ARPANET Co-Founder Calls for Flow Management

An anonymous reader writes "Lawrence Roberts, co-founder of ARPANET and inventor of packet switching, today published an article in which he claims to solve the congestion control problem on the Internet. Roberts says, contrary to popular belief, the problem with congestion is the networks, not Transmission Control Protocol (TCP). Rather than overhaul TCP, he says, we need to deploy flow management, and selectively discard no more than one packet per TCP cycle. Flow management is the only alternative to peering into everyone's network, he says, and it's the only way to fairly distribute Internet capacity."

RMS on the same subject.

[gnutoo]

He seems to agree. This surprised me but it seems that equipment can do this fairly.

Re:RMS on the same subject.

[gnutoo]

The right link. Sorry about that.

I don't think it is unreasonable to give lower priority to large data transfers, when the net is loaded, as long as that is done fairly for all large data transfers.

Re:RMS on the same subject.

[The+Clockwork+Troll]

Agreed.

If they want an expert opinion on flow management, they really need to seek out Q-Tip of A Tribe Called Quest.

Re:RMS on the same subject.

[Idiomatick]

It immediately kills any worries that this could be used for "evil" as stallman wouldnt stand up for anything that could be used for censorship. Big-names can be useful sometimes, even in nerd circles.

Re:RMS on the same subject.

Maybe because as far as your rights go in relation to privacy, copyright, and computing in general, RMS is one of the few people that has dedicated their lives to defending those rights. If there is a problem that might infringing upon fair equal access to public information, who do you want to comment? Should those that make a buck off of charging you to get to said information be the only ones that have a right to comment or someone that is dedicated to preserving his and your freedom? I personally thing both have equal credit speaking on the subject.

Re:RMS on the same subject.

[shaitand]

Everyone has the right to comment. But unless they have some sort of special knowledge on the topic at hand their comment deserves no more weight than that of an AC on Slashdot.

I welcome comments from RMS on topics where he is an expert and will happily grant them weight. On other issues he is just another individual with a pulpit who somehow thinks I need him to tell me what to think.

Re:RMS on the same subject.

[timmarhy]

when did stallman become an expert on everything?

Re:RMS on the same subject.

[Culture20]

when did stallman become an expert on everything? Your question implies that he - at some point - was not.

Re:RMS on the same subject.

In this case he's not necessarily wrong, but certainly misleading. What he describes ("lower priority to large data transfers [...] as long as that is done fairly for all large data transfers") can't be done. It would require some form of trustworthy tagging (while we're dreaming, let's have world peace.) Otherwise a clogged router in the middle would throttle the traffic of a business, which uses one external IP address (web proxy, for example) on an expensive and fast uplink, harder than it would throttle the traffic of a measly DSL line. The information "large data transfer" is not available, plain and simple. Any attempt to use "number of TCP streams", "traffic per IP", "packet size" or other metrics as a substitute can easily be worked around and ultimately doesn't solve the problem, which is that users regularly can't use the network for the intended application because some higher-ups at the ISPs gave themselves a bonus or invested in technology for managing congestions instead of building a faster network. The edge routers could perform some sort of fair queuing, but obviously the edge routers are at a point where there shouldn't be a bandwidth shortage, because all customers pay for a defined uplink and if network congestion is a regular problem at that point, then the ISP oversold its capacity.

Re:RMS on the same subject.

[TooMuchToDo]

Kind of like saying, "When did Chuck Norris become a bad ass." He's always been a bad ass, just like the universe has always existed.

Re:RMS on the same subject.

[b4upoo]

In the U.S. ISPs are getting off too easily.Instead of worrying about flow controls we need to demand that internet capacity expands to meet demands. After all we pay for high speed connections and therefore have the right to demand high speed service. There is no reason that one cable has to run to a home. If demand is that great then run multi cables to each home and get the price down as well.

Re:RMS on the same subject.

[uncqual]

And one can also get insightful wisdom from this page such as:

01 April 2008 (McCain cites Osama bin Laden)

McCain cites Osama bin Laden to justify the continued occupation of Iraq.

Since 2001 there has been a persistent pattern in the "bin Laden" tapes: they say just the thing to help Bush and his associates domestically. It suggests that whoever makes these tapes -- whether it is Osama bin Laden or someone else -- is in cahoots with Bush.

That fits in with the theory that Bush either set up the 9/11 attacks or arranged to prevent them from being stopped.

RMS is obviously an insightful genius who understands logic and analysis very well...

Re:RMS on the same subject.

[cheesybagel]

Did you look at the date?

Re:RMS on the same subject.

[Prune]

I don't get it.

Re:RMS on the same subject.

[thrillseeker]

The universe exists because Chuck Norris allows it to exist ...

Re:RMS on the same subject.

[qmaqdk]

Kind of like saying, "When did Chuck Norris become a bad ass." He's always been a bad ass, just like the universe has always existed. Yes, but all is not perpetual. Chuck Norris has a challenger: http://www.youtube.com/watch?v=_1nzEFMjkI4

Re:RMS on the same subject.

[religious+freak]

What THE CRAP was THAT?!

Re:RMS on the same subject.

So, then mr. political expert (which I might remind you, has nothing to do with logic or analysis), why the fuck are we in Iraq? And no, McCain telling everyone that Bin Laden says it's okay for us to attack a country he's not in, does not explain a damn thing. Come on Mr. Logician give us the facts, cause a lot of people have been wondering as to whether or not we'll ever get a straight fucking answer. Honestly, a lot of people think Bush is a flat out crook, so when considering someone a criminal how is it insane to consider the crimes you think they may have done? I don't agree with Stallman, in all respects, but I would hardly call him a nut job. It's my opinion that Bush seems to do something strikingly criminal or amoral at least once every three months.

And where can I buy this flow management?

[Wesley+Felter]

Oh, from his company of course.

Re:And where can I buy this flow management?

[langelgjm]

I was about to chastise you for being overly cynical, but then I visited the website of the author:

Anagran eliminates congestion in the worldâ(TM)s busiest networks with Fast Flow Technologyâ, developed from the ground-up to specifically eliminate and resolve congestion created by the proliferation of todayâ(TM)s broadband applications such as video, P2P, voice, gaming, YouTube etc. â" anywhere in the network.

Re:And where can I buy this flow management?

[SEAL]

Funny, but true. The first thing that popped into my head reading that article was... it'll never gain acceptance because everyone will be trying to figure out "how can I monetize this?". Then I clicked the link at the bottom to his company and sure enough, there it is. :)

Re:And where can I buy this flow management?

[interiot]

That's an ad hominem, and an unnecessary one at that. A proposal to change something so important as TCP is bound to fail unless it has significant technical merit. To make things simple, let's just assume that the proposer openly admits they were motivated by self-interest to make the proposal. And the result is: nothing changes. Heck, Al Gore could make this proposal, and it wouldn't change the fact that proposals that are deeply technical will be evaluated on a technical basis.

Re:And where can I buy this flow management?

[Wesley+Felter]

I was being somewhat sarcastic. In reality I believe that Roberts decided that flow routing is a good idea and then started Anagran to implement it, so he's not a total opportunist. But even on a technical level, I'm having trouble finding people who like flow routing. So we have one expert with an idea that most of the other experts reject. So I don't quite trust this idea on a technical level and I don't entirely trust the guy who's selling it either.

Re:And where can I buy this flow management?

[zolf13]

There is no flow routing in Anagran solution - it is just per (TCP) flow shaper/policer that you put at the ingres/egress of your network.
Anyway, in 99% of cases to achieve same thing you could use Linux with SFQ queueing.

Re:And where can I buy this flow management?

[StonyUK]

Damn, that's a funny sig!

Re:And where can I buy this flow management?

[Iamthecheese]

"Drop a packet on a regular basis" isn't really something that money could be made from. Even if it took years for an expert to come up with that, any patent would simply be unenforceable.

Re:And where can I buy this flow management?

But even on a technical level, I'm having trouble finding people who like flow routing. So we have one expert with an idea that most of the other experts reject. So I don't quite trust this idea on a technical level and I don't entirely trust the guy who's selling it either.

The concept of "trust" doesn't really make much sense in this matter. As this is a purely technical subject, the scientific method offers us countless ways to test and extract meaningful information regarding the suggestions being presented to us. That means that you do not need any talking head manipulating your perception in order to get an idea of where the truth is.

inventor of packet switching

Larry Roberts was co-founder of the ARPAnet, but he did NOT invent packet switching. That invention goes to Donald Davies of the National Physical Laboratory in the UK. His work was well-credited by the ARPAnet designers.

Re:inventor of packet switching

Larry Roberts was co-founder of the ARPAnet, but he did NOT invent packet switching.

Oh really. Well then how come you never see any saccharin on the table? Now it's always either Sweet-n-Low or Equal. Explain that one. And don't even get me started about Splenda.

Re:inventor of packet switching

[the+eric+conspiracy]

It is not quite that simple. There were multiple researchers working in that area at the same time, including Kleinrock and Baran. Kleinrock has a good claim based on a 1961 publication and his PhD dissertation. Baran clearly developed the concept in conjunction with his ideas about secure networks. Davies has a good case because he built the first working example.

If you ask Larry Roberts he would say that the honor belongs to Kleinrock.

Personally I don't think that you can say that there is a sole inventor because several people contributed to the seminal idea.

Re:inventor of packet switching

Chronologically, Paul Baran developed the idea before Davies. However, both developed the idea independent of the other.

That's all fine...

