In response to pervasive surveillance [RFC 7624
] revelations and the IETF consensus that "Pervasive Monitoring Is an Attack" [RFC 7258
], efforts are underway to increase encryption of Internet traffic. Applying confidentiality to transport header fields can improve privacy and can help to mitigate certain attacks or manipulation of packets by devices on the network path, but it can also affect network operations and measurement [RFC 8404
When considering what parts of the transport headers should be encrypted to provide confidentiality and what parts should be visible to network devices (including unencrypted but authenticated headers), it is necessary to consider both the impact on network operations and management and the implications for ossification and user privacy [Measurement
]. Different parties will view the relative importance of these concerns differently. For some, the benefits of encrypting all the transport headers outweigh the impact of doing so; others might analyse the security, privacy, and ossification impacts and arrive at a different trade-off.
This section reviews examples of the observation of transport-layer headers within the network by using devices on the network path or by using information exported by an on-path device. Unencrypted transport headers provide information that can support network operations and management, and this section notes some ways in which this has been done. Unencrypted transport header information also contributes metadata that can be exploited for purposes unrelated to network transport measurement, diagnostics, or troubleshooting (e.g., to block or to throttle traffic from a specific content provider), and this section also notes some threats relating to unencrypted transport headers.
Exposed transport information also provides a source of information that contributes to linked data sets, which could be exploited to deduce private information, e.g., user patterns, user location, tracking behaviour, etc. This might reveal information the parties did not intend to be revealed. [RFC 6973
] aims to make designers, implementers, and users of Internet protocols aware of privacy-related design choices in IETF protocols.
This section does not consider intentional modification of transport headers by middleboxes, such as devices performing Network Address Translation (NAT) or firewalls.
Some network-layer mechanisms separate network traffic by flow without resorting to identifying the type of traffic: hash-based load sharing across paths (e.g., Equal-Cost Multipath (ECMP)); sharing across a group of links (e.g., using a Link Aggregation Group (LAG)); ensuring equal access to link capacity (e.g., Fair Queuing (FQ)); or distributing traffic to servers (e.g., load balancing). To prevent packet reordering, forwarding engines can consistently forward the same transport flows along the same forwarding path, often achieved by calculating a hash using an n-tuple gleaned from a combination of link header information through to transport header information. This n-tuple can use the Media Access Control (MAC) address and IP addresses and can include observable transport header information.
When transport header information cannot be observed, there can be less information to separate flows at equipment along the path. Flow separation might not be possible when a transport forms traffic into an encrypted aggregate. For IPv6, the Flow Label [RFC 6437
] can be used even when all transport information is encrypted, enabling Flow Label-based ECMP [RFC 6438
] and load sharing [RFC 7098
Information in exposed transport-layer headers can be used by the network to identify transport protocols and flows [RFC 8558
]. The ability to identify transport protocols, flows, and sessions is a common function performed, for example, by measurement activities, Quality of Service (QoS) classifiers, and firewalls. These functions can be beneficial and performed with the consent of, and in support of, the end user. Alternatively, the same mechanisms could be used to support practises that might be adversarial to the end user, including blocking, deprioritising, and monitoring traffic without consent.
Observable transport header information, together with information in the network header, has been used to identify flows and their connection state, together with the set of protocol options being used. Transport protocols, such as TCP [RFC 7414
] and the Stream Control Transmission Protocol (SCTP) [RFC 4960
], specify a standard base header that includes sequence number information and other data. They also have the possibility to negotiate additional headers at connection setup, identified by an option number in the transport header.
In some uses, an assigned transport port (e.g., 0..49151) can identify the upper-layer protocol or service [RFC 7605
]. However, port information alone is not sufficient to guarantee identification. Applications can use arbitrary ports and do not need to use assigned port numbers. The use of an assigned port number is also not limited to the protocol for which the port is intended. Multiple sessions can also be multiplexed on a single port, and ports can be reused by subsequent sessions.
