Tech-invite3GPPspaceIETF RFCsSIP
in Index   Prev   Next

RFC 7141

Byte and Packet Congestion Notification

Pages: 41
Best Current Practice: 41
BCP 41 is also:  2914
Updates:  23092914
Part 1 of 3 – Pages 1 to 13
None   None   Next

Top   ToC   RFC7141 - Page 1
Internet Engineering Task Force (IETF)                        B. Briscoe
Request for Comments: 7141                                            BT
BCP: 41                                                        J. Manner
Updates: 2309, 2914                                     Aalto University
Category: Best Current Practice                            February 2014
ISSN: 2070-1721

                Byte and Packet Congestion Notification


This document provides recommendations of best current practice for dropping or marking packets using any active queue management (AQM) algorithm, including Random Early Detection (RED), BLUE, Pre- Congestion Notification (PCN), and newer schemes such as CoDel (Controlled Delay) and PIE (Proportional Integral controller Enhanced). We give three strong recommendations: (1) packet size should be taken into account when transports detect and respond to congestion indications, (2) packet size should not be taken into account when network equipment creates congestion signals (marking, dropping), and therefore (3) in the specific case of RED, the byte- mode packet drop variant that drops fewer small packets should not be used. This memo updates RFC 2309 to deprecate deliberate preferential treatment of small packets in AQM algorithms. Status of This Memo This memo documents an Internet Best Current Practice. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on BCPs is available in Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at
Top   ToC   RFC7141 - Page 2
Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.
Top   ToC   RFC7141 - Page 3

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Terminology and Scoping . . . . . . . . . . . . . . . . . 6 1.2. Example Comparing Packet-Mode Drop and Byte-Mode Drop . . 7 2. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 9 2.1. Recommendation on Queue Measurement . . . . . . . . . . . 9 2.2. Recommendation on Encoding Congestion Notification . . . 10 2.3. Recommendation on Responding to Congestion . . . . . . . 11 2.4. Recommendation on Handling Congestion Indications When Splitting or Merging Packets . . . . . . . . . . . . . . 12 3. Motivating Arguments . . . . . . . . . . . . . . . . . . . . 13 3.1. Avoiding Perverse Incentives to (Ab)use Smaller Packets . 13 3.2. Small != Control . . . . . . . . . . . . . . . . . . . . 14 3.3. Transport-Independent Network . . . . . . . . . . . . . . 14 3.4. Partial Deployment of AQM . . . . . . . . . . . . . . . . 16 3.5. Implementation Efficiency . . . . . . . . . . . . . . . . 17 4. A Survey and Critique of Past Advice . . . . . . . . . . . . 17 4.1. Congestion Measurement Advice . . . . . . . . . . . . . . 18 4.1.1. Fixed-Size Packet Buffers . . . . . . . . . . . . . . 18 4.1.2. Congestion Measurement without a Queue . . . . . . . 19 4.2. Congestion Notification Advice . . . . . . . . . . . . . 20 4.2.1. Network Bias When Encoding . . . . . . . . . . . . . 20 4.2.2. Transport Bias When Decoding . . . . . . . . . . . . 22 4.2.3. Making Transports Robust against Control Packet Losses . . . . . . . . . . . . . . . . . . . . . . . 23 4.2.4. Congestion Notification: Summary of Conflicting Advice . . . . . . . . . . . . . . . . . . . . . . . 24 5. Outstanding Issues and Next Steps . . . . . . . . . . . . . . 25 5.1. Bit-congestible Network . . . . . . . . . . . . . . . . . 25 5.2. Bit- and Packet-Congestible Network . . . . . . . . . . . 26 6. Security Considerations . . . . . . . . . . . . . . . . . . . 26 7. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 27 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 28 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 28 9.1. Normative References . . . . . . . . . . . . . . . . . . 28 9.2. Informative References . . . . . . . . . . . . . . . . . 29 Appendix A. Survey of RED Implementation Status . . . . . . . . 33 Appendix B. Sufficiency of Packet-Mode Drop . . . . . . . . . . 34 B.1. Packet-Size (In)Dependence in Transports . . . . . . . . 35 B.2. Bit-Congestible and Packet-Congestible Indications . . . 38 Appendix C. Byte-Mode Drop Complicates Policing Congestion Response . . . . . . . . . . . . . . . . . . . . . . 39
Top   ToC   RFC7141 - Page 4