[Em+Adespoton]

The problem is, some people will start throwing away 2 packets instead of 1 so that they can get more "throughput" on more limited hardware. Someone else will compete by tossing 3, and the arms race for data degradation will begin.

Will this method really offset the retransmits it triggers? Only if not everyone does it, unless I'm missing something.

What might work better is scaled drops: if a router and its immediate peers are nearing capacity, they start to drop a packet per cycle, automatically causing the routers at their perimeter to route around the problem, easing up on their traffic.

It still seems like a system where an untrusted party could take advantage to drop packets in this manner from non-preferred sources or to non-preferred destinations however.

Re:That's all fine...

[CodeBuster]

It still seems like a system where an untrusted party could take advantage to drop packets in this manner from non-preferred sources or to non-preferred destinations however. Sounds like something that Comcast might do...

Re:That's all fine...

[markov_chain]

Routing does not change based on traffic on that short a timescale, it changes if a link goes down, or a policy agreement changes, an engineer changes some link allocation, etc. Doing traffic-sensitive routing is hard because of oscillations; in your example, would the perimeter nodes switch back to the now congestion-free router?

Re:That's all fine...

[jd]

Ok, here's the theory. Two packts have travelled some distance along two distinct paths p1 and p2. If nothing is done, then at least one packet is guaranteed lost, and quite likely both will. Thus, you will need to retransmit both packets, thus hitting every node along p1 and p2 will have the total traffic shifted over some given time period increased. When traffic levels are low enough, the extra traffic is absorbed into the flows and there's no impact beyond a slight fluctuation in latency.

If the total traffic is above some certain threshold, but below a critical value, then a signficant number of packets will be retransmitted. This causes the load to increase, the next cycle around, causing further packet loss and further retransmits. There will be a time - starting with a fall in fresh network demand - in which observed network demand actually rises, due to accumulation of erors.

There will then be a third critical value, close to but still below the rated throughput of the switch or router. Provided no errors occur, the traffic will flow smoothly and packet loss should not occur. This isn't entirely unlike superheating - particularly on collapse. Only a handful of retransmits would be required - and they could occur anywhere in the system for which this is merely one hop of many - to cause the traffic to suddenly exceed maximum throughput. Since the retransmitted packets will add to the existing flows, and since the increase in traffic will increase superlinearly, that node is effectively dead. If there's a way to redirect the traffic for dead nodes, there is then a high risk of cascading errors, where the failure will ripple out through the network, taking out router/switch after router/switch.

Does flow management work? Linux has a range of RED and BLUE implementions. Hold a contest at your local LUG or LAN Gamer's meets, to see who can set it up the best. Flow management also includes ECN. Have you switched that on yet? There's MTUs and window sizes to consider - default works fine most times, but do you understand those controls and when they should be used?

None of this stuff needs to be end-to-end unless it's endpoint-active (and only a handful of such protocols exist). It can all be done usefully anywhere in the network. I'll leave it as an exercise to the readership to identify any three specific methods and the specific places on the network they'd be useful on. Clues: Two, possibly all three, are described in detail in the Linux kernel help files. All of them have been covered by Slashdot. At least one is covered by the TCP/IP Drinking Game.

Re:That's all fine...

[klapaucjusz]

Linux has a range of RED and BLUE implementions. Hold a contest at your local LUG or LAN Gamer's meets, to see who can set it up the best.

RED is tricky to set up, but neither Blue nor PI require much tuning, if any. (I'm running Blue on all of my 2.6 Linux routers, and RED on all the 2.4 ones.)

Flow management also includes ECN. Have you switched that on yet?

Yes, I have. On all of my hosts and routers. It's a big win for interactive connections, but doesn't matter that much for bulk throughput.

There's MTUs and window sizes to consider - default works fine most times, but do you understand those controls and when they should be used?

Unless you're running some fancy link technology, you don't get to tune your MTU. If, like most of us, you're running Ethernet and WiFi only, you're stuck with 1500 bytes.

As for window sizes, they're pretty much tuned automatically nowadays, at least if you're running a recent Linux or Windows Vista.

Re:That's all fine...

How does dropping packets increase throughput? Taking your logic to its end suggests that a router which does nothing (drops all its packets) has the highest possible throughput.

Re:That's all fine...

[Somecallmechief]

When I lived in Germany, if I drove the exact speed limit (no more, no less) and if conditions were largely normal, I would rarely encounter stop lights in transit through the city. Traveling above or below the speed limit, which is to say breaking the rules, yielded different results. I'm no advocate of Internet regulation. However. In an *ideal* environment, in which the regulatory body constantly revises its rules to match real world parameters AND fosters independent, third party groups to design faster, safer and more reliable methods of transit--traffic CAN flow *more* efficiently. Traffic is traffic, whether by bit or car; and for a country to achieve safe and reliable speeds of 300 Kph on their autobahn, something must be right. Of course, accidents happen (inevitably). The rules (implicit or explicit) are broken by select individuals with radar detectors and jammers, drunks, or the careless. The existence of the rule has no causal relationship to its enforcement. *If*, however, a regulatory system were divinely crafted; and *if* transport methodology were improved... Well, that's a big if. At least someone, somewhere, somehow is taking a stab at the tofu. I applaud the sentiment, if not the practicality.

Re:That's all fine...

[Xarin]

The problem is, some people will start throwing away 2 packets instead of 1 so that they can get more "throughput" on more limited hardware. Someone else will compete by tossing 3, and the arms race for data degradation will begin. Our routers go to 11

Re:That's all fine...

[MK_CSGuy]

It still seems like a system where an untrusted party could take advantage to drop packets in this manner from non-preferred sources or to non-preferred destinations however.

Nothing stops them from doing it today, just look at all those ISPs that drop Bittorrent packets.

Re:That's all fine...

[jd]

There's MTUs and window sizes to consider - default works fine most times, but do you understand those controls and when they should be used?,

Unless you're running some fancy link technology, you don't get to tune your MTU. If, like most of us, you're running Ethernet and WiFi only, you're stuck with 1500 bytes. As for window sizes, they're pretty much tuned automatically nowadays, at least if you're running a recent Linux or Windows Vista.

Youl'll find the Web100 patch for Linux provides much better auto-tuning than the default. I don't know if/when it will go into the mainstream kernel, but I can think of very few patches more important. MTU settig is a Black Art. Setting it to 1500 will maximize total bytes transmitted, and the size of packet won't seriously impact the probability of the packet being lost, but WILL impact the recovery time and the storage requirements for recovery. 1500 also doesn't fit on a page boundary, reducing the theoretical maximum load on the system.

RED shouldn't be too hard, although there are a lot of RED-based systems (GRED, SRED, WRED, etc) and some of these are nasties. Also, BE AWARE, some frikkin' idiot wrote the basic RED implementation as a pipe, not as something applied to a pipe, so you cannot use it as expected and you cannot directly compare that RED implementation with other QoS, as it's a totally different form.

Multimedia is a b*tard, because the QoS methods you need (BLACK, WHITE and PURPLE are specifically designed for types of multimedia flow) do not exist for Linux as far as know. The alternative to using QoS would be to use RSVP or MPLS, but that requires every router between source and destination to recognize the protocols, auhorize their use, and then honour them. Not going to happen.

However, different tricks can be used, according to circumstance. If multiple nodes will nominally get the same data but some of it is corrupted in each case, there are methods of finding the nearest neighbor who can retransmit a packet, If there is uncertainty a to what is correct, the classes of problem normally described in terms of Byzantium generals include solutions to this.

Re:That's all fine...

[riflemann]

Routing does not change based on traffic on that short a timescale, it changes if a link goes down, or a policy agreement changes, an engineer changes some link allocation, etc. Doing traffic-sensitive routing is hard because of oscillations; in your example, would the perimeter nodes switch back to the now congestion-free router? Actually, many large scale networks *can* change routing based on congestion.

The mechanism used is MPLS, using RSVP TE.

Essentially, traffic is classified based on chosen parameters (protocol, port, etc) and placed into logical tunnels, and each can reach the same destination via a different path. Every so often (depending on administrator configuration, often 15 minutes), the router looks at utilisation of each tunnel on each interface, and can signal a different path for various tunnels in case of congestion.

With suitably fine grained tunnels and hysteresis configured, oscillations can be kept at bay.

For a large network with no defined central backbone, it can result in very even distribution of traffic, even when source and destination networks are the same.

Re:That's all fine...

[nbucking]

If a router is congested just replace it with a new router with a higher capacity. Isn't that the way we have dealt with this so far? From my experience most routers only run at 10 percent capacity anyway. The solution relies mostly on the need of the network. If a network has out grown current router tech then it needs to be split up into a smaller networks. Or in other words get a second router and use VPN to connect the obese network. TCP seems to be doing it's job and the internet is too big for a dramatic change. I wonder if IPv6 is ever going to work out.

Re:That's all fine...

[funchords]

Does flow management work? Linux has a range of RED and BLUE implementions. Hold a contest at your local LUG or LAN Gamer's meets, to see who can set it up the best. Flow management also includes ECN. Have you switched that on yet? There's MTUs and window sizes to consider - default works fine most times, but do you understand those controls and when they should be used?

THIS IS THE FREAKIN' PROBLEM: The solutions that are IETF vetted and improved as STANDARDS do not come in the door to the service providers, waving fat perks and kickbacks as an incentive to buy. Neither CABLE TV COMPANIES nor TELEPHONE COMPANIES invested the internet. In their eyes, the only good solutions are new solutions.

