Do something useful with SUBSCRIBE_DONE #609
Conversation
|
Note: Another design would not use a timer at the receiver. Instead, it would require that all reset streams use RESET_STREAM_AT with at least the track alias delivered reliably, and the SUBSCRIBE_DONE would indicate how many streams were opened over the life of the subscription. |
draft-ietf-moq-transport.md
Outdated
| destroy subscription state. The QUIC layer might still be resolving the | ||
| closing of the stream on the wire. | ||
|
|
||
| A receiver that receives SUBSCRIBE_DONE SHOULD set a timer of at least 2 seconds |
There was a problem hiding this comment.
Should there be an exception if the SUBSCRIBE_DONE has code UNSUBSCRIBED (eg: the subscriber already expressed disinterest)?
There was a problem hiding this comment.
As the text says, the receiver MAY delete early if the application has lost interest in the data.
I don't think we need special language for that.
There was a problem hiding this comment.
2 seconds seems arbitrary. Can we use 3 * PTO or leave it open to implementations?
There was a problem hiding this comment.
It is totally arbitrary. The MoQ application is unlikely to have an API for the PTO, but there's no number I'd be unhappy with.
draft-ietf-moq-transport.md
Outdated
| delivery timeout. | ||
|
|
||
| A sender MUST NOT send SUBSCRIBE_DONE until it has closed all streams it will | ||
| ever open, and has no pending datagrams, for a subscription. After sending |
There was a problem hiding this comment.
| ever open, and has no pending datagrams, for a subscription. After sending | |
| ever open, and has no unsent datagrams, for a subscription. After sending |
There was a problem hiding this comment.
IIUC Datagrams can't be pending at the application level. If QUIC can't take them, they just drop on the floor?
There was a problem hiding this comment.
The quicr relay queues datagram packets at the applications layer and only passing them to QUIC layer when there is space in the CWIN for them. This allows the relay to control the times outs and priorities for object sent with datagram. I think that will deliver a much better user experience than something that just drops them on the floor (thought both implementations are valid spec compliant AFAIC )
draft-ietf-moq-transport.md
Outdated
| destroy subscription state. The QUIC layer might still be resolving the | ||
| closing of the stream on the wire. | ||
|
|
||
| A receiver that receives SUBSCRIBE_DONE SHOULD set a timer of at least 2 seconds |
There was a problem hiding this comment.
2 seconds seems arbitrary. Can we use 3 * PTO or leave it open to implementations?
|
I thought of a third way this could work: If we got WebTransport APIs to expose the QUIC Stream ID of a stream, we could include the largest stream ID opened on behalf of a subscription. If all unidirectional sender-opened streams up to that ID have been observed, it's safe to destroy the state. |
draft-ietf-moq-transport.md
Outdated
| and whether it was an error. | ||
| A publisher sends a `SUBSCRIBE_DONE` message to indicate it will not open any | ||
| additional streams or send any more datagrams for a subscription. When all | ||
| streams for the subscription are fully closed, each endpoint can destroy its |
There was a problem hiding this comment.
by the phrase "fully closed" , do you mean stream fin or does it cover stream reset cases too ?
There was a problem hiding this comment.
It covers Reset -- I'm not sure how it could work just on FIN
draft-ietf-moq-transport.md
Outdated
| A subscriber that receives SUBSCRIBE_DONE SHOULD set a timer of at least 2 seconds | ||
| in case some datagrams or unopened streams are still inbound due to | ||
| prioritization or packet loss. Once the timer has expired, the receiver destroys | ||
| subscription state once all open streams for the subscription have closed. A |
There was a problem hiding this comment.
"Once the timer has expired, the receiver can cleanup its subscription state"
I don't think we need to have "once al open streams for the subscriptions have closed".
There was a problem hiding this comment.
If a stream were still open, it would be smart to continue, no?
draft-ietf-moq-transport.md
Outdated
| A publisher sends a `SUBSCRIBE_DONE` message to indicate it is done publishing | ||
| Objects for that subscription. The Status Code indicates why the subscription ended, | ||
| and whether it was an error. | ||
| A publisher sends a `SUBSCRIBE_DONE` message to indicate it will not open any |
There was a problem hiding this comment.
strongly prefer the "will not send any more objects" version of this.
draft-ietf-moq-transport.md
Outdated
| Objects for that subscription. The Status Code indicates why the subscription ended, | ||
| and whether it was an error. | ||
| A publisher sends a `SUBSCRIBE_DONE` message to indicate it will not open any | ||
| additional streams or send any more datagrams for a subscription. When all |
There was a problem hiding this comment.