Some flows can be identified by observing signalling data (e.g., see [RFC 3261
] and [RFC 8837
]) or through the use of magic numbers placed in the first byte(s) of a datagram payload [RFC 7983
When transport header information cannot be observed, this removes information that could have been used to classify flows by passive observers along the path. More ambitious ways could be used to collect, estimate, or infer flow information, including heuristics based on the analysis of traffic patterns, such as classification of flows relying on timing, volumes of information, and correlation between multiple flows. For example, an operator that cannot access the Session Description Protocol (SDP) session descriptions [RFC 8866
] to classify a flow as audio traffic might instead use (possibly less-reliable) heuristics to infer that short UDP packets with regular spacing carry audio traffic. Operational practises aimed at inferring transport parameters are out of scope for this document, and are only mentioned here to recognise that encryption does not prevent operators from attempting to apply practises that were used with unencrypted transport headers.
The IAB [RFC 8546
] has provided a summary of expected implications of increased encryption on network functions that use the observable headers and describe the expected benefits of designs that explicitly declare protocol-invariant header information that can be used for this purpose.
This subsection describes use by the network of exposed transport-layer headers to understand transport protocol performance and behaviour.
Observable transport headers enable explicit measurement and analysis of protocol performance and detection of network anomalies at any point along the Internet path. Some operators use passive monitoring to manage their portion of the Internet by characterising the performance of link/network segments. Inferences from transport headers are used to derive performance metrics:
Traffic Rate and Volume:
Per-application traffic rate and volume measures can be used to characterise the traffic that uses a network segment or the pattern of network usage. Observing the protocol sequence number and packet size offers one way to measure this (e.g., measurements observing counters in periodic reports, such as RTCP [RFC 3550] [RFC 3711] [RFC 4585], or measurements observing protocol sequence numbers in statistical samples of packet flows or specific control packets, such as those observed at the start and end of a flow).
Measurements can be per endpoint or for an endpoint aggregate. These could be used to assess usage or for subscriber billing.
Such measurements can be used to trigger traffic shaping and to associate QoS support within the network and lower layers. This can be done with consent and in support of an end user to improve quality of service or could be used by the network to deprioritise certain flows without user consent.
The traffic rate and volume can be determined, providing that the packets belonging to individual flows can be identified, but there might be no additional information about a flow when the transport headers cannot be observed.
Loss Rate and Loss Pattern:
Flow loss rate can be derived (e.g., from transport sequence numbers or inferred from observing transport protocol interactions) and has been used as a metric for performance assessment and to characterise transport behaviour. Network operators have used the variation in patterns to detect changes in the offered service. Understanding the location and root cause of loss can help an operator determine whether this requires corrective action.
There are various causes of loss, including: corruption of link frames (e.g., due to interference on a radio link); buffering loss (e.g., overflow due to congestion, Active Queue Management (AQM) [RFC 7567], or inadequate provision following traffic preemption), and policing (e.g., traffic management [RFC 2475]). Understanding flow loss rates requires maintaining the per-flow state (flow identification often requires transport-layer information) and either observing the increase in sequence numbers in the network or transport headers or comparing a per-flow packet counter with the number of packets that the flow actually sent. Per-hop loss can also sometimes be monitored at the interface level by devices on the network path or by using in-situ methods operating over a network segment (see Section 3.3).
The pattern of loss can provide insight into the cause of loss. Losses can often occur as bursts, randomly timed events, etc. It can also be valuable to understand the conditions under which loss occurs. This usually requires relating loss to the traffic flowing at a network node or segment at the time of loss. Transport header information can help identify cases where loss could have been wrongly identified or where the transport did not require retransmission of a lost packet.
Throughput and Goodput:
Throughput is the amount of payload data sent by a flow per time interval. Goodput (the subset of throughput consisting of useful traffic; see Section 2.5 of RFC 7928 and [RFC 5166]) is a measure of useful data exchanged. The throughput of a flow can be determined in the absence of transport header information, providing that the individual flow can be identified, and the overhead known. Goodput requires the ability to differentiate loss and retransmission of packets, for example, by observing packet sequence numbers in the TCP or RTP headers [RFC 3550].
Latency is a key performance metric that impacts application and user-perceived response times. It often indirectly impacts throughput and flow completion time. This determines the reaction time of the transport protocol itself, impacting flow setup, congestion control, loss recovery, and other transport mechanisms. The observed latency can have many components [Latency]. Of these, unnecessary/unwanted queueing in buffers of the network devices on the path has often been observed as a significant factor [bufferbloat]. Once the cause of unwanted latency has been identified, this can often be eliminated.
