Re: [Atoca] Requirement D2: "Large Audience"

<mark.wood@engineer.com> Tue, 18 January 2011 11:47 UTC

Return-Path: <mark.wood@drcf.net>
X-Original-To: earlywarning@core3.amsl.com
Delivered-To: earlywarning@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6F2373A6FBD for <earlywarning@core3.amsl.com>; Tue, 18 Jan 2011 03:47:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.863
X-Spam-Level:
X-Spam-Status: No, score=-1.863 tagged_above=-999 required=5 tests=[AWL=0.421, BAYES_00=-2.599, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mdOV-37xnQtP for <earlywarning@core3.amsl.com>; Tue, 18 Jan 2011 03:47:10 -0800 (PST)
Received: from mk-outboundfilter-6.mail.uk.tiscali.com (mk-outboundfilter-6.mail.uk.tiscali.com [212.74.114.14]) by core3.amsl.com (Postfix) with ESMTP id B5D583A6FAD for <earlywarning@ietf.org>; Tue, 18 Jan 2011 03:47:09 -0800 (PST)
X-Trace: 286049000/mk-outboundfilter-6.mail.uk.tiscali.com/PIPEX/$PIPEX-ACCEPTED/pipex-customers/81.86.43.86/None/mark.wood@drcf.net
X-SBRS: None
X-RemoteIP: 81.86.43.86
X-IP-MAIL-FROM: mark.wood@drcf.net
X-SMTP-AUTH:
X-Originating-Country: GB/UNITED KINGDOM
X-MUA: Microsoft Outlook 14.0
X-IP-BHB: Once
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEAK8NNU1RVitW/2dsb2JhbACkV3TCV4VQBI42hG8
X-IronPort-AV: E=Sophos;i="4.60,339,1291593600"; d="scan'208";a="286049000"
X-IP-Direction: IN
Received: from 81-86-43-86.dsl.pipex.com (HELO host15) ([81.86.43.86]) by smtp.pipex.tiscali.co.uk with ESMTP; 18 Jan 2011 11:49:39 +0000
From: <mark.wood@engineer.com>
Sender: "mark.wood" <mark.wood@drcf.net>
To: <earlywarning@ietf.org>
References: <FDFC6E6B2064844FBEB9045DF1E3FBBC024A1E59@BD01MSXMB016.US.Cingular.Net> <002201cbb636$27cdf790$7769e6b0$@engineer.com> <5A054107-A965-433E-AAB4-D0C79FAF843E@brianrosen.net>
In-Reply-To: <5A054107-A965-433E-AAB4-D0C79FAF843E@brianrosen.net>
Date: Tue, 18 Jan 2011 11:49:39 -0000
Message-ID: <002101cbb705$c9f3f900$5ddbeb00$@engineer.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-index: AQF0pS6CAJ5dT1lIHb8TWmXb2B3iegJBN7VtAf32gfWUYrgE8A==
Content-Language: en-us
Subject: Re: [Atoca] Requirement D2: "Large Audience"
X-BeenThere: earlywarning@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Discussion list for the IETF Authority-to-Citizen Alert \(atoca\) working group." <earlywarning.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/earlywarning>, <mailto:earlywarning-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/earlywarning>
List-Post: <mailto:earlywarning@ietf.org>
List-Help: <mailto:earlywarning-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/earlywarning>, <mailto:earlywarning-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jan 2011 11:47:11 -0000

Thanks Brian,

Brian's point is well made and correct, thanks Brian, but there are some
special issues that need to be borne in mind with some bearers.

I first came into this project with the brief from the UN  to "protect the
(Mobile) mobile networks from catastrophic overload situations during
disasters". 
When I "did the numbers" I discovered that the real problem is not what many
think. The bottleneck is in the mobility management system
(HLR/VLR/Paging/Access grant). EU sponsored Studies by Prof Sophocles
Kiriazakos  for the Greek government after the Athens earthquake and
subsequent crash of the Greek networks, confirmed this.  This is what lead
me to work on cell broadcast (which does not use the mobility management
system at all).

