Internet Engineering Task Force (IETF) B. Briscoe Request for Comments: 7141 BT BCP: 41 J. Manner Updates: 2309, 2914 Aalto University Category: Best Current Practice February 2014 ISSN: 2070-1721 Byte and Packet Congestion Notification Abstract This document provides recommendations of best current practice for dropping or marking packets using any active queue management (AQM) algorithm, including Random Early Detection (RED), BLUE, Pre- Congestion Notification (PCN), and newer schemes such as CoDel (Controlled Delay) and PIE (Proportional Integral controller Enhanced). We give three strong recommendations: (1) packet size should be taken into account when transports detect and respond to congestion indications, (2) packet size should not be taken into account when network equipment creates congestion signals (marking, dropping), and therefore (3) in the specific case of RED, the byte- mode packet drop variant that drops fewer small packets should not be used. This memo updates RFC 2309 to deprecate deliberate preferential treatment of small packets in AQM algorithms. Status of This Memo This memo documents an Internet Best Current Practice. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on BCPs is available in Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7141.
Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Terminology and Scoping . . . . . . . . . . . . . . . . . 6 1.2. Example Comparing Packet-Mode Drop and Byte-Mode Drop . . 7 2. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 9 2.1. Recommendation on Queue Measurement . . . . . . . . . . . 9 2.2. Recommendation on Encoding Congestion Notification . . . 10 2.3. Recommendation on Responding to Congestion . . . . . . . 11 2.4. Recommendation on Handling Congestion Indications When Splitting or Merging Packets . . . . . . . . . . . . . . 12 3. Motivating Arguments . . . . . . . . . . . . . . . . . . . . 13 3.1. Avoiding Perverse Incentives to (Ab)use Smaller Packets . 13 3.2. Small != Control . . . . . . . . . . . . . . . . . . . . 14 3.3. Transport-Independent Network . . . . . . . . . . . . . . 14 3.4. Partial Deployment of AQM . . . . . . . . . . . . . . . . 16 3.5. Implementation Efficiency . . . . . . . . . . . . . . . . 17 4. A Survey and Critique of Past Advice . . . . . . . . . . . . 17 4.1. Congestion Measurement Advice . . . . . . . . . . . . . . 18 4.1.1. Fixed-Size Packet Buffers . . . . . . . . . . . . . . 18 4.1.2. Congestion Measurement without a Queue . . . . . . . 19 4.2. Congestion Notification Advice . . . . . . . . . . . . . 20 4.2.1. Network Bias When Encoding . . . . . . . . . . . . . 20 4.2.2. Transport Bias When Decoding . . . . . . . . . . . . 22 4.2.3. Making Transports Robust against Control Packet Losses . . . . . . . . . . . . . . . . . . . . . . . 23 4.2.4. Congestion Notification: Summary of Conflicting Advice . . . . . . . . . . . . . . . . . . . . . . . 24 5. Outstanding Issues and Next Steps . . . . . . . . . . . . . . 25 5.1. Bit-congestible Network . . . . . . . . . . . . . . . . . 25 5.2. Bit- and Packet-Congestible Network . . . . . . . . . . . 26 6. Security Considerations . . . . . . . . . . . . . . . . . . . 26 7. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 27 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 28 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 28 9.1. Normative References . . . . . . . . . . . . . . . . . . 28 9.2. Informative References . . . . . . . . . . . . . . . . . 29 Appendix A. Survey of RED Implementation Status . . . . . . . . 33 Appendix B. Sufficiency of Packet-Mode Drop . . . . . . . . . . 34 B.1. Packet-Size (In)Dependence in Transports . . . . . . . . 35 B.2. Bit-Congestible and Packet-Congestible Indications . . . 38 Appendix C. Byte-Mode Drop Complicates Policing Congestion Response . . . . . . . . . . . . . . . . . . . . . . 39
