The Power of Explicit Congestion Notification Aleksandar Kuzmanovic - - PowerPoint PPT Presentation

▶

Oct 23, 2023 34 likes •255 views

The Power of Explicit Congestion Notification Aleksandar Kuzmanovic Northwestern University http://www.cs.northwestern.edu/~akuzma/ http://www.cs.northwestern.edu/~akuzma/ Motivation Recent measurements [PF01,MPF04]: 2000: 1.1% Web

SLIDE 1

The Power of Explicit Congestion Notification

Aleksandar Kuzmanovic Northwestern University http://www.cs.northwestern.edu/~akuzma/ http://www.cs.northwestern.edu/~akuzma/

SLIDE 2

A. Kuzmanovic
A. Kuzmanovic

The Power of ECN The Power of ECN

Motivation

Recent measurements [PF01,MPF04]:

– 2000: 1.1% Web servers support ECN – 2004: the percent increased to 2.1% – Not a single packet was marked in the network

2100 2200 2300 2400 year 2000 50% 100% ECN deployment ye year ar 239 2396 (Sigc Sigcomm

mm # 41

# 411) 1)

SLIDE 3

A. Kuzmanovic
A. Kuzmanovic

The Power of ECN The Power of ECN

Background

Server Client Marker/ Dropper FCFS scheduler AQM Router

Active Queue Management (AQM):

– Simultaneously achieves high throughput and low average delay – AQM algorithms can mark (instead of drop) packets – The router and both endpoints have to be ECN-enabled

SLIDE 4

A. Kuzmanovic
A. Kuzmanovic

The Power of ECN The Power of ECN

Negotiating ECN Capabilities (I)

Client initiates ECN-capable communication by setting appropriate bits in the TCP SYN packet’s TCP header TCP header

Server Client TCP SYN

SLIDE 5

A. Kuzmanovic
A. Kuzmanovic

The Power of ECN The Power of ECN

Negotiating ECN Capabilities (II)

An ECN-capable server replies by setting appropriate bits in the SYN ACK packet’s TCP header TCP header

Server Client TCP SYN SYN ACK

Once the SYN ACK packet arrives, ECN negotiation is completed

SLIDE 6

A. Kuzmanovic
A. Kuzmanovic

The Power of ECN The Power of ECN

Barriers to Adoption of ECN

Server Client TCP SYN reset router "Broken" firewall

“Broken” firewalls and load balancers incorrectly reset TCP flows attempting to negotiate ECN

– The problem addressed in RFC 3360

Consequences are devastating New incentives?

SLIDE 7

A. Kuzmanovic
A. Kuzmanovic

The Power of ECN The Power of ECN

ECN and TCP’s Control Packets

Server Client TCP SYN SYN ACK HTTP REQ

TCP SYN and SYN ACK packets are dropped during congestion Can significantly reduce end-to-end performance

– RTO = 3 sec (+6 sec, +12 sec, etc.)

Marking SYN packets?

SLIDE 8

A. Kuzmanovic
A. Kuzmanovic

The Power of ECN The Power of ECN

Marking TCP SYN Packets?

Server Client TCP SYN

TCP SYN packets:

– Security problems

SYN ACK packets:

– No security obstacles – More relevant

Congestion likely to happen

from servers to clients

SLIDE 9

A. Kuzmanovic
A. Kuzmanovic

The Power of ECN The Power of ECN

Marking SYN ACK Packets?

Server Client TCP SYN SYN ACK

TCP SYN packets:

– Security problems

SYN ACK packets (ECN+):

– No security obstacles – More relevant

Congestion likely to happen

from servers to clients

SLIDE 10

A. Kuzmanovic
A. Kuzmanovic

The Power of ECN The Power of ECN

Deployment Requirements

Security

– No novel security holes

Performance improvements

– Necessary to provide incentives to all involved parties

Incremental deployability

– What level of deployment is needed to achieve the above improvements? – What happens to those who do not apply the change?

SLIDE 11

A. Kuzmanovic
A. Kuzmanovic

The Power of ECN The Power of ECN

Simulation Scenario

Client pool Server pool 1 Gbps 1 Gbps 100/622/1,000 Mbps

Server Server Server Client Client Client

requests responses AQM

90% objects downloaded in less than 0.5 sec

Light and persistent congestion from servers to clients Web and general traffic mixes AQM algorithms: Random Early Detection (RED) (others in the paper)

SLIDE 12

A. Kuzmanovic
A. Kuzmanovic

The Power of ECN The Power of ECN

Outdated Implementation

min_th max_th

Average Queue Length

max_p 100%

Drop/mark rate

RED (1993)

– “This notification can consist of dropping or marking a packet.”

