Internet Engineering Task Force (IETF) B. Briscoe
Request for Comments: 7141 BT
BCP: 41 J. Manner
Updates: 2309, 2914 Aalto University
Category: Best Current Practice February 2014
Byte and Packet Congestion Notification
This document provides recommendations of best current practice for
dropping or marking packets using any active queue management (AQM)
algorithm, including Random Early Detection (RED), BLUE, Pre-
Congestion Notification (PCN), and newer schemes such as CoDel
(Controlled Delay) and PIE (Proportional Integral controller
Enhanced). We give three strong recommendations: (1) packet size
should be taken into account when transports detect and respond to
congestion indications, (2) packet size should not be taken into
account when network equipment creates congestion signals (marking,
dropping), and therefore (3) in the specific case of RED, the byte-
mode packet drop variant that drops fewer small packets should not be
used. This memo updates RFC 2309 to deprecate deliberate
preferential treatment of small packets in AQM algorithms.
Status of This Memo
This memo documents an Internet Best Current Practice.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
BCPs is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
This document provides recommendations of best current practice for
how we should correctly scale congestion control functions with
respect to packet size for the long term. It also recognises that
expediency may be necessary to deal with existing widely deployed
protocols that don't live up to the long-term goal.
When signalling congestion, the problem of how (and whether) to take
packet sizes into account has exercised the minds of researchers and
practitioners for as long as active queue management (AQM) has been
discussed. Indeed, one reason AQM was originally introduced was to
reduce the lock-out effects that small packets can have on large
packets in tail-drop queues. This memo aims to state the principles
we should be using and to outline how these principles will affect
future protocol design, taking into account pre-existing deployments.
The question of whether to take into account packet size arises at
three stages in the congestion notification process:
Measuring congestion: When a congested resource measures locally how
congested it is, should it measure its queue length in time,
bytes, or packets?
Encoding congestion notification into the wire protocol: When a
congested network resource signals its level of congestion, should
the probability that it drops/marks each packet depend on the size
of the particular packet in question?
Decoding congestion notification from the wire protocol: When a
transport interprets the notification in order to decide how much
to respond to congestion, should it take into account the size of
each missing or marked packet?
Consensus has emerged over the years concerning the first stage,
which Section 2.1 records in the RFC Series. In summary: If
possible, it is best to measure congestion by time in the queue;
otherwise, the choice between bytes and packets solely depends on
whether the resource is congested by bytes or packets.
The controversy is mainly around the last two stages: whether to
allow for the size of the specific packet notifying congestion i)
when the network encodes or ii) when the transport decodes the
Currently, the RFC series is silent on this matter other than a paper
trail of advice referenced from [RFC2309], which conditionally
recommends byte-mode (packet-size dependent) drop [pktByteEmail].
Reducing the number of small packets dropped certainly has some
tempting advantages: i) it drops fewer control packets, which tend to
be small and ii) it makes TCP's bit rate less dependent on packet
size. However, there are ways of addressing these issues at the
transport layer, rather than reverse engineering network forwarding
to fix the problems.
This memo updates [RFC2309] to deprecate deliberate preferential
treatment of packets in AQM algorithms solely because of their size.
It recommends that (1) packet size should be taken into account when
transports detect and respond to congestion indications, (2) not when
network equipment creates them. This memo also adds to the
congestion control principles enumerated in BCP 41 [RFC2914].
In the particular case of Random Early Detection (RED), this means
that the byte-mode packet drop variant should not be used to drop
fewer small packets, because that creates a perverse incentive for
transports to use tiny segments, consequently also opening up a DoS
vulnerability. Fortunately, all the RED implementers who responded
to our admittedly limited survey (Section 4.2.4) have not followed
the earlier advice to use byte-mode drop, so the position this memo
argues for seems to already exist in implementations.
However, at the transport layer, TCP congestion control is a widely
deployed protocol that doesn't scale with packet size (i.e., its
reduction in rate does not take into account the size of a lost
packet). To date, this hasn't been a significant problem because
most TCP implementations have been used with similar packet sizes.
But, as we design new congestion control mechanisms, this memo
recommends that we build in scaling with packet size rather than
assuming that we should follow TCP's example.
This memo continues as follows. First, it discusses terminology and
scoping. Section 2 gives concrete formal recommendations, followed
by motivating arguments in Section 3. We then critically survey the
advice given previously in the RFC Series and the research literature
(Section 4), referring to an assessment of whether or not this advice
has been followed in production networks (Appendix A). To wrap up,
outstanding issues are discussed that will need resolution both to
inform future protocol designs and to handle legacy AQM deployments
(Section 5). Then security issues are collected together in
Section 6 before conclusions are drawn in Section 7. The interested
reader can find discussion of more detailed issues on the theme of
byte vs. packet in the appendices.