To measure latency across a part of a path, an observation point [RFC 7799] can measure the experienced round-trip time (RTT) by using packet sequence numbers and acknowledgements or by observing header timestamp information. Such information allows an observation point on the network path to determine not only the path RTT but also allows measurement of the upstream and downstream contribution to the RTT. This could be used to locate a source of latency, e.g., by observing cases where the median RTT is much greater than the minimum RTT for a part of a path.
The service offered by network operators can benefit from latency information to understand the impact of configuration changes and to tune deployed services. Latency metrics are key to evaluating and deploying AQM [RFC 7567], Diffserv [RFC 2474], and Explicit Congestion Notification (ECN) [RFC 3168] [RFC 8087]. Measurements could identify excessively large buffers, indicating where to deploy or configure AQM. An AQM method is often deployed in combination with other techniques, such as scheduling [RFC 7567] [RFC 8290], and although parameter-less methods are desired [RFC 7567], current methods often require tuning [RFC 8290] [RFC 8289] [RFC 8033] because they cannot scale across all possible deployment scenarios.
Latency and round-trip time information can potentially expose some information useful for approximate geolocation, as discussed in [PAM-RTT].
Variation in Delay:
Some network applications are sensitive to (small) changes in packet timing (jitter). Short- and long-term delay variation can impact the latency of a flow and hence the perceived quality of applications using a network path. For example, jitter metrics are often cited when characterising paths supporting real-time traffic. The expected performance of such applications can be inferred from a measure of the variation in delay observed along a portion of the path [RFC 3393] [RFC 5481]. The requirements resemble those for the measurement of latency.
Significant packet reordering within a flow can impact time-critical applications and can be interpreted as loss by reliable transports. Many transport protocol techniques are impacted by reordering (e.g., triggering TCP retransmission or rebuffering of real-time applications). Packet reordering can occur for many reasons, e.g., from equipment design to misconfiguration of forwarding rules. Flow identification is often required to avoid significant packet misordering (e.g., when using ECMP, or LAG). Network tools can detect and measure unwanted/excessive reordering and the impact on transport performance.
There have been initiatives in the IETF transport area to reduce the impact of reordering within a transport flow, possibly leading to a reduction in the requirements for preserving ordering. These have potential to simplify network equipment design as well as the potential to improve robustness of the transport service. Measurements of reordering can help understand the present level of reordering and inform decisions about how to progress new mechanisms.
Techniques for measuring reordering typically observe packet sequence numbers. Metrics have been defined that evaluate whether a network path has maintained packet order on a packet-by-packet basis [RFC 4737] [RFC 5236]. Some protocols provide in-built monitoring and reporting functions. Transport fields in the RTP header [RFC 3550] [RFC 4585] can be observed to derive traffic volume measurements and provide information on the progress and quality of a session using RTP. Metadata assists in understanding the context under which the data was collected, including the time, observation point [RFC 7799], and way in which metrics were accumulated. The RTCP protocol directly reports some of this information in a form that can be directly visible by devices on the network path.
In some cases, measurements could involve active injection of test traffic to perform a measurement (see Section 3.4
of RFC 7799
). However, most operators do not have access to user equipment; therefore, the point of test is normally different from the transport endpoint. Injection of test traffic can incur an additional cost in running such tests (e.g., the implications of capacity tests in a mobile network segment are obvious). Some active measurements [RFC 7799
] (e.g., response under load or particular workloads) perturb other traffic and could require dedicated access to the network segment.
Passive measurements (see Section 3.6
of RFC 7799
) can have advantages in terms of eliminating unproductive test traffic, reducing the influence of test traffic on the overall traffic mix, and having the ability to choose the point of observation (see Section 2.4.1
). Measurements can rely on observing packet headers, which is not possible if those headers are encrypted, but could utilise information about traffic volumes or patterns of interaction to deduce metrics.
Passive packet sampling techniques are also often used to scale the processing involved in observing packets on high-rate links. This exports only the packet header information of (randomly) selected packets. Interpretation of the exported information relies on understanding of the header information. The utility of these measurements depends on the type of network segment/link and number of mechanisms used by the network devices. Simple routers are relatively easy to manage, but a device with more complexity demands understanding of the choice of many system parameters.
