[PATCH 0 of 3] QUIC post-migration address issues

Roman Arutyunyan arut at nginx.com
Tue May 2 12:34:12 UTC 2023

The first issue was reported in ticket #2488.  The second and third issues were
observed while working on the first one.

The issues manifest themselves best when migrating to another IP address.  When
testing migration with ngtcp2 --change-local-addr, only the port is changed.
I had to patch ngtcp2 client to make it migrate to a new IP address, which has
to be bigger in text representation to trigger the length issues.  However,
while doing that, it became clear that nginx does not handle well this kind of
migrations.  I observed the following issues:

- After address validation completes, in_flight counter is reset, but in-flight
  packets which contributed to the old value of the counter are not ignored.
  This resulted in in_flight counter underflow, followed by a connection stall.
  The counter reset does not happen if the IP address stays the same.

- While congestion controller is reset on successful address validation,
  RTT estimator is not.  According to RFC 900, both should be reset.

- While address validation is in progress, nginx sends packets using the new
  path.  This is something allowed by RFC 9000.  However, it's not clear
  which congestion/RTT/PTO/loss detection to use during that period.  The
  safest solution is to block all output until PATH_RESPONSE is received or
  validation timeout expires.

These issues were partially addressed in this patchset by Sergey:


The series is not yet commited.  Hopefully we'll get back to it shortly.

Roman Arutyunyan

More information about the nginx-devel mailing list