This memo intentionally includes a non-negligible amount of material
on the subject. For the busy reader, Section 2 summarises the
recommendations for the Internet community.
1.1. Terminology and Scoping
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
This memo applies to the design of all AQM algorithms, for example,
Random Early Detection (RED) [RFC2309], BLUE [BLUE02], Pre-Congestion
Notification (PCN) [RFC5670], Controlled Delay (CoDel) [CoDel], and
the Proportional Integral controller Enhanced (PIE) [PIE].
Throughout, RED is used as a concrete example because it is a widely
known and deployed AQM algorithm. There is no intention to imply
that the advice is any less applicable to the other algorithms, nor
that RED is preferred.
Congestion Notification: Congestion notification is a changing
signal that aims to communicate the probability that the network
resource(s) will not be able to forward the level of traffic load
offered (or that there is an impending risk that they will not be
The 'impending risk' qualifier is added, because AQM systems set a
virtual limit smaller than the actual limit to the resource, then
notify the transport when this virtual limit is exceeded in order
to avoid uncontrolled congestion of the actual capacity.
Congestion notification communicates a real number bounded by the
range [ 0 , 1 ]. This ties in with the most well-understood
measure of congestion notification: drop probability.
Explicit and Implicit Notification: The byte vs. packet dilemma
concerns congestion notification irrespective of whether it is
signalled implicitly by drop or explicitly using ECN [RFC3168] or
PCN [RFC5670]. Throughout this document, unless clear from the
context, the term 'marking' will be used to mean notifying
congestion explicitly, while 'congestion notification' will be
used to mean notifying congestion either implicitly by drop or
explicitly by marking.
Bit-congestible vs. Packet-congestible: If the load on a resource
depends on the rate at which packets arrive, it is called 'packet-
congestible'. If the load depends on the rate at which bits
arrive, it is called 'bit-congestible'.
Examples of packet-congestible resources are route look-up engines
and firewalls, because load depends on how many packet headers
they have to process. Examples of bit-congestible resources are
transmission links, radio power, and most buffer memory, because
the load depends on how many bits they have to transmit or store.
Some machine architectures use fixed-size packet buffers, so
buffer memory in these cases is packet-congestible (see
The path through a machine will typically encounter both packet-
congestible and bit-congestible resources. However, currently, a
design goal of network processing equipment such as routers and
firewalls is to size the packet-processing engine(s) relative to
the lines in order to keep packet processing uncongested, even
under worst-case packet rates with runs of minimum-size packets.
Therefore, packet congestion is currently rare (see Section 3.3 of
[RFC6077]), but there is no guarantee that it will not become more
common in the future.
Note that information is generally processed or transmitted with a
minimum granularity greater than a bit (e.g., octets). The
appropriate granularity for the resource in question should be
used, but for the sake of brevity we will talk in terms of bytes
in this memo.
Coarser Granularity: Resources may be congestible at higher levels
of granularity than bits or packets, for instance stateful
firewalls are flow-congestible and call-servers are session-
congestible. This memo focuses on congestion of connectionless
resources, but the same principles may be applicable for
congestion notification protocols controlling per-flow and per-
session processing or state.
RED Terminology: In RED, whether to use packets or bytes when
measuring queues is called, respectively, 'packet-mode queue
measurement' or 'byte-mode queue measurement'. And whether the
probability of dropping a particular packet is independent or
dependent on its size is called, respectively, 'packet-mode drop'
or 'byte-mode drop'. The terms 'byte-mode' and 'packet-mode'
should not be used without specifying whether they apply to queue
measurement or to drop.
1.2. Example Comparing Packet-Mode Drop and Byte-Mode Drop
Taking RED as a well-known example algorithm, a central question
addressed by this document is whether to recommend RED's packet-mode
drop variant and to deprecate byte-mode drop. Table 1 compares how
packet-mode and byte-mode drop affect two flows of different size
packets. For each it gives the expected number of packets and of
bits dropped in one second. Each example flow runs at the same bit
rate of 48 Mbps, but one is broken up into small 60 byte packets and
the other into large 1,500 byte packets.
To keep up the same bit rate, in one second there are about 25 times
more small packets because they are 25 times smaller. As can be seen
from the table, the packet rate is 100,000 small packets versus 4,000
large packets per second (pps).
