID

    is the PathID assigned to the path by the peer endpoint receiving the PM_ABANDON frame.

  • Reason_Code

    is the reason that the path is being abandoned (Section 5.2).

11. Path Parameters

Each path parameter in a list of path parameters includes the following fields (Figure 6):

Path_Parameter {
  End_of_List (1),
  Path_Parameter_ID (7),
  Path_Parameter_Value (i),
}
Figure 6: Path Parameter Encoding

A path parameter, or a list of path parameters, that is malformed or invalid MUST be treated as a connection error using transport error code Error_pmPathParameter (Section 9).

11.1. Parameter_pathMaxData

The path maximum data parameter is a variable-length integer value that indicates the maximum amount of data that can be sent on the path by the peer endpoint, expressed as a number of octets. The mechanism used by an endpoint to determine this value is beyond the scope of this document.

The maximum data limit applies only in a single direction -- i.e. from the peer endpoint towards the endpoint defining the path maximum data value. Each endpoint may specify a limit, corresponding to a different direction; the specified limits do not need to be the same.

The maximum data limit applies only to the indicated path. A session that migrates to a different path cannot assume that the maximum data limit from an existing path applies to the new path.

By default, the maximum amount of data that can be sent on the path is not limited.

If included in a PM_STATUS frame (Section 10.3), a maximum data value that is less the previous maximum data value associated with the path MUST be treated as as an invalid path parameter.

Receiving an ack-eliciting packet that exceeds the maximum data value previously authorised for a path MUST be treated as a connection error using transport error code Error_pmExceededMaxData (Section 9).

11.2. Parameter_pathPayloadSize

The path payload size parameter is a variable-length integer value that limits the size of UDP payloads that an endpoint believes can be transmitted over the path and/or the endpoint is willing to receive over the path (Section 6.6), expressed as a number of octets. UDP datagrams with payloads larger than this limit are not likely to be received and/or processed by the endpoint.

The default value for this parameter is the max_udp_payload_size transport parameter defined in [RFC9000] Section 18.2.

11.3. Parameter_pathPrecedence

The path precedence parameter is a variable-length integer value that indicates the precedence of the path to be used in path selection algorithms (Section 6.3).

There is no default value for this parameter. It is RECOMMENDED that precedence values be limited to the range 0..100.

11.4. Parameter_pathStatus

The path status parameter is a variable-length integer value that indicates the current status of the path (Section 6.1).

The default value for this parameter is Status_Available.

11.5. Parameter_empty

The empty list parameter indicates that there are no entries in the list of path parameters. If specified, the empty list parameter MUST be the only entry in the list of path parameters. The empty list parameter MUST NOT be included if there are other path parameters in a list of path parameters.

The empty list parameter MUST include a Path_Parameter_ID field but MUST NOT include a Path_Parameter_Value field. The End_of_List field MUST be set to 0 (zero).

12. Transport Parameters

PMQUIC defines two new transport parameters that may be encoded in the initial cryptographic handshake ([RFC9000] Section 7.4) -- max_active_paths and disable_path_migration.

12.1. max_active_paths

An endpoint signals support for PMQUIC procedures by including a max_active_paths transport parameter in the initial handshake.

max_active_paths (Section 14.1) is an integer value indicating the maximum number of active paths supported by the initiating endpoint. To enable PMQUIC, an endpoint MUST set the maximum number of active paths to a value greater that 1 (one). The maximum number of active paths allowed in the session is the minimum of the exchanged max_active_paths values.

If a max_active_paths transport parameter value is received that is higher than 255 or less than 2, the receiving endpoint MUST close the connection with an error of type TRANSPORT_PARAMETER_ERROR.

To enable use of PMQUIC procedures, both endpoints in a session MUST include a valid max_active_paths transport parameter in the initial handshake. If either of the endpoints does not include the max_active_paths transport parameter, then the endpoints MUST NOT use any of the PMQUIC procedures or frames defined in this document.

12.2. disable_path_migration

An endpoint can prevent use of a connection identifier on more than one path by including a disable_path_migration transport parameter in the initial handshake.

disable_path_migration (Section 14.1) is a zero-length value where presence of the transport parameter indicates migration is disabled.

If migration is disabled, a peer connection identifier is bound to a single path -- i.e. the peer connection identifier may be used as the destination connection identifier in a QUIC packet for transmission over only one path. The bound path is determined by the the first appearance of the peer connection identifier as the destination connection identifier in a QUIC packet.

If migration is not disabled (i.e. the disable_path_migration transport parameter is not included in the initial handshake), a peer connection identifier may be used as the destination connection identifier in a QUIC packet used for transmission over any available path -- i.e. the connection identifier may appear as the destination connection identifier in different QUIC packets on different paths.

Migration is disabled if at least one of the endpoints includes a disable_path_migration transport parameter in the initial cryptographic handshake.

Receiving a disable_path_migration transport parameter without also receiving a max_active_paths transport parameter MUST be treated as a connection error using transport error code Error_pmProtocolViolation (Section 9).

13. Security Considerations

PMQUIC does not change the operating principles of [RFC9000] and, as such, is subject to the same security considerations as [RFC9000] Section 21.