Deep Packet Inspection seems like a solution looking for a problem. But if the problem is that the public generally has too much control over the Internet, then Deep Packet Inspection is the answer.

Somehow, we've made it this far despite decades of explosive growth and bandwidth congestion.

The Best 10-Minute Explanation of the Network Neutrality Issue

Re:That's all fine...

[db32]

Only distance vector routing protocols are reduced to link going down. Link state protocols can factor a huge variety of metrics in. Link speed, bit error, arbitrary numbers (policy), or (drum roll...) congestion. Link state routing protocols aren't exactly new or uncommon these days either.

Re:That's all fine...

[jd]

In their eyes, the only good solutions are new solutions.

I beg to differ. They're after profit, although novelty never hurts in advertising. I think that in their eyes, the only good solutions are the ones that cost the consumer more or give the consumer less. Preferably both. Switching on QoS on their routers (it's standard on Cisco and I'm pretty sure Juniper as well, so that's all the ISPs you need to give a damn about) would cost nothing but - by reducing turbulent data flows - give customers more. Since most xDSL and cable modems use Linux and Linux has QoS, it shoudn't be hard to notify customers or even just switch the damn thing on by default in the next system image.

The chair of Internet Czar officially still exists but is unoccupied. That might be a good place for politically-savvy geeks to press the case for QoS. It's all about labels. You could have an IQ of 2,000,000 and thirty simultaneous senior programmer roles, but executives will simply see you as a lesser lifeform. Same person as Internet Czar would be worshipped by the same executives as a god.

toss one packet?!

[ILuvRamen]

I'm not big on networking but if I'm sending data to someone and some "flow management" dumps one of the packets, won't my computer or modem just resend it? Seems like not such a good idea to me.

Re:toss one packet?!

[denormaleyes]

Yes, your computer will resend it. But it does even more! TCP interprets dropped packets as congestion and will reduce its load on the network, generally by 50%. Dropping more than one packet per round trip just serves to confuse TCP a bit more but the net effect is the same: reduce the load by 50%.

Re:toss one packet?!

[Nibbler999]

It will get resent via a different path, hopefully one that it is less congested.

Re:toss one packet?!

[shaitand]

'I'm not big on networking but if I'm sending data to someone and some "flow management" dumps one of the packets, won't my computer or modem just resend it?'

Yes and when the retransmission occurs the router may be able to handle your packet. The router won't be overloaded forever after all.

The bigger part of the equation is that with TCP the more packets are dropped the slower you transmit packets. With this solution the heaviest transmissions would have more packets dropped and therefore be slowed down the most.

I admit, I'd have to check the details of the protocol to see if this is open to abuse by those with a modified TCP stack. The problem is that the packets are dropped in a predictable manner and a modified TCP stack could be designed to 'filter' the noise and yet still degrade when other packets are lost and provide a reliable connection.

Re:toss one packet?!

[markov_chain]

Yes, TCP congestion control relies on everyone following the protocol. If you hack your TCP stack to send each packet twice, not cut down the congestion window, etc., you can get better performance. In practice, anyone doing this on a scale large enough to be noticed (think Apple) would get yelled at by the ISPs. Big players wouldn't do it because if the majority of users tried to cheat their performance would get worse.

IMHO hacks like this don't help enough to go through the trouble of installing, and if they do help, they likely need both endpoints to cooperate in which case you might as well use a custom UDP protocol.

Re:toss one packet?!

[mapleneckblues]

Ummm no. TCP would reduce its window size and slow down.

Re:toss one packet?!

[dynchaw]

Yes, your computer will resend it but due to the sliding window protocol http://en.wikipedia.org/wiki/Sliding_window it will also reduce the speed at which it is sending. By dropping a packet TCP will detect congestion and reduce the size of the window. For every dropped frame it will reduce the window by a factor of 2. Each time an entire window is sent without a drop, it increases the size of the window by one.
So it quickly drops down to below the available bandwidth then slowly grows the speed up to it.

This normally happens auto-magically between the two ends of a TCP connection to grow the connection to the capacity of the smallest link in the chain as a result of random drop or FIFO queues. By tracking each flow and their window management, the window size and thus speed of the flow can be controlled by any hop in the chain.

Re:toss one packet?!

This all seems like an extraordinarily bad idea. I admit ignorance to a certain degree but flow control at the IP layer is flawed for several reasons:

1. There is little avaliable information and context to make smarter decisions that can only be made intelligent at higher levels of the stack (For example dynamically changing codecs) What constitutes a 'flow' is easy for HTTP but quite difficult to understand for many other protocols including P2P clients.

2. Implementing flow control algorithms on top of other flow control algorithms is typically the very definition of disaster.

Re:toss one packet?!

[shaitand]

Big players wouldn't do something like use a hacked TCP stack, but a P2P application might. Just as there are P2P applications that use a hacked version of their own protocol to thwart fairness efforts.

20 million P2P users with hacked stacks in this scenario would probably result in poorer performance and greater congestion than we have now.

Re:toss one packet?!

[markov_chain]

Ultimately, cheating doesn't help if enough people do it, whether it's by using hacked TCP stacks, or roll-your-own UDP protocols. The only real way to improve performance is to grow the network capacity.

Re:toss one packet?!

[timmarhy]

it works kind of, but it's murder on things like games which need a good ping time.

in short i'd drop any isp that did this

Re:toss one packet?!

[fltsimbuff]

This actually looks like a form of something a lot of Cisco equipment already does to prevent "synchronization."

Let's say you have 500 hosts sharing a "fat pipe." If During peak times, the combined throughput used by TCP applications cause all available bandwidth on the link to be consumed. The result is, at that instant that all available bandwith is consumed, packets get dropped suddenly and indiscriminately. This means that 500 hosts all lose a slew of packets.

Per TCP specifications, when packets aren't acknowledged, all 500 hosts back off for a moment, and then retransmit at approximately the same time, causing another sudden burst in bandwidth usage, and more dropped packets.

This problem compounds until all hosts are simply busting packets, dropping packets, backing off, and repeating. The solution to this was a technique called "RED (Random Early Detection).

What this does is essentially detect when bandwidth is almost completely utilized, and then starts selectively and "fairly" dropping packets from the TCP streams. This causes the hosts to gradually back off, until bandwidth consumption is back in check. The result is that the whole "synchronization" issue is avoided, and the link is better utilized, as throughput is constant and reliable.

There is a variation called WRED or "Weighted Random Early Detection", in which certain types of packets get cut before others. This would allow the router to avoid dropping VoIP traffic, while implementing RED on non-realtime streams instead.

You can read more about this technique here: http://www.cisco.com/en/US/docs/ios/12_0/qos/configuration/guide/qcconavd.html

Re:toss one packet?!

[riflemann]

I admit, I'd have to check the details of the protocol to see if this is open to abuse by those with a modified TCP stack. The problem is that the packets are dropped in a predictable manner and a modified TCP stack could be designed to 'filter' the noise and yet still degrade when other packets are lost and provide a reliable connection. You'd have to modify the stack at both ends of the connection, as each end expects defined TCP behaviour. If you are a downloader, and a packet you're downloading gets lost, the other end will need to retransmit, and it _will_ slow down if it has to retransmit, so there's no way around this.

Of course, if you have access to both ends, then theres no reason at all for you to use a defined protocol (TCP), you could just blast data between them using any mechanism, and get around congestion control mechanisms dependent on TCP behaviour.

Hmmm

Why didn't he think of that 40 years ago?

Why not now?

[eldorel]

Can someone explain why this hasn't already been implemented?
Seems like there would have to be a good reason, otherwise this would just make more sense, right?

Re:Why not now?

[shaitand]

I dunno but he said the flow management idea was just presented recently.

Re:Why not now?

[Burdell]

Overhead. Right now, routers just track individual packets: receive a packet, look up the next-hop IP in the forwarding table (which might have 250,000 entries), and send it on its merry way. To do anything based on flows, routers would have to keep track of all the active flows, which amounts to all open TCP connections going through that router. For an active router, there would be millions of active flows at any one time, so the overhead would be huge. This would be like a NAT or stateful firewall device that could do line-rate forwarding at gigabit, 10G, or 100G port speeds.

You also have problems tracking flows; routes change, so while a router may be tracking an active flow, the flow may choose another path. The router has no way of knowing this, so it has to keep track of the flow until it times out (and the timeout would have to be more than just a few seconds).

There are flow-based router architectures, but they are not generally used for ISP core/edge routers because there are too many ways they can break.

Re:Why not now?

[markov_chain]

Good post. Another issue is that many flows are way too short for flow-tracking to help.

Re:Why not now?

Im not sure how this is different from Flow based WRED
http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/flowwred.html

Re:Why not now?

[Burdell]

Netflow/Jflow are for statistics, and on the larger routers, they are just sampled (not every packet/flow is monitored, just one out of every N packets). Originally netflow could be used as a packet switching method on Cisco, but it is just for statistics now.

Re:Why not now?

Why are you claiming that it hasn't been? What is your agenda?

Random early detection (RED) has been used for over a decade even in low end cisco routers and with Linux. It was first introduced in a paper from Van Jacobson in 1993. While it doesn't guarantee that a single stream won't lose more than a single packet, it is likely because it randomly picks packets to drop.

Re:Why not now?

Can someone explain why this hasn't already been implemented?

It has been implemented and abandoned already because it doesn't scale. Serious routers today use the concept of interface adjacency: for a given inbound packet there are only a few possible destinations: they are each of the interfaces on the router.

