Re: [conex] Crediting [was: Re: Review of draft-ietf-conex-abstract-mech-06]

David Wagner <> Wed, 28 August 2013 12:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9D78511E8132 for <>; Wed, 28 Aug 2013 05:13:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Y9lrJknzoT+o for <>; Wed, 28 Aug 2013 05:13:32 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 400FE11E8165 for <>; Wed, 28 Aug 2013 05:13:31 -0700 (PDT)
Received: from (netsrv1-c []) by (Postfix) with ESMTP id B9A92600C3; Wed, 28 Aug 2013 14:13:30 +0200 (CEST)
Received: from vpn-2-cl181 (vpn-2-cl181 []) by (Postfix) with ESMTP id A9A29600C1; Wed, 28 Aug 2013 14:13:30 +0200 (CEST)
From: David Wagner <>
Organization: University of Stuttgart (Germany), IKR
To: Matt Mathis <>
Date: Wed, 28 Aug 2013 14:13:29 +0200
User-Agent: KMail/1.9.10 (enterprise35 0.20101217.1207316)
References: <> <> <>
In-Reply-To: <>
X-KMail-QuotePrefix: >
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <>
Cc: ConEx IETF list <>
Subject: Re: [conex] Crediting [was: Re: Review of draft-ietf-conex-abstract-mech-06]
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Congestion Exposure working group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 28 Aug 2013 12:13:36 -0000


these issues are not purely technical, they also depend on our expectations on the future ConEx-enabled Internet. 

On Tuesday 27 August 2013 22:46:26 Matt Mathis wrote:
> On Tue, Aug 27, 2013 at 2:33 AM, David Wagner <
>> wrote:
> > the main point is that an audit implementing only the basic and simple
> > criteria can be deceived for any definition of credit:
> > a sender sending every packet with a credit mark will not be penalized for
> > any of the discussed credit schemes.
> >
> There is something fundamental missing from this conversation.  The above
> scenario is tantamount to exaggerating your resource consumption.  It is
In my opinion, auditing must not be applied to all flows and, not the same (sophisticated) algorithm must be applied in all audits. 
 Just like traffic enforcement cameras in road traffic: the probality of auditing and its penalty just has to be scaring enough. Because limited penalties in ConEx audits we'd need a higher density than on the streets, yes. 

> not necessarily a bug that the audit function overlooks errors with this
> sign.   Note that this signal is also being used by some policy device
> which has its own (but unspecified) response to consuming resources.
Right, if policing and auditing is applied to a flow, they induce converse incentives, hopefully leading to purely honest congestion exposure. 

But, in my opinion, auditing should not rely on the existence (and proper function) of any policing in that alien sender's domain. And if policing is applied, it bases on the assumption that there is an audit ensuring that the ConEx signaling (regarding congestion, not congestion+credit) is correct...

> Even though the policy device is not fully specified, I would predict that
> it is not to your advantage to claim to use more resources than you
> actually do.
The meaning of credit is difficult, but not actual resource usage. It's more like a warning, announcing that the sender is risking congestion. Therefore, for many policing intentions, policing would rely on congestion marks only, not on credit (again: I would expect it to do so...). 

All in all, I think we should aim at designing an as robust as possible audit algorithm, maybe accompanied with more lightweight alternatives. 


> Thanks,
> --MM--
> The best way to predict the future is to create it.  - Alan Kay
> Privacy matters!  We know from recent events that people are using our
> services to speak in defiance of unjust governments.   We treat privacy and
> security as matters of life and death, because for some users, they are.

Dipl.-Inf. David Wagner
Institute of Communication Networks and Computer Engineering (IKR)
University of Stuttgart
Pfaffenwaldring 47, D-70569 Stuttgart, Germany

web:   email:
phone: +49 711 685-67965        fax: +49 711 685-57965