1. Introduction

This document provides recommendations of best current practice for how we should correctly scale congestion control functions with respect to packet size for the long term. It also recognises that expediency may be necessary to deal with existing widely deployed protocols that don't live up to the long-term goal. When signalling congestion, the problem of how (and whether) to take packet sizes into account has exercised the minds of researchers and practitioners for as long as active queue management (AQM) has been discussed. Indeed, one reason AQM was originally introduced was to reduce the lock-out effects that small packets can have on large packets in tail-drop queues. This memo aims to state the principles we should be using and to outline how these principles will affect future protocol design, taking into account pre-existing deployments. The question of whether to take into account packet size arises at three stages in the congestion notification process: Measuring congestion: When a congested resource measures locally how congested it is, should it measure its queue length in time, bytes, or packets? Encoding congestion notification into the wire protocol: When a congested network resource signals its level of congestion, should the probability that it drops/marks each packet depend on the size of the particular packet in question? Decoding congestion notification from the wire protocol: When a transport interprets the notification in order to decide how much to respond to congestion, should it take into account the size of each missing or marked packet? Consensus has emerged over the years concerning the first stage, which Section 2.1 records in the RFC Series. In summary: If possible, it is best to measure congestion by time in the queue; otherwise, the choice between bytes and packets solely depends on whether the resource is congested by bytes or packets. The controversy is mainly around the last two stages: whether to allow for the size of the specific packet notifying congestion i) when the network encodes or ii) when the transport decodes the congestion notification. Currently, the RFC series is silent on this matter other than a paper trail of advice referenced from [RFC2309], which conditionally recommends byte-mode (packet-size dependent) drop [pktByteEmail].
Top   ToC   RFC7141 - Page 5
   Reducing the number of small packets dropped certainly has some
   tempting advantages: i) it drops fewer control packets, which tend to
   be small and ii) it makes TCP's bit rate less dependent on packet
   size.  However, there are ways of addressing these issues at the
   transport layer, rather than reverse engineering network forwarding
   to fix the problems.

   This memo updates [RFC2309] to deprecate deliberate preferential
   treatment of packets in AQM algorithms solely because of their size.
   It recommends that (1) packet size should be taken into account when
   transports detect and respond to congestion indications, (2) not when
   network equipment creates them.  This memo also adds to the
   congestion control principles enumerated in BCP 41 [RFC2914].

   In the particular case of Random Early Detection (RED), this means
   that the byte-mode packet drop variant should not be used to drop
   fewer small packets, because that creates a perverse incentive for
   transports to use tiny segments, consequently also opening up a DoS
   vulnerability.  Fortunately, all the RED implementers who responded
   to our admittedly limited survey (Section 4.2.4) have not followed
   the earlier advice to use byte-mode drop, so the position this memo
   argues for seems to already exist in implementations.

   However, at the transport layer, TCP congestion control is a widely
   deployed protocol that doesn't scale with packet size (i.e., its
   reduction in rate does not take into account the size of a lost
   packet).  To date, this hasn't been a significant problem because
   most TCP implementations have been used with similar packet sizes.
   But, as we design new congestion control mechanisms, this memo
   recommends that we build in scaling with packet size rather than
   assuming that we should follow TCP's example.

   This memo continues as follows.  First, it discusses terminology and
   scoping.  Section 2 gives concrete formal recommendations, followed
   by motivating arguments in Section 3.  We then critically survey the
   advice given previously in the RFC Series and the research literature
   (Section 4), referring to an assessment of whether or not this advice
   has been followed in production networks (Appendix A).  To wrap up,
   outstanding issues are discussed that will need resolution both to
   inform future protocol designs and to handle legacy AQM deployments
   (Section 5).  Then security issues are collected together in
   Section 6 before conclusions are drawn in Section 7.  The interested
   reader can find discussion of more detailed issues on the theme of
   byte vs. packet in the appendices.

