TCP
Click on the red underlined text to get to the source
...
We begin by describing TCP's use of packet drops as an indication of
congestion. Next we explain that with the addition of active queue
management ...
... codepoint is to be set in routers, and describe modifications
needed to TCP to make it ECN-capable. Modifications to other
transport protocols ...
... congestion in the network is appropriate for
pure best-effort data carried by TCP, with little or no sensitivity
to delay or loss of individual packets. In addition, TCP's
...
... pure best-effort data carried by TCP, with little or no sensitivity
to delay or loss of individual packets. In addition, TCP's
congestion management algorithms ...
... TCP).
Since TCP determines the appropriate congestion window to use by
gradually increasing the window size until it experiences a dropped
...
... transport protocols with mechanisms for congestion control (e.g.,
TCP) do not have to rely on buffer overflow as the only indication of
congestion ...
... firewalls, load balancers, or intrusion
detection systems) in the Internet that either drop a TCP SYN packet
configured to negotiate ECN, or respond with a RST ...
... ECN, or respond with a RST. This document
specifies procedures that TCP implementations may use to provide
robust connectivity even in the presence of such equipment.
...
... exist and cooperate with existing mechanisms for congestion
control. In particular, new mechanisms have to co-exist with
TCP's current methods of adapting to congestion and with
...
...
* The number of packets in an individual flow (e.g., TCP
connection or an exchange using UDP) may range from a small
...
... mechanisms for congestion control. However, new mechanisms
shouldn't make it easier for TCP applications to disable TCP
congestion control ...
... congestion control. However, new mechanisms
shouldn't make it easier for TCP applications to disable TCP
congestion control. The benefit of lying about participating in
...
... transport protocol. In
particular, this document does not address mechanisms for TCP end-
nodes to differentiate between the ECT(0) and ECT(1) codepoints ...
... congestion control response to a *single*
dropped packet. For example, for ECN-Capable TCP the source TCP is
required to halve its congestion window ...
... dropped packet. For example, for ECN-Capable TCP the source TCP is
required to halve its congestion window for any window of data
...
... packet losses will become relatively infrequent when a majority of
end-systems become ECN-Capable and participate in TCP or other
compatible congestion control mechanisms. In an ECN ...
... intermediate node is congested, we believe that they provide a very
noisy signal. The TCP-sender reaction specified in this document for
ECN ...
... ECN in this document (that is, for a
transport protocol such as TCP for which a dropped data packet is an
indication of congestion ...
...
Transport protocols such as TCP do not necessarily detect all packet
drops, such as the drop of a "pure" ACK packet; for example, TCP ...
... TCP do not necessarily detect all packet
drops, such as the drop of a "pure" ACK packet; for example, TCP does
not reduce the arrival rate of subsequent ACK packets in response to
...
... bit errors), the end nodes should still invoke congestion
control, just as TCP would today in response to a dropped data
packet. This issue of corrupted CE packets would have to be
...
... This document only addresses the addition of ECN Capability to TCP,
leaving issues of ECN in other transport protocols ...
... ECN in other transport protocols to further
research. For TCP, ECN requires three new pieces of functionality:
negotiation ...
... ECN-Echo (ECE) flag in the
TCP header so that the data receiver can inform the data sender when
...
... CE packet has been received; and a Congestion Window Reduced (CWR)
flag in the TCP header so that the data sender can inform the data
receiver that the congestion window ...
... IETF for standardization.
In a mild abuse of terminology, in this document we refer to `TCP
packets' instead of `TCP segments'.
...
...
In a mild abuse of terminology, in this document we refer to `TCP
packets' instead of `TCP segments'.
...
... TCP ...
... The following sections describe in detail the proposed use of ECN in
TCP. This proposal is described in essentially the same form in
[Floyd94]. We assume that the source TCP ...
... TCP. This proposal is described in essentially the same form in
[Floyd94]. We assume that the source TCP uses the standard congestion
control algorithms of Slow-start, Fast Retransmit ...
... This proposal specifies two new flags in the Reserved field of the
TCP header. The TCP mechanism for negotiating ECN-Capability uses
...
... Reserved field of the
TCP header. The TCP mechanism for negotiating ECN-Capability uses
the ECN ...
