]> Cloud Software Group Holdings, Inc.

United States of America danwing@gmail.com https://www.cloud.com

Nokia

Bangalore Karnataka India kondtir@gmail.com

Orange

Rennes 35000 France mohamed.boucadair@orange.com

Network Network Working Group user experience bandwidth priority enriched feedback media streaming realtime media QoS 5G Wi-Fi WiFi DTLS Connection Identifier DTLS-SRTP QUIC Connection Identifier QUIC Host-to-network signaling and network-to-host signaling can improve the user experience to adapt to network's constraints and share expected application needs, and thus to provide differentiated service to a flow and to packets within a flow. The differentiated service may be provided at the network (e.g., packet prioritization), the server (e.g., adaptive transmission), or both. This document describes how clients can communicate with their nearby network elements so they can learn network constraints. Optionally, with QUIC server support their incoming QUIC packets can be mapped to metadata about their contents so packet importance can influence both intentional and reactive management policies. The framework handles both directions of a flow. About This Document The latest revision of this draft can be found at . Status information for this document may be found at . Discussion of this document takes place on the TSV Area Working Group mailing list (), which is archived at . Subscribe at . Source for this draft and an issue tracker can be found at .

Introduction Senders rely on ramping up their transmission rate until they encounter packet loss or see indicating they should level off or slow down their transmission rate. This feedback takes time and contributes to poor user experience when the sender over- or under-shoots the actual available bandwidth, especially if the sender changes fidelity of the content (e.g., improves video quality which consumes more bandwidth which then gets dropped by the network). This is also called an 'intentional management policy'. Due to network constraints a network element will need to drop or even prioritize a packet ahead of other packets within the same UDP 4-tuple. The decision of which packet to drop or prioritize is improved if the network element knows the importance of the packet. By mapping packet metadata to a network-visible field in each packet, the network element is better informed and better able to improve the user experience. There are also exceptional cases (crisis) where "normal" network resources cannot be used at maximum and, thus, a network would seek to reduce or offload some of the traffic during these events -- often called 'reactive traffic policy'. Network-to-host signals are useful to put in place adequate traffic distribution policies (e.g., prefer the use of alternate paths, offload a network). depicts examples of approaches to establish channels to convey and share metadata between hosts, networks, and servers. This document adheres to the client-centric metadata sharing approach because it preserves privacy and also takes advantage of clients having a full view on their available network attachments. Metadata exchanges can occur in one single direction or both directions of a flows.

Candidate Design Approaches +<===User Data+Metadata===>+ | Secure Connection 1 | Secure Connection 2 | | | | (2) Out-of-band Metadata Sharing .--------------. +------+ | | +-+----+ | +------+ | Network(s) | +-+----+ +-+ |Client+---------------)----------------(-------------+Server+-+ +---+--+ | | +---+--+ | '-------+------' | | | | +<-----End-to-End Secure Connection + User Data------>+<---. | | | GLUE| | | | CXs | +<-- Metadata (Optional) -->+<----- Metadata -------->+<---' | Secure Connection 1 | Secure Connection 2 | | | | (3) Client-centric Metadata Sharing .--------------. +------+ | | +-+----+ | +------+ | Network(s) | +-+----+ +-+ |Client+-----------------)----------------(-------------+Server+-+ +---+--+ | | +---+--+ | '-------+------' | | | | +<--------- Metadata -------->+ | | Secure Connection | | | | | +<== End-to-End Secure Connection User Data+Metadata ==>+ | | | ]]>

The document is a generic framework that would function in any network deployment. This framework can be leveraged by any transport protocol (see ). To illustrate the framework's applicability this document focuses on QUIC transport. The design supports multiple CIDFI and QUIC implementations on one host (i.e., by several applications), cellular devices providing IP connectivity to other devices (see ), multiple CIDFI-aware network elements (e.g., Wi-Fi and an ISP network), DOCSIS and 5G networks, and hosts behind one or more IPv4 NATs or other IP translation technologies. A comprehensive list of such translation technologies is provided in .

Overview This document defines CIDFI (pronounced "sid fye") which is a system of several protocols that allow communicating about a connection from the network to the server and the server to the network. The information exchanged allows the server to know about network conditions and allows the server to signal packet importance. The following main steps are involved in CIDFI; some of them are optional:

• CIDFI-awareness discovery between a host and a network.
• Establishment of a secure association with all or a subset of CIDFI-aware networks.
• Negotiation of CIDFI support with remote servers.
• CIDFI-aware networks sharing of changes of network conditions.
• CIDFI-aware clients sharing of metadata with CIDFI-aware networks as hints to help processing flows.
• CIDFI-aware clients sharing of metadata with CIDFI-aware server to adapt to local network conditions.

CIDFI does not require that all these steps are enabled. Incremental deployments may be envisaged (e.g., network and client support, network, client, and server support). Differentiated service can be provided to a flow, packets within a flow, or a combination thereof as a function of the CIDFI support by various involved entities. For example, a CIDFI-aware network might share signals with clients that would then trigger locally connection migration or relay the information to the server (if it is CIDFI-aware) to adjust its sending behavior by avoiding aggressive use of local resources or using alternate paths. further elaborates on the differentiated service that can be provided by enabling CIDFI. provides a sample network diagram of a CIDFI system showing two bandwidth-constrained networks (or links) depicted by "B" and CIDFI-aware devices immediately upstream of those links, and another bandwidth-constrained link between a smartphone handset and its Radio Access Network (RAN). This diagram shows the same protocol and same mechanism can operate with or without 5G, and can operate with different administrative domains such as Wi-Fi, an ISP edge router, and a 5G RAN. Readers may refer to Appendix C of for an overview of key 5G building blocks. For the sake of illustration, simplifies the representation of the various involved network segments. It also assumes that multiple server instances are enabled in the server network but the document does not make any assumption about the internal structure of the service nor how a flow is processed by or steered to a service instance. However, CIDFI includes provisions to ensure that the service instance that is selected to service a client request is the same instance that will receive CIDFI metadata for that client.

Network Diagram

The CIDFI-aware client establishes a TLS connection with the CIDFI-aware network elements (Wi-Fi access point, edge router, and RAN router in the above diagram). Over this connection it receives network performance information (n2h) and it sends mapping of QUIC Destination CIDs to packet importance (h2n). The design creates new state in the CIDFI-aware network elements for mapping from Destination CID to the packet metadata and maintaining triggers to update the client if the network characteristics change, and to maintain a TLS channel with the client. describes network-to-host signaling similar to the use case described in , with metadata relaying through the client. describes host-to-network metadata signaling similar to the use cases described in . The host-to-network metadata signaling can also benefit . CIDFI brings benefits to QUIC as that protocol is of primary interest. QUIC is quickly replacing HTTPS-over-TCP on many websites and content delivery networks because of its advantages to both end users and servers. CIDFI can bring value to a system comprised solely of a CIDFI-aware client and the CIDFI-aware network elements. By adding a CIDFI-aware server that supports QUIC unreliable datagrams and API integration (see ), each packet can receive differentiated service from the network. This is especially useful during user transitions from a high quality wireless reception to lower quality reception (e.g., entering a building). Additionally, CIDFI can be extended to other protocols as discussed in .