   This memo intentionally includes a non-negligible amount of material
   on the subject.  For the busy reader, Section 2 summarises the
   recommendations for the Internet community.
Top   ToC   RFC7141 - Page 6

1.1. Terminology and Scoping

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. This memo applies to the design of all AQM algorithms, for example, Random Early Detection (RED) [RFC2309], BLUE [BLUE02], Pre-Congestion Notification (PCN) [RFC5670], Controlled Delay (CoDel) [CoDel], and the Proportional Integral controller Enhanced (PIE) [PIE]. Throughout, RED is used as a concrete example because it is a widely known and deployed AQM algorithm. There is no intention to imply that the advice is any less applicable to the other algorithms, nor that RED is preferred. Congestion Notification: Congestion notification is a changing signal that aims to communicate the probability that the network resource(s) will not be able to forward the level of traffic load offered (or that there is an impending risk that they will not be able to). The 'impending risk' qualifier is added, because AQM systems set a virtual limit smaller than the actual limit to the resource, then notify the transport when this virtual limit is exceeded in order to avoid uncontrolled congestion of the actual capacity. Congestion notification communicates a real number bounded by the range [ 0 , 1 ]. This ties in with the most well-understood measure of congestion notification: drop probability. Explicit and Implicit Notification: The byte vs. packet dilemma concerns congestion notification irrespective of whether it is signalled implicitly by drop or explicitly using ECN [RFC3168] or PCN [RFC5670]. Throughout this document, unless clear from the context, the term 'marking' will be used to mean notifying congestion explicitly, while 'congestion notification' will be used to mean notifying congestion either implicitly by drop or explicitly by marking. Bit-congestible vs. Packet-congestible: If the load on a resource depends on the rate at which packets arrive, it is called 'packet- congestible'. If the load depends on the rate at which bits arrive, it is called 'bit-congestible'.
Top   ToC   RFC7141 - Page 7
      Examples of packet-congestible resources are route look-up engines
      and firewalls, because load depends on how many packet headers
      they have to process.  Examples of bit-congestible resources are
      transmission links, radio power, and most buffer memory, because
      the load depends on how many bits they have to transmit or store.
      Some machine architectures use fixed-size packet buffers, so
      buffer memory in these cases is packet-congestible (see
      Section 4.1.1).

      The path through a machine will typically encounter both packet-
      congestible and bit-congestible resources.  However, currently, a
      design goal of network processing equipment such as routers and
      firewalls is to size the packet-processing engine(s) relative to
      the lines in order to keep packet processing uncongested, even
      under worst-case packet rates with runs of minimum-size packets.
      Therefore, packet congestion is currently rare (see Section 3.3 of
      [RFC6077]), but there is no guarantee that it will not become more
      common in the future.

      Note that information is generally processed or transmitted with a
      minimum granularity greater than a bit (e.g., octets).  The
      appropriate granularity for the resource in question should be
      used, but for the sake of brevity we will talk in terms of bytes
      in this memo.

   Coarser Granularity:  Resources may be congestible at higher levels
      of granularity than bits or packets, for instance stateful
      firewalls are flow-congestible and call-servers are session-
      congestible.  This memo focuses on congestion of connectionless
      resources, but the same principles may be applicable for
      congestion notification protocols controlling per-flow and per-
      session processing or state.

   RED Terminology:  In RED, whether to use packets or bytes when
      measuring queues is called, respectively, 'packet-mode queue
      measurement' or 'byte-mode queue measurement'.  And whether the
      probability of dropping a particular packet is independent or
      dependent on its size is called, respectively, 'packet-mode drop'
      or 'byte-mode drop'.  The terms 'byte-mode' and 'packet-mode'
      should not be used without specifying whether they apply to queue
      measurement or to drop.

1.2. Example Comparing Packet-Mode Drop and Byte-Mode Drop

Taking RED as a well-known example algorithm, a central question addressed by this document is whether to recommend RED's packet-mode drop variant and to deprecate byte-mode drop. Table 1 compares how packet-mode and byte-mode drop affect two flows of different size
Top   ToC   RFC7141 - Page 8
   packets.  For each it gives the expected number of packets and of
   bits dropped in one second.  Each example flow runs at the same bit
   rate of 48 Mbps, but one is broken up into small 60 byte packets and
   the other into large 1,500 byte packets.

   To keep up the same bit rate, in one second there are about 25 times
   more small packets because they are 25 times smaller.  As can be seen
   from the table, the packet rate is 100,000 small packets versus 4,000
   large packets per second (pps).