When a route is installed into the FIB, you can recursively follow that route until you find the egress interface and the layer 2 address of the next hop - those will typically never change! So long as the router always keeps this adjacency information up to date, individual packets never need to have a route lookup performed - the destination prefix is checked in the adjacency table, the layer 2 header is rewritten, and the packet is queued for egress on the appropriate interface.

This allows for substantially higher throughput (in packets per second) than other methods because the adjacency table can be cleverly stored in content-addressable memory that provides constant time answers. A prefix will be installed in a content-addressable memory circuit as a lookup key. The value associated with that key is a pointer into the adjacency table that holds the interface and layer 2 information for that prefix.

By reconsidering the routing problem, and by using some smart circuits, the route lookup for a single packet has been reduced from O(k) to O(1), where k is the length of the longest prefix. For IPv4, that's up to 32-bits - so that means you do a single fetch and lookup instead of 32 or so comparisons for each packet. At a million packets per second, that's a huge difference.

Traditional flow-based routing requires creating in-memory structures for each flow, collectively called the flow cache. Each packet requires an initial full route lookup, which builds the structures for that flow. Then, subsequent packets in that flow can be matched against the cache and switched directly to the egress interface. This operation is much closer to that of a contemporary firewall. The good thing about this method is that it gives you a lot of visibility into the traffic. The bad side is that it requires a very large amount of memory for all of these structures. When that memory is exhausted, you can't route anymore flows!

This comparison is a bit apples to oranges - the adjacency table described above is pretty much state-of-the-art for off the shelf gear, while the flow cache architecture is highly dated. But without some substantial advances in the ways flows are created, tracked, and expired, no flow router is going to reach the number of packets per second that are required for very large installations in the Internet.

Re:Why not now?

[klapaucjusz]

To do anything based on flows, routers would have to keep track of all the active flows, which amounts to all open TCP connections going through that router.

Only if you want to be fair.

In practice, however, you only want to be approximately fair: to ensure that the grandmother can get her e-mail through even though there's a bunch of people on her network running Bittorrent. So in practice it is enough to keep track of just enough flow history to make sure that you're fair enough often enough, and no more.

A number of techniques have been developed to do that with very little memory; my favourite happens to be Stochastic Fair Blue.

Re:Why not now?

[skiingyac]

I have to think tracking/throttling the rate per IP has to be already done by ISPs where bandwidth is a problem. Otherwise all the P2P sessions as well as UDP traffic (which doesn't have congestion control and so doesn't respond to a loss by reducing its rate) would clobber most TCP sessions. Fixing TCP will just lead people to use UDP. Skype, worms, and P2P applications already exploit UDP for exactly this reason. So, cut straight to the chase, don't bother with making TCP fairer or whatever, just do per-IP rate control at the ISP level.

It isn't clear why this needs to be done in the core routers at all instead of just at the endpoints, if the goal is to make P2P traffic more manageable. P2P using so many flows (and different routes) will probably just get around any core-based solution anyway.

Also "loss unfairness" is already solved by ECN, but ECN (which is implemented) isn't really used as much as it should/could be, because some routers drop your packets if you use it (I believe either chase.com or chaseonline.com still does this?), and nobody really cares. Why add something else to the client stacks that nobody will end up using either? That is basically why this hasn't been implemented.

Re:Why not now?

[roblaird]

Cisco CEF does pretty much what you describe. It avoids the route table lookup by keeping an adjacency table of recent connections, and switches the packet to the correct port. CEF is one of three route caching technologies on Cisco routers, and is default on modern versions of IOS. Route table lookups (i.e. process switching) are only done when there is no cache entry, either because it's the first flow or the entry has aged out of the adjacency table. Cisco CEF

Re:Why not now?

[the+eric+conspiracy]

Unfiltered netflow data can add up to about 10% of the total throughput of the router. That's like getting a drink of water through a fire hose.

Re:Why not now?

[Burdell]

Ahh, the Customer Enragement Feature. It isn't a table of "recent connections" or really any kind of cache. CEF builds a forwarding table from the routing table; the forwarding table has all routes resolved to the next-hop interface. When there is a routing table update, a CEF forwarding table update is also made; the CEF forwarding table has just as many entries as the routing table. CEF has nothing to do with flows or connections.

Re:Why not now?

[ghjm]

Yes, you are precisely right. As things stand now, there's no good reason why tier one networks need to buy vast amounts of new routing infrastructure - what they already own works just fine. With this new plan, they will all have to buy ten times more hardware, which will return us all to the glory days of the dot com era. Or at least will return Lawrence Roberts to the glory days of the dot com era.

Why, did you think this plan had something to do with providing better service to end-users? When does that ever happen?

-Graham

Re:Why not now?

[Z00L00K]

Actually - it is possible to do, it comes down to routing protocols.

There are a few problems to do good routing:

1. The address allocations aren't reflecting the topology of the network, it has just been growing organically. Therefore the routing tables are horrible.
2. Routing protocols were designed for robustness and not for the most effective path. Robustness and effectiveness intersect so we do have a relatively good network anyway. Some protocols are better than others too, and there are other that are proprietary that could have been used (like EIGRP) but aren't since not all manufacturers have implemented them.
3. Effective routing needs processing power. To limit the utilization of a processor in a router the processing is often optimized by caching. This means that even if you have two parallel lines and haven't disabled the caching you will effectively only use one line. It is possible to disable the caching.
4. Network topology is important to get right. To avoid circular routing of packets the general setup is to make star-shaped networks. This is really from the performance point of view an ineffective setup. It also means that even if you live in Boston and are going to transfer a file to your neighbor across the street the packets can be doing a turnaround in Philadelphia just to switch between ISP:s. And that's bad for the overall network performance.

I actually did surprise a guy once because he expected a file transfer to take about two hours and he didn't know that I had disabled the routing cache for those two parallel lines that we had to the other site and when the transfer ended in under an hour he suspected something was wrong, but the entire file was there. Then I told him... It made my day that day! The parallel lines were only 64k lines and the router weren't that loaded so it made sense to disable the cache in that case.

Re:Why not now?

[Z00L00K]

And don't forget that a flow not necessarily has to go one path but actually can take multiple paths. This means that directing a flow through a single path can be a bad idea. Allowing it to trickle through multiple paths is a better idea.

Just compare it with how water can flow through a maze with multiple ways through the maze. The trick is to avoid bottlenecks.

Another issue is that even though the path that seems to have the best performance from the view of the end-routers may actually be the worst since the traffic in some major links is too high.

It's like car traffic - sometimes it's better to take the back road instead of the highway because the highway is clogged.

Re:Why not now?

[riflemann]

To do anything based on flows, routers would have to keep track of all the active flows, which amounts to all open TCP connections going through that router. For an active router, there would be millions of active flows at any one time, so the overhead would be huge. This would be like a NAT or stateful firewall device that could do line-rate forwarding at gigabit, 10G, or 100G port speeds. Bollocks.

Any modern router worth its salt, _especially_ ones used in large networks, use flow based mechanisms for routing.

Lets say a router has three possible, equal cost, paths to a destination network. Which path will it take? In the old days, it would pick one of those paths and stick with it. But that results in 2/3 of the network being unavailable.

In the case of many destination routes, it might seem to be even, but if one of the destination networks has a much higher traffic flow than the others, you will still get very uneven traffic.

So modern routers create a hash, based on source IP, destination IP, protocol, source port and destination port. The results of the hash are then used to determine the path to take.
Using this mechanism, lots of flows between the same networks will actually follow multiple paths, and get maximum utilisation of the network.

And there's no reason to keep track of the actual flow, the results of hashing each packet dynamically determine flow behaviour. Keeping track of a few million flows isnt particularly hard, given how cheap ram is nowadays.

If the path changes, you just re-initialise your congestion control on the new routers, with little to no disruption to the TCP connection.

Re:Why not now?

[Burdell]

Equal cost multipath is rarely used in large Internet routers because even that decreases the packets-per-second throughput of the router. Also, using a hash is not the same as tracking flows; an individual TCP connection flow will always take the same path (unless the routes change) because the hash is always the same (but the hash is not stored anywhere). For the "flow management" scheme to work, the router actually has to keep track of all active flows to know which ones are eligible for packet drops. The RAM used for router forwarding tables is also not cheap because it is not normal RAM, it is TCAM. You'd have to have a lot more TCAM to store enough information about all active flows (since you would need to track at least an order of magnitude more flows the forwarding entries, and each flow entry would be several times as large as a forwarding entry).

Re:Why not now?

[tuomoks]

They did but networks were still thought to be a (relatively) slow medium. Many other reasons probably because this behavior was already known on hardware channels, buses, pipelines, etc but was not seen a real problem in network. TCP especially because it is seen as a "streaming" protocol instead of using datagrams, messages, blocks, whatever when in reality on lover level it isn't that (except when you have the pleasure to use IP traffic over old comm. protocols, modems, UARTs, etc)
Back to subject, I also don't think that the proposed way dropping packets would work, at least not for long. The network speeds are increasing and any pacing, throttling, whatever should really be based on real delivery - not on arbitrary timeouts or polling. Both have been proven to real problematic when talking fast delivery, on long end eat (much) more resources and the trashing, pulsing, etc come difficult.

Re:Why not now?