So lets say I have a track with a single group and single sub group and a million objects in the group. (this might be a common patter for deliver software updates or AI models updates. This new text say the DONE would be sent as soon as the subscribe was received. This seems very wrong and will cause weird race conditions when the DONE was sent after the publisher opened the last stream, but the subscriber got the DONE before they new stream had been opened.
There was a problem hiding this comment.
That is not what it says at all. A few paragraphs down, it says:
"A sender MUST NOT send SUBSCRIBE_DONE until it has closed all streams it will
ever open, and has no pending datagrams, for a subscription."
Race conditions are inevitable, even with that rule, because we can't guarantee the order in which QUIC will deliver things. That's why there has to be either a timer or a careful accounting of what streams have been opened.
Closing streams gives the receiver all the information it needs, except if there are more streams pending, hence the SUBSCRIBE_DONE. Delaying sending it till the sender has closed the streams just reduces the race condition. It doesn't eliminate it.
There was a problem hiding this comment.
So
"A sender MUST NOT send SUBSCRIBE_DONE until it has closed all streams it will
ever open, and has no pending datagrams, for a subscription."
and
"A publisher sends a
SUBSCRIBE_DONEmessage to indicate it will not open any
additional streams or send any more datagrams for a subscription."
Seem to contradict each other about when DONE is sent.
There was a problem hiding this comment.
I agree that this is confusing and I'll fix it.
What I'm getting at is this: we don't need a FETCH_DONE because it's all on one stream, so the FIN/RESET is adequate to communicate the end of the FETCH. If the subscriber somehow knew for sure how many streams would open for a SUBSCRIBE, then stream FIN/RESETs would be adequate to know when to destroy subscription state.
SUBSCRIBE_DONE is only needed because it doesn't know for sure; the sender has to tell it that it's done opening streams, so once the current crop of streams is closed it's safe to tear down.
Unfortunately, it is quite likely that SUBSCRIBE_DONE outraces the last stream openings. So either there has to be a timer, or there has to be some indication of how many streams there were (which would levy new requirements on QUIC/WebTransport)
draft-ietf-moq-transport.md
Outdated
| SUBSCRIBE_DONE, the sender can immediately destroy subscription state, although | ||
| stream state may persist until delivery completes. | ||
|
|
||
| A subscriber that receives SUBSCRIBE_DONE SHOULD set a timer of at least 2 seconds |
There was a problem hiding this comment.
2 seconds sounds insanely fragile.
There was a problem hiding this comment.
Would you like to suggest a different timeout, or one of the other proposals discussed in this thread? I'm open to any of them but was reluctant to impose more requirements on the QUIC/WebTransport stack.
There was a problem hiding this comment.
The effect of the timer expiring early is that some objects may be dropped on the floor instead of delivered to the application.
If the receiver is interested in objects beyond that, it should set a longer timer.
|
I went with the timer design because I thought it would be easy to write. But it turns out it's confusing to people, so I'm starting to think that we either require RESET_STREAM_AT or expose QUIC stream IDs to the application, and get rid of the timer. |
|
I'm fine with this design, minus explicitly specifying a timeout. |
|
I think RESET_STREAM_AT might work for QUIC, but if I understand WebTransport correctly, it doesn't expose it to the application and only uses it for the WebTransport session IDs. Referencing the highest stream ID sounds cleaner to me than setting an arbitrary timeout, but if that is hard for some QUIC APIs, I'm fine with a timeout. Another option I could think of is to send SUBSCRIBE_DONE on a separate last stream which must not be reset. But that would mean we no longer send all control messages on the control stream... |
|
oh and the separate stream also requires exposing the stream ID... |
Even if that stream has a very low priority, I don't think we can guarantee that it arrives after any object streams that are sent around the same time. |
It's not clear to me if WebTransport is specifying the APIs, but to me this is less of an IETF question and more a "what are WebTransport implementers willing to do" question. |
|
@vasilvv points out that the Webtrans API has a signal when the stream FIN has been ACKed. This makes everything way easier. |
|
Individual Comment: I don't like using FIN-ACK:
I still prefer using RESET_STREAM_AT -- the downside from my perspective is pushing WebTransport to include this surface, which I think they should anyway, and perhaps that raw QUIC implementations MUST negotiate this extension. Timers are inelegant and a waste when everything was already received. |
It's in both the spec and our implementation. |
| @@ -1358,8 +1358,7 @@ See {{priorities}}. | |||
| A subscriber issues a `UNSUBSCRIBE` message to a publisher indicating it is no | |||
| longer interested in receiving media for the specified track and Objects | |||
| should stop being sent as soon as possible. The publisher sends a | |||
| SUBSCRIBE_DONE to acknowledge the unsubscribe was successful and indicate | |||
| the final Object. | |||
| SUBSCRIBE_DONE to acknowledge the unsubscribe was successful. | |||
There was a problem hiding this comment.