Information from the transport header can be used by a multi-field (MF) classifier as a part of policy framework. Policies are commonly used for management of the QoS or Quality of Experience (QoE) in resource-constrained networks or by firewalls to implement access rules (see also Section 2.2.2
of RFC 8404
). Policies can support user applications/services or protect against unwanted or lower-priority traffic (Section 2.4.4
Transport-layer information can also be explicitly carried in network-layer header fields that are not encrypted, serving as a replacement/addition to the exposed transport header information [RFC 8558
]. This information can enable a different forwarding treatment by the devices forming the network path, even when a transport employs encryption to protect other header information.
On the one hand, the user of a transport that multiplexes multiple subflows might want to obscure the presence and characteristics of these subflows. On the other hand, an encrypted transport could set the network-layer information to indicate the presence of subflows and to reflect the service requirements of individual subflows. There are several ways this could be done:
Applications normally expose the endpoint addresses used in the forwarding decisions in network devices. Address and other protocol information can be used by an MF classifier to determine how traffic is treated [RFC 2475] and hence affects the quality of experience for a flow. Common issues concerning IP address sharing are described in [RFC 6269].
Using the IPv6 Network-Layer Flow Label:
A number of Standards Track and Best Current Practice RFCs (e.g., [RFC 8085], [RFC 6437], and [RFC 6438]) encourage endpoints to set the IPv6 Flow Label field of the network-layer header. As per [RFC 6437], IPv6 source nodes "SHOULD assign each unrelated transport connection and application data stream to a new flow." A multiplexing transport could choose to use multiple flow labels to allow the network to independently forward subflows. [RFC 6437] provides further guidance on choosing a flow label value, stating these "should be chosen such that their bits exhibit a high degree of variability" and chosen so that "third parties should be unlikely to be able to guess the next value that a source of flow labels will choose."
Once set, a flow label can provide information that can help inform network-layer queueing and forwarding, including use with IPsec [RFC 6294], Equal-Cost Multipath routing, and Link Aggregation [RFC 6438].
The choice of how to assign a flow label needs to avoid introducing linkages between flows that a network device could not otherwise observe. Inappropriate use by the transport can have privacy implications (e.g., assigning the same label to two independent flows that ought not to be classified similarly).
Using the Network-Layer Differentiated Services Code Point:
Applications can expose their delivery expectations to network devices by setting the Differentiated Services Code Point (DSCP) field of IPv4 and IPv6 packets [RFC 2474]. For example, WebRTC applications identify different forwarding treatments for individual subflows (audio vs. video) based on the value of the DSCP field [RFC 8837]). This provides explicit information to inform network-layer queueing and forwarding, rather than an operator inferring traffic requirements from transport and application headers via a multi-field classifier. Inappropriate use by the transport can have privacy implications (e.g., assigning a different DSCP to a subflow could assist in a network device discovering the traffic pattern used by an application). The field is mutable, i.e., some network devices can be expected to change this field. Since the DSCP value can impact the quality of experience for a flow, observations of service performance have to consider this field when a network path supports differentiated service treatment.
Using Explicit Congestion Notification:
Explicit Congestion Notification (ECN) [RFC 3168] is a transport mechanism that uses the ECN field in the network-layer header. Use of ECN explicitly informs the network layer that a transport is ECN capable and requests ECN treatment of the flow. An ECN-capable transport can offer benefits when used over a path with equipment that implements an AQM method with Congestion Experienced (CE) marking of IP packets [RFC 8087], since it can react to congestion without also having to recover from lost packets.
ECN exposes the presence of congestion. The reception of CE-marked packets can be used to estimate the level of incipient congestion on the upstream portion of the path from the point of observation (Section 2.5 of RFC 8087). Interpreting the marking behaviour (i.e., assessing congestion and diagnosing faults) requires context from the transport layer, such as path RTT.
AQM and ECN offer a range of algorithms and configuration options. Tools therefore have to be available to network operators and researchers to understand the implication of configuration choices and transport behaviour as the use of ECN increases and new methods emerge [RFC 7567].
Network protocols can carry optional headers (see Section 5.1). These can explicitly expose transport header information to on-path devices operating at the network layer (as discussed further in Section 6).
IPv4 [RFC 0791] has provisions for optional header fields. IP routers can examine these headers and are required to ignore IPv4 options that they do not recognise. Many current paths include network devices that forward packets that carry options on a slower processing path. Some network devices (e.g., firewalls) can be (and are) configured to drop these packets [RFC 7126]. BCP 186 [RFC 7126] provides guidance on how operators should treat IPv4 packets that specify options.