Operation with Streaming Video

Incremental deployment:

Streaming video only needs to be transmitted slightly faster than the video playout rate. Sending the video significantly faster can waste bandwidth, most notably if the user abandons the video early. Worse, as discussed in , a fast download of a video that won't be viewed completely by the subscriber may lead to quick exhaustion of the user data quota. CIDFI helps this use-case with its network-to-host signaling which informs the client of available bandwidth allowing the client to choose a compatible video stream. This functionality does not need a CIDFI- aware server.

Full system deployment:

With reliable transport such as TCP, the only purpose of video key frames is the user scrolling forward/backward. When video streaming uses unreliable transport () it is beneficial to differentiate keyframes from predictive frames on the network especially when the network performs reactive policy management. When the server also supports CIDFI, key frames can be differentiated which improves user experience during linear playout.

Operation with Interactive Audio/Video/Screen sharing

Incremental deployment:

With interactive sessions CIDFI can help determine the bandwidth available for the flow so the video (and screen sharing) quality and size can be constrained to the available bandwidth. This benefit can be deployed locally with a CIDFI-aware client and CIDFI-aware network.

Full system deployment:

When the remote peer also supports CIDFI, the remote peer can differentiate packets containing audio, video, or screen sharing. In certain use-cases audio is the most important whereas in other use-cases screen sharing is most important. With CIDFI, the relative importance of each packet can be differentiated as that relative importance changes during a session.

Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. The document makes use of the following terms:

CID:

Connection Identifier used by .

CNE:

CIDFI-aware Network Element, a network element that supports this CIDFI specification. This is typically a router.

Differentiated service:

Refers to a differentiated processing that can be provided to a flow (or specific packets within a flow) by a network, client, or server.

Examples of differentiated service are: prioritization, adaptive transmission, or traffic steering.

Notations For discussion purposes, JSON is used in the examples to give a flavor of the data that the client retrieves from a CNE. The authors anticipate using a more efficient encoding such as .

Design Goals This section highlights the design goals of this specification.

Client Authorization:

The client authorizes each CIDFI-aware network element (CNE) to participate in CIDFI for each QUIC flow.

Same Server Instance:

When the server also participates in CIDFI, the same QUIC connection is used for CIDFI communication with that server, which ensures it arrives at the same server instance even in the presence of network translators (NAT) or server-side ECMP load balancers or server-side CID-aware load balancers .

Privacy:

The host-to-network signaling of the mapping from packet metadata to CID is only sent to CIDFI-aware network elements (CNEs) and is protected by TLS. The network-to-host signaling of network metadata is protected by TLS. For CIDFI to operate, a CNE never needs the server's identity, and a CNE is never provided decryption keys for the QUIC communication between the client and server.

Integrity:

Metadata sharing, including the mapping of packet importance to Destination CIDs, are integrity protected by QUIC itself and cannot be modified by on-path network elements. The communication between client, server, and network elements is protected by TLS.

Packet metadata is communicated over a TLS-encrypted channel from the CIDFI client to its CIDFI-aware network elements, and mapped to integrity-protected QUIC CIDs.

Internet Survival:

The QUIC communications between clients and servers are not changed so CIDFI is expected to work wherever QUIC works. The elements involved are only the QUIC client and server and with the participating CIDFI-aware network elements.

CIDFI can operate over IPv4, IPv6, IPv4/IPv4 translation (NAT), and IPv6/IPv4 translation (NAT64).

Fast Path Forwarding Support:

For some differentiated services (e.g., capacity awareness), CIDFI does not require specific processing by on-path network devices. For others, once a state is programmed (CIDs, for example) no other forwarding constraint is required at CNEs.

Single Encryption and No Nested Congestion Control:

CIDFI does not require any tunneling mechanism or any overhead of multi-layer encryption schemes that would impact CNEs processing. CIDFI uses the base connection to convey specific signals. Unlike tunneling mechanisms, CIDFI does not suffer from nested congestion control.

Network Configuration to Support CIDFI The network is configured to advertise its support for CIDFI. For this step, four mechanisms are described in this document: DNS SVCB records , IPv6 Provisioning Domains (PvD) , DHCP , and 3GPP PCO. These are described in the following sub-sections.

• Standardizing all or some of these mechanisms is for further discussion.

DNS SVCB Records This document defines a new DNS Service Binding parameter "cidfi-aware" in and a new Special-Use Domain Name "cidfi.arpa" in . The local network is configured to respond to DNS SVCB queries with ServiceMode () for "_cidfi-aware.cidfi.arpa" with the DNS names of that network's and upstream network's CIDFI-aware network elements (CNEs). If upstream networks also support CIDFI (e.g., the ISP network) those SVCB records are aggregated into the local DNS server's response by the local network's recursive DNS resolvers. For example, a query for "_cidfi-aware.cidfi.arpa" might return two answers for the two CNEs on the local network, one belonging to the local ISP (example.net) and the other belonging to the local Wi-Fi network (example.com).

Example of SVCB Records

When multihoming, the multihome-capable CPE aggregates all upstream networks' "_cidfi-aware.cidfi.arpa" responses into the response sent to its locally-connected clients.

Provisioning Domains The CIDFI networks are configured to set the H-flag so clients can request PvD Additional Information (). The "application/pvd+json" returned looks like what is depicted in when there are two CIDFI-aware network elements, service-cidfi and wi-fi.

Example of PvD Information

Multiple CIDFI-aware network elements on a network path will require propagating the Provisioning Domain Additional Information. For example, a CIDFI-aware Wi-Fi access point connected to a CIDFI-aware 5G network will require the information for both CIDFI networks be available to the client, in a single Provisioning Domain Additional Information request. This means the Wi-Fi access point has to obtain that information so the Wi-Fi access point can provide both the 5G network's information and the Wi-Fi access point's information.

DHCP or 3GPP PCO The network is configured to respond to DHCPv6, DHCPv4 sub-option, or 3GPP PCO (Protocol Configuration Option) Information Element.

Client Operation on Network Attach or Topology Change On initial network attach topology change (see ), the client learns if the network supports CIDFI () and authorizes discovered network elements ().

Client Learns Local Network Supports CIDFI For this step, four mechanisms are identified: DNS SVCB records, IPv6 PvD, DHCP, or 3GPP PCO. These are described in the following sub-sections. In all cases below,

• if the discovery succeeds (i.e., the client concludes that the local and/or ISP network support CIDFI) client processing proceeds to .
• if the discovery failed (i.e., the client concludes that the local network and ISP do not support CIDFI) client processing stops.

