summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc3540.txt
diff options
context:
space:
mode:
authorThomas Voss <mail@thomasvoss.com> 2024-11-27 20:54:24 +0100
committerThomas Voss <mail@thomasvoss.com> 2024-11-27 20:54:24 +0100
commit4bfd864f10b68b71482b35c818559068ef8d5797 (patch)
treee3989f47a7994642eb325063d46e8f08ffa681dc /doc/rfc/rfc3540.txt
parentea76e11061bda059ae9f9ad130a9895cc85607db (diff)
doc: Add RFC documents
Diffstat (limited to 'doc/rfc/rfc3540.txt')
-rw-r--r--doc/rfc/rfc3540.txt731
1 files changed, 731 insertions, 0 deletions
diff --git a/doc/rfc/rfc3540.txt b/doc/rfc/rfc3540.txt
new file mode 100644
index 0000000..f781c50
--- /dev/null
+++ b/doc/rfc/rfc3540.txt
@@ -0,0 +1,731 @@
+
+
+
+
+
+
+Network Working Group N. Spring
+Request for Comments: 3540 D. Wetherall
+Category: Experimental D. Ely
+ University of Washington
+ June 2003
+
+
+ Robust Explicit Congestion Notification (ECN)
+ Signaling with Nonces
+
+Status of this Memo
+
+ This memo defines an Experimental Protocol for the Internet
+ community. It does not specify an Internet standard of any kind.
+ Discussion and suggestions for improvement are requested.
+ Distribution of this memo is unlimited.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2003). All Rights Reserved.
+
+Abstract
+
+ This note describes the Explicit Congestion Notification (ECN)-nonce,
+ an optional addition to ECN that protects against accidental or
+ malicious concealment of marked packets from the TCP sender. It
+ improves the robustness of congestion control by preventing receivers
+ from exploiting ECN to gain an unfair share of network bandwidth.
+ The ECN-nonce uses the two ECN-Capable Transport (ECT)codepoints in
+ the ECN field of the IP header, and requires a flag in the TCP
+ header. It is computationally efficient for both routers and hosts.
+
+1. Introduction
+
+ Statement of Intent
+
+ This specification describes an optional addition to Explicit
+ Congestion Notification [RFC3168] improving its robustness against
+ malicious or accidental concealment of marked packets. It has not
+ been deployed widely. One goal of publication as an Experimental
+ RFC is to be prudent, and encourage use and deployment prior to
+ publication in the standards track. Another consideration is to
+ give time for firewall developers to recognize and accept the
+ pattern presented by the nonce. It is the intent of the Transport
+ Area Working Group to re-submit this specification as an IETF
+ Proposed Standard in the future after more experience has been
+ gained.
+
+
+
+
+Spring, et. al. Experimental [Page 1]
+
+RFC 3540 Robust ECN Signaling June 2003
+
+
+ The correct operation of ECN requires the cooperation of the receiver
+ to return Congestion Experienced signals to the sender, but the
+ protocol lacks a mechanism to enforce this cooperation. This raises
+ the possibility that an unscrupulous or poorly implemented receiver
+ could always clear ECN-Echo and simply not return congestion signals
+ to the sender. This would give the receiver a performance advantage
+ at the expense of competing connections that behave properly. More
+ generally, any device along the path (NAT box, firewall, QOS
+ bandwidth shapers, and so forth) could remove congestion marks with
+ impunity.
+
+ The above behaviors may or may not constitute a threat to the
+ operation of congestion control in the Internet. However, given the
+ central role of congestion control, it is prudent to design the ECN
+ signaling loop to be robust against as many threats as possible. In
+ this way, ECN can provide a clear incentive for improvement over the
+ prior state-of-the-art without potential incentives for abuse. The
+ ECN-nonce is a simple, efficient mechanism to eliminate the potential
+ abuse of ECN.
+
+ The ECN-nonce enables the sender to verify the correct behavior of
+ the ECN receiver and that there is no other interference that
+ conceals marked (or dropped) packets in the signaling path. The ECN-
+ nonce protects against both implementation errors and deliberate
+ abuse. The ECN-nonce:
+
+ - catches a misbehaving receiver with a high probability, and never
+ implicates an innocent receiver.
