summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc62.txt
diff options
context:
space:
mode:
authorThomas Voss <mail@thomasvoss.com> 2024-11-27 20:54:24 +0100
committerThomas Voss <mail@thomasvoss.com> 2024-11-27 20:54:24 +0100
commit4bfd864f10b68b71482b35c818559068ef8d5797 (patch)
treee3989f47a7994642eb325063d46e8f08ffa681dc /doc/rfc/rfc62.txt
parentea76e11061bda059ae9f9ad130a9895cc85607db (diff)
doc: Add RFC documents
Diffstat (limited to 'doc/rfc/rfc62.txt')
-rw-r--r--doc/rfc/rfc62.txt1122
1 files changed, 1122 insertions, 0 deletions
diff --git a/doc/rfc/rfc62.txt b/doc/rfc/rfc62.txt
new file mode 100644
index 0000000..bb61d0c
--- /dev/null
+++ b/doc/rfc/rfc62.txt
@@ -0,0 +1,1122 @@
+
+
+
+
+
+
+Network Working Group D. C. Walden
+Request for Comments: 62 BBN Inc.
+Supercedes NWG/RFC #61 3 August 1970
+
+
+ A System for Interprocess Communication
+ in a
+ Resource Sharing Computer Network
+
+1. Introduction
+
+ If you are working to develop methods of communications within a
+ computer network, you can engage in one of two activities. You can
+ work with others, actually constructing a computer network, being
+ influenced, perhaps influencing your colleagues. Or you can
+ construct an intellectual position of how things should be done in an
+ ideal network, one better than the one you are helping to construct,
+ and then present this position for the designers of future networks
+ to study. The author has spent the past two years engaged in the
+ first activity. This paper results from recent engagement in the
+ second activity.
+
+ "A resource sharing computer network is defined to be a set of
+ autonomous, independent computer systems, interconnected so as to
+ permit each computer system to utilize all of the resources of the
+ other computer systems much as it would normally call a subroutine."
+ This definition of a network and the desirability of such a network
+ is expounded upon by Roberts and Wessler in [9].
+
+ The actual act of resource sharing can be performed in two ways: in
+ an ad hoc manner between all pairs of computer systems in the
+ network; or according to a systematic network-wide standard. This
+ paper develops one possible network-wide system for resource sharing.
+
+ I believe it is natural to think of resources as being associated
+ with processes<1> and available only through communication with these
+ processes. Therefore, I view the fundamental problem of resource
+ sharing to be the problem of interprocess communication. I also
+ share with Carr, Crocker, and Cerf [2] the view that interprocess
+ communication over a network is a subcase of general interprocess
+ communication in a multi-programmed environment.
+
+ These views have led me to perform a two-part study. First, a set of
+ operations enabling interprocess communication within a single time-
+ sharing system is constructed. This set of operations eschews many
+ of the interprocess communications techniques currently in use within
+ time-sharing systems -- such as communication through shared memory
+ -- and relies instead on techniques that can be easily generalized to
+
+
+
+Walden [Page 1]
+
+RFC 62 IPC for Resource Sharing 3 August 1970
+
+
+ permit communication between remote processes. The second part of
+ the study presents such a generalization. The application of this
+ generalized system to the ARPA Computer Network [9] is also
+ discussed.
+
+ The ideas enlarged upon in this paper came from many sources.
+ Particularly influential were -- 1) an early sketch of a Host
+ protocol for the ARPA Network by S. Crocker of UCLA and W. Crowther
+ of Bolt Beranek and Newman Inc. (BBN); 2) Ackerman and Plummer's
+ paper on the MIT PDP-1 time-sharing system [1]; and 3) discussions
+ with W. Crowther and R. Kahn of BBN about Host protocol, flow
+ control, and message routing for the ARPA Network. Hopefully, there
+ are also some original ideas in this note. I alone am responsible
+ for the collection of all of these ideas into the system described
+ herein, and I am therefore responsible for any inconsistencies or
+ bugs in the system.
+
+ It must be emphasized that this paper does not represent an official
+ BBN position on Host protocol for the ARPA Computer Network.
+
+
+2. A System for Interprocess Communication within a Time-Sharing System
+
+ This section describes a set of operations enabling interprocess
+ communication within a time-sharing system. Following the notation
+ of [10], I call this interprocess communication facility an IPC. As
+ an aid to the presentation of this IPC, a model for a time-sharing
+ system is described; this model is then used to illustrate the use of
+ the interprocess communication operations.
+
+ The model time-sharing has two pieces: the monitor and the processes.