1. Introduction This document provides recommendations of best current practice for how we should correctly scale congestion control functions with respect to packet size for the long term. It also recognises that expediency may be necessary to deal with existing widely deployed protocols that don't live up to the long-term goal. When signalling congestion, the problem of how (and whether) to take packet sizes into account has exercised the minds of researchers and practitioners for as long as active queue management (AQM) has been discussed. Indeed, one reason AQM was originally introduced was to reduce the lock-out effects that small packets can have on large packets in tail-drop queues. This memo aims to state the principles we should be using and to outline how these principles will affect future protocol design, taking into account pre-existing deployments. The question of whether to take into account packet size arises at three stages in the congestion notification process: Measuring congestion: When a congested resource measures locally how congested it is, should it measure its queue length in time, bytes, or packets? Encoding congestion notification into the wire protocol: When a congested network resource signals its level of congestion, should the probability that it drops/marks each packet depend on the size of the particular packet in question? Decoding congestion notification from the wire protocol: When a transport interprets the notification in order to decide how much to respond to congestion, should it take into account the size of each missing or marked packet? Consensus has emerged over the years concerning the first stage, which Section 2.1 records in the RFC Series. In summary: If possible, it is best to measure congestion by time in the queue; otherwise, the choice between bytes and packets solely depends on whether the resource is congested by bytes or packets. The controversy is mainly around the last two stages: whether to allow for the size of the specific packet notifying congestion i) when the network encodes or ii) when the transport decodes the congestion notification. Currently, the RFC series is silent on this matter other than a paper trail of advice referenced from [RFC2309], which conditionally recommends byte-mode (packet-size dependent) drop [pktByteEmail].
Reducing the number of small packets dropped certainly has some tempting advantages: i) it drops fewer control packets, which tend to be small and ii) it makes TCP's bit rate less dependent on packet size. However, there are ways of addressing these issues at the transport layer, rather than reverse engineering network forwarding to fix the problems. This memo updates [RFC2309] to deprecate deliberate preferential treatment of packets in AQM algorithms solely because of their size. It recommends that (1) packet size should be taken into account when transports detect and respond to congestion indications, (2) not when network equipment creates them. This memo also adds to the congestion control principles enumerated in BCP 41 [RFC2914]. In the particular case of Random Early Detection (RED), this means that the byte-mode packet drop variant should not be used to drop fewer small packets, because that creates a perverse incentive for transports to use tiny segments, consequently also opening up a DoS vulnerability. Fortunately, all the RED implementers who responded to our admittedly limited survey (Section 4.2.4) have not followed the earlier advice to use byte-mode drop, so the position this memo argues for seems to already exist in implementations. However, at the transport layer, TCP congestion control is a widely deployed protocol that doesn't scale with packet size (i.e., its reduction in rate does not take into account the size of a lost packet). To date, this hasn't been a significant problem because most TCP implementations have been used with similar packet sizes. But, as we design new congestion control mechanisms, this memo recommends that we build in scaling with packet size rather than assuming that we should follow TCP's example. This memo continues as follows. First, it discusses terminology and scoping. Section 2 gives concrete formal recommendations, followed by motivating arguments in Section 3. We then critically survey the advice given previously in the RFC Series and the research literature (Section 4), referring to an assessment of whether or not this advice has been followed in production networks (Appendix A). To wrap up, outstanding issues are discussed that will need resolution both to inform future protocol designs and to handle legacy AQM deployments (Section 5). Then security issues are collected together in Section 6 before conclusions are drawn in Section 7. The interested reader can find discussion of more detailed issues on the theme of byte vs. packet in the appendices. This memo intentionally includes a non-negligible amount of material on the subject. For the busy reader, Section 2 summarises the recommendations for the Internet community.