... TCP header. Bit 9 in the Reserved
field of the TCP header is designated as the ECN-Echo flag. The
...
... location of the 6-bit Reserved field in the TCP header is shown in
Figure 4 of RFC 793std7 [RFC793 ...
... ECN-Echo flag, we introduce a second new flag in the TCP header, the
CWR flag. The CWR flag is assigned to Bit 8 in the Reserved field ...
... +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
Figure 3: The old definition of bytes 13 and 14 of the TCP
header.
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
...
... +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
Figure 4: The new definition of bytes 13 and 14 of the TCP
Header.
Thus, ECN ...
... Echo and CWR flags in the TCP header (as shown in Figure
4) for TCP-endpoint to TCP-endpoint ...
... TCP-endpoint signaling. For a TCP connection,
a typical sequence of events in an ECN-based reaction to congestion ...
...
* The sender sets the CWR flag in the TCP header of the next
packet sent to the receiver to acknowledge its receipt of and
...
... TCP Initialization ...
...
In the TCP connection setup phase, the source and destination TCPs
exchange information about their willingness to use ECN ...
... method of congestion notification. If the TCP connection does not
wish to use ECN notification ...
... wish to use ECN notification for a particular packet, the sending TCP
sets the ECN codepoint ...
... ECN-setup SYN packet
is defined as an indication that the sending TCP is ECN-Capable,
rather than as an indication of congestion ...
... ECN-setup SYN packet indicates that
the TCP implementation transmitting the SYN packet will participate
...
... codepoint
set in the IP header by setting ECE in outgoing TCP Acknowledgement
(ACK) packets. As a sender ...
... appropriate. An ECN-setup SYN packet does not commit the TCP sender
to setting the ECT codepoint ...
... incoming packets with the CE codepoint set remains even if the TCP
sender in a later transmission, within this TCP connection ...
... TCP
sender in a later transmission, within this TCP connection, sends a
SYN packet without ECE and CWR set.
...
... The following rules apply to the sending of ECN-setup packets within
a TCP connection, where a TCP connection is defined by the standard
rules for TCP connection ...
... ECN-setup packets within
a TCP connection, where a TCP connection is defined by the standard
rules for TCP connection establishment and termination.
...
... TCP connection, where a TCP connection is defined by the standard
rules for TCP connection establishment and termination.
* If a host ...
... data packet, then
that host MUST correctly set/clear the CWR TCP bit on all
subsequent packets in the connection ...
... * A host that is not willing to use ECN on a TCP connection SHOULD
clear both the ECE and CWR flags in all non-ECN-setup SYN ...
... ACK, and
transitions to CLOSED state after a timeout. Many TCP
implementations create a new TCP connection ...
... TCP
implementations create a new TCP connection if they receive an in-
window SYN packet during TIME-WAIT state ...
... ECN introduces the use of the ECN-Echo and CWR flags in the TCP
header (as shown in Figure 3) for initialization. There exist some
faulty firewalls ...
... SYN packet MAY resend a SYN with CWR and ECE cleared.
This could result in a TCP connection being established without using
ECN.
...
... set two ECN-related flags in the Reserved field of the TCP header for
the SYN packet, while the responding TCP ...
... negotiation of ECN-capability with some
deployed TCP implementations. There exists at least one faulty TCP
implementation in which TCP ...
... ECN-capability with some
deployed TCP implementations. There exists at least one faulty TCP
implementation in which TCP receivers ...
... TCP implementations. There exists at least one faulty TCP
implementation in which TCP receivers set the Reserved field of the
...
... ACK) simply to reflect
the Reserved field of the TCP header in the received data packet.
Because the TCP SYN packet ...
... TCP header in the received data packet.
Because the TCP SYN packet sets the ECN-Echo and CWR flags to
...
... ECN-
Echo flag, the sending TCP correctly interprets a receiver's
reflection of its own flags in the Reserved field ...
... that the receiver is not ECN-capable. The sending TCP is not mislead
by a faulty TCP implementation sending a SYN ...
... ECN-capable. The sending TCP is not mislead
by a faulty TCP implementation sending a SYN-ACK packet that simply
...
... codepoint
is needed by a sender for all packets sent on a TCP connection,
ECT(0) SHOULD be used. If the sender receives an ECN ...