Client Learns Using DNS SVCB The client determines if the local network provides CIDFI service by issuing a query to the local DNS server for "_cidfi-aware.cidfi.arpa." with the SVCB resource record type (64) .

Client Learns Using Provisioning Domain The client determines if the local network supports CIDFI by querying https://<PvD-ID>/.well-known/pvd as described in .

Client Learns Using DHCP or 3GPP PCO The client determines that a local network is CIDFI-capable if the client receives an explicit signal from the network, e.g., via a dedicated DHCP option or a 3GPP PCO (Protocol Configuration Option) Information Element. An example of explicit signal would be a DHCPv6 option or DHCPv4 sub-option that that is returned as part of .

Client Authorizes CIDFI-aware Network Elements The response from the previous step in will contain one or more CNEs. The client authorizes each of the CNEs using a local policy. This policy is implementation-specific. An implementation example might have the users authorize their ISP's CIDFI server (e.g., allow "cidfi.example.net" if a user's ISP is configured with "example.net"). Similarly, if none of the CNEs are recognized by the client, the client might silently avoid using CIDFI on that network. After authorizing that subset of CNEs, the client makes a new HTTPS connection to each of those CNEs and performs PKIX validation of their certificates. The client MAY have to authenticate itself to the CNE. The client then obtains the CIDFI nonce and CIDFI HMAC secret from each CNE used later in to prove the client owns its UDP 4-tuple.

Example of CIDFI HMAC and Nonce

Client Operation on Each Connection to a Server When a QUIC client connects to a QUIC server, the client:

1. learns if the server supports CIDFI and obtains its mapping of transmitted Destination CIDs to metadata, described in .
2. proves ownership of its UDP 4-tuple to the on-path CNEs, described in .
3. performs initial metadata exchange with the CIDFI network element and server, and server and network element, described in .
4. for the duration of the connection, receives network-to-host and performs host-to-network updates as network conditions or network requirements change, described in . Some policies are provided to CNEs to control which network changes can trigger updating clients.

• Note: the client is also a sender, and can also perform all these functions in its direction. This functionality will be expanded in later versions of this document. For example, a mobile device connected to Wi-Fi with 5G backhaul might be running an interactive audio/video application and want to indicate to its internal Wi-Fi driver and to the 5G modem its mapping from its transmitted QUIC Destination CID to per-packet metadata and the application can benefit from receiving network performance metrics.

Client Learns Server Supports CIDFI On initial connection to a QUIC server, the client includes a new QUIC transport parameter "enable_cidfi" (TBD1) () which is remembered for 0-RTT. If the server does not indicate CIDFI support by means of enable_cidfi transport parameter, the client can still perform CIDFI -- but does not expect different CIDs to indicate differentiated behavior. The client can still signal to its CNE(s) about the flow, because the client knows some characteristics of the flow it is receiving. For example, if the client requested streaming video of a certain bandwidth from a server or participated in a WebRTC offer/answer exchange, the client knows some connectivity expectation about the incoming flow without the server supporting CIDFI. Processing continues with the next step. The QUIC client and server exchange CIDFI information using the new CIDFI_NEW_CONNECTION_ID_MAPPING frame type as described in . Processing continues with the next step.

Client Proves Ownership of its UDP 4-Tuple

• Optimizations to this mechanism are being considered while maintaining support for multiple CIDFI and QUIC implementations on one host (i.e., by several applications) and support for cellular devices providing IP connectivity to other devices (see ).

To ensure that the client messages to a CNE pertain only to the client's own UDP 4-tuple, the client sends the CIDFI nonce protected by the HMAC secret it obtained from over the QUIC UDP 4-tuple it is using with the QUIC server over the path that involves that CNE. The ability to transmit that packet on the same UDP 4-tuple as the QUIC connection indicates ownership of that IP address and UDP port number. The nonce and HMAC are sent in a indication (STUN class of 0b01) containing one or more CIDFI-NONCE attributes (). If there are multiple CNEs the single STUN indication contains a CIDFI-NONCE attribute from each of them. This message is discarded, if received, by the QUIC server. In order to avoid overloading servers, the client may set the TTL/Hop Limit to a value that allows to cross the CNE, but then discarded before reaching the server. For example, the host sets the TTL to "min-ttl" that is returned during CNE discovery. shows a summarized message flow obtaining the nonce and HMAC secret from the CNE (steps 1-2) which is performed on network attach. The CNE also sends active_cidfi_connection_id_limit in step 2.

Example of Flow Exchange | | | 2. HTTPS: Ok. nonce=12345 | | | active_cidfi_connection_id_limit | |<-----------------------------------+ | | | | ]]>

Later, when connecting to a new QUIC server, the client determines if there are on-path CIDFI Network Elements by sending the nonce and HMAC in the same UDP 4-tuple as the QUIC connect (step 2). This is necessary to deal with both IP address spoofing and with multiple QUIC+CIDFI implementations running on the same host; each QUIC+CIDFI implementation pair should only be able to modify treatment of its own flows, not of other flows to other UDP flows running on that same host. If a CIDFI Network Element is present on the path it processes the STUN Indication and sends a response to the client over HTTP using the HTTP channel established above. It decrements the IPv4 TTL or IPv6 Hop Limit and forwards the STUN Indication along its normal path, to accommodate another CIDFI Network Element farther away from the client.

Example of Flow to New Server | | 2. STUN Indication, nonce=12345, hmac=e8FEc | +------------------------------------------------------>| | | | | | 3. discarded | | | | 4. "I saw my nonce, HMAC is valid" | | | | | 5. Valid STUN Indication processed| | |<-----------------------------------+ | | | | | 6. HTTPS: "Map DCID=xyz as high importance" | +----------------------------------->| | | 7. QUIC Initial, transport parameter=enable_cidfi | |<------------------------------------------------------+ | 8. HTTPS: Ok | | |<-----------------------------------+ | ]]>

• Note the above message flow shows an initial QUIC handshake for simplicity (steps 1 and 7) but because of QUIC connection migration () the QUIC messages might appear later.

• Also, "Map DCID=xyz as high importance" refers to a CID chosen by the client (for traffic destined towards the client) and not the DCID used by the client to communicate with the server.

The short header's Destination Connection ID (DCID) can be 0 bytes or as short as 8 bits, so multiple QUIC clients on the same host or on different hosts behind a NAT are likely to use the same incoming Destination CID on their own UDP 4-tuple (Birthday Paradox). The STUN Indication message allows the CIDFI network element to distinguish each QUIC client's UDP 4-tuple -- both between hosts and between QUIC+CIDFI implementations on the same host (implemented within an application). To reduce CIDFI setup time the client STUN Indication MAY be sent at the same time as it establishes connection with the QUIC server. To prevent replay attacks, the Nonce is usable only for authenticating one UDP 4-tuple. When the connection is migrated () the CNE won't apply any CIDFI behavior to that newly-migrated connection. The client will have to restart CIDFI procedures at the beginning (). After the CIDFI Network Element receives the STUN Indication it informs the client by sending an HTTP message to the client. Details TBD. As the proof of ownership of its UDP 4-tuple is only useful to CIDFI Network Elements near the client, the client MAY reduce traffic to the server by modulating the IPv4 TTL or IPv6 Hop Limit of its STUN Indication messages. The client SHOULD set TTL/Hop Limit to "min-ttl". The client MAY use other values (e.g., explicit configuration, inferred from probe messages). Processing continues with the next step.