+
+ - does not change other aspects of ECN, nor does it reduce the
+ benefits of ECN for behaving receivers.
+
+ - is cheap in both per-packet overhead (one TCP header flag) and
+ processing requirements.
+
+ - is simple and, to the best of our knowledge, not prone to other
+ attacks.
+
+ We also note that use of the ECN-nonce has two additional benefits,
+ even when only drop-tail routers are used. First, packet drops
+ cannot be concealed from the sender. Second, it prevents optimistic
+ acknowledgements [Savage], in which TCP segments are acknowledged
+ before they have been received. These benefits also serve to
+ increase the robustness of congestion control from attacks. We do
+ not elaborate on these benefits in this document.
+
+ The rest of this document describes the ECN-nonce. We present an
+ overview followed by detailed behavior at senders and receivers.
+
+
+
+Spring, et. al. Experimental [Page 2]
+
+RFC 3540 Robust ECN Signaling June 2003
+
+
+ The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
+ SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
+ document, are to be interpreted as described in [RFC2119].
+
+2. Overview
+
+ The ECN-nonce builds on the existing ECN-Echo and Congestion Window
+ Reduced (CWR) signaling mechanism. Familiarity with ECN [ECN] is
+ assumed. For simplicity, we describe the ECN-nonce in one direction
+ only, though it is run in both directions in parallel.
+
+ The ECN protocol for TCP remains unchanged, except for the definition
+ of a new field in the TCP header. As in [RFC3168], ECT(0) or ECT(1)
+ (ECN-Capable Transport) is set in the ECN field of the IP header on
+ outgoing packets. Congested routers change this field to CE
+ (Congestion Experienced). When TCP receivers notice CE, the ECE
+ (ECN-Echo) flag is set in subsequent acknowledgements until receiving
+ a CWR flag. The CWR flag is sent on new data whenever the sender
+ reacts to congestion.
+
+ The ECN-nonce adds to this protocol, and enables the receiver to
+ demonstrate to the sender that segments being acknowledged were
+ received unmarked. A random one-bit value (a nonce) is encoded in
+ the two ECT codepoints. The one-bit sum of these nonces is returned
+ in a TCP header flag, the nonce sum (NS) bit. Packet marking erases
+ the nonce value in the ECT codepoints because CE overwrites both ECN
+ IP header bits. Since each nonce is required to calculate the sum,
+ the correct nonce sum implies receipt of only unmarked packets. Not
+ only are receivers prevented from concealing marked packets, middle-
+ boxes along the network path cannot unmark a packet without
+ successfully guessing the value of the original nonce.
+
+ The sender can verify the nonce sum returned by the receiver to
+ ensure that congestion indications in the form of marked (or dropped)
+ packets are not being concealed. Because the nonce sum is only one
+ bit long, senders have a 50-50 chance of catching a lying receiver
+ whenever an acknowledgement conceals a mark. Because each
+ acknowledgement is an independent trial, cheaters will be caught
+ quickly if there are repeated congestion signals.
+
+ The following paragraphs describe aspects of the ECN-nonce protocol
+ in greater detail.
+
+
+
+
+
+
+
+
+
+Spring, et. al. Experimental [Page 3]
+
+RFC 3540 Robust ECN Signaling June 2003
+
+
+ Each acknowledgement carries a nonce sum, which is the one bit sum
+ (exclusive-or, or parity) of nonces over the byte range represented
+ by the acknowledgement. The sum is used because not every packet is
+ acknowledged individually, nor are packets acknowledged reliably. If
+ a sum were not used, the nonce in an unmarked packet could be echoed
+ to prove to the sender that the individual packet arrived unmarked.
+ However, since these acks are not reliably delivered, the sender
+ could not distinguish a lost ACK from one that was never sent in
+ order to conceal a marked packet. The nonce sum prevents the
+ receiver from concealing individual marked packets by not
+ acknowledging them. Because the nonce and nonce sum are both one bit
+ quantities, the sum is no easier to guess than the individual nonces.