IPv6 can encode optional network-layer information in separate headers that may be placed between the IPv6 header and the upper-layer header [RFC 8200] (e.g., the IPv6 Alternate Marking Method [IPV6-ALT-MARK], which can be used to measure packet loss and delay metrics). The Hop-by-Hop Options header, when present, immediately follows the IPv6 header. IPv6 permits this header to be examined by any node along the path if explicitly configured [RFC 8200].
Careful use of the network-layer features (e.g., extension headers can; see Section 5
) help provide similar information in the case where the network is unable to inspect transport protocol headers.
Some network operators make use of on-path observations of transport headers to analyse the service offered to the users of a network segment and inform operational practice and can help detect and locate network problems. [RFC 8517
] gives an operator's perspective about such use.
When observable transport header information is not available, those seeking an understanding of transport behaviour and dynamics might learn to work without that information. Alternatively, they might use more limited measurements combined with pattern inference and other heuristics to infer network behaviour (see Section 2.1.1
of RFC 8404
). Operational practises aimed at inferring transport parameters are out of scope for this document and are only mentioned here to recognise that encryption does not necessarily stop operators from attempting to apply practises that have been used with unencrypted transport headers.
This section discusses topics concerning observation of transport flows, with a focus on transport measurement.
Observations of transport header information can be used to locate the source of problems or to assess the performance of a network segment. Often issues can only be understood in the context of the other flows that share a particular path, particular device configuration, interface port, etc. A simple example is monitoring of a network device that uses a scheduler or active queue management technique [RFC 7567
], where it could be desirable to understand whether the algorithms are correctly controlling latency or if overload protection is working. This implies knowledge of how traffic is assigned to any subqueues used for flow scheduling but can require information about how the traffic dynamics impact active queue management, starvation prevention mechanisms, and circuit breakers.
Sometimes correlating observations of headers at multiple points along the path (e.g., at the ingress and egress of a network segment) allows an observer to determine the contribution of a portion of the path to an observed metric (e.g., to locate a source of delay, jitter, loss, reordering, or congestion marking).
Traffic rate and volume measurements are used to help plan deployment of new equipment and configuration in networks. Data is also valuable to equipment vendors who want to understand traffic trends and patterns of usage as inputs to decisions about planning products and provisioning for new deployments.
Trends in aggregate traffic can be observed and can be related to the endpoint addresses being used, but when transport header information is not observable, it might be impossible to correlate patterns in measurements with changes in transport protocols. This increases the dependency on other indirect sources of information to inform planning and provisioning.
The traffic that can be observed by on-path network devices (the "wire image") is a function of transport protocol design/options, network use, applications, and user characteristics. In general, when only a small proportion of the traffic has a specific (different) characteristic, such traffic seldom leads to operational concern, although the ability to measure and monitor it is lower. The desire to understand the traffic and protocol interactions typically grows as the proportion of traffic increases. The challenges increase when multiple instances of an evolving protocol contribute to the traffic that share network capacity.
Operators can manage traffic load (e.g., when the network is severely overloaded) by deploying rate limiters, traffic shaping, or network transport circuit breakers [RFC 8084
]. The information provided by observing transport headers is a source of data that can help to inform such mechanisms.
Congestion Control Compliance of Traffic:
Congestion control is a key transport function [RFC 2914]. Many network operators implicitly accept that TCP traffic complies with a behaviour that is acceptable for the shared Internet. TCP algorithms have been continuously improved over decades and have reached a level of efficiency and correctness that is difficult to match in custom application-layer mechanisms [RFC 8085].
A standards-compliant TCP stack provides congestion control that is judged safe for use across the Internet. Applications developed on top of well-designed transports can be expected to appropriately control their network usage, reacting when the network experiences congestion, by backing off and reducing the load placed on the network. This is the normal expected behaviour for IETF-specified transports (e.g., TCP and SCTP).
Congestion Control Compliance for UDP Traffic:
UDP provides a minimal message-passing datagram transport that has no inherent congestion control mechanisms. Because congestion control is critical to the stable operation of the Internet, applications and other protocols that choose to use UDP as a transport have to employ mechanisms to prevent collapse, avoid unacceptable contributions to jitter/latency, and establish an acceptable share of capacity with concurrent traffic [RFC 8085].