[tuomoks]

Yes, a very good point. I have designed network systems which, even they still look like TCP for applications, are actually using UDP - TCP was too inefficient over any wireless routed through public networks. We just couldn't get a steady flow when number of the users did go over 10K. There comes other benefits as message bundling, chaining, etc but they could be done in TCP if the system wouldn't have to wait some arbitrary timeout or ack for an window. People seem to forget that TCP is a transport protocol so all these tricks should really have no effect but how protocols are today - they do!

Re:Why not now?

[skiingyac]

What kind of wireless networks do you work with? I do a lot of multihop wireless stuff and would be interested to know more details on this.

Re:Why not now?

[tuomoks]

Mostly public safety and mobile workforce. This approach only works (well?) when you control both ends (applications and/or comm. stack and/or proxies obviously). It has its weaknesses, especially very large messages (fragmentation and bundling optimization, default buffer sizes on network) or if used too aggressively - would need more research and design but mostly works well. Actually started because we needed reliable roaming communications over different types of networks - private (X.25, Motorola, Ericsson, etc) as well as CDPD, satellites and WiFi/cellular to mobile devices. There are some other benefits on authentication, en/decryption and application routing levels also which need a certain lengths guaranteed.

Flow control???

[3-State+Bit]

So now we actually DO need to make the Internet more like a series of tubes??? brain asplode

Should be able to get it anywhere.

[gnutoo]

I have been told that the ability to do this has been around since the 1970s. Don't all equipment makers have some version?

He's even got the *look.*

[zippthorne]

Doesn't the picture kind of look like the juice-man? Or more generally, "Active old guy, excited about stuff, selling nearly worthless Ronco trinkets"

Reduce hop count.

[suck_burners_rice]

This does not sound like a correct solution. Rather, emphasis should be placed on installing more links, both in parallel to existing links, and "bypass" links that will shorten the number of hops from one given location to another. Whether based on copper, fiber, satellite, or other technology, the sheer number of separate paths and additional routing points will make a huge difference. Special emphasis should be placed shortening the hop count between any two given areas.

Re:Reduce hop count.

[mapleneckblues]

and while we are at it, why not make the Internet a fully connected mesh eh?

Beyond flow fairness, user fairness...

[nweaver]

ANy device sophisticated enough to do the flow fairness described can also do "user" fairness by averaging behavior across multiple flows from the same soure, and the behavior of the source over time.

This solves the P2P problem, and has a bunch of other advantages.

Note, also, you only need to do this at the edges, as the core is pretty overprovisioned currently.

Re:Beyond flow fairness, user fairness...

[shaitand]

That brings up a question of entitlement. It suggests that there are users who should be punished.

Those who engage is low bandwidth activities are not entitled to more bandwidth while those engaging in high bandwidth activities are entitled to less. Both are entitled to equal bandwidth and have the right to utilize or not utilize accordingly.

Re:Beyond flow fairness, user fairness...

[Digi-John]

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty, and as much Bandwidth as they can take?
People act like implementing bandwidth limits and such is some sort of human rights violation--call the UN, my bandwidth has been capped!

Re:Beyond flow fairness, user fairness...

[shaitand]

bandwidth caps aren't the problem, pretty much everyone implements bandwidth caps. We are talking about punishing people who use their connections.

I have an eight megabit connection. But not really, the connection is actually much faster than that, my bandwidth is capped at eight megabit. I have no problem with that. After all, I pay for unlimited use of an eight megabit connection. The problems come when you can't actually deliver that eight megabits on an unlimited basis despite me paying for it.

Now, if you can't deliver what you promised AND you are giving priority to someone else who doesn't use the service they pay for I am going to be really pissed.

We are entitled with rights not because some magic man in the sky grants them but because we paid for a service. By not providing that service and taking our money the ISPs are stealing from us.

Privacy issues?

[jmac880n]

It seems to me that by moving knowledge of flows into the routers, you make it easier to tap into these flows from a centralized place - i.e., the router.

Not that tapping connections can't be done now by spying on packets, of course, but it would make it much cheaper to implement. High-overhead packet matching, reassembly, and interpretation is replaced by a simple table lookup in the router.

Donning my tinfoil hat, I can foresee a time when all routers 'must' implement this as a backdoor...

Re:Privacy issues?

[Creepy+Crawler]

Then I can run a Linux router, with honeyd where the backdoor must be.

Weird solution

[Percy_Blakeney]

I couldn't help but laugh a bit at his solution. He talks about "flow management" being put into the core of the network to solve TCP's unfairness problem, but at the end of the article he says:

Although the multi-flow unfairness that P2P uses remains, flow management gives us a simple solution to this: Control each flow so that the total traffic to each IP address (home) is equally and fairly distributed no matter how many flows they use.

So, in other words, his solution to the "P2P problem" is just a fancy version of a token bucket.

Re:Weird solution

[markov_chain]

Good luck doing that on a core router passing millions of flows, like another comment above said.

Another point is that TFA seems to imply that fixing TCP, whatever that means, will somehow solve the network congestion problems. However, the only real way to fix congestion is to grow capacity, which seems to have worked thus far.

Re:Weird solution

[TubeSteak]

So, in other words, his solution to the "P2P problem" is just a fancy version of a token bucket. His (server side) solution is cheaper than requiring everyone, everywhere to upgrade/change their TCP stack.

Hell, the idea of asking everyone to change their stack practically invites a "Your solution advocates a" reponse. You'd either have to lock out people running the 'old' stack or... wait for it... throttle them server side.

Re:Weird solution

If the solution mentions TCP, it is broken. TCP is a payload of IP. The only information about a packet that a network operator can rely on is the IP header (mostly just the target IP address, if he's not near the leaf node.) Everything else can look like random data and only make sense to the endpoints which are sending/receiving these packets. Any investment in TCP shaping technology becomes obsolete when opportunistic IPSec enters the mainstream.

Re:Weird solution

[Bill+Dog]

However, the only real way to fix congestion is to grow capacity, which seems to have worked thus far.

To use an obligatory car analogy, think of congestion on the roadways. What you're talking about is widening the highways. But that just encourages more packets to be placed onto the network. We need to stop letting people use the Internet for what they want, when they want (freedom is bad). What we really need is the equivalent of, you guessed it, public transportation. Here's how it would work: As we all know your data is broken up and encapsulated into packets. Your packets would arrive at your edge router, where the data would disembark and then sit around and wait for the equivalent of the TCP/IP bus. This mega-packet that carries multiple ordinary packets worth of data around would then stop at each hop on its fixed route. Your data would have to check the fucking mega-packet schedule to see where to get off and then wait for another mega-packet to come along for the next leg of its journey.

Re:Weird solution

[markov_chain]

I get it, anyone has the right to board the bus, so it's fair.

Re:Weird solution

[swillden]

I get it, anyone has the right to board the bus, so it's fair.

Sure, anyone can get on, but YOUR packets have to ride in back.

Re:Weird solution

TCP by definition is largely server-side (i.e. whom is pushing the content). The one pushing the content is the one having to react to losses, adjust the congestion window, etc. The problem with P2P is everyone is a server and a client which is part of the reason why they largely punt on P2P. You can roll out your own TCP stack anytime with minimal effort (*cough YouTube *cough*), it is mainly if you need the client to do anything special beyond normal TCP ACK'ing behavior.

Re:Weird solution

[tuomoks]

Hi Anonymous, why Anonymous? Yes - you are right, TCP, UDP, or any other transport layer management doesn't solve the Internet problems. They all are IP or even if you want to go lower, Ethernet. This problem is not new - it has always been there whatever protocol you use, it really is an economical or business problem, not a technical one.

Re:Weird solution

why Anonymous? Why not?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:SLASHDOT SUX0RZ

[McGiraf]

Could you elaborate on this?

Re:SLASHDOT SUX0RZ

[Sancho]

Why bother feeding the trolls?

Linux already has per-flow fairness

When using Linux as a router there are already several ways to per-flow fairness. The simplest and most obvious one is Stochastic Fair Queuing. The problem is that commercial routers can't do that in hardware.

Solutions for flow management...

[Ellis+D.+Tripp]

http://www.tampax.com/
http://www.kotex.com/

Re:Solutions for flow management...

[justinchudgar]

http://www.flomax.com/

No need for hard state

[klapaucjusz]

There exists quite a few techniques that allow for approximately fair traffic engineering without the need for ``hard'' state in the network core:

• CBQ and other hierarchical queing disciplines (HTB, WRED, etc.);
• Stochastic Fair Queuing;
• Stochastic Fair Blue (Linux implementation).
• ...and many others.

While approximately fair is not quite as good as fair, avoiding hard state makes for a cheaper and more reliable network, which allows you to more easily over-provision your link capacity. Unless, of course, you're in the business of selling routers that implement hard state...

Sadly, no...

[nweaver]

The problem is, without user fairness, the heavy users get MORE bandwidth. This is the multiflow problem.

Your neigbor and you share a common bottleneck. Your websurfing, he's got 6 torrents downloading. He is going to have at least 24 active flows, running full bore, and you will have 1 or 2 (which are bursty even). Thanks to how TCP works, without traffic shaping, you will receive 1 packet for every 24 he gets.

User fairness is necessary to be implemented in the network to keep his traffic from walking all over you.

Re:Sadly, no...

[shaitand]

The multi-flow problem is already solved with the level of management he has proposed. It equates the total bandwidth coming from one IP, not just a specific flow.

'Your websurfing, he's got 6 torrents downloading. He is going to have at least 24 active flows, running full bore, and you will have 1 or 2 (which are bursty even). Thanks to how TCP works, without traffic shaping, you will receive 1 packet for every 24 he gets.'