1.1. Terminology and Scoping The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. This memo applies to the design of all AQM algorithms, for example, Random Early Detection (RED) [RFC2309], BLUE [BLUE02], Pre-Congestion Notification (PCN) [RFC5670], Controlled Delay (CoDel) [CoDel], and the Proportional Integral controller Enhanced (PIE) [PIE]. Throughout, RED is used as a concrete example because it is a widely known and deployed AQM algorithm. There is no intention to imply that the advice is any less applicable to the other algorithms, nor that RED is preferred. Congestion Notification: Congestion notification is a changing signal that aims to communicate the probability that the network resource(s) will not be able to forward the level of traffic load offered (or that there is an impending risk that they will not be able to). The 'impending risk' qualifier is added, because AQM systems set a virtual limit smaller than the actual limit to the resource, then notify the transport when this virtual limit is exceeded in order to avoid uncontrolled congestion of the actual capacity. Congestion notification communicates a real number bounded by the range [ 0 , 1 ]. This ties in with the most well-understood measure of congestion notification: drop probability. Explicit and Implicit Notification: The byte vs. packet dilemma concerns congestion notification irrespective of whether it is signalled implicitly by drop or explicitly using ECN [RFC3168] or PCN [RFC5670]. Throughout this document, unless clear from the context, the term 'marking' will be used to mean notifying congestion explicitly, while 'congestion notification' will be used to mean notifying congestion either implicitly by drop or explicitly by marking. Bit-congestible vs. Packet-congestible: If the load on a resource depends on the rate at which packets arrive, it is called 'packet- congestible'. If the load depends on the rate at which bits arrive, it is called 'bit-congestible'.
Examples of packet-congestible resources are route look-up engines and firewalls, because load depends on how many packet headers they have to process. Examples of bit-congestible resources are transmission links, radio power, and most buffer memory, because the load depends on how many bits they have to transmit or store. Some machine architectures use fixed-size packet buffers, so buffer memory in these cases is packet-congestible (see Section 4.1.1). The path through a machine will typically encounter both packet- congestible and bit-congestible resources. However, currently, a design goal of network processing equipment such as routers and firewalls is to size the packet-processing engine(s) relative to the lines in order to keep packet processing uncongested, even under worst-case packet rates with runs of minimum-size packets. Therefore, packet congestion is currently rare (see Section 3.3 of [RFC6077]), but there is no guarantee that it will not become more common in the future. Note that information is generally processed or transmitted with a minimum granularity greater than a bit (e.g., octets). The appropriate granularity for the resource in question should be used, but for the sake of brevity we will talk in terms of bytes in this memo. Coarser Granularity: Resources may be congestible at higher levels of granularity than bits or packets, for instance stateful firewalls are flow-congestible and call-servers are session- congestible. This memo focuses on congestion of connectionless resources, but the same principles may be applicable for congestion notification protocols controlling per-flow and per- session processing or state. RED Terminology: In RED, whether to use packets or bytes when measuring queues is called, respectively, 'packet-mode queue measurement' or 'byte-mode queue measurement'. And whether the probability of dropping a particular packet is independent or dependent on its size is called, respectively, 'packet-mode drop' or 'byte-mode drop'. The terms 'byte-mode' and 'packet-mode' should not be used without specifying whether they apply to queue measurement or to drop. 1.2. Example Comparing Packet-Mode Drop and Byte-Mode Drop Taking RED as a well-known example algorithm, a central question addressed by this document is whether to recommend RED's packet-mode drop variant and to deprecate byte-mode drop. Table 1 compares how packet-mode and byte-mode drop affect two flows of different size
packets. For each it gives the expected number of packets and of bits dropped in one second. Each example flow runs at the same bit rate of 48 Mbps, but one is broken up into small 60 byte packets and the other into large 1,500 byte packets. To keep up the same bit rate, in one second there are about 25 times more small packets because they are 25 times smaller. As can be seen from the table, the packet rate is 100,000 small packets versus 4,000 large packets per second (pps). Parameter Formula Small packets Large packets -------------------- --------------- ------------- ------------- Packet size s/8 60 B 1,500 B Packet size s 480 b 12,000 b Bit rate x 48 Mbps 48 Mbps Packet rate u = x/s 100 kpps 4 kpps Packet-mode Drop Pkt-loss probability p 0.1% 0.1% Pkt-loss rate p*u 100 pps 4 pps Bit-loss rate p*u*s 48 kbps 48 kbps Byte-mode Drop MTU, M=12,000 b Pkt-loss probability b = p*s/M 0.004% 0.1% Pkt-loss rate b*u 4 pps 4 pps Bit-loss rate b*u*s 1.92 kbps 48 kbps Table 1: Example Comparing Packet-Mode