The Power of Explicit Congestion Notification Aleksandar Kuzmanovic Northwestern University akuzma

The Power ofExplicit Congestion Notification

Aleksandar Kuzmanovic

Northwestern University

http://www.cs.northwestern.edu/~akuzma/

2 A. Kuzmanovic The Power of ECN

Motivation

Recent measurements [PF01,MPF04]:– 2000: 1.1% Web servers support ECN– 2004: the percent increased to 2.1%– Not a single packet was marked in the network

2100 2200 2300 2400 year2000

50%

100%E C N dep loym ent

year 2396(Sigcom m # 411)


Background

S erve rC lient Marke r/D roppe r

F C F S schedule rA Q M R oute r

Active Queue Management (AQM):– Simultaneously achieves high throughput and low average delay– AQM algorithms can mark (instead of drop) packets– The router and both endpoints have to be ECN-enabled


Negotiating ECN Capabilities (I)

Client initiates ECN-capable communication

by setting appropriate bits in the TCP SYN

packet’s TCP header

S erve rC lient

T C P S YN


Negotiating ECN Capabilities (II)

An ECN-capable server replies by setting appropriate

bits in the SYN ACK packet’s TCP header

S erve rC lient

T C P S YN

S YN A C K

Once the SYN ACK packet arrives,

ECN negotiation is completed


Barriers to Adoption of ECN

S erve rC lient

T C P S YN

rese t

route r

"B roken"f irewall

“Broken” firewalls and load balancers incorrectly reset TCP flows attempting to negotiate ECN – The problem addressed in RFC 3360

Consequences are devastating

New incentives?


ECN and TCP’s Control Packets

S erve rC lient

T C P S YN

S YN A C K

HT T P R E Q

TCP SYN and SYN ACK packets are dropped during congestion

Can significantly reduce end-to-end performance– RTO = 3 sec (+6 sec, +12 sec, etc.)

Marking SYN packets?


Marking TCP SYN Packets?

S erve rC lient

T C P S YN

TCP SYN packets:– Security problems

SYN ACK packets:– No security obstacles– More relevant

• Congestion likely to happen from servers to clients


Marking SYN ACK Packets?

S erve rC lient

T C P S YN

S YN A C K

TCP SYN packets:– Security problems

SYN ACK packets (ECN+): – No security obstacles– More relevant

• Congestion likely to happen from servers to clients


Deployment Requirements

Security– No novel security holes

Performance improvements– Necessary to provide incentives to all involved parties

Incremental deployability– What level of deployment is needed to achieve the

above improvements?– What happens to those who do not apply the change?


Simulation Scenario

C lient poo l S erver poo l

1 Gbps 1 Gbps

100/622/1 ,000M bps

S erve r

S e rve r

S e rve r

C lient

C lient

C lient

reques ts

responsesA QM

90% o bjectsdo wnlo aded inless than 0.5 sec

Light and persistent congestion from servers to clients

Web and general traffic mixes

AQM algorithms: Random Early Detection (RED)

(others in the paper)


Outdated Implementation

m in_ th m ax_ th AverageQueueLength

m ax_ p

1 00 %

Drop/mark rate

RED (1993) – “This notification can consist of dropping or marking a packet.”

RFC 3168 (2001)– Guidelines for setting ECN with RED

Older RED versions still present (e.g., Linux)

RED’s dropping/marking rate as a function of the queue length


Dropping RED


m ax_ p

1 00 %

Drop/mark rate

o pe rating p o int

Reduced performance due to congestion


Add ECN


m ax_ p

1 00 %

Drop/mark rate

o pe rating p o int

All SYN packets

are dropped

Outdated implementation can cause drastic

performance degradations


Add ECN+


m ax_ p

1 00 %

Drop/mark rate

o pe rating p o int

ECN+ systematically improves throughput and response

times of all investigated AQM schemes

SYN ACK packets

are NOT dropped


Incremental Deployability

Scenario

C lient poo l S erver poo lS erve r

S e rve r

S e rve r

C lient

C lient

C lient

E C N +at servers

E C Nat routers

x% c lien ts : E C N(100-x)% : no E C N


5% Deployment

Ins tant gains fo rE C N-enab ledc lients

95% no E C N

5% E C N


50% Deployment

50% E C N

50% no E C N

G radual deg radationfo r c lients no tapp lying E C N


95% Deployment

95% E C N

5% no E C N

P erfo rm ancenecessarilydeg raded


Testbed Experiments

S erver poo l

100 M bps

10 M bps

S erve r

S e rve r

S e rve r

C lient

reques ts

responses (15 M bps)

router

E C N no E C NE C NE C N +


ECN and Flash Crowds

R E D , no E C N

R E D , E C N

R E D , E C N +

A verage R espo nse T im e

T hro ughput(% o f capacity)

26 sec

4.5 sec

0.5 sec

44%

56%

99%

Reasonable performance

despite huge congestion


Conclusions

Security– No novel security holes

Incremental deployability– Instant benefits for clients applying the change – Gradual degradation for those not applying the change

Incentives– Providers, clients, and servers

Implementation– Wrong or outdated implementation can significantly reduce

deployment and performance

Documents

The Power of Explicit Congestion Notification Aleksandar Kuzmanovic Northwestern University akuzma