As things stand now, yes. But under the scheme he is suggesting my flows would be slowed down while yours would not.

This slows the rate at which the P2P user transmits packets from a given IP (regardless of how many flows are used) so that whether I am using one or 200 connections, you and I will receive packets at the same rate while we are both requesting them.

At the end of the day the P2P user used more bandwidth, and received more data. But that is well and good, there is nothing wrong with utilizing your connection. The surfer (or any other type of user) never had to wait longer because of how the P2P user used their connection.

Too many people want to punish the people who use their connection regularly because light users experience congestion. Network admins in particular begin seeing high bandwidth users as evil.

Re:Sadly, no...

[nweaver]

Oops, me bad. Missed that last bit.

Re:Sadly, no...

[hr+raattgift]

No, the 1/24 is not the expected state. It is the case that if 25 flows are in equilibrium, each will occupy 1/25 of the bottleneck bandwidth, however there are several reasons to expect that equilibrium is transient.

1. Slow start is disequilibriating.

2. Slow start happens when each new web-surfing TCP connection starts pumping replies back from the server.

3. Web surfing is typically bursty because of the transactional nature of HTTP (even accounting for pipelining). These bursts are themselves disequilibriating. Bulk transfers certainly happen in web surfing, however, but consider:

4. P2P bulk transfers tend to be broken into chunks of a few (9-10ish) megabytes, after which the TCP session is frequently closed. This behaviour is rarely synchronized, so serves as a further disequilibriating pressure upon the other TCPs using the bottlneck, by introducing both quiet periods and slow starts.

5. TCP bulk transfers are mutually competitive; they continually probe the bottleneck bandwidth (additive increase per lossless window) and the additional segment is disequilibriating.

Random early drop disciplines bust up equilibrium in a statistically fair way (the biggest user of a bottleneck with a random drop discipline is most likely to experience the drop), which in turn breaks up unfairly large buffer occupancy, which is the biggest source of noticeable delay for new TCP connection establishment. Whether cleverer disciplines work better is a matter for fine-tuning, but any RED configuration that permits multiple buffer occupancy statistically, up to a maximum less than the total buffer size, is always better than tail-drop (which permits total occupancy).

User-noticeable congestion is worst when initial handshake delays are high due to retransmits without a reasonable RTT estimate. The next most noticeable problem is a full round-trip timeout, even when the sRTT is well understood by the retransmitter.

An argument can be made to reduce the occurrence of triggering a full RTO by dropping first against known heavy users of a bottleneck. Whether the accounting necessary to guarantee this outweighs any stochastic approach is an open question in congestion avoidance research.

"... to keep his traffic from walking all over you ..." is and should be a non-goal. TCP connections are mutually competitive, and the actual goal is to avoid situations where interactive users notice slowdowns because of the behaviours of automated/unmonitored traffic. Making assumptions about that is hazardous, since there are difficulties in knowing a priori whether a given bulk flow is being monitored by an impatient human being. Thus, we want to focus on the most common states that trigger user impatience, and those are almost entirely due to RTO.

Early drop avoids RTO at the cost of fast-retransmit/fast-recovery or checkerboarding retransmissions due to implicit signals (drops), or processing early explicit congestion signalling slowdowns as if the actual drop happened.

Reducing the incidence of default-RTT-estimate RTO is probably useful, if it can be done without enormous extra processing power or state retention in routers.

Unfortunately, many network operators think of deliberate-discard implicit congestion signalling as somehow evil, despite evidence that it works better than tail-drop in the real Internet.

The problem for the two users in your scenario is that bulk transfers with differing round trip times tend to synchronize through constructive interference. This will be felt hardest by the interactive user whose traffic is inherently bursty rather than smooth bulk transfers, and short lived rather than long lived, since the transmitter will not have gathered enough information about the RTT and congestion window to adapt well to the wavelike patterns that develop during synchnronization.

Synchronized drops/synchronized recovery is bad. Full occupation of bottlenecks with useful tra

no need for a better small hose

when a big hose will do the job better

just build the capacity, .then they will come

Creates incentive to remove retransmit delay

[Burz]

...from one's own TCP stack.

I think this proposal is a bit reckless and naive at the same time. Not a good combination. Add to that he is trying to set a precedent for data degradation when none is needed.

If networks want to reduce traffic in a civil manner, they will price their service similar to the way hosting providers do: Offer a flat rate up to a set cap measured in Gb/month, with overages priced at a different rate. People would then pay for their excesses, allowing the ISP to spend more on adding capacity.

End-users like this arrangement for cellphone service. They would understand and appreciate such a thing coming to their Internet service, especially if it meant that most of them ended up paying $10 less on their monthly bill.

I think we are not seeing a transition to cap-and-overage pricing structure because the ISPs are more interested in becoming monopolies, not with competing the way wireless services naturally do. Verizon is turning its back on many lower-middle-income areas while it tears out common-carrier POTS lines from the neighborhoods it does serve. Comcast winks, nods and accepts its role for the lower-end neighborhoods, degrading throughput and behaving as a paternalistic manipulator of data in the process. They are carving up the market, so don't expect rational and time-tested solutions that benefit the customer.

Re:Creates incentive to remove retransmit delay

[shaitand]

'End-users like this arrangement for cellphone service.'

I am not sure what world you live in, but I don't know many people who are happy with the pricing schemes of cell phones.

All the same problems would be shared with the scheme you propose. First, you would be charged for incoming bandwidth. Second, the rates are never lower than unlimited service people pay the higher rates because cell phones are more convenient. Third, you have to constantly track your usage and would have refrain from using your connections at times.

The only people who like the cell phone schemes and would like this scheme are those who do not fully utilize their connection.

Re:Creates incentive to remove retransmit delay

[justinchudgar]

Offer a flat rate up to a set cap measured in Gb/month, with overages priced at a different rate. People would then pay for their excesses, allowing the ISP to spend more on adding capacity. End-users like this arrangement for cellphone service. They would understand and appreciate such a thing coming to their Internet service What kind of crack are you smoking? One of the most hated aspects of cell plans is the insanely convoluted usage caps. If that ever came to ISPs, you'd see private WiFi connection sharing explode. I really have difficulty thinking that there really are consumers that WANT to watch their bandwidth usage. Try telling my wife that she should stop watching that streaming Rockford re-run when she is awake at 3:00 AM with PMS because we are near our bandwidth limit....

Re:Creates incentive to remove retransmit delay

[stephanruby]

End-users like this arrangement for cellphone service. They would understand and appreciate such a thing coming to their Internet service, especially if it meant that most of them ended up paying $10 less on their monthly bill.

You're making the assumption that ISPs/cell phone companies base their prices on their ongoing cost. That's not entirely correct. The price of a service is often a function of supply and demand. And an ISP/cell phone company will often manipulate the perception of that supply and demand by making sure that no consumer is able to compare their prices with their competitors' prices.

In other words, if such a model were to be adopted, every company would adopt each a different pricing model for metering usage. One provider would have free minutes of internet between 2 am and 7 am. Another provider would have free/partially discounted minutes of internet between the hours of 7 pm and 10 pm. And another provider still would provide some functionality free with some other functionality that's purposefully crippled.

The end result would be a potpourris of confusion and annoyance for the consumer, just like the cell phone market is right now for the American consumer. And I guarantee you, the end result wouldn't make sense. Pricing schemes are not optimized to enlighten and save money for the consumer. Pricing schemes are optimized to confuse the consumer and take away money *from* him.

And if you go back far enough, you'll find that Compuserve, AOL, Prodigy, and/or the Minitel did charge for the internet in a metered fashion. They just didn't do it in the same ways, and often they didn't provide the same services -- for the exact reasons I described. AOL for instance didn't give full access to the World Wide Web, it tried to have a marketing partnership with every content provider its users connected to. And it didn't charge by the month, it charged by the minute -- often charging exorbitant $300 bills per month -- while its uncrippled competitors ended up charging much less for unlimited access.

Re:Creates incentive to remove retransmit delay

[Burz]

The only people who like the cell phone schemes and would like this scheme are those who do not fully utilize their connection. You said it right there. Where Internet service is concerned, most people come nowhere near reaching the unspoken transfer limits on their 'unlimited' plans. Only a tiny minority of subscribers generate the vast majority of traffic.

research on root causes of congestion?

[False+Data]

wonder if routing algorithms themselves aren't contributing to the problem.

BGP and the intra-domain routing protocols assume there is at most one correct route from a given source address to a given destination address. That assumption could give rise to unnecessary congestion. For example, suppose the source wants to use bandwith of 100 units and the destination is capable of keeping up. But between them there are two routers, in parallel, each of which can supply only 50 units. If there's exactly one path, source and dest can't talk any faster than 50 units because everything has to go through one of the two routers. (There are mechanisms to share bandwith in some situations, like the simple parallel routers one I described, but they dont' work for arbitrarily complex routing topologies across multiple BGP domains.)

It's possible, though, to imagine a network that routes in such a way that data could use both routers. For instance, in circuit switched networks the preestablished path tends to hang around even as the current "best" route changes, so in the earlier example two 50 unit connections between source and dest might end up being spread across both routers.

Rather than taking the congestion as a given, and figuring out work-arounds, I wonder if someone's done some research into why it exists and whether it's due to hot spots forming in the traffic flow.

Re:research on root causes of congestion?

[klapaucjusz]

Rather than taking the congestion as a given [...] I wonder if someone's done some research into why it exists and whether it's due to hot spots forming in the traffic flow.