+ We show the nonce sum calculation below in Figure 1.
+
+ Sender Receiver
+ initial sum = 1
+ -- 1:4 ECT(0) --> NS = 1 + 0(1:4) = 1(:4)
+ <- ACK 4, NS=1 ---
+ -- 4:8 ECT(1) --> NS = 1(:4) + 1(4:8) = 0(:8)
+ <- ACK 8, NS=0 ---
+ -- 8:12 ECT(1) -> NS = 0(:8) + 1(8:12) = 1(:12)
+ <- ACK 12, NS=1 --
+ -- 12:16 ECT(1) -> NS = 1(:12) + 1(12:16) = 0(:16)
+ <- ACK 16, NS=0 --
+
+ Figure 1: The calculation of nonce sums at the receiver.
+
+ After congestion has occurred and packets have been marked or lost,
+ resynchronization of the sender and receiver nonce sums is needed.
+ When packets are marked, the nonce is cleared, and the sum of the
+ nonces at the receiver will no longer match the sum at the sender.
+ Once nonces have been lost, the difference between sender and
+ receiver nonce sums is constant until there is further loss. This
+ means that it is possible to resynchronize the sender and receiver
+ after congestion by having the sender set its nonce sum to that of
+ the receiver. Because congestion indications do not need to be
+ conveyed more frequently than once per round trip, the sender
+ suspends checking while the CWR signal is being delivered and resets
+ its nonce sum to the receiver's when new data is acknowledged. This
+ has the benefit that the receiver is not explicitly involved in the
+ re-synchronization process. The resynchronization process is shown
+ in Figure 2 below. Note that the nonce sum returned in ACK 12 (NS=0)
+ differs from that in the previous example (NS=1), and it continues to
+ differ for ACK 16.
+
+
+
+
+
+
+
+Spring, et. al. Experimental [Page 4]
+
+RFC 3540 Robust ECN Signaling June 2003
+
+
+ Sender Receiver
+ initial sum = 1
+ -- 1:4 ECT(0) -> NS = 1 + 0(1:4) = 1(:4)
+ <- ACK 4, NS=1 --
+ -- 4:8 ECT(1) -> CE -> NS = 1(:4) + ?(4:8) = 1(:8)
+ <- ACK 8, ECE NS=1 --
+ -- 8:12 ECT(1), CWR -> NS = 1(:8) + 1(8:12) = 0(:12)
+ <- ACK 12, NS=0 --
+ -- 12:16 ECT(1) -> NS = 0(:12) + 1(12:16) = 1(:16)
+ <- ACK 16, NS=1 --
+
+ Figure 2: The calculation of nonce sums at the receiver when a
+ packet (4:8) is marked. The receiver may calculate the wrong
+ nonce sum when the original nonce information is lost after a
+ packet is marked.
+
+ Third, we need to reconcile that nonces are sent with packets but
+ acknowledgements cover byte ranges. Acknowledged byte boundaries
+ need not match the transmitted boundaries, and information can be
+ retransmitted in packets with different byte boundaries. We discuss
+ the first issue, how a receiver sets a nonce when acknowledging part
+ of a segment, in Section 6.1. The second question, what nonce to send
+ when retransmitting smaller segments as a large segment, has a simple
+ answer: ECN is disabled for retransmissions, so can carry no nonce.
+ Because retransmissions are associated with congestion events, nonce
+ checking is suspended until after CWR is acknowledged and the
+ congestion event is over.
+
+ The next sections describe the detailed behavior of senders, routers
+ and receivers, starting with sender transmit behavior, then around
+ the ECN signaling loop, and finish with sender acknowledgement
+ processing.
+
+3. Sender Behavior (Transmit)
+
+ Senders manage CWR and ECN-Echo as before. In addition, they must
+ place nonces on packets as they are transmitted and check the
+ validity of the nonce sums in acknowledgments as they are received.
+ This section describes the transmit process.
+
+ To place a one bit nonce value on every ECN-capable IP packet, the
+ sender uses the two ECT codepoints: ECT(0) represents a nonce of 0,
+ and ECT(1) a nonce of 1. As in ECN, retransmissions are not ECN-
+ capable, so carry no nonce.