Parameter Formula Small packets Large packets
-------------------- --------------- ------------- -------------
Packet size s/8 60 B 1,500 B
Packet size s 480 b 12,000 b
Bit rate x 48 Mbps 48 Mbps
Packet rate u = x/s 100 kpps 4 kpps
Pkt-loss probability p 0.1% 0.1%
Pkt-loss rate p*u 100 pps 4 pps
Bit-loss rate p*u*s 48 kbps 48 kbps
Byte-mode Drop MTU, M=12,000 b
Pkt-loss probability b = p*s/M 0.004% 0.1%
Pkt-loss rate b*u 4 pps 4 pps
Bit-loss rate b*u*s 1.92 kbps 48 kbps
Table 1: Example Comparing Packet-Mode and Byte-Mode Drop
For packet-mode drop, we illustrate the effect of a drop probability
of 0.1%, which the algorithm applies to all packets irrespective of
size. Because there are 25 times more small packets in one second,
it naturally drops 25 times more small packets, that is, 100 small
packets but only 4 large packets. But if we count how many bits it
drops, there are 48,000 bits in 100 small packets and 48,000 bits in
4 large packets -- the same number of bits of small packets as large.
The packet-mode drop algorithm drops any bit with the same
probability whether the bit is in a small or a large packet.
For byte-mode drop, again we use an example drop probability of 0.1%,
but only for maximum size packets (assuming the link maximum
transmission unit (MTU) is 1,500 B or 12,000 b). The byte-mode
algorithm reduces the drop probability of smaller packets
proportional to their size, making the probability that it drops a
small packet 25 times smaller at 0.004%. But there are 25 times more
small packets, so dropping them with 25 times lower probability
results in dropping the same number of packets: 4 drops in both
cases. The 4 small dropped packets contain 25 times less bits than
the 4 large dropped packets: 1,920 compared to 48,000.
The byte-mode drop algorithm drops any bit with a probability
proportionate to the size of the packet it is in.
This section gives recommendations related to network equipment in
Sections 2.1 and 2.2, and we discuss the implications on transport
protocols in Sections 2.3 and 2.4.
2.1. Recommendation on Queue Measurement
Ideally, an AQM would measure the service time of the queue to
measure congestion of a resource. However service time can only be
measured as packets leave the queue, where it is not always expedient
to implement a full AQM algorithm. To predict the service time as
packets join the queue, an AQM algorithm needs to measure the length
of the queue.
In this case, if the resource is bit-congestible, the AQM
implementation SHOULD measure the length of the queue in bytes and,
if the resource is packet-congestible, the implementation SHOULD
measure the length of the queue in packets. Subject to the
exceptions below, no other choice makes sense, because the number of
packets waiting in the queue isn't relevant if the resource gets
congested by bytes and vice versa. For example, the length of the
queue into a transmission line would be measured in bytes, while the
length of the queue into a firewall would be measured in packets.
To avoid the pathological effects of tail drop, the AQM can then
transform this service time or queue length into the probability of
dropping or marking a packet (e.g., RED's piecewise linear function
What this advice means for RED as a specific example:
1. A RED implementation SHOULD use byte-mode queue measurement for
measuring the congestion of bit-congestible resources and packet-
mode queue measurement for packet-congestible resources.
2. An implementation SHOULD NOT make it possible to configure the
way a queue measures itself, because whether a queue is bit-
congestible or packet-congestible is an inherent property of the
Exceptions to these recommendations might be necessary, for instance
where a packet-congestible resource has to be configured as a proxy
bottleneck for a bit-congestible resource in an adjacent box that
does not support AQM.
The recommended approach in less straightforward scenarios, such as
fixed-size packet buffers, resources without a queue, and buffers
comprising a mix of packet and bit-congestible resources, is
discussed in Section 4.1. For instance, Section 4.1.1 explains that
the queue into a line should be measured in bytes even if the queue
consists of fixed-size packet buffers, because the root cause of any
congestion is bytes arriving too fast for the line -- packets filling
buffers are merely a symptom of the underlying congestion of the
2.2. Recommendation on Encoding Congestion Notification
When encoding congestion notification (e.g., by drop, ECN, or PCN),
the probability that network equipment drops or marks a particular
packet to notify congestion SHOULD NOT depend on the size of the
packet in question. As the example in Section 1.2 illustrates, to
drop any bit with probability 0.1%, it is only necessary to drop
every packet with probability 0.1% without regard to the size of each
This approach ensures the network layer offers sufficient congestion
information for all known and future transport protocols and also
ensures no perverse incentives are created that would encourage
transports to use inappropriately small packet sizes.