and Byte-Mode Drop For packet-mode drop, we illustrate the effect of a drop probability of 0.1%, which the algorithm applies to all packets irrespective of size. Because there are 25 times more small packets in one second, it naturally drops 25 times more small packets, that is, 100 small packets but only 4 large packets. But if we count how many bits it drops, there are 48,000 bits in 100 small packets and 48,000 bits in 4 large packets -- the same number of bits of small packets as large. The packet-mode drop algorithm drops any bit with the same probability whether the bit is in a small or a large packet. For byte-mode drop, again we use an example drop probability of 0.1%, but only for maximum size packets (assuming the link maximum transmission unit (MTU) is 1,500 B or 12,000 b). The byte-mode algorithm reduces the drop probability of smaller packets proportional to their size, making the probability that it drops a small packet 25 times smaller at 0.004%. But there are 25 times more small packets, so dropping them with 25 times lower probability results in dropping the same number of packets: 4 drops in both
cases. The 4 small dropped packets contain 25 times less bits than the 4 large dropped packets: 1,920 compared to 48,000. The byte-mode drop algorithm drops any bit with a probability proportionate to the size of the packet it is in. 2. Recommendations This section gives recommendations related to network equipment in Sections 2.1 and 2.2, and we discuss the implications on transport protocols in Sections 2.3 and 2.4. 2.1. Recommendation on Queue Measurement Ideally, an AQM would measure the service time of the queue to measure congestion of a resource. However service time can only be measured as packets leave the queue, where it is not always expedient to implement a full AQM algorithm. To predict the service time as packets join the queue, an AQM algorithm needs to measure the length of the queue. In this case, if the resource is bit-congestible, the AQM implementation SHOULD measure the length of the queue in bytes and, if the resource is packet-congestible, the implementation SHOULD measure the length of the queue in packets. Subject to the exceptions below, no other choice makes sense, because the number of packets waiting in the queue isn't relevant if the resource gets congested by bytes and vice versa. For example, the length of the queue into a transmission line would be measured in bytes, while the length of the queue into a firewall would be measured in packets. To avoid the pathological effects of tail drop, the AQM can then transform this service time or queue length into the probability of dropping or marking a packet (e.g., RED's piecewise linear function between thresholds). What this advice means for RED as a specific example: 1. A RED implementation SHOULD use byte-mode queue measurement for measuring the congestion of bit-congestible resources and packet- mode queue measurement for packet-congestible resources. 2. An implementation SHOULD NOT make it possible to configure the way a queue measures itself, because whether a queue is bit- congestible or packet-congestible is an inherent property of the queue.
Exceptions to these recommendations might be necessary, for instance where a packet-congestible resource has to be configured as a proxy bottleneck for a bit-congestible resource in an adjacent box that does not support AQM. The recommended approach in less straightforward scenarios, such as fixed-size packet buffers, resources without a queue, and buffers comprising a mix of packet and bit-congestible resources, is discussed in Section 4.1. For instance, Section 4.1.1 explains that the queue into a line should be measured in bytes even if the queue consists of fixed-size packet buffers, because the root cause of any congestion is bytes arriving too fast for the line -- packets filling buffers are merely a symptom of the underlying congestion of the line. 2.2. Recommendation on Encoding Congestion Notification When encoding congestion notification (e.g., by drop, ECN, or PCN), the probability that network equipment drops or marks a particular packet to notify congestion SHOULD NOT depend on the size of the packet in question. As the example in Section 1.2 illustrates, to drop any bit with probability 0.1%, it is only necessary to drop every packet with probability 0.1% without regard to the size of each packet. This approach ensures the network layer offers sufficient congestion information for all known and future transport protocols and also ensures no perverse incentives are created that would encourage transports to use inappropriately small packet sizes. What this advice means for RED as a specific example: 1. The RED AQM algorithm SHOULD NOT use byte-mode drop, i.e., it ought to use packet-mode drop. Byte-mode drop is more complex, it creates the perverse incentive to fragment segments into tiny pieces and it is vulnerable to floods of small packets. 2. If a vendor has implemented byte-mode drop, and an operator has turned it on, it is RECOMMENDED that the operator use packet-mode drop instead, after establishing if there are any implications on the relative performance of applications using different packet sizes. The unlikely possibility of some application-specific legacy use of byte-mode drop is the only reason that all the above recommendations on encoding congestion notification are not phrased more strongly.
