The Power ofExplicit Congestion Notification
Aleksandar KuzmanovicNorthwestern University
http://www.cs.northwestern.edu/~akuzma/
2 A. Kuzmanovic The Power of ECN
MotivationRecent measurements [PF01,MPF04]:– 2000: 1.1% Web servers support ECN– 2004: the percent increased to 2.1%– Not a single packet was marked in the network
2 10 0 2 20 0 2 30 0 24 00 year2 000
50%
1 00 %E C N d ep loym ent
year 2396(Sigcom m # 411)
3 A. Kuzmanovic The Power of ECN
Background
S e rve rC lie nt Marke r/D rop pe r
F C F S sche dule rA Q M R oute r
Active Queue Management (AQM):– Simultaneously achieves high throughput and low average delay– AQM algorithms can mark (instead of drop) packets– The router and both endpoints have to be ECN-enabled
4 A. Kuzmanovic The Power of ECN
Negotiating ECN Capabilities (I)Client initiates ECN-capable communication by setting appropriate bits in the TCP SYN packet’s TCP header
S erve rC lient
T C P S YN
5 A. Kuzmanovic The Power of ECN
Negotiating ECN Capabilities (II)An ECN-capable server replies by setting appropriate
bits in the SYN ACK packet’s TCP header
S erve rC lient
T C P S YN
S YN A C K
Once the SYN ACK packet arrives, ECN negotiation is completed
6 A. Kuzmanovic The Power of ECN
Barriers to Adoption of ECN
S erve rC lient
T C P S YN
rese t
route r
"B roken"f irewall
“Broken” firewalls and load balancers incorrectly reset TCP flows attempting to negotiate ECN – The problem addressed in RFC 3360
Consequences are devastating New incentives?
7 A. Kuzmanovic The Power of ECN
ECN and TCP’s Control Packets
S erve rC lient
T C P S YN
S YN A C K
HT T P R E Q
TCP SYN and SYN ACK packets are dropped during congestionCan significantly reduce end-to-end performance– RTO = 3 sec (+6 sec, +12 sec, etc.)
Marking SYN packets?
8 A. Kuzmanovic The Power of ECN
Marking TCP SYN Packets?
S erve rC lie nt
T C P S YN
TCP SYN packets:– Security problems
SYN ACK packets:– No security obstacles– More relevant
• Congestion likely to happen from servers to clients
9 A. Kuzmanovic The Power of ECN
Marking SYN ACK Packets?
S erve rC lient
T C P S YN
S YN A C K
TCP SYN packets:– Security problems
SYN ACK packets (ECN+): – No security obstacles– More relevant
• Congestion likely to happen from servers to clients
10 A. Kuzmanovic The Power of ECN
Deployment Requirements
Security– No novel security holes
Performance improvements– Necessary to provide incentives to all involved parties
Incremental deployability– What level of deployment is needed to achieve the
above improvements?– What happens to those who do not apply the change?
11 A. Kuzmanovic The Power of ECN
Simulation Scenario
Client pool S erver poo l
1 Gbps 1 Gbps
100/622/1 ,000M bps
S e rve r
S e rve r
S e rve r
C lient
C lient
C lient
reques ts
responsesA QM
90% o bjectsdo wnlo aded inless than 0.5 sec
Light and persistent congestion from servers to clientsWeb and general traffic mixesAQM algorithms: Random Early Detection (RED) (others in the paper)
12 A. Kuzmanovic The Power of ECN
Outdated Implementation
m in_ th m ax_ th AverageQueueLength
m ax_ p
1 00 %
Drop/mark rate
RED (1993) – “This notification can consist of dropping or marking a packet.”
RFC 3168 (2001)– Guidelines for setting ECN with RED
Older RED versions still present (e.g., Linux)
RED’s dropping/marking rate as a function of the queue length
13 A. Kuzmanovic The Power of ECN
Dropping RED
m in_ th m ax_ th AverageQueueLength
m ax_ p
10 0 %
Drop/mark rate
op e rating p o int
Reduced performance due to congestion
14 A. Kuzmanovic The Power of ECN
Add ECN
m in_ th m ax_ th AverageQueueLength
m ax_ p
100 %
Drop/mark rate
op e rating p o int
All SYN packets are dropped
Outdated implementation can cause drastic performance degradations
15 A. Kuzmanovic The Power of ECN
Add ECN+
m in_ th m ax_ th AverageQueueLength
m ax_p
100%
Drop/mark rate
op erating po int
ECN+ systematically improves throughput and responsetimes of all investigated AQM schemes
SYN ACK packets are NOT dropped
16 A. Kuzmanovic The Power of ECN
Incremental DeployabilityScenario
C lient poo l S erver poo lS e rve r
S e rve r
S e rve r
C lie nt
C lient
C lient
E C N +at servers
E C Nat routers
x% c lients : E C N(100-x)% : no E C N
17 A. Kuzmanovic The Power of ECN
5% Deployment
Ins tant g ains fo rE C N-enab ledc lie nts
9 5% no E C N
5% E C N
18 A. Kuzmanovic The Power of ECN
50% Deployment
50 % E C N
50 % no E C N
G rad ual deg rad ationfo r c lie nts no tap p lying E C N
19 A. Kuzmanovic The Power of ECN
95% Deployment
95% E C N
5% no E C N
P erfo rm ancenecessarilydeg raded
20 A. Kuzmanovic The Power of ECN
Testbed Experiments
S erver pool100 M bps
10 M bps
S erve r
S e rve r
S e rve r
C lie nt
reques ts
responses (15 M bps)
router
E CN no E CNE CNE CN +
21 A. Kuzmanovic The Power of ECN
ECN and Flash Crowds
R E D , no E C N
R E D , E C N
R E D , E C N +
A verage R espo nse T im e
T hro ughput(% o f capacity)
26 sec
4.5 sec
0.5 sec
44%
56%
99%
Reasonable performancedespite huge congestion
22 A. Kuzmanovic The Power of ECN
Conclusions
Security– No novel security holes
Incremental deployability– Instant benefits for clients applying the change – Gradual degradation for those not applying the change
Incentives– Providers, clients, and servers
Implementation– Wrong or outdated implementation can significantly reduce
deployment and performance