Specific security considerations, associated with the use of path management procedures, include:

14. IANA Considerations

14.1. New QUIC transport parameters

This document defines two new (preliminary) QUIC transport parameters (Section 12):

  • max_active_paths (0x21c7948988209ada)

  • disable_path_migration (0x33186fc5d0c7cac3)

14.2. New QUIC frame types

This document defines four new (preliminary) QUIC frame types:

14.3. PMQUIC path parameters

This document defines five PMQUIC path parameters:

14.4. PMQUIC path status

This document defines four PMQUIC path status values:

  • Status_NotAvailable (0x01)

  • Status_Blocked (0x02)

  • Status_Backup (0x03)

  • Status_Available (0x04)

14.5. PMQUIC path abandon reasons

This document defines five PMQUIC path abandon reason codes:

  • Reason_Unspecified (0x00)

  • Reason_Failing (0x01)

  • Reason_Lost (0x02)

  • Reason_NoAck (0x03)

  • Reason_Timeout (0x04)

  • Reason_MaxData (0x05)

14.6. PMQUIC transport error codes

This document extends the QUIC Transport Error Codes of [RFC9000] Section 22.5 with the following (preliminary) values:

  • Error_pmExceededMaxData (0x165ee2f99e0d09fa)

  • Error_pmInvalidPathID (0x07c0907b4c18170f)

  • Error_pmPathParameter (0x0170789441bc48aa)

  • Error_pmProtocolViolation (0x297abbb8bb0b3afa)

15. References

15.1. Normative References

[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/rfc/rfc2119>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/rfc/rfc8174>.
[RFC9000]
Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based Multiplexed and Secure Transport", RFC 9000, DOI 10.17487/RFC9000, , <https://www.rfc-editor.org/rfc/rfc9000>.
[RFC9002]
Iyengar, J., Ed. and I. Swett, Ed., "QUIC Loss Detection and Congestion Control", RFC 9002, DOI 10.17487/RFC9002, , <https://www.rfc-editor.org/rfc/rfc9002>.

15.2. Informative References

[LAG]
Wikipedia, "Link aggregation", , <https://en.wikipedia.org/wiki/Link_aggregation>.
[MPQUIC-DRAFT]
Liu, Y., Ma, Y., De Coninck, Q., Bonaventure, O., Huitema, C., and M. Kühlewind, "Multipath Extension for QUIC", Work in Progress, Internet-Draft, draft-ietf-quic-multipath-11, , <https://datatracker.ietf.org/doc/html/draft-ietf-quic-multipath-11>.
[MPTCP]
Ford, A., Raiciu, C., Handley, M., Bonaventure, O., and C. Paasch, "TCP Extensions for Multipath Operation with Multiple Addresses", RFC 8684, DOI 10.17487/RFC8684, , <https://www.rfc-editor.org/rfc/rfc8684>.

Appendix A: Comparison to [MPQUIC-DRAFT]

[MPQUIC-DRAFT] diverges from the principles of [RFC9000] in a number of areas, as described below.

A.1 Connection identifiers

[MPQUIC-DRAFT] binds every connection identifier to a specific path. A path may be associated with multiple connection identifiers but a connection identifier can only be used on a pre-defined path. A change in in the connection identifier used in a QUIC packet header is used to signal an explicit change in the path.

By contrast, [RFC9000] (and PMQUIC) does not associate a connection identifier with a path -- i.e. connection identifiers are independent of paths.

A.2 Connection identifier sequence numbers

[MPQUIC-DRAFT] introduces the concept of multiple connection identifier sequence number spaces with a different connection identifier sequence number space for each path. As a consequence, it is possible for different connection identifiers associated with different paths to be assigned the same connection identifier sequence number.

By contrast [RFC9000] (and PMQUIC) define a single connection identifier sequence number space.

A.3 Application data packet number spaces

[MPQUIC-DRAFT] introduces the concept of multiple application data (1RTT) packet number spaces with a different application data number space for each path. As a consequence, it is possible for different QUIC packets transmitted over different paths to be assigned the same packet number.

By contrast [RFC9000] (and PMQUIC) define a single application data packet number space.

A.4 AEAD encryption nonce

Due to the use of a different application data number space for each path, it is possible for different QUIC packets transmitted over different paths to be assigned the same packet number. As a consequence, [MPQUIC-DRAFT] changes the AEAD calculation by using the path identifier as part of AEAD encryption nonce.

By contrast [RFC9000] (and PMQUIC) use a single application data packet number space which ensures that different QUIC packets are assigned different packet numbers regardless of the path used to convey a packet.

A.5 Multipath-specific frames and procedures

Due to the use of a different application data number space for each path and the use of a different connection identifier sequence number space for each path, endpoints must use multipath-specific frames for packet acknowledgement (PATH_ACK), assignment of new connection identifiers (PATH_NEW_CONNECTION_ID), and retirement of connection identifier (PATH_RETIRE_CONNECTION_ID).

By contrast, [RFC9000] operations are not affected by the use of PMQUIC procedures which obviates the need for multipath-specific connection management procedures and frames.

A.6 Zero-length connection identifiers

Because [MPQUIC-DRAFT] uses connection identifiers to identify paths, a zero-length connection identifier cannot be used with multipath operations.

By contrast, PMQUIC does not associate a connection identifier with a path and allows a QUIC packet to be transmitted over any path, including a QUIC packet with a zero-length connection identifier.

Author's Address

Bill Gage
Unaffiliated
Ottawa
Canada