RFC 3168 (2001)

– Guidelines for setting ECN with RED

Older RED versions still present (e.g., Linux)

RED’s dropping/marking rate as a function of the queue length

SLIDE 13

A. Kuzmanovic
A. Kuzmanovic

The Power of ECN The Power of ECN

Dropping RED

min_th max_th

Average Queue Length

max_p 100%

Drop/mark rate

perating

point

Reduced performance due to congestion

SLIDE 14

A. Kuzmanovic
A. Kuzmanovic

The Power of ECN The Power of ECN

Add ECN

min_th max_th

Average Queue Length

max_p 100%

Drop/mark rate

perating

point

All SYN packets are dropped Outdated implementation can cause drastic performance degradations

SLIDE 15

A. Kuzmanovic
A. Kuzmanovic

The Power of ECN The Power of ECN

Add ECN+

min_th max_th

Average Queue Length

max_p 100%

Drop/mark rate

perating

point

ECN+ systematically improves throughput and response times of all investigated AQM schemes SYN ACK packets are NOT dropped

SLIDE 16

A. Kuzmanovic
A. Kuzmanovic

The Power of ECN The Power of ECN

Incremental Deployability

Scenario

Client pool Server pool

Server Server Server Client Client Client

ECN+ at servers ECN at routers x% clients: ECN (100-x)%: no ECN

SLIDE 17

A. Kuzmanovic
A. Kuzmanovic

The Power of ECN The Power of ECN

5% Deployment

Instant gains for ECN-enabled clients 95% no ECN 5% ECN

SLIDE 18

A. Kuzmanovic
A. Kuzmanovic

The Power of ECN The Power of ECN

50% Deployment

50% ECN 50% no ECN Gradual degradation for clients not applying ECN

SLIDE 19

A. Kuzmanovic
A. Kuzmanovic

The Power of ECN The Power of ECN

95% Deployment

95% ECN 5% no ECN Performance necessarily degraded

SLIDE 20

A. Kuzmanovic
A. Kuzmanovic

The Power of ECN The Power of ECN

Testbed Experiments

Server pool 100 Mbps 10 Mbps

Server Server Server Client

requests responses (15 Mbps) router ECN no ECN ECN ECN+

SLIDE 21

A. Kuzmanovic
A. Kuzmanovic

The Power of ECN The Power of ECN

ECN and Flash Crowds

RED, no ECN RED, ECN RED, ECN+ Average Response Time Throughput (% of capacity)

26 sec 4.5 sec 0.5 sec 44% 56% 99%

Reasonable performance despite huge congestion

SLIDE 22

A. Kuzmanovic
A. Kuzmanovic

The Power of ECN The Power of ECN

The Power of Explicit Congestion Notification

Aleksandar Kuzmanovic Northwestern University http://www.cs.northwestern.edu/~akuzma/ http://www.cs.northwestern.edu/~akuzma/

Motivation

Recent measurements [PF01,MPF04]:

– 2000: 1.1% Web servers support ECN – 2004: the percent increased to 2.1% – Not a single packet was marked in the network

Background

Active Queue Management (AQM):

– Simultaneously achieves high throughput and low average delay – AQM algorithms can mark (instead of drop) packets – The router and both endpoints have to be ECN-enabled

Negotiating ECN Capabilities (I)

Client initiates ECN-capable communication by setting appropriate bits in the TCP SYN packet’s TCP header TCP header

Negotiating ECN Capabilities (II)

An ECN-capable server replies by setting appropriate bits in the SYN ACK packet’s TCP header TCP header

Once the SYN ACK packet arrives, ECN negotiation is completed

Barriers to Adoption of ECN

“Broken” firewalls and load balancers incorrectly reset TCP flows attempting to negotiate ECN

– The problem addressed in RFC 3360

Consequences are devastating New incentives?

ECN and TCP’s Control Packets

TCP SYN and SYN ACK packets are dropped during congestion Can significantly reduce end-to-end performance

– RTO = 3 sec (+6 sec, +12 sec, etc.)

Marking SYN packets?

Marking TCP SYN Packets?

TCP SYN packets:

– Security problems

SYN ACK packets:

– No security obstacles – More relevant

Marking SYN ACK Packets?

TCP SYN packets:

– Security problems

SYN ACK packets (ECN+):

– No security obstacles – More relevant

Deployment Requirements

Security

– No novel security holes

Performance improvements

– Necessary to provide incentives to all involved parties

Incremental deployability

– What level of deployment is needed to achieve the above improvements? – What happens to those who do not apply the change?

Simulation Scenario

Light and persistent congestion from servers to clients Web and general traffic mixes AQM algorithms: Random Early Detection (RED) (others in the paper)

Outdated Implementation

RED (1993)

– “This notification can consist of dropping or marking a packet.”

RFC 3168 (2001)

– Guidelines for setting ECN with RED

Older RED versions still present (e.g., Linux)

RED’s dropping/marking rate as a function of the queue length

Dropping RED

Reduced performance due to congestion

Add ECN

All SYN packets are dropped Outdated implementation can cause drastic performance degradations

Add ECN+

ECN+ systematically improves throughput and response times of all investigated AQM schemes SYN ACK packets are NOT dropped

Incremental Deployability

Scenario

Client pool Server pool

ECN+ at servers ECN at routers x% clients: ECN (100-x)%: no ECN

5% Deployment

50% Deployment

95% Deployment

Testbed Experiments

Server pool 100 Mbps 10 Mbps

Server Server Server Client

requests responses (15 Mbps) router ECN no ECN ECN ECN+

ECN and Flash Crowds

Reasonable performance despite huge congestion

Conclusions

Security

– No novel security holes

Incremental deployability

– Instant benefits for clients applying the change – Gradual degradation for those not applying the change

Incentives

– Providers, clients, and servers

Implementation

– Wrong or outdated implementation can significantly reduce deployment and performance