+
+ The sender maintains a mapping from each packet's end sequence number
+ to the expected nonce sum (not the nonce placed in the original
+ transmission) in the acknowledgement bearing that sequence number.
+
+
+
+Spring, et. al. Experimental [Page 5]
+
+RFC 3540 Robust ECN Signaling June 2003
+
+
+4. Router Behavior
+
+ Routers behave as specified in [RFC3168]. By marking packets to
+ signal congestion, the original value of the nonce, in ECT(0) or
+ ECT(1), is removed. Neither the receiver nor any other party can
+ unmark the packet without successfully guessing the value of the
+ original nonce.
+
+5. Receiver Behavior (Receive and Transmit)
+
+ ECN-nonce receivers maintain the nonce sum as in-order packets arrive
+ and return the current nonce sum in each acknowledgement. Receiver
+ behavior is otherwise unchanged from [RFC3168]. Returning the nonce
+ sum is optional, but recommended, as senders are allowed to
+ discontinue sending ECN-capable packets to receivers that do not
+ support the ECN-nonce.
+
+ As packets are removed from the queue of out-of-order packets to be
+ acknowledged, the nonce is recovered from the IP header. The nonce
+ is added to the current nonce sum as the acknowledgement sequence
+ number is advanced for the recent packet.
+
+ In the case of marked packets, one or more nonce values may be
+ unknown to the receiver. In this case the missing nonce values are
+ ignored when calculating the sum (or equivalently a value of zero is
+ assumed) and ECN-Echo will be set to signal congestion to the sender.
+
+ Returning the nonce sum corresponding to a given acknowledgement is
+ straightforward. It is carried in a single "NS" (Nonce Sum) bit in
+ the TCP header. This bit is adjacent to the CWR and ECN-Echo bits,
+ set as Bit 7 in byte 13 of the TCP header, as shown below:
+
+ 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
+ +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
+ | | | N | C | E | U | A | P | R | S | F |
+ | Header Length | Reserved | S | W | C | R | C | S | S | Y | I |
+ | | | | R | E | G | K | H | T | N | N |
+ +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
+
+ Figure 3: The new definition of bytes 13 and 14 of the TCP Header.
+
+ The initial nonce sum is 1, and is included in the SYN/ACK and ACK of
+ the three way TCP handshake. This allows the other endpoint to infer
+ nonce support, but is not a negotiation, in that the receiver of the
+ SYN/ACK need not check if NS is set to decide whether to set NS in
+ the subsequent ACK.
+
+
+
+
+
+Spring, et. al. Experimental [Page 6]
+
+RFC 3540 Robust ECN Signaling June 2003
+
+
+6. Sender Behavior (Receive)
+
+ This section completes the description of sender behavior by
+ describing how senders check the validity of the nonce sums.
+
+ The nonce sum is checked when an acknowledgement of new data is
+ received, except during congestion recovery when additional ECN-Echo
+ signals would be ignored. Checking consists of comparing the correct
+ nonce sum stored in a buffer to that carried in the acknowledgement,
+ with a correction described in the following subsection.
+
+ If ECN-Echo is not set, the receiver claims to have received no
+ marked packets, and can therefore compute and return the correct
+ nonce sum. To conceal a mark, the receiver must successfully guess
+ the sum of the nonces that it did not receive, because at least one
+ packet was marked and the corresponding nonce was erased. Provided
+ the individual nonces are equally likely to be 0 or 1, their sum is
+ equally likely to be 0 or 1. In other words, any guess is equally
+ likely to be wrong and has a 50-50 chance of being caught by the
+ sender. Because each new acknowledgement is an independent trial, a
+ cheating receiver is likely to be caught after a small number of
+ lies.
+
+ If ECN-Echo is set, the receiver is sending a congestion signal and
+ it is not necessary to check the nonce sum. The congestion window
+ will be halved, CWR will be set on the next packet with new data
+ sent, and ECN-Echo will be cleared once the CWR signal is received,
+ as in [RFC3168]. During this recovery process, the sum may be
+ incorrect because one or more nonces were not received. This does
+ not matter during recovery, because TCP invokes congestion mechanisms
+ at most once per RTT, whether there are one or more losses during
+ that period.
