Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Distributed firewall wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Computer network wikipedia , lookup
Deep packet inspection wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Internet protocol suite wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Explicit Congestion Notification (ECN) RFC 3168 Justin Yackoski DEGAS Networking Group [email protected] CISC856 – TCP/IP Thanks to Namratha Hundigopal and Preethi Natarajan for slides Overview • The Problem – Congestion • The other solution(s) • TCP's basic congestion mechanisms • Active Queue Management • Description of ECN • How ECN works • Why ECN is better • Performance evaluation • Status of ECN 10/3/2005 2 Congestion • Router must buffer packets because input > output • End-to-end delay increases as buffer fills • When buffer is full, “tail drop” occurs 10/3/2005 3 TCP without ECN • Congestion Detection • Retransmit Timeout • 3 duplicate ACKs • “Congestion Avoidance” • Happens after congestion has already occurred (Multiplicative decrease of cwnd AFTER loss) • Current TCP does something like congestion ‘recovery’ • Network is treated as a black box, no way to know of impending doom 10/3/2005 4 What can sometimes happen? • Global Synchronization – many connections • • reduce sending rate at same time, channel is under-utilized Lock Out – queue space is monopolized by a few connections Full Buffers – If network is operating at capacity, buffers stay full • No spare room for “bursts” of traffic • End-to-end delay is increased due to queuing delays 5 Active Queue Management • Detect “incipient” (early) congestion • Try to keep average queue size in “good” • range Randomly choose IP-PDUs to notify about congestion (how?) max min Average queue size lies in-between the thresholds 6 What always happens? • Packet drops each time congestion is • detected, very inefficient BAD for real-time applications 10/3/2005 7 Explicit Congestion Notification • ECN is an AQM mechanism • Routers notify TCP about incipient • • congestion Use TCP/IP headers to send ECN signals TCP treats ECN signals exactly the same as when a single dropped packet is detected • BUT – Packets are NOT actually dropped 10/3/2005 8 ECN Bits in IP Header 2 bits => 4 ECN Codepoints Value 10/3/2005 Name 00 Not-ECT (Not ECN Capable Transport) 10 ECT(0) (ECN Capable Transport (0) ) 01 ECT(1) (ECN Capable Transport(1) ) 11 CE (Congestion Experienced) 9 ECN Bits in TCP Header ECE flag - ECN-Echo flag CWR flag - Congestion Window Reduced flag 10/3/2005 10 Negotiation between TCP transport entities sender • • • receiver TCP Sender – sets both ECE and CWR in SYN TCP Receiver – sets only ECE in SYN-ACK A host must not set ECT in SYN or SYN-ACK Some faulty firewalls either drop an ECN-setup SYN packet or respond with an RST TCP-PDU 10/3/2005 11 Typical sequence of events(1) • ECT is set in IP-PDU’s carrying data transmitted by the sender to indicate that ECN is supported by transport entities for this PDU ECN Negotiated during connection establishment ECT set ECN enabled sender 10/3/2005 ECN enabled receiver ECN enabled router 12 Typical sequence of events(2) • ECN-capable router detects incipient • congestion, and sees that ECT is set in the IP-PDU The router sets CE in the IP-PDU ECT set Incipient Congestion, set CE CE set thmax thmin 10/3/2005 13 Typical sequence of events(3) • ECN enabled receiver receives the IP-PDU with CE set. • Receiver conveys the congestion information to the transport sender by setting ECE in the Congestion!!! ACK TCP-PDU Let me inform the sender CE set ECN enabled sender 10/3/2005 ECE set in ACK ECN enabled receiver 14 Typical sequence of events(4) • TCP sender receives the TCP-PDU with ECE set • Sender becomes aware of incipient congestion in • network Sender reacts as if a TCP-PDU was dropped (sender’s cwnd reduced). Incipient Congestion, reduce cwnd ECE set ACK ECN enabled sender 10/3/2005 ECN enabled receiver 15 Typical sequence of events(5) • TCP sender sets CWR in the next new TCP-PDU to the receiver • Indicates that the sender has reacted to congestion by reducing the cwnd Incipient Congestion, reduce cwnd, Set CWR CWR set ECN enabled sender 10/3/2005 ECN enabled receiver 16 Typical sequence of events(6) • Receiver stops sending ACKs with Sender has reduced cwnd, stop setting ECE flag ECE set after getting a TCP-PDU with CWR set if there is no new congestion in the network ECE set ACK CWR set ECN enabled sender ECN enabled router 10/3/2005 ECN enabled receiver 17 Rules of the Game - Sender • On receipt of ECE ACK packet, TCP sender • • • 10/3/2005 SHOULD react in the same way as it would for a congestion loss in non-ECN-capable TCP Sender TCP SHOULD NOT react more than once every RTT to the ECE ACK packet Why? – We saw that receiver keeps sending ECE set ACKs until Receiver gets a TCP-PDU with CWR set from the sender For CWR set TCP-PDU to reach the receiver and get acked takes at least 1 RTT. So any more ECEs received in this time span is for the same instance of congestion 18 Rules of the Game - Sender • TCP sender should set CWR in the first • new TCP-PDU the sender transmits after receiving an ECE set ACK What if a CWR set TCP-PDU is lost? • Sender TCP detects the loss • The loss is treated as a new instance of congestion in network • Sender will have to again reduce its cwnd and retransmits the lost TCP-PDU without CWR set 10/3/2005 19 Rules of the Game - Receiver • To overcome dropped ECE ACK packets, • • • 10/3/2005 receiver MUST keep sending ECE ACKs until it gets a TCP-PDU with CWR set Any more IP-PDUs with CE set are treated as new instances of congestion in the network In delayed ACKs, ECE in ACK is set if CE is set for any of the IP-PDUs being acknowledged What does the receipt of CWR guarantee? • The sender received the ECE message ? • The sender reduced its congestion window ? NO YES 20 Advantages of ECN • Prevents unnecessary packet drops at • • routers less retransmissions improvement in the “GOODPUT” Avoids timeouts by getting faster notification to end hosts Less retransmissions also means less traffic on the network 10/3/2005 21 ECN Performance Improvements • ECN+ - allow SYN ACKs to be marked • Internet draft currently • RED* - mark packets using ECN, don’t drop 10/3/2005 22 Is ECN Secure? • Does ECN add any insecurities to TCP • and/or IP or make any problems worse? Can a malicious router: • Interfere with handshake? • Falsely report congestion? • Fail to report congestion? • Disable ECN? 10/3/2005 23 Is ECN used? • Implemented in linux 2.4+, Solaris 9+, and Cisco routers since 12.2(8)T 10/3/2005 24 References • • • • • • • • RFC 3168 – ECN RFC 2309 – AQM A. Kuzmanovic. The Power of Explicit Congestion Notification. SIGCOMM ’05 A. Medina, M. Allman, and S. Floyd. Measuring the Evolution of Transport Protocols in the Internet. ACM CCR. 2005 http://www.cs.ucla.edu/NRL/hpi/tcpw/tcpw_sample/sample. html http://www.icir.org/floyd/ecn.html http://www.icir.org/floyd/ecn/ecn_security.txt Slides from Namratha Hundigopal and Preethi Natarajan 10/3/2005 25