Modern networking protocols are designed to use as much throughput as is available. Think of unused capacity as wasted capacity.

Let me make this clear on an example. Suppose that there's 10Mb/s free, and you're transferring a large file. Then you want your file transfer to go at a rate as close to the available 10Mb/s as possible. If it goes at 9.9Mb/s, then all is fine; but if it goes at 1Mb/s, then you're wasting 9Mb/s.

So while congestion is to be avoided, the network is designed to always stay at the very edge of congestion; a slight instability, and some routers will get congested.

Re:research on root causes of congestion?

[klapaucjusz]

It's possible, though, to imagine a network that routes in such a way that data could use both [parallel routes to a given destination].

It's been done, and it's called Equal Cost Multi-Path.

Re:research on root causes of congestion?

"network coding theory" (just google it...) is a way to get the effect you're probably imagining. If the whole internet was a network-coding network, then incredible bandwidth could be had.

Re:research on root causes of congestion?

[Animats]

BGP and the intra-domain routing protocols assume there is at most one correct route from a given source address to a given destination address.

Interestingly, the original ARPANET didn't make that assumption and would load-share across links. The ARPANET was a denser mesh than the Internet today, but with much lower bandwidth links, only 56Kb/s.

Incidentally, the original MILNET, which was a purely military network using ARPANET nodes, was about six-connected; that is, each node had connections to about six other nodes. They wanted that thing to stay up no matter what.

Accessible, knowlegible and fair

[gnutoo]

Everyone's got their favorite experts and they are often a shortcut to lots of research you don't have time for. He's an independent expert who cares more about your rights than other things, happens to be an expert in OS design who's been working since the early 70s and knows something about networking as well. Finally, he likes to answers email.

Re:Accessible, knowlegible and fair

[TheLink]

Independent? His company sells stuff which happens to do what he wants everyone else to do...

This is a thinly veiled infomercial or PR fluff piece.

No, TCP does not work by losing packets

[Animats]

TCP is mostly controlled by round trip time measurement and window size. Response to packet loss is a backup mechanism. If packet loss were the primary control mechanism, TCP would never work.

It's much better to throttle back before packet loss occurs, since any lost packet has to be resent and uses up resources from the sender to the drop point. Since the main bandwidth bottleneck is at the last mile to the consumer, the drop point tends to be close to the destination.

Don't trust the "Clean Slate Internet" project too much. That started as telco-supported scheme to move more functionality to the telcos so they can add charges for specific services, like cell phone providers.

Re:No, TCP does not work by losing packets

[klapaucjusz]

TCP is mostly controlled by round trip time measurement and window size. Response to packet loss is a backup mechanism.

That's not true. The currently deployed variants of TCP -- Reno, NewReno and SACK-TCP -- only use packet loss as a measure of congestion. ECN-enhanced variants only use packet loss and ECN marking.

There do exist experimental variants of TCP that use delay (TCP-Vegas comes to mind), but they are not widely deployed at this time.

Re:No, TCP does not work by losing packets

[m.dillon]

Yah. TCP-Vegas is what I modeled net.inet.tcp.inflight_enable on FreeBSD/DragonFly after. I didn't quite agree with Vegas's algorithm so I implemented a somewhat different one, but the result is basically the same.

These protocols work on the transmit side (trying to do the same thing on the receive side is a lot harder). They use round trip times to figure out whether excessive packet backlog is occuring on intermediate routers, and reduce the TCP window size accordingly in an attempt to reduce that backlog.

The feature is very good at dealing with fixed bandwidth constrictions... for example if someone is on a slow speed line (on either side). It is not really designed to handle congestion in the middle of the network. Personally speaking, every server I've ever run turns that feature on. It can be tuned to not be overly conservative and still have the effect of cutting the packet backlog routers have to deal with considerably. E.G. if a router's backlog due to your servers is, say, 40 packets, the feature will cut the backlog down to 10 packets.

-Matt

depends a lot on business models

[drDugan]

Like all technologies, the effects depend on how the technology is used. While there are issues of unfairness with random drops, one can *imagine* ways that (from TFA), "What is really necessary is to detect just the flows that need to slow down" - however, it would seem just as easily networks could "detect just the flows that need to slow down" based on who is paying more for that flow (the sender or the receiver) - leading to even more "unfairness" (read: non-neutral network a la net neutrality) than we currently have.

Depends where the packet is in the flow, too.

[m.dillon]

What I've noticed the most, particularly since I'm running about a dozen machines over a DSL line (just now switched from the T1 I had for many years), is that packet management depends heavily on how close the packet is to the end points. Packet management also very heavily depends on whether the size of your pipe near the end point is large relative to available cross country bandwidth, or small (like a DSL uplink).

When the packet is close to an end point it is possible to use far more sophisticated queueing algorithms to make the flow do precisely what you want it to do. It's important for me because my outgoing bandwidth is pegged 24x7. Packet loss is not acceptable that close to the end point so I don't use RED or any early drop mechanism (and frankly they don't work that close to the end point anyway... they do not prevent bulk traffic from seriously interfering with interactive traffic), and it is equally unacceptable to allow a hundred packets build up on the router where the pipe constricts down to T1/DSL speeds, (which completely destroys interactive responsiveness).

For my egress point I've found that running a fair share scheduler works wonderfully. My little cisco had that feature and it works particularly well in newer IOS's. With the DSL line I couldn't get things working smoothly with PF/ALTQ until I sat down and wrote an ALTQ module to implement the same sort of thing.

Fair share scheduling basically associates the packets with 'connections' (in this case using PF's state table) and is thus able to identify those TCP connections with large backlogs and act on them appropriately. Being near the end point I don't have to drop any of the packets, but neither do I have to push out 50 tcp packets for a single connection and starve everything else that is going on. Fair share scheduling on its own isn't perfect, but when combined with PF/ALTQ and some prioritization rules to assign minimum bandwidths the result is quite good.

Another feature that couples very nicely with queueing in the egress router is turning on (for FreeBSD or DragonFly) the net.inet.tcp.inflight_enable sysctl. This feature is designed to specifically reduce packet backlogs in routers (particularly at any nearby bandwidth constriction point). While it can result in some unfair bandwidth allocation it can also be tuned to not be quite so conservative and simply give the egress router a lot more runway in its packet queues to better manage multiple flows.

The combination of the two is astoundingly good. Routers do much better when their packet queues aren't overstressed in the first place, only dropping packets in truely exceptional situations and not as a matter of course.

The real problem lies in what to do at the CENTER of the network, when you TCP packet has gone over 5 hops and has another 5 to go. Has anyone tried tracking the hundreds of thousands (or more) active streams that run through those routers? RED seems to be the only real solution at that point, but I really think dropping packets in general is something to be avoided at all costs and I keep hoping something better will be developed for the center of the network.

-Matt

per-user fairness and Nat

[j1m+5n0w]

From the article:

Control each flow so that the total traffic to each IP address (home) is equally and fairly distributed no matter how many flows they use.

This sounds like a pretty good idea until you start thinking about NAT'ed networks. Is it really fair to treat an entire office or dorm (or even a small country) the same as a single user who happens to have a unique IP from their ISP? And what about the transition to IPV6, when presumably IP addresses are no longer going to be scarce?

Re:per-user fairness and Nat

[nobody/incognito]

Is it really fair to treat an entire office or dorm (or even a small country) the same as a single user who happens to have a unique IP from their ISP?

in a word: yes.

in several words: if the office/dorm/whatever is paying for one network attachment, the "fair" thing to do is to provide them with the same level of service provided to anyone else paying for a single hook up.

Re:per-user fairness and Nat

[j1m+5n0w]

That's just going to encourage people to waste IP addresses. They're scarce already, we don't need organizations to start configuring their nats to use multiple IPs just to get more throughput.

The status quo now is that actual users are not evenly distributed about the address space, and dividing bandwidth by IP doesn't make any more sense than the current situation, in which bandwidth is divided amongst competing sockets.

Re:per-user fairness and Nat

[TheLink]

"Is it really fair to treat an entire office or dorm (or even a small country) the same as a single user who happens to have a unique IP from their ISP"

The company I currently work for already does this (we provide "premium" aka $$$ internet services at various hotels and airports around the world).

We do the traffic shaping at end points. At the end points we know who the users are, so we can give them different treatment.

Possible scenario: the normal users get their fair share. The VIP users get their fair share which happens to be bigger than the normal users. So if it's a Big company paying $$$$ they get a bigger share (that's fair right?). Believe me in the hospitality industry it is not rare for VIPs to demand a bigger share and "right now".

That said, if the normal/VIP users aren't fully using their share of the bandwidth (e.g. the servers they are downloading from are slow), the rest get to use it. The moment Mr VIP starts using it, well too bad for the rest they go back to their "fair share".

It's not strictly per IP either - we can have different guests sharing the same scheme e.g. all guests from Company X share the same 10Mbps.

There are more details that I won't go into. Anyway, I think my way is better than what Roberts suggests, I'm biased since I'm "Co-Designer" of the way we do things ;).

I suspect he's probably biased too, since his company sells that flow stuff...

It's probably academic now, since the company I work for wants to use a different product they acquired recently, which from what I hear can't do the same thing (yet?), and I might be looking for a new job soon... Oh well :).

Re:per-user fairness and Nat

[TheLink]

An ISP at the "edge" knows who is logged on to that IP and so can treat them accordingly.

Already companies _are_ getting better service than "normal users". So your concerns are unfounded.