STUN CIDFI-NONCE Attribute The format of the STUN CIDFI-NONCE attribute is shown in .

Format of STUN CIDFI-NONCE Attribute

The nonce is 128 bits obtained from the CIDFI network element. The HMAC-output field is computed per using the CIDFI network element-provided HMAC secret, and the CIDFI network element-provided Nonce concatenated with the fixed string "cidfi" (without quotes), shown below with "|" denoting concatenation. When there are multiple CIDFI Network Elements on the network, multiple CIDFI-NONCE attributes are sent in a single STUN Indication message.

Initial Metadata Exchange If the server indicated support for CIDFI during the QUIC handshake, the client uses its HTTPS channel with each of the CNEs it previously authorized for CIDFI participation to map client-chosen Destination CIDs to metadata for that CID. As server support of the QUIC CIDFI transport parameter is remembered for 0-RTT, the client can immediately send the nonce. Over the QUIC connection with the server, the client sends QUIC CIDFI_NEW_CONNECTION_ID_MAPPING frames which map the destination CID to its metadata (e.g., high priority), not to exceed active_cidfi_connection_id_limit. As with NEW_CONNECTION_ID, the client should allocate additional connection IDs retain client privacy during connection migration () and those additional CIDs should also be communicated via CIDFI_NEW_CONNECTION_ID. In anticipation of connection migration those additional connection IDs are not communicated to the existing network's CNEs, but only to the new network's CNEs. Connection IDs which are communicated using NEW_CONNECTION_ID do not receive per-packet CIDFI treatment. But their contribution to bandwidth consumption is considered by the CNE. Note that the source IP address and source UDP port number are not signaled by design. This is because NATs (, ), multiple NATs on the path, IPv6/IPv4 translation, similar technologies, and QUIC connection migration all complicate accurate signaling of the source IP address and source UDP port number. If the CNE receives the HTTPS map request but has not yet seen the STUN nonce message it rejects the mapping request with a 403 and provides a new nonce. The new nonce avoids the problem of an attacker seeing the previous nonce and using that nonce on its own UDP 4-tuple. The client then sends a new STUN message with that new nonce value and send a new HTTPS mapping request(s). This interaction is highlighted in the simplified message flow in .

Example of a Client Re-transmitting Lost Nonce | | | HTTPS: Ok. nonce=12345 | | |<-----------------------------------+ | | | | : : : | | | | QUIC Initial, transport parameter=enable_cidfi | +------------------------------------------------------>| | STUN Indication, nonce=12345, HMAC=8f93e | +--------------------> X (lost) | | | | | | HTTPS: "Map DCID=xyz as high importance" | +----------------------------------->| | | HTTPS: 403, new Nonce=5678 | | |<-----------------------------------| | | STUN Indication, nonce=5678, HMAC=8f93e | +------------------------------------------------------>| | | discarded | | | | "I saw my nonce, HMAC is valid" | | | | | HTTPS: "Map DCID=xyz as high importance" | +----------------------------------->| | | Ok | | |<-----------------------------------+ | ]]>

After the initial metadata is exchanged, processing continues with ongoing host-to-network and network-to-host updates as described in . There are two types of metadata exchanged, described in the following sub-sections.

Host to Network Signaling The server communicates to CNEs via the client which then communicates with the CNE(s). While this adds communication delay, it allows the user at the client to authorize the metadata communication about its own incoming (and outgoing) traffic. The communication from the client to the server are using a CIDFI-dedicated QUIC stream over the same QUIC connection as their primary communication ().

Example of CIDFI Communication | | | | "Map DCID=xyz as high importance" | | +----------------------------------->| | | Ok | | | |<-----------------+ | | | Ok | | | |<-----------------------------------+ | | QUIC CIDFI stream: Ok | | +------------------------------------------------------>| ]]>

To each of the network elements authorized by the client, the client sends the mappings of the server's transmitted Destination CIDs to packet metadata (see ).

Network to Host Signaling The CNE sends network performance information to the server which is intended to influence the sender's traffic rate (such as improving or reducing fidelity of the audio or video). In , the CNE informs the client of reduced bandwidth and the client informs the server using CIDFI.

Example of CIDFI Communication with Metadata Sharing | | QUIC CIDFI stream: Ok | | |<------------------------------------------------+ | Ok | | | +----------------------------------->| | ]]>

The communication from the client to the server is using a CIDFI-dedicated QUIC stream over the same QUIC connection as their primary communication. The CNE can update the client with whenever the metadata about the connection changes significantly, but MUST NOT update more frequently than once every second. The metadata exchanged over this channel is described in .

Ongoing Signaling Throughout the life of the connection host-to-network and network-to-host signaling is updated whenever characteristics change. Still, some policies are provided to control when these updates are triggers. Such policies are meant to preserve the connection stability. Typically, due to environmental changes on wireless networks or other user's traffic patterns, a particular flow may be able to operate faster or might need to operate slower. The relevant CNE SHOULD signal such conditions to the client (), which can then relay that information to the server using either CIDFI or via its application. For example, a streaming video client might be retrieving low quality video because one of their invoked CNEs indicated constrained bandwidth. Later, after moving closer to an antenna, more bandwidth is available which is signaled by the CNE to the client. The client uses that signal to now request higher-quality video from the server. Similarly, the CIDFI client may begin receiving traffic with different characteristics which might be be signaled to the CNEs. For example, a client might be participating in an audio-only call which is modified to audio and video, requiring additional bandwidth and likely new CIDs to differentiate the video packets from the audio packets.

Interaction with Load Balancers QUIC servers are likely to be behind CID-aware load balancers . With CIDFI, all the communications to the load-balanced QUIC server are over the same UDP 4-tuple as the primary QUIC connection but in a different QUIC stream. This means no changes are required to ECMP load balancers or to CID-aware load balancers when using a CIDFI-aware back-end QUIC server. Load balancers providing QUIC-to-TCP interworking are incompatible with CIDFI because TCP lacks QUIC's stream identification.

Topology Change When the topology changes the client will transmit from a new IP address -- such as switching to a backup WAN connection, or such as switching from Wi-Fi to 5G. The server will consider this as a connection migration () and will issue a PATH_CHALLENGE. If the client is aware of the topology change (such as attaching to a different network), the client would also change its QUIC Destination CID (). When the CIDFI-aware client determines that it is connected to a new network or has received a QUIC PATH_CHALLENGE, the CIDFI-aware client MUST re-discover its CNEs () and continue with normal CIDFI processing with any discovered CNEs. This usually means repeating the initial metadata exchange () to prove path ownership.