+
+6.1. Resynchronization After Loss or Mark
+
+ After recovery, it is necessary to re-synchronize the sender and
+ receiver nonce sums so that further acknowledgments can be checked.
+ When the receiver's sum is incorrect, it will remain incorrect until
+ further loss.
+
+ This leads to a simple re-synchronization mechanism where the sender
+ resets its nonce sum to that of the receiver when it receives an
+ acknowledgment for new data sent after the congestion window was
+ reduced. When responding to explicit congestion signals, this will
+ be the first acknowledgement without the ECN-Echo flag set: the
+ acknowledgement of the packet containing the CWR flag.
+
+
+
+
+
+Spring, et. al. Experimental [Page 7]
+
+RFC 3540 Robust ECN Signaling June 2003
+
+
+ Sender Receiver
+ initial sum = 1
+ -- 1:4 ECT(0) -> NS = 1 + 0(1:4) = 1(:4)
+ <- ACK 4, NS=1 --
+ -- 4:8 ECT(1) -> LOST
+ -- 8:12 ECT(1) -> nonce sum calculation deferred
+ until in-order data received
+ <- ACK 4, NS=0 --
+ -- 12:16 ECT(1) -> nonce sum calculation deferred
+ <- ACK 4, NS=0 --
+ -- 4:8 retransmit -> NS = 1(:4) + ?(4:8) +
+ 1(8:12) + 1(12:16) = 1(:16)
+ <- ACK 16, NS=1 --
+ -- 16:20 ECT(1) CWR ->
+ <- ACK 20, NS=0 -- NS = 1(:16) + 1(16:20) = 0(:20)
+
+ Figure 4: The calculation of nonce sums at the receiver when a
+ packet is lost, and resynchronization after loss. The nonce sum
+ is not changed until the cumulative acknowledgement is advanced.
+
+ In practice, resynchronization can be accomplished by storing a bit
+ that has the value one if the expected nonce sum stored by the sender
+ and the received nonce sum in the acknowledgement of CWR differ, and
+ zero otherwise. This synchronization offset bit can then be used in
+ the comparison between expected nonce sum and received nonce sum.
+
+ The sender should ignore the nonce sum returned on any
+ acknowledgements bearing the ECN-echo flag.
+
+ When an acknowledgment covers only a portion of a segment, such as
+ when a middlebox resegments at the TCP layer instead of fragmenting
+ IP packets, the sender should accept the nonce sum expected at the
+ next segment boundary. In other words, an acknowledgement covering
+ part of an original segment will include the nonce sum expected when
+ the entire segment is acknowledged.
+
+ Finally, in ECN, senders can choose not to indicate ECN capability on
+ some packets for any reason. An ECN-nonce sender must resynchronize
+ after sending such ECN-incapable packets, as though a CWR had been
+ sent with the first new data after the ECN-incapable packets. The
+ sender loses protection for any unacknowledged packets until
+ resynchronization occurs.
+
+
+
+
+
+
+
+
+
+Spring, et. al. Experimental [Page 8]
+
+RFC 3540 Robust ECN Signaling June 2003
+
+
+6.2. Sender Behavior - Incorrect Nonce Received
+
+ The sender's response to an incorrect nonce is a matter of policy.
+ It is separate from the checking mechanism and does not need to be
+ handled uniformly by senders. Further, checking received nonce sums
+ at all is optional, and may be disabled.
+
+ If the receiver has never sent a non-zero nonce sum, the sender can
+ infer that the receiver does not understand the nonce, and rate limit
+ the connection, place it in a lower-priority queue, or cease setting
+ ECT in outgoing segments.
+
+ If the received nonce sum has been set in a previous acknowledgement,
+ the sender might infer that a network device has interfered with
+ correct ECN signaling between ECN-nonce supporting endpoints. The
+ minimum response to an incorrect nonce is the same as the response to
+ a received ECE. However, to compensate for hidden congestion
+ signals, the sender might reduce the congestion window to one segment
+ and cease setting ECT in outgoing segments. An incorrect nonce sum
+ is a sign of misbehavior or error between ECN-nonce supporting
+ endpoints.