... ACK packet with the ECN-Echo flag set in the TCP
header), then the sender knows that congestion was encountered in the
...
... congestion loss in non-
ECN-Capable TCP. That is, the TCP source halves the congestion window
...
... ECN-Capable TCP. That is, the TCP source halves the congestion window
"cwnd" and reduces the slow start ...
... start threshold "ssthresh". The sending
TCP SHOULD NOT increase the congestion window in response to the
receipt of an ECN ...
... ACK packet.
TCP should not react to congestion indications more than once every
window of data (or more loosely, more than once every round-trip
time ...
... congestion indications more than once every
window of data (or more loosely, more than once every round-trip
time). That is, the TCP sender's congestion window should be reduced
...
... only once in response to a series of dropped and/or CE packets from a
single window of data. In addition, the TCP source should not
decrease the slow-start threshold ...
... within the last round trip time. However, if any retransmitted
packets are dropped, then this is interpreted by the source TCP as a
new instance of congestion.
...
... congestion window consists of only one MSS (maximum
segment size), and the sending TCP receives an ECN-Echo ACK ...
... Echo ACK packet,
then the sending TCP should in principle still reduce its congestion
window in half. However, the value of the congestion window is
...
... congestion window is
bounded below by a value of one MSS. If the sending TCP were to
continue to send, using a congestion window of 1 MSS ...
... round-trip time. It is necessary
to still reduce the sending rate of the TCP sender even further, on
receipt of an ECN ...
... use the retransmit timer as a means of reducing the rate further in
this circumstance. Therefore, the sending TCP MUST reset the
retransmit timer on receiving ...
... ECN-Echo packet when the congestion
window is one. The sending TCP will then be able to send a new
packet only when the retransmit timer expires.
...
... TCP sender sets the CWR flag in
the TCP header of the first new data packet sent after the window
reduction. If that data packet ...
... data packet is dropped in the network, then the
sending TCP will have to reduce the congestion window again and
retransmit the dropped packet.
...
... We ensure that the "Congestion Window Reduced" information is
reliably delivered to the TCP receiver. This comes about from the
fact that if the new data packet ...
... fact that if the new data packet carrying the CWR flag is dropped,
then the TCP sender will have to again reduce its congestion window,
...
... data packet with the CWR flag set. Thus, the
CWR bit in the TCP header SHOULD NOT be set on retransmitted packets.
When the TCP ...
... TCP header SHOULD NOT be set on retransmitted packets.
When the TCP data sender is ready to set the CWR bit after reducing
...
... ACKs, multiple duplicate acknowledgments, or retransmit
timeouts [RFC2581]. TCP also follows the normal procedures for
increasing the congestion window when it receives ACK ...
... data receiver sets the ECN-Echo flag in the TCP header of the
subsequent ACK packet. If there is any ACK ...
... ACK withholding implemented,
as in current "delayed-ACK" TCP implementations where the TCP
receiver ...
... Echo flag in
a series of ACK packets sent subsequently. The TCP receiver uses the
CWR flag received from the TCP ...
... TCP receiver uses the
CWR flag received from the TCP sender to determine when to stop
setting the ECN ...
... codepoint was set.
We have already specified that a TCP sender is not required to reduce
its congestion window ...
... its congestion window more than once per window of data. Some care
is required if the TCP sender is to avoid unnecessary reductions of
the congestion window ...
...
For the current generation of TCP congestion control algorithms, pure
acknowledgement packets (e.g., packets that do not contain any
...
... accompanying data) MUST be sent with the not-ECT codepoint. Current
TCP receivers have no mechanisms for reducing traffic on the ACK ...
... CE
codepoint set). For current TCP implementations, a single dropped ACK
generally has only a very small effect on the TCP ...
... TCP implementations, a single dropped ACK
generally has only a very small effect on the TCP's sending rate.
...
... Retransmitted TCP packets ...
...
This document specifies ECN-capable TCP implementations MUST NOT set
either ECT codepoint (ECT(0) or ECT(1)) in the IP header ...
... IP header for
retransmitted data packets, and that the TCP data receiver SHOULD
ignore the ECN ...