What this advice means for RED as a specific example:
1. The RED AQM algorithm SHOULD NOT use byte-mode drop, i.e., it
ought to use packet-mode drop. Byte-mode drop is more complex,
it creates the perverse incentive to fragment segments into tiny
pieces and it is vulnerable to floods of small packets.
2. If a vendor has implemented byte-mode drop, and an operator has
turned it on, it is RECOMMENDED that the operator use packet-mode
drop instead, after establishing if there are any implications on
the relative performance of applications using different packet
sizes. The unlikely possibility of some application-specific
legacy use of byte-mode drop is the only reason that all the
above recommendations on encoding congestion notification are not
phrased more strongly.
RED as a whole SHOULD NOT be switched off. Without RED, a tail-
drop queue biases against large packets and is vulnerable to
floods of small packets.
Note well that RED's byte-mode queue drop is completely orthogonal to
byte-mode queue measurement and should not be confused with it. If a
RED implementation has a byte-mode but does not specify what sort of
byte-mode, it is most probably byte-mode queue measurement, which is
fine. However, if in doubt, the vendor should be consulted.
A survey (Appendix A) showed that there appears to be little, if any,
installed base of the byte-mode drop variant of RED. This suggests
that deprecating byte-mode drop will have little, if any, incremental
2.3. Recommendation on Responding to Congestion
When a transport detects that a packet has been lost or congestion
marked, it SHOULD consider the strength of the congestion indication
as proportionate to the size in octets (bytes) of the missing or
In other words, when a packet indicates congestion (by being lost or
marked), it can be considered conceptually as if there is a
congestion indication on every octet of the packet, not just one
indication per packet.
To be clear, the above recommendation solely describes how a
transport should interpret the meaning of a congestion indication, as
a long term goal. It makes no recommendation on whether a transport
should act differently based on this interpretation. It merely aids
interoperability between transports, if they choose to make their
actions depend on the strength of congestion indications.
This definition will be useful as the IETF transport area continues
its programme of:
o updating host-based congestion control protocols to take packet
size into account, and
o making transports less sensitive to losing control packets like
SYNs and pure ACKs.
What this advice means for the case of TCP:
1. If two TCP flows with different packet sizes are required to run
at equal bit rates under the same path conditions, this SHOULD be
done by altering TCP (Section 4.2.2), not network equipment (the
latter affects other transports besides TCP).
2. If it is desired to improve TCP performance by reducing the
chance that a SYN or a pure ACK will be dropped, this SHOULD be
done by modifying TCP (Section 4.2.3), not network equipment.
To be clear, we are not recommending at all that TCPs under
equivalent conditions should aim for equal bit rates. We are merely
saying that anyone trying to do such a thing should modify their TCP
algorithm, not the network.
These recommendations are phrased as 'SHOULD' rather than 'MUST',
because there may be cases where expediency dictates that
compatibility with pre-existing versions of a transport protocol make
the recommendations impractical.
2.4. Recommendation on Handling Congestion Indications When Splitting
or Merging Packets
Packets carrying congestion indications may be split or merged in
some circumstances (e.g., at an RTP / RTP Control Protocol (RTCP)
transcoder or during IP fragment reassembly). Splitting and merging
only make sense in the context of ECN, not loss.
The general rule to follow is that the number of octets in packets
with congestion indications SHOULD be equivalent before and after
merging or splitting. This is based on the principle used above;
that an indication of congestion on a packet can be considered as an
indication of congestion on each octet of the packet.
The above rule is not phrased with the word 'MUST' to allow the
following exception. There are cases in which pre-existing protocols
were not designed to conserve congestion-marked octets (e.g., IP
fragment reassembly [RFC3168] or loss statistics in RTCP receiver
reports [RFC3550] before ECN was added [RFC6679]). When any such
protocol is updated, it SHOULD comply with the above rule to conserve
marked octets. However, the rule may be relaxed if it would
otherwise become too complex to interoperate with pre-existing
implementations of the protocol.
One can think of a splitting or merging process as if all the
incoming congestion-marked octets increment a counter and all the
outgoing marked octets decrement the same counter. In order to
ensure that congestion indications remain timely, even the smallest
positive remainder in the conceptual counter should trigger the next
outgoing packet to be marked (causing the counter to go negative).