I agree that it is reasonable to allow that the acknowledgments may indeed
take much longer to 'traffic' than the outbound multicast message. Obviously
the scale is the same both ways, but while the latency is critical going
forward, the reverse path is not in the least bit time critical, so
relatively slower 'best effort'  bearers would be fine. The server which is
wishing to know its subscribers got a message may send the message both by
unicast and multicast (as mine do), but inevitably the acknowledgement will
have to be unicast. There is no specific problem in allowing the
acknowledgement of a multicast message by unicast means as long as we
understand that the latency is indeterminate. (However since it's not clear
when the ack may come, I send the message by both means simultaneously
without waiting for acks.) 

My concern is really for the Mobile Network, at layer 2. 
For example if a large number of terminals all receive a multicast at the
same time, then they will all want to acknowledge at the same time. This
will result is a tsunami wave of random access bursts to the cells uplink
timeslot, MSC call set up load, 'channel allocation algorithm' threads and
SDCCH allocation attempts. Then there will be huge load on the SMS gateways.
Mobiles that don't get an access grant message will obviously try again but
for a while the whole mobility management system will be significantly
loaded. This affects circuit switched voice just as much because the
mobility management system is common for voice and SMS, (but maybe not
GPRS?). Recall that in cellular network design, erlang calculations are done
such that it's the assumption that only a small fraction of terminals will
make random access burst attempts at any one time, so the mobility
management system is designed for this load only.

In other words, consider that a public warning message (such as a USA  CMAS
presidential message) will reach 100% of terminals simultaneously, rather
than the small percentage that the signaling system can cope with. This is
why both the CMAS and ETSI standards intentionally disallow embedded numbers
or URLs for large scale (Public) warnings.

So in fact the "scale" of the problem may not be as significant as the
impact on the local infrastructure (such as a cell). Maybe "scale" is a less
important factor than, let's say, penetration?  

On the other hand a smaller scale (of penetration)  message would not have
such a profound impact. So in some cases it may be reasonable to expect
acknowledgements in 'best effort'  time. Norway, for example,  likes this
approach.

I am unclear as to if IP systems have such problems because there is not a
'stateful'  mobility management system in the core and though acks are on a
large scale, they represent very small packets of less than 1K each. Maybe
the problem will go away in the future? Any comments on that?

Warm regards Mark Wood DRCF.




 


-----Original Message-----
From: Brian Rosen [mailto:br@brianrosen.net] 
Sent: Monday, January 17, 2011 2:44 PM
To: <mark.wood@engineer.com>;
Cc: earlywarning@ietf.org
Subject: Re: [Atoca] Requirement D2: "Large Audience"

It may be, but I'd like to explore this a bit anyway.

Millions of messages (acknowledgements) is a scale we can deal with today.
Hundreds of millions is probably beyond what we can deal with in a response
to a very large alert.

Most systems consist of several smaller subsystems.  The purpose of an
acknowledgement is to make sure everyone got the message.  If the subsystem
can determine that every one of its clients got it, it can report that up
the line.  It can save missed acks for later analysis, or if there are few
enough of them, report them up.

This means messages national scale which have small effectivity times can't
reasonably ask for message acknowledgement.  Anything smaller than that
probably can.

Since most alerts really don't involve hundreds of millions of
notifications, most alerts probably can ask for them.

If your delivery mechanism is multicast, the multicast mechanism itself
doesn't track who gets the alert in any way we can use.  That implies
something else is tracking who gets the alert, a complication that could
loom large.  Some systems do know who gets the alert (sometimes because it
knows who it is connected to, and all of them get the alert).  Certainly,
anything with a subscription has the characteristic that the sender knows
who all the recipients are.  

It's VERY valuable to know that every entity that should get the alert got
it.  The only other mechanism we have is some repeating of the sending in
the hopes that everyone got it.  In some cases you may have more than one
"path" to the same recipient.  That might be multiple devices, multiple
services, or multiple logical or physical connections.  You may try one
first, and if that doesn't get an ack, try another.  Although we often think
of this mechanism as needing no more than seconds to deploy, in fact many
alerts would be fine with a few minutes, and trying some things sequentially
may make sense.

So, yes, probably a Tsunami alert to all of East Asia can't ask for
acknowledgements.  An "Amber Alert" (possible abducted child) to a county
might very well.  Certainly, a snow emergency closing to the parents of an
elementary school could.

Brian