... spoofing the IP source address of
the TCP sender could send data packets with arbitrary sequence
numbers ...
... receiving
this spoofed data packet, the TCP data receiver would determine that
the data does not lie in the current receive window, and return a
...
... the data does not lie in the current receive window, and return a
duplicate acknowledgement. We define an out-of-window packet at the
TCP data receiver as a data packet that lies outside the receiver ...
... receiver's
current window. On receiving an out-of-window packet, the TCP data
receiver has to decide whether or not to treat the CE codepoint ...
... CE codepoint in an out-of-window
packet, then the TCP data sender would not receive this possibly-
legitimate indication of congestion ...
... end-to-end congestion control. On the other hand, if
the TCP data receiver honors the CE indication in the out-of-window
...
... CE indication in the out-of-window
packet, and reports the indication of congestion to the TCP data
sender, then the malicious node that created ...
... malicious node that created the spoofed, out-of-
window packet has successfully "attacked" the TCP connection by
forcing the data sender to unnecessarily reduce (halve) its
...
... congestion window. To prevent such a denial-of-service attack, we
specify that a legitimate TCP data sender MUST NOT set an ECT
codepoint ...
... codepoint on retransmitted data packets, and that the TCP data
receiver SHOULD ignore the CE codepoint ...
... ECN protection for retransmitted packets. However,
for an ECN-capable TCP connection in a fully-ECN-capable environment
with mild congestion ...
... ECN-capable
data packet within a TCP connection, then the TCP connection is
guaranteed to receive that indication of congestion ...
... data packet within a TCP connection, then the TCP connection is
guaranteed to receive that indication of congestion, or to receive
...
... When the TCP data receiver advertises a zero window, the TCP data
sender sends window probes to determine if the receiver ...
... network, this loss is not detected by the receiver.
Therefore, the TCP data sender MUST NOT set either an ECT codepoint
...
... tunneling, even if the encapsulated packet
(from the original TCP sender) is ECN-Capable. That is, if the
...
... IPv6) header and higher layer protocol headers (e.g., TCP), and hence
transport mode can only be used for end-to-end security ...
... Floyd94] considers the advantages and drawbacks of adding ECN to the
TCP/IP architecture. As shown in the simulation-based comparisons,
one advantage of ECN ...
... one advantage of ECN is to avoid unnecessary packet drops for short
or delay-sensitive TCP connections. A second advantage of ECN is in
avoiding some unnecessary retransmit timeouts in TCP ...
... TCP connections. A second advantage of ECN is in
avoiding some unnecessary retransmit timeouts in TCP. This paper
discusses in detail the integration of ECN into TCP ...
... TCP. This paper
discusses in detail the integration of ECN into TCP's congestion
control mechanisms. The possible disadvantages of ECN discussed in
...
... congestion
control mechanisms. The possible disadvantages of ECN discussed in
the paper are that a non-compliant TCP connection could falsely
advertise itself as ECN-capable, and that a TCP ACK ...
... TCP connection could falsely
advertise itself as ECN-capable, and that a TCP ACK packet carrying
an ECN-Echo ...
... first of these two issues is discussed in the appendix of this
document, and the second is addressed by the addition of the CWR flag
in the TCP header.
Experimental ...
... codepoint. When the use of the ECT(1) codepoint is
standardized for TCP or for other transport protocols, this could
mean that a data sender ...
... the ECT(0) packets, and dropping some of the ECT(1) packets, as
indications of congestion. Since TCP is required to react to both
marked and dropped packets, this behavior of dropping packets that
could have been marked poses no significant threat to the network ...
... router.
TCP requires three changes for ECN, a setup phase and two new flags
in the TCP header ...
... TCP requires three changes for ECN, a setup phase and two new flags
in the TCP header. The ECN-Echo flag is used by the data receiver ...
... this additional specification is to eliminate a possible avenue for
denial-of-service attacks on an existing TCP connection. Some prior
deployments of ECN ...
... deployments of ECN-capable TCP might not conform to the (new)
requirement not to set an ECT codepoint ...
... deployments of ECN-capable TCP might not conform to the requirements
specified in this document, we do not believe that this will lead to
...
... any performance or compatibility problems for TCP connections with a
combination of TCP implementations at the endpoints ...