Flushing Mapping State When the server supports CIDFI the metadata mapping creates additional state in the client, CIDFI Network Elements, and the server. Between the QUIC client and server when a mapping is no longer needed it can be cleaned up with RETIRE_CONNECTION_ID. If that connection ID was mapped in one or more CNEs, the client SHOULD also remove that mapping state from the CNEs. This allows the mapping state to be used for other CIDFI implementations on the same host or by other hosts (belonging to the same subscriber) or by other subscribers. As a client can disappear from a network without informing its CNE and are unlikely to voluntarily clean up CNE state even if they remain connected to the network, the CNE should retire its CIDFI state after 3 minutes of bi-directional inactivity on that UDP 4-tuple or a more convenient time such as when it normally flushes its UDP NAT binding for bi-directional inactivity.

Details of Metadata Exchanged This section describes the metadata that can be exchanged from a CNE to a server (generally network performance information) and from the server to a CNE.

Server to CIDFI-aware Network Element Because there is no direct communication from the server to a CNE, the communication is relayed through the client. The communications from servers to CNEs do not occur directly, but rather through the client. Two types of mapping metadata are described in the following sub-sections: metadata parameters and DSCP values.

Mapping Metadata Parameters to DCIDs Several of metadata parameters can be mapped to Destination CIDs:

Importance:

Low/Medium/High importance, relative to other CIDs within this same UDP 4-tuple.

Delay budget:

Time in milliseconds until this packet is worthless to the receiver. This is counted from when the packet arrives at the CNE to when it is transmitted; other delays may occur before or after that event occurs. The receiver knows its own jitter (playout) buffer length and the client and server can calculate the one-way delay using timestamps. With that information, the client can adjust the server's signaled delay budget with the client's own knowledge.

• TODO: provide enough details to create interoperable implementations.

Over the CIDFI-dedicated QUIC stream, the server sends mapping information to the client when then propagates that information to each of the CNEs. An example is shown in .

Example JSON for Flow Importance

• Note: lists sample attributes and they will be discussed in detail in a separate document.

Mapping DiffServ Code Point (DSCP) to DCIDs A mapping from Destination CID to DiffServ code point leverages existing DiffServ handling that may already exist in the CIDFI network element. If there are downstream network elements configured with the same DSCP the CIDFI network element could mark the packet with that code point as well. Signaling the DSCP values for different QUIC Destination CIDs increases the edge network's confidence that the sender's DiffServ intent is preserved into the edge network, even if the DSCP bits were modified en route to the edge network (e.g., ). Over the CIDFI-dedicated QUIC stream, the server sends the mapping information to the client when then propagates that information to each of the CNEs. An example is shown in .

Example JSON for DSCP Mapping

CIDFI-aware Network Element to Server The CIDFI-aware client informs the CNE of the client's received Destination CIDs. As bandwidth availability to that client changes, the CNE updates the client with new metadata. The client then sends that information to the server in the CIDFI-dedicated QUIC stream associated with that same Connection ID.

Privacy Considerations

Privacy-Aware Metadata Sharing in Network Relationships If the network operator and the server have a business relationship, the server can sign or attest the metadata using, e.g., JSON Web Token (JWT) or CBOR Web Token (CWT) . The attested metadata will be sent from the server to the client. The client will decide whether to convey the attested metadata to the CNE, considering privacy reasons, as it may reveal the identity of the server to the network. The client may use any local policy or involve the end-user in the decision-making process regarding whether to reveal the identity of the server to the network or not. If the attested metadata is sent to the CNE from the client, the attestation will be utilized by the CNE, acting as a Relying Party (e.g., ), to determine the level of trust it wishes to place in the attested metadata. The relying party may choose to trust or not trust the attestation.

Discussion Points This section discusses known issues that would benefit from wider discussion.

Client versus Server Signaling CID-to-importance Mapping Need to evaluate number of round trips (and other overhead) of client signaling CID-to-importance mapping or server signaling CID-to-importance mapping.

Overhead of QUIC DCID Packet Examination If CID-to-importance metadata was signaled by the server as described in , the CNE have to examine the UDP payload of each packet for a matching Destination CID for the lifetime of the connection. This is somewhat assuaged by the STUN nonce transmitted which may well be an easier signal to identify.

Interaction with Wi-Fi Packet Aggregation Per-packet metadata influences transmission of that packet but may well conflict with some Wi-Fi optimizations (e.g., ) and similar 5G optimizations. This impact needs further study.

Overhead of Mapping CIDs to Packet Metadata Network Elements have to maintain a mapping between each UDP 4-tuple and QUIC CID and its DSCP code point. This also needs updating whenever sender changes its CID. This is awkward. An alternative is a fixed mapping of QUIC CIDs to their meanings, as proposed in . However, this will ossify the meaning of those QUIC CIDs. It also requires all networks to agree on the meaning of those QUIC CIDs.

Improve CIDFI Initialization Time Find approaches to further reduce network communications to start CIDFI.

Primary QUIC Channel CID Change Because the CIDFI network element, QUIC server, and QUIC client all cooperate to share the primary QUIC connection's Destination CID, when a new CIDFI network element is involved (e.g., due to client attaching to a different network), a new Destination CID SHOULD be used for the reasons discussed in ).

• We need clear way to signal which DCIDs can be used for 'this' network attach and which DCIDs are for a migrated connection. Probably belongs in the QUIC transport parameter signaling?

State Maintenance A CNE can safely remove state after UDP inactivity timeout . The CIDFI client MUST re-signal its CNE(s) when it receives a QUIC path validation message, as that indicates a NAT rebinding occurred. A CNE's state can also be cleared by signaling from the CIDFI client, such as when closing the application; however, this signal cannot be relied upon due to network disconnect, battery depletion, and suchlike.

• TODO: Probably want keepalives on client->CNE communication. To be assessed.

API Integration for QUIC Stream and Packet-Level Prioritization For each QUIC stream requiring differentiated service, the QUIC stack can map that stream to a different Destination CID. The application-level code would require an API to instruct the QUIC stack that a particular stream needs differentiated service. Similarly, if the application-level code seeks differentiated service for packets within a stream (e.g., prioritizing P-frames over I-Frames in a video stream), it would need an API to inform the QUIC stack that different packets within the QUIC stream require differentiated services and to map these packets to different Destination CIDs. Where packet-level differentiation is not desired, such API enhancements are not needed. In that situation, the CIDFI-aware client and CIDFI-aware network elements can utilize bandwidth information to optimize their video streaming usage and their interactive audio/video streams, without the benefit of packet-level differentiation.