UDP flows that expose a well-known header can be observed to gain understanding of the dynamics of a flow and its congestion control behaviour. For example, tools exist to monitor various aspects of RTP header information and RTCP reports for real-time flows (see Section 2.3). The Secure RTP and RTCP extensions [RFC 3711] were explicitly designed to expose some header information to enable such observation while protecting the payload data.
A network operator can observe the headers of transport protocols layered above UDP to understand if the datagram flows comply with congestion control expectations. This can help inform a decision on whether it might be appropriate to deploy methods, such as rate limiters, to enforce acceptable usage. The available information determines the level of precision with which flows can be classified and the design space for conditioning mechanisms (e.g., rate-limiting, circuit breaker techniques [RFC 8084], or blocking uncharacterised traffic) [RFC 5218].
When anomalies are detected, tools can interpret the transport header information to help understand the impact of specific transport protocols (or protocol mechanisms) on the other traffic that shares a network. An observer on the network path can gain an understanding of the dynamics of a flow and its congestion control behaviour. Analysing observed flows can help to build confidence that an application flow backs off its share of the network load under persistent congestion and hence to understand whether the behaviour is appropriate for sharing limited network capacity. For example, it is common to visualise plots of TCP sequence numbers versus time for a flow to understand how a flow shares available capacity, deduce its dynamics in response to congestion, etc.
The ability to identify sources and flows that contribute to persistent congestion is important to the safe operation of network infrastructure and can inform configuration of network devices to complement the endpoint congestion avoidance mechanisms [RFC 7567
] [RFC 8084
] to avoid a portion of the network being driven into congestion collapse [RFC 2914
The patterns and types of traffic that share Internet capacity change over time as networked applications, usage patterns, and protocols continue to evolve.
Encryption can increase the volume of "unknown" or "uncharacterised" traffic seen by the network. If these traffic patterns form a small part of the traffic aggregate passing through a network device or segment of the network path, the dynamics of the uncharacterised traffic might not have a significant collateral impact on the performance of other traffic that shares this network segment. Once the proportion of this traffic increases, monitoring the traffic can determine if appropriate safety measures have to be put in place.
Tracking the impact of new mechanisms and protocols requires traffic volume to be measured and new transport behaviours to be identified. This is especially true of protocols operating over a UDP substrate. The level and style of encryption needs to be considered in determining how this activity is performed.
Traffic that cannot be classified typically receives a default treatment. Some networks block or rate-limit traffic that cannot be classified.
On-path observation of the transport headers of packets can be used for various security functions. For example, Denial of Service (DoS) and Distributed DoS (DDoS) attacks against the infrastructure or against an endpoint can be detected and mitigated by characterising anomalous traffic (see Section 2.4.4
) on a shorter timescale. Other uses include support for security audits (e.g., verifying the compliance with cipher suites), client and application fingerprinting for inventory, and alerts provided for network intrusion detection and other next generation firewall functions.
When using an encrypted transport, endpoints can directly provide information to support these security functions. Another method, if the endpoints do not provide this information, is to use an on-path network device that relies on pattern inferences in the traffic and heuristics or machine learning instead of processing observed header information. An endpoint could also explicitly cooperate with an on-path device (e.g., a QUIC endpoint could share information about current uses of connection IDs).
Operators monitor the health of a network segment to support a variety of operational tasks [RFC 8404
], including procedures to provide early warning and trigger action, e.g., to diagnose network problems, to manage security threats (including DoS), to evaluate equipment or protocol performance, or to respond to user performance questions. Information about transport flows can assist in setting buffer sizes and help identify whether link/network tuning is effective. Information can also support debugging and diagnosis of the root causes of faults that concern a particular user's traffic and can support postmortem investigation after an anomaly. Sections 3.1.2
of [RFC 8404
] provide further examples.
Network segments vary in their complexity. The design trade-offs for radio networks are often very different from those of wired networks [RFC 8462
]. A radio-based network (e.g., cellular mobile, enterprise Wireless LAN (WLAN), satellite access/backhaul, point-to-point radio) adds a subsystem that performs radio resource management, with impact on the available capacity and potentially loss/reordering of packets. This impact can differ by traffic type and can be correlated with link propagation and interference. These can impact the cost and performance of a provided service and is expected to increase in importance as operators bring together heterogeneous types of network equipment and deploy opportunistic methods to access a shared radio spectrum.