... compatibility problems for TCP connections with a
combination of TCP implementations at the endpoints.
...
... This document also includes the specification of the ECT(1)
codepoint, which may be used by TCP as part of the implementation of
an ECN nonce.
...
... including many that we have not managed to directly acknowledge in
this document. In addition, we would like to thank Kenjiro Cho for
the proposal for the TCP mechanism for negotiating ECN-Capability,
Kevin Fall for the proposal of the CWR bit ...
... addressed the issues raised by non-conformant equipment in the
Internet that does not respond to TCP SYN packets with the ECE and
CWR flags set. We thank Mark Handley, Jitentra Padhye, and others
for discussions ...
... CWR flags set. We thank Mark Handley, Jitentra Padhye, and others
for discussions on the TCP initialization procedures.
...
... Floyd, S., "TCP and Explicit Congestion Notification", ACM Computer Communication Review, V. 24 N. 5, October 1994, p. 10-23. ...
... V. Jacobson, "Modified TCP Congestion Avoidance Algorithm", Message to end2end-interest mailing list, April 1990. URL ...
... Krishnan, H., "Analyzing Explicit Congestion Notification (ECN) benefits for TCP", Master's thesis, UCLA, 1998. Citation for acknowledgement purposes only. ...
... Stefan Savage, Neal Cardwell, David Wetherall, and Tom Anderson, TCP Congestion Control with a Misbehaving Receiver, ACM Computer Communications Review, October 1999. ...
... Jitendra Padhye and Sally Floyd, "Identifying the TCP Behavior of Web Servers", ICSI TR-01-002, February 2001. URL "http://www.aciri.org/tbit/ ...
... network. When a data packet is dropped, the drop is
detected by the TCP sender, and interpreted as an indication of
congestion ...
... TCP peer that it is
ECN-capable at the TCP level, conveying this information in the TCP
header at the time the connection is setup. This document does not
...
... ECN-capable at the TCP level, conveying this information in the TCP
header at the time the connection is setup. This document does not
consider potential dangers introduced by changes in the transport ...
... AH].
Another issue concerns TCP packets with a spoofed IP source address
carrying invalid ECN ...
... node could use the two ECN flags in
the TCP header to launch a denial-of-service attack. However, these
attacks ...
... attacks would require an ability for the attacker to use valid TCP
sequence numbers, and any attacker ...
... attacker with this ability and with the
ability to spoof IP source addresses could damage the TCP connection
without using the ECN flags. Therefore, ECN ...
...
An acknowledgement packet with a spoofed IP source address of the TCP
data receiver could include the ECE bit ...
... data sender as a valid packet, this spoofed acknowledgement packet
could result in the TCP data sender unnecessarily halving its
congestion window ...
... packet could also send a spoofed RST packet, or do other equally
damaging operations to the TCP connection.
Packets with a spoofed IP source address ...
... Spoofing a data
packet with the CWR bit set could result in the TCP data receiver
sending fewer ECE packets than it would otherwise, if the data
receiver ...
... than its "fair" share of the link. This limited demand could be due
to a limited demand from the data source; a limitation from the TCP
advertised window; a lower-bandwidth access pipe; or other factors.
...
... cooperative and not malicious) is thus allowed to continue to
increase its sending rate (if it is a TCP flow, by increasing its
congestion window). The flow ...
... congestion control by dropping packets. As an example, a router
cannot subvert TCP congestion control by dropping data packets,
...
... Thus, for packets sent with the CE codepoint set, the TCP end-nodes
could not determine if some router ...
... Another concern that was described earlier (and recommended in this
document) is that transports (particularly TCP) should not mark pure
ACK packets or retransmitted packets as being ECN ...
... TCP Header Flags ...
...
The codepoints for the CWR and ECE flags in the TCP header are
specified by the Standards Action of this RFC, as is required by RFC
2780 ...
...
The Transmission Control Protocol (TCP) included a 6-bit Reserved
field defined in RFC 793std7 ...
... Reserved
field defined in RFC 793std7, reserved for future use, in bytes 13 and 14
of the TCP header, as illustrated below. The other six Control bits
are defined separately by RFC 793std7 ...
... +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
TCP Header Flags
Bit ...