Security Considerations Because the sender's QUIC Destination Connection ID is mapped to packet importance, and the DCID remains the same for many packets, an attacker could determine which DCIDs are important by causing interference on the bandwidth-constrained link (by creating other legitimate traffic or creating radio interference) and observing which DCIDs are transmitted versus which DCIDs are dropped. This is a side- effect of using fixed identifier (DCIDs) rather than encrypting the packet importance. This was a design trade-off to reduce the CPU effort on the CNEs. A mitigation is using several DCIDs for every packet importance. Other than what can be inferred from a destination IP address, the server's identity is not disclosed to the CIDFI Network Elements, thus maintaining the end user's privacy. Communications are relayed through the client because only the client knows the identity of the server and can validate its certificate.

Spoofing Attacks:

For an attacker to succeed with the nonce challenge against a victim's UDP 4-tuple, an attacker has to send a STUN CIDFI-NONCE packet using the victim's source IP address and a valid HMAC. A valid HMAC can be obtained by the attacker making its own connection to the CIDFI-aware server and spoofing the source IP address and UDP port number of the victim.

If the client does not support CIDFI, the attacker can influence the packet treatment of the victim's UDP 4-tuple.

If the client implements CIDFI, a CIDFI network element can identify an IP address spoofing attack. Concretely, the CNE will receive two HTTPS connections describing the same DCID; one connection from the attacker and another one from the victim. The CNE will then issue unique Nonces and HMACs to both the attacker and victim, and both the attacker and victim should send the STUN Indication on that same UDP 4-tuple. Such an event should trigger an alarm on the CNE. In this scenario, it is recommended that both the attacker and the victim be denied CIDFI access.

The spoofing of a victim's IP address is prevented by the network using network ingress filtering (, , , and/or ).

On-Path Attacks:

An on-path attacker can observe the victim's Discovery Packet, block it, and then forward the packet within the attacker's 5-tuple. Subsequently, the on-path attacker can 'steal' the victim's CIDFI control from the victim's UDP 4-tuple, causing the victim's CIDFI signaling for that UDP 4-tuple to influence the attacker's UDP 4-tuple.

Although the on-path attacker can't directly observe the encrypted CIDFI signaling, this attack effectively disables the victim's CIDFI treatment, making it accessible to the attacker. The attacker can send NEW_CONNECTION_ID frames to the server with the victim's (observed) Destination CID, effectively claiming the victim's CIDFI signaling for themselves. An on-path attacker can do a lot more damage by blocking or rate-limiting the victim's traffic.

IANA Considerations

New QUIC Transport Parameter This document requests IANA to register the following new permanent QUIC transport parameter in the "QUIC Transport Parameters" registry under the "QUIC" registry group available at : New QUIC Transport Parameter

Value	Parameter Name	Reference
TBD1	enable_cidfi	This-Document

New QUIC Frame Type This document requests IANA to register a new value in in the "QUIC Frame Types" registry under the "QUIC" registry group available at :

Value:

TBDF2

Frame Name:

CIDFI_NEW_CONNECTION_ID_MAPPING

Status:

permanent

Specification:

This-Document

New Well-known URI "cidfi-aware" This document requests IANA to register the new well-known URI "cidfi" in the "Well-Known URIs" registry available at .

New Special-use Domain Name Register new special-use domain name cidfi.arpa for DNS SVCB discovery.

New DNS Service Binding (SVCB) This document requests IANA to register the new DNS SVCB "_cidfi-aware" in the "DNS Service Bindings (SVCB)" registry available at . The document also requests IANA to register the following service parameter in the "Service Parameter Keys (SvcParamKeys)" registry :

Number:

TBD

Name:

min-ttl

Meaning: :The minimum IPv4 TTL or IPv6 Hop Limit to use for a connection.

Reference:

This-Document

New STUN Attribute This document requests IANA to register the new STUN attribute "CIDFI-NONCE" in the "STUN Attributes" registry available at .

New Provisioning Domain Additional Information Key This document requests IANA to register a new JSON key in the Provisioning Domains Additional Information registry at : Additionally, this document requests creating a new registry, entitled "CIDFI JSON Keys" under the Provisioning Domains Additional Information registry group . The policy for assigning new entries in this registry is Expert Review . The structure of this registry is identical to the Provisioning Domains Additional Information registry group. The initial content of this registry is provided below:

References Normative References This document defines the core of the QUIC transport protocol. QUIC provides applications with flow-controlled streams for structured communication, low-latency connection establishment, and network path migration. QUIC includes security measures that ensure confidentiality, integrity, and availability in a range of deployment circumstances. Accompanying documents describe the integration of TLS for key negotiation, loss detection, and an exemplary congestion control algorithm. This document defines an extension to the QUIC transport protocol to add support for sending and receiving unreliable datagrams over a QUIC connection. In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. These design goals make it different from earlier binary serializations such as ASN.1 and MessagePack. This document obsoletes RFC 7049, providing editorial improvements, new details, and errata fixes while keeping full compatibility with the interchange format of RFC 7049. It does not create a new version of the format. This document specifies the "SVCB" ("Service Binding") and "HTTPS" DNS resource record (RR) types to facilitate the lookup of information needed to make connections to network services, such as for HTTP origins. SVCB records allow a service to be provided from multiple alternative endpoints, each with associated parameters (such as transport protocol configuration), and are extensible to support future uses (such as keys for encrypting the TLS ClientHello). They also enable aliasing of apex domains, which is not possible with CNAME. The HTTPS RR is a variation of SVCB for use with HTTP (see RFC 9110, "HTTP Semantics"). By providing more information to the client before it attempts to establish a connection, these records offer potential benefits to both performance and privacy. Provisioning Domains (PvDs) are defined as consistent sets of network configuration information. PvDs allows hosts to manage connections to multiple networks and interfaces simultaneously, such as when a home router provides connectivity through both a broadband and cellular network provider. This document defines a mechanism for explicitly identifying PvDs through a Router Advertisement (RA) option. This RA option announces a PvD identifier, which hosts can compare to differentiate between PvDs. The option can directly carry some information about a PvD and can optionally point to PvD Additional Information that can be retrieved using HTTP over TLS. The Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCPIP network. DHCP is based on the Bootstrap Protocol (BOOTP), adding the capability of automatic allocation of reusable network addresses and additional configuration options. [STANDARDS-TRACK] This document describes the Dynamic Host Configuration Protocol for IPv6 (DHCPv6): an extensible mechanism for configuring nodes with network configuration parameters, IP addresses, and prefixes. Parameters can be provided statelessly, or in combination with stateful assignment of one or more IPv6 addresses and/or IPv6 prefixes. DHCPv6 can operate either in place of or in addition to stateless address autoconfiguration (SLAAC). This document updates the text from RFC 3315 (the original DHCPv6 specification) and incorporates prefix delegation (RFC 3633), stateless DHCPv6 (RFC 3736), an option to specify an upper bound for how long a client should wait before refreshing information (RFC 4242), a mechanism for throttling DHCPv6 clients when DHCPv6 service is not available (RFC 7083), and relay agent handling of unknown messages (RFC 7283). In addition, this document clarifies the interactions between models of operation (RFC 7550). As such, this document obsoletes RFC 3315, RFC 3633, RFC 3736, RFC 4242, RFC 7083, RFC 7283, and RFC 7550. Session Traversal Utilities for NAT (STUN) is a protocol that serves as a tool for other protocols in dealing with NAT traversal. It can be used by an endpoint to determine the IP address and port allocated to it by a NAT. It can also be used to check connectivity between two endpoints and as a keep-alive protocol to maintain NAT bindings. STUN works with many existing NATs and does not require any special behavior from them. STUN is not a NAT traversal solution by itself. Rather, it is a tool to be used in the context of a NAT traversal solution. This document obsoletes RFC 5389. This document defines the IP header field, called the DS (for differentiated services) field. [STANDARDS-TRACK] This document defines basic terminology for describing different types of Network Address Translation (NAT) behavior when handling Unicast UDP and also defines a set of requirements that would allow many applications, such as multimedia communications or online gaming, to work consistently. Developing NATs that meet this set of requirements will greatly increase the likelihood that these applications will function properly. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. This paper discusses a simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS (Denial of Service) attacks which use forged IP addresses to be propagated from 'behind' an Internet Service Provider's (ISP) aggregation point. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. This document specifies the procedure for creating a binding between a DHCPv4/DHCPv6-assigned IP address and a binding anchor on a Source Address Validation Improvement (SAVI) device. The bindings set up by this procedure are used to filter packets with forged source IP addresses. This mechanism complements BCP 38 (RFC 2827) ingress filtering, providing finer-grained source IP address validation. This memo describes First-Come, First-Served Source Address Validation Improvement (FCFS SAVI), a mechanism that provides source address validation for IPv6 networks using the FCFS principle. The proposed mechanism is intended to complement ingress filtering techniques to help detect and prevent source address spoofing. [STANDARDS-TRACK] Many protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA). To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry. This is the third edition of this document; it obsoletes RFC 5226. Informative References This memo specifies the incorporation of ECN (Explicit Congestion Notification) to TCP and IP, including ECN's use of two bits in the IP header. [STANDARDS-TRACK] During IETF meetings, individual volunteers often help sessions run more smoothly by relaying information back and forth between the physical meeting room and an associated textual chatroom. Such volunteers are commonly called "Jabber scribes". This document summarizes experience with the Jabber scribe role and provides some suggestions for fulfilling the role at IETF meetings. This document defines a YANG module for the Network Address Translation (NAT) function. Network Address Translation from IPv4 to IPv4 (NAT44), Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers (NAT64), customer-side translator (CLAT), Stateless IP/ICMP Translation (SIIT), Explicit Address Mappings (EAM) for SIIT, IPv6-to-IPv6 Network Prefix Translation (NPTv6), and Destination NAT are covered in this document. Juniper Networks Juniper Networks Juniper Networks Orange Telefonica 5G slicing is a feature that was introduced by the 3rd Generation Partnership Project (3GPP) in mobile networks. This feature covers slicing requirements for all mobile domains, including the Radio Access Network (RAN), Core Network (CN), and Transport Network (TN). This document describes a basic RFC XXXX Network Slice realization model in IP/MPLS networks with a focus on the Transport Network fulfilling 5G slicing connectivity requirements. This realization model reuses many building blocks currently commonly used in service provider networks. Note to the RFC Editor: Please update "RFC XXXX Network Slice" with the RFC number assigned to I-D.ietf-teas-ietf-network-slices. Discussion Venues This note is to be removed before publishing as an RFC. Discussion of this document takes place on the Traffic Engineering Architecture and Signaling Working Group mailing list (teas@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/teas/. Source for this draft and an issue tracker can be found at https://github.com/boucadair/5g-slice-realization. Meta Platforms, Inc. There is increasing need for application endpoints to exchange rich information with devices in the network and secure that information from on-path observers. This document presents some current problems and the broad strokes of potential solutions. Discussion Venues This note is to be removed before publishing as an RFC. Source for this draft and an issue tracker can be found at https://github.com/mjoras/sadcdn. Technical University Munich Technical University Munich Tencent America LLC This document specifies a minimal mapping for encapsulating Real-time Transport Protocol (RTP) and RTP Control Protocol (RTCP) packets within the QUIC protocol. This mapping is called RTP over QUIC (RoQ). It also discusses how to leverage state from the QUIC implementation in the endpoints, in order to reduce the need to exchange RTCP packets and how to implement congestion control and rate adaptation without relying on RTCP feedback. This document summarizes an operator's perception of the benefits that may be provided by intermediary devices that execute functions beyond normal IP forwarding. Such intermediary devices are often called "middleboxes". RFC 3234 defines a taxonomy of middleboxes and issues in the Internet. Most of those middleboxes utilize or modify application- layer data. This document primarily focuses on devices that observe and act on information carried in the transport layer, and especially information carried in TCP packets. Google Microsoft Private Octopus Inc. QUIC address migration allows clients to change their IP address while maintaining connection state. To reduce the ability of an observer to link two IP addresses, clients and servers use new connection IDs when they communicate via different client addresses. This poses a problem for traditional "layer-4" load balancers that route packets via the IP address and port 4-tuple. This specification provides a standardized means of securely encoding routing information in the server's connection IDs so that a properly configured load balancer can route packets with migrated addresses correctly. As it proposes a structured connection ID format, it also provides a means of connection IDs self-encoding their length to aid some hardware offloads. This document specifies the format and mechanism that is to be used for encoding Access-Network Identifiers in DHCPv4 and DHCPv6 messages by defining new Access-Network-Identifier options and sub-options. This document defines a profile that is a superset of the connection to IPv6 cellular networks defined in the IPv6 for Third Generation Partnership Project (3GPP) Cellular Hosts document. This document defines a profile that is a superset of the connections to IPv6 cellular networks defined in "IPv6 for Third Generation Partnership Project (3GPP) Cellular Hosts" (RFC 7066). Both mobile hosts and mobile devices with the capability to share their 3GPP mobile connectivity are in scope. This document specifies a simple Hashed Message Authentication Code (HMAC)-based key derivation function (HKDF), which can be used as a building block in various protocols and applications. The key derivation function (KDF) is intended to support a wide range of applications and requirements, and is conservative in its use of cryptographic hash functions. This document is not an Internet Standards Track specification; it is published for informational purposes. The NAT operation described in this document extends address translation introduced in RFC 1631 and includes a new type of network address and TCP/UDP port translation. In addition, this document corrects the Checksum adjustment algorithm published in RFC 1631 and attempts to discuss NAT operation and limitations in detail. This memo provides information for the Internet community. This document attempts to describe the operation of NAT devices and the associated considerations in general, and to define the terminology used to identify various flavors of NAT. This memo provides information for the Internet community. JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted. CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR), and CBOR Object Signing and Encryption (COSE) is used for added application-layer security protection. A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value. CWT is derived from JSON Web Token (JWT) but uses CBOR rather than JSON. In network protocol exchanges, it is often useful for one end of a communication to know whether the other end is in an intended operating state. This document provides an architectural overview of the entities involved that make such tests possible through the process of generating, conveying, and evaluating evidentiary Claims. It provides a model that is neutral toward processor architectures, the content of Claims, and protocols. Alibaba Inc. Uber Technologies Inc. Alibaba Inc. Ericsson This document defines a method for supporting QUIC-enabled service differentiation for traffic engineering through multipath and QUIC connection identifier (CID) encoding. This approach enables end-host networking stacks and applications to select packet routing paths in a wide area network (WAN), potentially improving end-to-end performance, cost, and reliability. The proposed method can be used in conjunction with segment-routing traffic engineering technologies, such as SRv6 TE. Routed protocols are often susceptible to spoof attacks. The canonical solution for IPv6 is Secure Neighbor Discovery (SEND), a solution that is non-trivial to deploy. This document proposes a light-weight alternative and complement to SEND based on filtering in the layer-2 network fabric, using a variety of filtering criteria, including, for example, SEND status. This document is not an Internet Standards Track specification; it is published for informational purposes. This document specifies the Connection ID (CID) construct for the Datagram Transport Layer Security (DTLS) protocol version 1.2. A CID is an identifier carried in the record layer header that gives the recipient additional information for selecting the appropriate security association. In "classical" DTLS, selecting a security association of an incoming DTLS record is accomplished with the help of the 5-tuple. If the source IP address and/or source port changes during the lifetime of an ongoing DTLS session, then the receiver will be unable to locate the correct security context. The new ciphertext record format with the CID also provides content type encryption and record layer padding. This document updates RFC 6347. This memorandum describes RTP, the real-time transport protocol. RTP provides end-to-end network transport functions suitable for applications transmitting real-time data, such as audio, video or simulation data, over multicast or unicast network services. RTP does not address resource reservation and does not guarantee quality-of- service for real-time services. The data transport is augmented by a control protocol (RTCP) to allow monitoring of the data delivery in a manner scalable to large multicast networks, and to provide minimal control and identification functionality. RTP and RTCP are designed to be independent of the underlying transport and network layers. The protocol supports the use of RTP-level translators and mixers. Most of the text in this memorandum is identical to RFC 1889 which it obsoletes. There are no changes in the packet formats on the wire, only changes to the rules and algorithms governing how the protocol is used. The biggest change is an enhancement to the scalable timer algorithm for calculating when to send RTCP packets in order to minimize transmission in excess of the intended rate when many participants join a session simultaneously. [STANDARDS-TRACK] This document describes the Secure Real-time Transport Protocol (SRTP), a profile of the Real-time Transport Protocol (RTP), which can provide confidentiality, message authentication, and replay protection to the RTP traffic and to the control traffic for RTP, the Real-time Transport Control Protocol (RTCP). [STANDARDS-TRACK] While the Secure Real-time Transport Protocol (SRTP) provides confidentiality for the contents of a media packet, a significant amount of metadata is left unprotected, including RTP header extensions and contributing sources (CSRCs). However, this data can be moderately sensitive in many applications. While there have been previous attempts to protect this data, they have had limited deployment, due to complexity as well as technical limitations. This document updates RFC 3711, the SRTP specification, and defines Cryptex as a new mechanism that completely encrypts header extensions and CSRCs and uses simpler Session Description Protocol (SDP) signaling with the goal of facilitating deployment. Nederlandse Publieke Omroep Tencent America LLC This document describes use cases and requirements that guide the specification of a simple, low-latency media delivery solution for ingest and distribution, using either the QUIC protocol or WebTransport as transport protocols.