     Parameter            Formula         Small packets Large packets
     -------------------- --------------- ------------- -------------
     Packet size          s/8                      60 B       1,500 B
     Packet size          s                       480 b      12,000 b
     Bit rate             x                     48 Mbps       48 Mbps
     Packet rate          u = x/s              100 kpps        4 kpps

     Packet-mode Drop
     Pkt-loss probability p                        0.1%          0.1%
     Pkt-loss rate        p*u                   100 pps         4 pps
     Bit-loss rate        p*u*s                 48 kbps       48 kbps

     Byte-mode Drop       MTU, M=12,000 b
     Pkt-loss probability b = p*s/M              0.004%          0.1%
     Pkt-loss rate        b*u                     4 pps         4 pps
     Bit-loss rate        b*u*s               1.92 kbps       48 kbps

         Table 1: Example Comparing Packet-Mode and Byte-Mode Drop

   For packet-mode drop, we illustrate the effect of a drop probability
   of 0.1%, which the algorithm applies to all packets irrespective of
   size.  Because there are 25 times more small packets in one second,
   it naturally drops 25 times more small packets, that is, 100 small
   packets but only 4 large packets.  But if we count how many bits it
   drops, there are 48,000 bits in 100 small packets and 48,000 bits in
   4 large packets -- the same number of bits of small packets as large.

      The packet-mode drop algorithm drops any bit with the same
      probability whether the bit is in a small or a large packet.

   For byte-mode drop, again we use an example drop probability of 0.1%,
   but only for maximum size packets (assuming the link maximum
   transmission unit (MTU) is 1,500 B or 12,000 b).  The byte-mode
   algorithm reduces the drop probability of smaller packets
   proportional to their size, making the probability that it drops a
   small packet 25 times smaller at 0.004%.  But there are 25 times more
   small packets, so dropping them with 25 times lower probability
   results in dropping the same number of packets: 4 drops in both
Top   ToC   RFC7141 - Page 9
   cases.  The 4 small dropped packets contain 25 times less bits than
   the 4 large dropped packets: 1,920 compared to 48,000.

      The byte-mode drop algorithm drops any bit with a probability
      proportionate to the size of the packet it is in.

2. Recommendations

This section gives recommendations related to network equipment in Sections 2.1 and 2.2, and we discuss the implications on transport protocols in Sections 2.3 and 2.4.

2.1. Recommendation on Queue Measurement

Ideally, an AQM would measure the service time of the queue to measure congestion of a resource. However service time can only be measured as packets leave the queue, where it is not always expedient to implement a full AQM algorithm. To predict the service time as packets join the queue, an AQM algorithm needs to measure the length of the queue. In this case, if the resource is bit-congestible, the AQM implementation SHOULD measure the length of the queue in bytes and, if the resource is packet-congestible, the implementation SHOULD measure the length of the queue in packets. Subject to the exceptions below, no other choice makes sense, because the number of packets waiting in the queue isn't relevant if the resource gets congested by bytes and vice versa. For example, the length of the queue into a transmission line would be measured in bytes, while the length of the queue into a firewall would be measured in packets. To avoid the pathological effects of tail drop, the AQM can then transform this service time or queue length into the probability of dropping or marking a packet (e.g., RED's piecewise linear function between thresholds). What this advice means for RED as a specific example: 1. A RED implementation SHOULD use byte-mode queue measurement for measuring the congestion of bit-congestible resources and packet- mode queue measurement for packet-congestible resources. 2. An implementation SHOULD NOT make it possible to configure the way a queue measures itself, because whether a queue is bit- congestible or packet-congestible is an inherent property of the queue.
Top   ToC   RFC7141 - Page 10
   Exceptions to these recommendations might be necessary, for instance
   where a packet-congestible resource has to be configured as a proxy
   bottleneck for a bit-congestible resource in an adjacent box that
   does not support AQM.

   The recommended approach in less straightforward scenarios, such as
   fixed-size packet buffers, resources without a queue, and buffers
   comprising a mix of packet and bit-congestible resources, is
   discussed in Section 4.1.  For instance, Section 4.1.1 explains that
   the queue into a line should be measured in bytes even if the queue
   consists of fixed-size packet buffers, because the root cause of any
   congestion is bytes arriving too fast for the line -- packets filling
   buffers are merely a symptom of the underlying congestion of the

