|
4 | 4 |
|
5 | 5 | See [XDP](./XDP.md) first to understand the context. |
6 | 6 |
|
7 | | -When CIBIR is used, rather than programming XDP to filter packets on port numbers, |
8 | | -we now filter and de-mux packets based on QUIC connection ID. |
| 7 | +When CIBIR is used, rather than programming XDP to filter and demux packets based on on address and port number, |
| 8 | +XDP with CIBIR will instead filter and de-mux packets based on address, port number, and QUIC connection ID. |
9 | 9 |
|
10 | | -CIBIR (CID-Based Identification and Routing) is just a prefix substring that XDP |
11 | | -will use to match and filter all packets with a QUIC CID that contains the prefix substring equal to CIBIR. |
| 10 | +What CIBIR allows for is 2 or more separate server processes to share a single |
| 11 | +port on the same machine, as long as their CIBIR ID is different. |
12 | 12 |
|
13 | | -What using CIBIR also enables is allowing 2 or more separate server processes to share a single |
14 | | -port. As long as the CIBIR configuration used by each process is different, XDP can |
15 | | -properly de-mux and dispatch received packets to the right process. |
| 13 | +## CIBIR port sharing logic |
| 14 | +- Applications must provide a well-known local port for server sockets when using CIBIR and XDP. |
| 15 | +- **IMPORTANT:** MsQuic will **NOT** reserve an OS port for server sockets when both CIBIR and XDP is enabled and available. |
| 16 | + > Client sockets can never share ports, so MsQuic will reserve an OS port in that scenario. |
| 17 | +- The responsbility of book-keeping shared ports and ensuring robust protection for those shared ports is delegated to the application. |
16 | 18 |
|
17 | | -## Port sharing rules |
18 | | -- **IMPORTANT:** MsQuic will **NOT** reserve OS ports for server sockets using CIBIR+XDP. |
19 | | -- Applications should be aware that if other processes on the system aren't collaborative, then traffic stealing is very possible if some other non-cibir server process binds to the shared port. |
20 | | -- Applications must also provide a well-known local port for listeners using cibir+XDP. |
21 | | -- MsQuic client connections may **NOT** share ports, thus MsQuic will create OS port reservations |
22 | | -for cibir+xdp clients. |
23 | 19 |
|
24 | | -## Port protection options |
| 20 | +## Port protection recommendation for shared ports |
25 | 21 |
|
26 | | -There are a variety of options applications can leverage to protect these cibir shared ports from stealing traffic. |
27 | | - |
28 | | -- Persistent reservations: |
29 | | - https://learn.microsoft.com/en-us/windows/win32/api/iphlpapi/nf-iphlpapi-createpersistentudpportreservation API, to allow sysadmins to pre-allocate a block of ports and disallow other applications from binding to it. Blocks of ports reserved are safe from reboots. |
30 | | -- A well known CIBIR registry key can be used to detail shared ports, and sysadmins can coordinate their system such that other apps will not bind to those ports. |
31 | | -- ALE policies; applications can configure WFP to block certain ports from being binded to by other apps. |
| 22 | +MsQuic strongly recommends applications leverage the Windows [persistent port reservations API](https://learn.microsoft.com/en-us/windows/win32/api/iphlpapi/nf-iphlpapi-createpersistentudpportreservation) to secure shared CIBIR ports prior to serving multi-process CIBIR traffic on a shared port. |
| 23 | +- One time setup by a system admin to create the persistent reservation. |
| 24 | + > A good option for book-keeping persistent port reservations is via registry keys. |
| 25 | +- Persistent port reservations survive reboots, allowing for robust portection in the event of crashes. |
| 26 | +- Having a persistent reservation makes sure critical ports are taken out of the ephemeral port pool, so an unsuspecting application process won't get accidently assigned an ephemeral port that collides with a CIBIR port. |
0 commit comments