Extending CIDFI to Other Protocols CIDFI can be extended to other protocols including TCP, SCTP, RTP, and SRTP, and bespoke UDP protocols. An extension to each protocol is described below which retains the ability of the client to prove its ownership of the 5-tuple to a CNE.

DTLS DTLS is used by WebRTC and SIP for establishing interactive real-time audio, video, and screen sharing, which benefit from knowing network characteristics (n2h signaling) and benefit from prioritizing audio over video (h2n signaling). defines an extension to add a Connection ID (CID) to the DTLS record layer. DTLS CID can be leveraged by CIDFI to communicate per-connection information from endpoint to CNE and vice-versa.

TCP To prove ownership of the TCP 4-tuple, TCP can utilize a new TCP option to carry the CNE's nonce and HMAC-output. This TCP option can be carried in both the TCP SYN and in some subsequent packets to avoid consuming the entire TCP option space (40 bytes). Sub-options can be defined to carry pieces of the Nonce and HMAC output, with the first piece of the Nonce in the TCP SYN so the CIDFI network element can be triggered to begin looking for the subsequent TCP frames containing the rest of the CIDFI nonce and CIDFI HMAC-output. For example,

1. send TCP SYN + CIDFI option (including Nonce bits 0-63)
2. if received TCP SYNACK does not indicate CIDFI support, stop sending CIDFI option
3. send next TCP packet + CIDFI option (including Nonce bytes 64-128)
4. send next TCP packet + CIDFI option (including HMAC-output bits 0-127)
5. send next TCP packet + CIDFI option (including HMAC-output bytes 128-256)

To shorten this further we might truncate the HMAC output and/or truncate the Nonce after security evaluation.

SCTP If SCTP is sent directly over IP, proof of ownership of the SCTP 4-tuple can be achieved using an extension to its INIT packets, similar to what is described above for TCP SYN. If SCTP is run over UDP, the same proof of ownership of the UDP 4-tuple as described in can be performed.

RTP and SRTP The RTP Synchronization Source (SSRC) is in the clear for , , and . If the SSRC is signaled similarly to CID, RTP could also benefit from CIDFI. CIDFI network elements could be told the mapping of SSRC values to importance and schedule those SSRCs accordingly. However, SSRC is used in playout (jitter) buffers and a new SSRC seen by a receiver will cause confusion. Thus, overloading SSRC to mean both 'packet importance' for CIDFI and 'synchronization source' will require engineering work on the RTP receiver to treat all the signaled SSRCs as one source for purposes of its playout buffer. RTP over QUIC is another approach which exposes QUIC headers to the network (which have CIDs) and does not overload the RTP SSRC. The Media over QUIC (MOQ) working group includes RTP over QUIC as one of its use cases .

Bespoke UDP Application Protocols To work with CIDFI, other UDP application protocols would have to prove ownership of their UDP 4-tuple () and extend their protocol to include a connection identifier in the first several bits of each of their UDP packets. Alternatively, rather than modifying the application protocol it could be run over .

Acknowledgments Thanks to Dave Täht, Magnus Westerlund, Christian Huitema, Gorry Fairhurst, and Tom Herbert for hallway discussions and feedback at TSVWG that encouraged the authors to consider the approach described in this document. Thanks to Ben Schwartz for suggesting PvD as an alternative discovery mechanism.