A variety of open source and proprietary tools have been deployed that use the transport header information observable with widely used protocols, such as TCP or RTP/UDP/IP. Tools that dissect network traffic flows can alert to potential problems that are hard to derive from volume measurements, link statistics, or device measurements alone.
Any introduction of a new transport protocol, protocol feature, or application might require changes to such tools and could impact operational practice and policies. Such changes have associated costs that are incurred by the network operators that need to update their tooling or develop alternative practises that work without access to the changed/removed information.
The use of encryption has the desirable effect of preventing unintended observation of the payload data, and these tools seldom seek to observe the payload or other application details. A flow that hides its transport header information could imply "don't touch" to some operators. This might limit a trouble-shooting response to "can't help, no trouble found".
An alternative that does not require access to an observable transport headers is to access endpoint diagnostic tools or to include user involvement in diagnosing and troubleshooting unusual use cases or to troubleshoot nontrivial problems. Another approach is to use traffic pattern analysis. Such tools can provide useful information during network anomalies (e.g., detecting significant reordering, high or intermittent loss); however, indirect measurements need to be carefully designed to provide information for diagnostics and troubleshooting.
If new protocols, or protocol extensions, are made to closely resemble or match existing mechanisms, then the changes to tooling and the associated costs can be small. Equally, more extensive changes to the transport tend to require more extensive, and more expensive, changes to tooling and operational practice. Protocol designers can mitigate these costs by explicitly choosing to expose selected information as invariants that are guaranteed not to change for a particular protocol (e.g., the header invariants and the spin bit in QUIC [RFC 9000
]). Specification of common log formats and development of alternative approaches can also help mitigate the costs of transport changes.
Some link and network segments are constrained by the capacity they can offer by the time it takes to access capacity (e.g., due to underlying radio resource management methods) or by asymmetries in the design (e.g., many link are designed so that the capacity available is different in the forward and return directions; some radio technologies have different access methods in the forward and return directions resulting from differences in the power budget).
The impact of path constraints can be mitigated using a proxy operating at or above the transport layer to use an alternate transport protocol.
In many cases, one or both endpoints are unaware of the characteristics of the constraining link or network segment, and mitigations are applied below the transport layer. Packet classification and QoS methods (described in various sections) can be beneficial in differentially prioritising certain traffic when there is a capacity constraint or additional delay in scheduling link transmissions. Another common mitigation is to apply header compression over the specific link or subnetwork (see Section 2.5.1
Header compression saves link capacity by compressing network and transport protocol headers on a per-hop basis. This has been widely used with low bandwidth dial-up access links and still finds application on wireless links that are subject to capacity constraints. These methods are effective for bit-congestive links sending small packets (e.g., reducing the cost for sending control packets or small data packets over radio links).
Examples of header compression include use with TCP/IP and RTP/UDP/IP flows [RFC 2507
] [RFC 6846
] [RFC 2508
] [RFC 5795
] [RFC 8724
]. Successful compression depends on observing the transport headers and understanding the way fields change between packets and is hence incompatible with header encryption. Devices that compress transport headers are dependent on a stable header format, implying ossification of that format.
Introducing a new transport protocol, or changing the format of the transport header information, will limit the effectiveness of header compression until the network devices are updated. Encrypting the transport protocol headers will tend to cause the header compression to fall back to compressing only the network-layer headers, with a significant reduction in efficiency. This can limit connectivity if the resulting flow exceeds the link capacity or if the packets are dropped because they exceed the link Maximum Transmission Unit (MTU).
The Secure RTP (SRTP) extensions [RFC 3711
] were explicitly designed to leave the transport protocol headers unencrypted, but authenticated, since support for header compression was considered important.
Observable transport headers coupled with published transport specifications allow operators and regulators to explore and verify compliance with Service Level Agreements (SLAs). It can also be used to understand whether a service is providing differential treatment to certain flows.
When transport header information cannot be observed, other methods have to be found to confirm that the traffic produced conforms to the expectations of the operator or developer.
Independently verifiable performance metrics can be utilised to demonstrate regulatory compliance in some jurisdictions and as a basis for informing design decisions. This can bring assurance to those operating networks, often avoiding deployment of complex techniques that routinely monitor and manage Internet traffic flows (e.g., avoiding the capital and operational costs of deploying flow rate-limiting and network circuit breaker methods [RFC 8084