+
+6.2.1. Using the ECN-nonce to Protect Against Other Misbehaviors
+
+ The ECN-nonce can provide robustness beyond checking that marked
+ packets are signaled to the sender. It also ensures that dropped
+ packets cannot be concealed from the sender (because their nonces
+ have been lost). Drops could potentially be concealed by a faulty
+ TCP implementation, certain attacks, or even a hypothetical TCP
+ accelerator. Such an accelerator could gamble that it can either
+ successfully "fast start" to a preset bandwidth quickly, retry with
+ another connection, or provide reliability at the application level.
+ If robustness against these faults is also desired, then the ECN-
+ nonce should not be disabled. Instead, reducing the congestion
+ window to one, or using a low-priority queue, would penalize faulty
+ operation while providing continued checking.
+
+ The ECN-nonce can also detect misbehavior in Eifel [Eifel], a
+ recently proposed mechanism for removing the retransmission ambiguity
+ to improve TCP performance. A misbehaving receiver might claim to
+ have received only original transmissions to convince the sender to
+ undo congestion actions. Since retransmissions are sent without ECT,
+ and thus no nonce, returning the correct nonce sum confirms that only
+ original transmissions were received.
+
+
+
+
+
+
+
+Spring, et. al. Experimental [Page 9]
+
+RFC 3540 Robust ECN Signaling June 2003
+
+
+7. Interactions
+
+7.1. Path MTU Discovery
+
+ As described in RFC3168, use of the Don't Fragment bit with ECN is
+ recommended. Receivers that receive unmarked fragments can
+ reconstruct the original nonce to conceal a marked fragment. The
+ ECN-nonce cannot protect against misbehaving receivers that conceal
+ marked fragments, so some protection is lost in situations where Path
+ MTU discovery is disabled.
+
+ When responding to a small path MTU, the sender will retransmit a
+ smaller frame in place of a larger one. Since these smaller packets
+ are retransmissions, they will be ECN-incapable and bear no nonce.
+ The sender should resynchronize on the first newly transmitted
+ packet.
+
+7.2. SACK
+
+ Selective acknowledgements allow receivers to acknowledge out of
+ order segments as an optimization. It is not necessary to modify the
+ selective acknowledgment option to fit per-range nonce sums, because
+ SACKs cannot be used by a receiver to hide a congestion signal. The
+ nonce sum corresponds only to the data acknowledged by the cumulative
+ acknowledgement.
+
+7.3. IPv6
+
+ Although the IPv4 header is protected by a checksum, this is not the
+ case with IPv6, making undetected bit errors in the IPv6 header more
+ likely. Bit errors that compromise the integrity of the congestion
+ notification fields may cause an incorrect nonce to be received, and
+ an incorrect nonce sum to be returned.
+
+8. Security Considerations
+
+ The random one-bit nonces need not be from a cryptographic-quality
+ pseudo-random number generator. A strong random number generator
+ would compromise performance. Consequently, the sequence of random
+ nonces should not be used for any other purpose.
+
+ Conversely, the pseudo-random bit sequence should not be generated by
+ a linear feedback shift register [Schneier], or similar scheme that
+ would allow an adversary who has seen several previous bits to infer
+ the generation function and thus its future output.
+
+
+
+
+
+
+Spring, et. al. Experimental [Page 10]
+
+RFC 3540 Robust ECN Signaling June 2003
+
+
+ Although the ECN-nonce protects against concealment of congestion
+ signals and optimistic acknowledgement, it provides no additional
+ protection for the integrity of the connection.
+
+9. IANA Considerations
+
+ The Nonce Sum (NS) is carried in a reserved TCP header bit that must
+ be allocated. This document describes the use of Bit 7, adjacent to
+ the other header bits used by ECN.