Roberts proposal (and company's product) however appears to be more focused at the core rather than the edge (if it's the edge I don't even see why it's such a great benefit).

The real problem with P2P using up too much ISP bandwidth is Copyright Law and the **AA.

If ISPs could cache and seed all torrents (on demand or prefetch) without being sued by the **AA etc, ISPs could make far more efficient use of their bandwidth.

They would just throttle P2P connections to peers outside their network, but allow downloads at top speed from the ISP's Super Peers (which get prioritized bandwidth when downloading from the "outside").

If the **AA do not allow that, the other solution is to to put some (or all) "always on" internet service traffic at a lower priority all the time (so whenever there are other packets to send, they get sent first), then when users want "full service" for their P2P or whatever, they "dial up", and "logout/disconnect" when they're done with "premium priority", leaving their P2P etc going back to lower priority. Then users get X hours of premium priority a month depending on their package (with option to purchase more hours).

While it's a bit like back to the old days of dial up, the difference is you still get "always on" internet - and the ISP might still have some web access get "premium" (aka normal) priority, for example searches on google or wikipedia might not be throttled, and akamai or youtube mirrored/cached stuff within the ISP's network might be max speed, and even P2P traffic within the network might not be throttled.

That way users who just leave their P2P on just to try to keep their upload ratios good, can continue doing it, and users that actually want to download something fast via P2P, can activate their premium priority.

I think many users might be ok with such a scheme. The trouble is figuring out a foolproof way of logging out :).

Re:per-user fairness and Nat

[j1m+5n0w]

An ISP at the "edge" knows who is logged on to that IP and so can treat them accordingly. .... Roberts proposal (and company's product) however appears to be more focused at the core rather than the edge (if it's the edge I don't even see why it's such a great benefit).

I agree with you there. ISPs at the edge have enough information to treat each user (ie paying customer) fairly. That doesn't help if the core routers are congested, though.

If ISPs start treating P2P different from regular traffic, they might lose their common carrier status and be liable for copyright infringement that happens on their network. They don't want that to happen.

I don't think giving different types of data differing priorities is a good idea; users will just learn to hide their p2p data better. I think if the ISPs are congested, they ought to throttle their highest bandwidth consumers, regardless of traffic type. (And their throttling policy should be public knowledge; users should know where the caps are.)

The core routers ought to keep doing what their doing, unless they can come up with a reliable heuristic for determining how many real people are hiding behind each IP address.

Re:per-user fairness and Nat

[j1m+5n0w]

You can do that at the edge ISP level because you know who your customers are. The core routers (which is what the article was about) don't have that kind of information available to them.

Re:per-user fairness and Nat

[TheLink]

"I don't think giving different types of data differing priorities is a good idea"

One of my suggestions was give all users crap priorities, till they "dial up", then they get normal priorities. You can give normal priorities to akamai etc stuff even if they don't "dial up".

Users won't be able to hide from that.

If an ISP is having to regularly discard packets at their core routers I think they are doing something wrong. They should be discarding at the edge where the "info" is, plus it's more scalable that way.

Re:per-user fairness and Nat

[TheLink]

Exactly why it should be done at the edge not the core.

routing via multiple paths

[j1m+5n0w]

One reason why that might be problematic in practice, is that, iirc, TCP doesn't like getting packets out of order, and tends to respond to out-of-order packets similarly to dropped packets. If you have packets taking multiple paths, they are very likely to arrive out of order.

One could mitigate this, I suppose, by making sure all packets that are part of the same flow take the same path.

Comment removed

[account_deleted]

Comment removed based on user account deletion

PLEASE PLEASE PLEASE STOP POSTING HIS RANTS

[jsailor]

Roberts has been harping on the same thing since 2000, probably earlier. Guess why he has built several failed companies around the concept. It seems that Slashdot forgets this every few months and posts another one of his rants.

Close, but there are other ways

[funkboy]

I have a lot of respect for Larry Roberts. The idea of only discarding a single packet per flow on a congested interface in order to slow things down is a good one.

If WRED didn't exist on every production-grade router made in the last 10+ years then there would certainly be a need for this technology. However, I'm not really sure how much benefit the "multi-flow fairness" concept would provide vs. just configuring WRED to discard only payload packets & not TCP control traffic. The tradeoff is the added complexity of the congestion avoidance mechanism having to be flow-aware, which increases cost, time to market, heat & power consumption, etc.

Such a technique combined with microflow policing would come closer to what he describes. In fact one could probably refer to the congestion avoidance technique described in the article as "adaptive microflow policing".

A pretty standard config used with OpenBSD's PF firewall is to prioritize ACKs in both directions so that a line congested in one direction is still useful in the other.

BTW, TCP has already been re-engineered; it's called SCTP. If you've got a custom high-bandwidth point-to-point application where you have complete control over both ends (mostly research stuff at this point), check it out.

A different approach to bandwidth management that is being developed by the major router vendors is the application-aware network. Imagine if the router was smart enough to read a field in an XML stream that indicates that this particular flow requires 64kbps or it should be dropped, it should have 256kbps to work well, and giving it more than 1mbps is not useful and you start to get the idea. That's just the tip of the iceberg.

Anyway, congestion control is useful & necessary, but "quality of service is no substitute for quantity of service"...

Re:Close, but there are other ways

[klapaucjusz]

BTW, TCP has already been re-engineered; it's called SCTP.

SCTP uses the same congestion control algorithm as TCP.

Re:Close, but there are other ways

[funkboy]

Let us not confuse adaptive backoff with queuing :-).

thats why I use IP

instead of TCP. IP is the future. I've heard that LMNOP is to be even better though.

Clouds not strings

[bigogre]

One problem with this idea is that packets can follow different paths through the network. That is one of the fundamental principles of packet-switched networks. The concept in TFA works if you have choke points in the network, but such choke points also defeat the power of the Internet.

Calling qualities of the protocol 'unfair' is a bit disingenuous. The fact that the data being carried is bigger and takes more bandwidth doesn't make things 'unfair', it just means that the network needs to be properly provisioned, and guess what, routing can make allowances for those things.

By the way, 'clouds, not strings' is a catch-phrase from Van Jacobsen to challenge ideas like those in TFA when they were bandied about many years ago. The network is supposed to be a cloud, not a string, so trying to control traffic streams in which each packet may follow a different path through the cloud is problematic.

In theory there is no difference between theory and practice. In practice there is. - Yogi Berra

Re:Clouds not strings

[dwxreaper]

From the article: " Network equipment has used this same technique for 40 years, essentially putting arriving packets into an output queue and if it fills up, dropping packets. The packets are dropped randomly, which is the source of most of the unfairness attributed to TCP. Random drops cause some flows to stall while others flourish. What is really necessary is to detect just the flows that need to slow down, and selectively discard just one packet at the right time, but not more, per TCP cycle. Discarding too many will cause a flow to stall â" we see this when Web access takes forever. " sounds like we need to engineer networks to not drop packets, and when congested to the point where packets need to drop (there is no room in the software queue), we need to selectivly drop the packets. we do this, and packets are going to drop regardless. Working with flow-information isn't anything special. With this we can randomly drop flows to prevent tcp from creating congestion when they all synchronize up at the same time. Only traffic that doesn't meet certain criteria can have this method applied, other traffic can be given priority in the queue so it never drops. Also we can analyze layer seven data to classify the packet in the queue. In addition to these methods the flow-based information wouldn't provide much benefit at all, if any. There is simply not a need for it, and that's why the interenet isn't using this technology. Maybe a couple people use his product, good for them I guess, but I'm glad the internet isn't running on this company. If we put a comparision of the current technology in place, it's design, and what his products could do, you would see we are in the right hands. This company is competing with CEF, NBAR, WRED.. the network is already engineered, I didn't see that mentioned in the article. Although I did see four key problems, which weren't addressed in comparion to what we are doing now, and why we are doing it. I would compare a system of his equipment powered by his network to Cisco's

the only fair thing about bandwidth....

is that whoever pays more gets more. period.

Re:Opps

Wait... Twitter managed to post without saying M$? Unbelievable!

Complete sentences... somewhat stable personality... You must have taken your pills today. Good job! Just don't burn all of your well-earned karma in one day now.

When...

[EddyPearson]

...is this guy going to float his company.

time to hook up the RTS/CTS

having only the RX/TX and ground wires twisted together isn't going to cut it anymore. We'll leave RI disconnected though as it's an obvious security hole.

Number Of Flows Matters

[Toad-san]

"Although the multi-flow unfairness that P2P uses remains, flow management gives us a simple solution to this: Control each flow so that the total traffic to each IP address (home) is equally and fairly distributed no matter how many flows they use. This eliminates the need for peering into everyoneâ(TM)s data to stop P2P and creates a fair distribution of Internet capacity."

Therein lies the rub. The bandwidth hogs will simply acquire more "flows" so they won't be throttled, and they'll get a wider bandwidth no matter what.

What needs to happen is to identify packets for what they are. Flows that can tolerate delay better (e.g., P2P file transfers) should be delayed (by dropping packets or whatever). Packets with more immediacy (e.g., human, game, machine interaction) should get priority.

I personally could give a damn about people sharing or downloading music or video, realtime video or TV, etc. I specifically could give a damn about someone's phone call quality! That's not what the Internet was built for, and I'm oldfashioned that way. Delay that crap all you want.

Toad-san

Re:SLASHDOT SUX0RZ

[SplatMan_DK]

Why bother feeding the SPAM posts which main purpose seems to be a link to a commercial company anyway? ;-)

- Jesper