RED as a whole SHOULD NOT be switched off. Without RED, a tail- drop queue biases against large packets and is vulnerable to floods of small packets. Note well that RED's byte-mode queue drop is completely orthogonal to byte-mode queue measurement and should not be confused with it. If a RED implementation has a byte-mode but does not specify what sort of byte-mode, it is most probably byte-mode queue measurement, which is fine. However, if in doubt, the vendor should be consulted. A survey (Appendix A) showed that there appears to be little, if any, installed base of the byte-mode drop variant of RED. This suggests that deprecating byte-mode drop will have little, if any, incremental deployment impact. 2.3. Recommendation on Responding to Congestion When a transport detects that a packet has been lost or congestion marked, it SHOULD consider the strength of the congestion indication as proportionate to the size in octets (bytes) of the missing or marked packet. In other words, when a packet indicates congestion (by being lost or marked), it can be considered conceptually as if there is a congestion indication on every octet of the packet, not just one indication per packet. To be clear, the above recommendation solely describes how a transport should interpret the meaning of a congestion indication, as a long term goal. It makes no recommendation on whether a transport should act differently based on this interpretation. It merely aids interoperability between transports, if they choose to make their actions depend on the strength of congestion indications. This definition will be useful as the IETF transport area continues its programme of: o updating host-based congestion control protocols to take packet size into account, and o making transports less sensitive to losing control packets like SYNs and pure ACKs.
What this advice means for the case of TCP: 1. If two TCP flows with different packet sizes are required to run at equal bit rates under the same path conditions, this SHOULD be done by altering TCP (Section 4.2.2), not network equipment (the latter affects other transports besides TCP). 2. If it is desired to improve TCP performance by reducing the chance that a SYN or a pure ACK will be dropped, this SHOULD be done by modifying TCP (Section 4.2.3), not network equipment. To be clear, we are not recommending at all that TCPs under equivalent conditions should aim for equal bit rates. We are merely saying that anyone trying to do such a thing should modify their TCP algorithm, not the network. These recommendations are phrased as 'SHOULD' rather than 'MUST', because there may be cases where expediency dictates that compatibility with pre-existing versions of a transport protocol make the recommendations impractical. 2.4. Recommendation on Handling Congestion Indications When Splitting or Merging Packets Packets carrying congestion indications may be split or merged in some circumstances (e.g., at an RTP / RTP Control Protocol (RTCP) transcoder or during IP fragment reassembly). Splitting and merging only make sense in the context of ECN, not loss. The general rule to follow is that the number of octets in packets with congestion indications SHOULD be equivalent before and after merging or splitting. This is based on the principle used above; that an indication of congestion on a packet can be considered as an indication of congestion on each octet of the packet. The above rule is not phrased with the word 'MUST' to allow the following exception. There are cases in which pre-existing protocols were not designed to conserve congestion-marked octets (e.g., IP fragment reassembly [RFC3168] or loss statistics in RTCP receiver reports [RFC3550] before ECN was added [RFC6679]). When any such protocol is updated, it SHOULD comply with the above rule to conserve marked octets. However, the rule may be relaxed if it would otherwise become too complex to interoperate with pre-existing implementations of the protocol. One can think of a splitting or merging process as if all the incoming congestion-marked octets increment a counter and all the outgoing marked octets decrement the same counter. In order to
ensure that congestion indications remain timely, even the smallest positive remainder in the conceptual counter should trigger the next outgoing packet to be marked (causing the counter to go negative).