Re: [re-ECN] Charter Question

[Bob Briscoe <rbriscoe@jungle.bt.co.uk>]

David,

Allow me to talk in terms of the only concrete proposal we have (re-ECN):

1/ Whole path congestion marking

Re-ECN starts with the end systems telling all networks on the path 
what the e2e congestion is. They use an e2e marking that the 
end-systems can cover with e2e authentication. If a network scrubbed 
re-ECN markings, it would/could break e2e authentication - probably 
worse than sending TCP resets ;)

Just re-ECN on its own, without ECN, has a number of interesting 
uses. I didn't think much about re-ECN with drop (not ECN) when I 
designed re-ECN, but Matt Mathis convinced me.

The incentive for senders to declare re-ECN markings is strongest for 
the large majority of systems that are *not* the main contributors to 
congestion. They are saying "It's not me". OS and/or app developers 
have an incentive to implement this for the majority of their 
customers. E.g. BitTorrent has an incentive to make LEDBAT traffic 
prove that "It's not me".

2/ ECN marking

Your question is, however, most relevant to whether an operator will 
turn on ECN, because that's the protocol that reveals whether the 
congestion is upstream or downstream of a point, when combined with 
ConEx info. Yes, of course an operator doesn't have to turn on ECN; 
so why would it?...

Once ConEx is deployed in a major OS or app, there is an incentive 
for well-provisioned operators (the majority) to turn on ECN, again 
to say "It's not me"... Here's why:

Imagine e2e ConEx markings are revealing a high level of congestion 
in the traffic passing between networks A&B - somewhere on their e2e 
paths in A or B. If you are network A and your network is not to 
blame, you can prove this to B by turning on ECN. Alternatively, if 
network B is not to blame, it can accuse A of being responsible for 
the whole path congestion, unless A turns on ECN to prove how much of 
the congestion is in B.

3/ Congestion as a business secret?

Networks already cannot help but reveal to end-systems that there is 
congestion somewhere on the path. ConEx allows end-systems to reveal 
this info back to networks. That would be a result for the IETF if it 
took off, even if ECN was still not deployed.

I've given plausible scenarios for how ConEx then ECN might get 
deployed. But ultimately I cannot say whether or not networks that 
have something to hide will predominate. If so, we might get ConEx 
but not ECN. If not, we might get both ConEx and ECN.

But this issue is beyond the IESG's remit to judge - it should surely 
"let the market decide" on this point. Let's get moving.


Bob




At 13:32 17/05/2010, David Harrington wrote:
>Hi,
>
>Do we already have protocols that could help solve this problem
>intra-domain, such as ipfix and psamp?
>
>One of the concerns that has been raised is whether domains will be
>willing to share this potentially-sensitive information across
>domains.
>As a vendor, if I supported a re-ecn, I would think I would be
>motivated to allow the operator to decide not to share the info, and I
>would implement a scrubbing mechanism (allow border routers to clear
>the conex markers in traffic exiting a domain). The IETF cannot
>dictate that deployments reveal this sensitive information, any more
>than it could dictate that SNMP traps must be allowed cross-domain.
>
>So maybe we should approach the problem in two steps:
>
>1) determining how well existing standard protocols can be used to
>effectively address the intra-domain congestion problem, and whether
>specific enhancements, such as congestion-specific ipfix IEs, are
>needed. This would give us forward progress on standard approaches for
>monitoring congestion that might be deployed fairly quickly.
>
>2) how to share information across domains. Since the major question
>here seems to be whether domains would be motivated to share, maybe an
>effort akin to INCH is needed for this piece. After we solve the first
>problem, we can try to extend it to cross-domain, or use a different
>mechanism for cross-domain reporting.
>
>dbh
>
> > -----Original Message-----
> > From: re-ecn-bounces@ietf.org
> > [mailto:re-ecn-bounces@ietf.org] On Behalf Of Bob Briscoe
> > Sent: Monday, May 17, 2010 6:56 AM
> > To: stbryant@cisco.com
> > Cc: bmanning@vacation.karoshi.com; Woundy,Richard; re-ecn@ietf.org
> > Subject: Re: [re-ECN] Charter Question
> >
> > Stewart,
> >
> > At 06:38 08/05/2010, Stewart Bryant wrote:
> > >On 08/05/2010 01:19, Woundy, Richard wrote:
> > >>So now let's add Conex marking, in which the end hosts add
>markings
> > >>to send feedback about end-to-end congestion into the network. Now
>
> > >>the CMTS has a new data point -- information about whether there
>is
> > >>upstream (ECN) or downstream (Conex) congestion
> > >>experienced/expected for a particular packet flow. The CMTS can
> > >>count 'total bytes' as well as 'congestion bytes' on a per modem
> > >>basis. As a result, the backend system can make a much better
> > >>determination about whether a subscriber's overall traffic is
> > >>dominated by LEDBAT or non-LEDBAT applications, without resorting
> > >>to DPI and other such schemes. And the CMTS only maintains another
>
> > >>set of packet counters, without disrupting its primary job of
> > >>packet forwarding.
> > >>
> > >>-- Rich
> > >This sounds like a relatively slow process - i.e. over a few
>packets
> > >the host tell anyone who wishes to listen that it is seeing
> > >congestion on a flow. That sounds like it could be addressed by
> > >having the host send an OAM packet from time to time over the path
> > >rather than including the information in every packet.
> > >
> > >Stewart
> >
> > An OAM based solution would be in scope as a solution to the ConEx
> > problem statement. However, we would need someone to write up a
> > protocol spec in detail, including inter-domain, then prove it is
> > resistant to cheating, etc etc. If this happens (unlikely) the w-g
> > can choose between candidate solutions.
> >
> > Anyway, granular isn't necessarily bad. For instance, operators
> > generally use data volume on slow timescales, but a volume counter
> > still has to accumulate packet by packet. Congestion-volume is no
> > different - except you just count the volume of packets that are
> > congestion marked.
> >
> > We should be open to any solution, whether granular or coarse, as
> > long as it solves the problem ConEx aims to address: that network
> > operators currently have no reliable way (fast or slow) to measure
> > which users contribute how much to congestion - at least not in
>cases
> > where the congestion is occurring at a different point to where it
>is
> > being measured and controlled - whether the two points are within
> > your own network, as in Rich's example, or in different networks.
> >
> >
> >
> > Bob
> >
> > PS. sorry for late reply.
> >
> > PPS. The only feasible OAM-based system I am aware of is Katerina
> > Argyraki's (ref  below). I'm sure the IESG would not want this level
>
> > of complexity in the Internet. Also it only solves one side of
> > congestion accountability: network to users, whereas re-ECN aims to
> > make networks accountable to users *and* users accountable to
> > networks.
> >
> > Argyraki, K., Maniatis, P., Irzak, O., Ashish, S. & Shenker, S.,
> > "Loss and Delay Accountability for the Internet," In: Proc. IEEE
> > International Conference on Network Protocols IEEE (October
> > 2007)  URL:
> > http://www-dsg.stanford.edu/papers/astra/astra-hotnets04-paper.pdf
> >
> >
> >
> > ________________________________________________________________
> > Bob Briscoe,                                BT Innovate & Design
> >
> > _______________________________________________
> > re-ECN mailing list
> > re-ECN@ietf.org
> > https://www.ietf.org/mailman/listinfo/re-ecn
> >

________________________________________________________________
Bob Briscoe,                                BT Innovate & Design