Seems weird to me that it's named SUBSCRIBE_DONE for what is defined as UNSUBSCRIBE_ACK
There was a problem hiding this comment.
It's not just an UNSUBSCRIBE_ACK. It's also used when the SUBSCRIBE reaches its end.
There was a problem hiding this comment.
isn't that redundant with object status 0x4/end of track?
There was a problem hiding this comment.
TBH, I don't believe it adds much value to ack unsubscribe. It should be assumed that it was successful as it was transmitted over a reliable control stream, which had to be processed by the remote otherwise the control stream would be invalidated. If the remote doesn't do anything with the unsubscribe (e.g., noop the message) and continues to publish data, the relay should then respond with error. I don't recommend using protocol violation in this case as that would close a connection causing a potential large impact that spans more than one track. This is a track error and should, IMHO, only affect that track. With QUIC, either side can reset a stream regardless of being bidir or unidir, right? I would suggest that we need a track level error message that is followed by a RESET of the incoming stream. RESET of stream could indicate error code as well.
Out of scope for this PR but keep in mind as it relates, what happens when an app sends end of track or end of group object status and continues to send data that would violate that status???
There was a problem hiding this comment.
It is not redundant to end of track, as other objects could be delivered later and out of order, and sometimes the subscribe ends before the track does
draft-ietf-moq-transport.md
Outdated
|
|
||
| 1. All DATAGRAMs sent for the subscription have reached their expiration time. | ||
|
|
||
| 2. All data streams have either been reset, or the stream API has provided a |
There was a problem hiding this comment.
Is stream API clarified? Suggest rewording as that makes an assumption of an API.
There was a problem hiding this comment.
How would you reword it?
There was a problem hiding this comment.
I believe the context here is the QUIC transport stack/API, correct? If so, I would recommend "QUIC transport" instead of "stream API"
draft-ietf-moq-transport.md
Outdated
| notification that the FIN has been ACKed. | ||
|
|
||
| 3. Any data streams closed with RESET_STREAM_AT have received notification from | ||
| the stream API that the reliable size has been acknowledged. |
There was a problem hiding this comment.
Same regarding using "stream API". It suggests an implementation that this protocol doesn't appear to define.
No. If the EndOfTrack object is delivered, there might still be other streams out there that are open and delivering earlier objects, or even streams that haven't been opened yet. |
@martinduke , that needs to be clarified as that's unclear as described. If I understand your statement above, would it be correct to rephrase it as:
Based on object status EoT, I'm for us removing |
martinduke
force-pushed
the
subscribe-done
branch
from
ec67ea7 to
4ee5991
Compare
|
After more thought, I really think #628 (Alan's stream-counting PR) is a superior approach, as it gives the option for the client to short-cut its timer. Some were concerned about messing up counting; worst case is it falls back to using the timer, which is this proposal. |
ianswett
added
the
Design
This is an alternative to #609 that requires a dependency on RESET_STREAM_AT. Some lines reflowed so the delta looks larger than it is.
Fixes #424
Fixes #456
Fixes #465
Comes up with some rules on when to send SUBSCRIBE_DONE, and what to do with it.
Deletes the ContentExists and Final Group/Object fields, because there is nothing the receiver does with it.