2.2. Recommendation on Encoding Congestion Notification

When encoding congestion notification (e.g., by drop, ECN, or PCN), the probability that network equipment drops or marks a particular packet to notify congestion SHOULD NOT depend on the size of the packet in question. As the example in Section 1.2 illustrates, to drop any bit with probability 0.1%, it is only necessary to drop every packet with probability 0.1% without regard to the size of each packet. This approach ensures the network layer offers sufficient congestion information for all known and future transport protocols and also ensures no perverse incentives are created that would encourage transports to use inappropriately small packet sizes. What this advice means for RED as a specific example: 1. The RED AQM algorithm SHOULD NOT use byte-mode drop, i.e., it ought to use packet-mode drop. Byte-mode drop is more complex, it creates the perverse incentive to fragment segments into tiny pieces and it is vulnerable to floods of small packets. 2. If a vendor has implemented byte-mode drop, and an operator has turned it on, it is RECOMMENDED that the operator use packet-mode drop instead, after establishing if there are any implications on the relative performance of applications using different packet sizes. The unlikely possibility of some application-specific legacy use of byte-mode drop is the only reason that all the above recommendations on encoding congestion notification are not phrased more strongly.
Top   ToC   RFC7141 - Page 11
       RED as a whole SHOULD NOT be switched off.  Without RED, a tail-
       drop queue biases against large packets and is vulnerable to
       floods of small packets.

   Note well that RED's byte-mode queue drop is completely orthogonal to
   byte-mode queue measurement and should not be confused with it.  If a
   RED implementation has a byte-mode but does not specify what sort of
   byte-mode, it is most probably byte-mode queue measurement, which is
   fine.  However, if in doubt, the vendor should be consulted.

   A survey (Appendix A) showed that there appears to be little, if any,
   installed base of the byte-mode drop variant of RED.  This suggests
   that deprecating byte-mode drop will have little, if any, incremental
   deployment impact.

2.3. Recommendation on Responding to Congestion

When a transport detects that a packet has been lost or congestion marked, it SHOULD consider the strength of the congestion indication as proportionate to the size in octets (bytes) of the missing or marked packet. In other words, when a packet indicates congestion (by being lost or marked), it can be considered conceptually as if there is a congestion indication on every octet of the packet, not just one indication per packet. To be clear, the above recommendation solely describes how a transport should interpret the meaning of a congestion indication, as a long term goal. It makes no recommendation on whether a transport should act differently based on this interpretation. It merely aids interoperability between transports, if they choose to make their actions depend on the strength of congestion indications. This definition will be useful as the IETF transport area continues its programme of: o updating host-based congestion control protocols to take packet size into account, and o making transports less sensitive to losing control packets like SYNs and pure ACKs.
Top   ToC   RFC7141 - Page 12
   What this advice means for the case of TCP:

   1.  If two TCP flows with different packet sizes are required to run
       at equal bit rates under the same path conditions, this SHOULD be
       done by altering TCP (Section 4.2.2), not network equipment (the
       latter affects other transports besides TCP).

   2.  If it is desired to improve TCP performance by reducing the
       chance that a SYN or a pure ACK will be dropped, this SHOULD be
       done by modifying TCP (Section 4.2.3), not network equipment.

   To be clear, we are not recommending at all that TCPs under
   equivalent conditions should aim for equal bit rates.  We are merely
   saying that anyone trying to do such a thing should modify their TCP
   algorithm, not the network.

   These recommendations are phrased as 'SHOULD' rather than 'MUST',
   because there may be cases where expediency dictates that
   compatibility with pre-existing versions of a transport protocol make
   the recommendations impractical.

2.4. Recommendation on Handling Congestion Indications When Splitting or Merging Packets

Packets carrying congestion indications may be split or merged in some circumstances (e.g., at an RTP / RTP Control Protocol (RTCP) transcoder or during IP fragment reassembly). Splitting and merging only make sense in the context of ECN, not loss. The general rule to follow is that the number of octets in packets with congestion indications SHOULD be equivalent before and after merging or splitting. This is based on the principle used above; that an indication of congestion on a packet can be considered as an indication of congestion on each octet of the packet. The above rule is not phrased with the word 'MUST' to allow the following exception. There are cases in which pre-existing protocols were not designed to conserve congestion-marked octets (e.g., IP fragment reassembly [RFC3168] or loss statistics in RTCP receiver reports [RFC3550] before ECN was added [RFC6679]). When any such protocol is updated, it SHOULD comply with the above rule to conserve marked octets. However, the rule may be relaxed if it would otherwise become too complex to interoperate with pre-existing implementations of the protocol. One can think of a splitting or merging process as if all the incoming congestion-marked octets increment a counter and all the outgoing marked octets decrement the same counter. In order to
Top   ToC   RFC7141 - Page 13
   ensure that congestion indications remain timely, even the smallest
   positive remainder in the conceptual counter should trigger the next
   outgoing packet to be marked (causing the counter to go negative).

(page 13 continued on part 2)

Next Section