+
+ The codepoint for the NS flag in the TCP header is specified by the
+ Standards Action of this RFC, as is required by RFC 2780. The IANA
+ has added the following to the registry for "TCP Header Flags":
+
+ RFC 3540 defines bit 7 from the Reserved field to be used for the
+ Nonce Sum, as follows:
+
+ 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
+ +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
+ | | | N | C | E | U | A | P | R | S | F |
+ | Header Length | Reserved | S | W | C | R | C | S | S | Y | I |
+ | | | | R | E | G | K | H | T | N | N |
+ +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
+
+ TCP Header Flags
+
+ Bit Name Reference
+ --- ---- ---------
+ 7 NS (Nonce Sum) [RFC 3540]
+
+10. Conclusion
+
+ The ECN-nonce is a simple modification to the ECN signaling mechanism
+ that improves ECN's robustness by preventing receivers from
+ concealing marked (or dropped) packets. The intent of this work is
+ to help improve the robustness of congestion control in the Internet.
+ The modification retains the character and simplicity of existing ECN
+ signaling. It is also practical for deployment in the Internet. It
+ uses the ECT(0) and ECT(1) codepoints and one TCP header flag (as
+ well as CWR and ECN-Echo) and has simple processing rules.
+
+
+
+
+
+
+
+
+
+
+
+Spring, et. al. Experimental [Page 11]
+
+RFC 3540 Robust ECN Signaling June 2003
+
+
+11. References
+
+ [ECN] "The ECN Web Page", URL
+ "http://www.icir.org/floyd/ecn.html".
+
+ [RFC3168] Ramakrishnan, K., Floyd, S. and D. Black, "The addition of
+ explicit congestion notification (ECN) to IP", RFC 3168,
+ September 2001.
+
+ [Eifel] R. Ludwig and R. Katz. The Eifel Algorithm: Making TCP
+ Robust Against Spurious Retransmissions. Computer
+ Communications Review, January, 2000.
+
+ [B97] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [Savage] S. Savage, N. Cardwell, D. Wetherall, T. Anderson. TCP
+ congestion control with a misbehaving receiver. SIGCOMM
+ CCR, October 1999.
+
+ [Schneier] Bruce Schneier. Applied Cryptography, 2nd ed., 1996
+
+12. Acknowledgements
+
+ This note grew out of research done by Stefan Savage, David Ely,
+ David Wetherall, Tom Anderson and Neil Spring. We are very grateful
+ for feedback and assistance from Sally Floyd.
+
+13. Authors' Addresses
+
+ Neil Spring
+ EMail: nspring@cs.washington.edu
+
+
+ David Wetherall
+ Department of Computer Science and Engineering, Box 352350
+ University of Washington
+ Seattle WA 98195-2350
+ EMail: djw@cs.washington.edu
+
+
+ David Ely
+ Computer Science and Engineering, 352350
+ University of Washington
+ Seattle, WA 98195-2350
+ EMail: ely@cs.washington.edu
+
+
+
+
+
+Spring, et. al. Experimental [Page 12]
+
+RFC 3540 Robust ECN Signaling June 2003
+
+
+14. Full Copyright Statement
+
+ Copyright (C) The Internet Society (2003). All Rights Reserved.
+
+ This document and translations of it may be copied and furnished to
+ others, and derivative works that comment on or otherwise explain it
+ or assist in its implementation may be prepared, copied, published
+ and distributed, in whole or in part, without restriction of any
+ kind, provided that the above copyright notice and this paragraph are
+ included on all such copies and derivative works. However, this
+ document itself may not be modified in any way, such as by removing
+ the copyright notice or references to the Internet Society or other
+ Internet organizations, except as needed for the purpose of
+ developing Internet standards in which case the procedures for
+ copyrights defined in the Internet Standards process must be
+ followed, or as required to translate it into languages other than
+ English.
+
+ The limited permissions granted above are perpetual and will not be
+ revoked by the Internet Society or its successors or assigns.
+
+ This document and the information contained herein is provided on an
+ "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+ TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+ BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+ HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Acknowledgement
+
+ Funding for the RFC Editor function is currently provided by the
+ Internet Society.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Spring, et. al. Experimental [Page 13]
+