+ The monitor performs such functions as switching control from one
+ process to another process when a process has used "enough" time,
+ fielding hardware interrupts, managing core and the swapping medium,
+ controlling the passing of control from one process to another (i.e.,
+ protection mechanisms), creating processes,caring for sleeping
+ processes, and providing to the processes a set of machine extending
+ operations (often called Supervisor or Monitor Calls). The processes
+ perform the normal user functions (user processes) as well as the
+ functions usually thought of as being supervisor functions in a
+ time-sharing system (systems processes) but not performed by the
+ monitor in the current model. A typical system process is the disc
+ handler or the file system. System processes is the disc handler or
+ the file system. System processes are probably allowed to execute in
+ supervisor mode, and they actually execute I/O instructions and
+ perform other privileged operations that user processes are not
+ allowed to perform. In all other ways, user and system processes are
+ identical. For reasons of efficiency, it may be useful to think of
+
+
+
+Walden [Page 2]
+
+RFC 62 IPC for Resource Sharing 3 August 1970
+
+
+ system processes as being locked in core.
+
+ Although they will be of concern later in this study, protection
+ considerations are not my concern here: instead I will assume that
+ all of the processes are "good" processes which never made any
+ mistakes. If the reader needs a protection structure to keep in mind
+ while he reads this note, the capability system developed in
+ [1][3][7][8] should be satisfying.
+
+ Of the operations a process can call on the monitor to perform, six
+ are of particular interest for providing a capability for
+ interprocess communication.
+
+ RECEIVE. This operation allows a specified process to send a message
+ to the process executing the RECEIVE. The operation has four
+ parameters: the port (defined below) awaiting the message -- the
+ RECEIVE port; the port a message will be accepted from -- the SEND
+ port; a specification of the buffer available to receive the message;
+ and a location to transfer to when the transmission is complete --
+ the restart location.
+
+ SEND. This operation sends a message from the process executing the
+ SEND to a specified process. It has four parameters: a port to send
+ the message to -- the RECEIVE port; the port the message is being
+ sent from -- the SEND port; a specification of the buffer containing
+ the message to be sent; and the restart location.
+
+ RECEIVE ANY. This operations allows any process to send a message to
+ the process executing the RECEIVE ANY. The operation has four
+ parameters: the port awaiting the message -- the RECEIVE port; a
+ specification of the buffer available to receive the message; a
+ restart location; and a location where the port which sent the
+ message may be noted.
+
+ SEND FROM ANY. This operation allows a process to send a message to
+ a process able to receive a message from any process. It has the
+ same four parameters as SEND. (The necessity for this operation will
+ be explained much later).
+
+ SLEEP. This operation allows the currently running process to put
+ itself to sleep pending the completion of an event. The operation
+ has one optional parameter, an event to be waited for. An example
+ event is the arrival of a hardware interrupt. The monitor never
+ unilaterally puts a process to sleep as a result of the process
+ executing one of the above four operations; however, if a process is
+ asleep when one of the above four operations is satisfied, the
+ process is awakened.
+
+
+
+
+Walden [Page 3]
+
+RFC 62 IPC for Resource Sharing 3 August 1970
+
+
+ UNIQUE. This operation obtains a unique number from the monitor.
+
+ A port is a particular data path to a process (a RECEIVE port) or
+ from a process (a SEND port), and all ports have an associated unique
+ port number which is used to identify the port. Ports are used in
+ transmitting messages from one process to another in the following
+ manner. Consider two processes, A and B, that wish to communicate.
+ Process A executes a RECEIVE to port N from port M. Process B
+ executes a SEND to port N from port M. The monitor matches up the
+ port numbers and transfers the message from process B to process A.
+ As soon as the buffer has been fully transmitted out of process B,
+ process B is restarted at the location specified in the SEND
+ operation. As soon as the message is fully received at process A,
+ process A is restarted at the location specified in the RECEIVE
+ operation. Just how the processes come by the correct port numbers
+ with which to communicate with other processes is not the concern of
+ the monitor -- this problem is left to the processes.
+
+ When a SEND is executed, nothing happens until a matching RECEIVE is
+ executed. Somewhere in the monitor there must be a table of port
+ numbers associated with processes and restart locations. The table
+ entries are cleared after each SEND/RECEIVE match is made. If a
+ proper RECEIVE is not executed for some time, the SEND is timed out
+ after a while and the SENDing process is notified. If a RECEIVE is
+ executed but the matching SEND does not happen for a long time, the
+ RECEIVE is timed out and the RECEIVing process is notified.
+
+ The mechanism of timing out "unused" table entries is of little
+ fundamental importance, merely providing a convenient method of
+ garbage collecting the table. There is no problem if an entry is
+ timed out prematurely, because the process can always re-execute the
+ operation. However, the timeout interval should be long enough so
+ that continual re-execution of an operation will cause little
+ overhead.
+
+ A RECEIVE ANY never times out, but may be taken back using a
+ supervisor call. A message resultant from a SEND FROM ANY is always
+ sent immediately and will be discarded if a proper receiver does not
+ exist. An error message is not returned and acknowledgment, if any,
+ is up to the processes. If the table where the SEND and RECEIVE are
+ matched up ever overflows, a process originating a further SEND and
+ RECEIVE is notified just as if the SEND or RECEIVE timed out.
+
+ The restart location is an interrupt entrance associated with a
+ pseudo interrupt local to the process executing the operation
+ specifying the restart location. If the process is running when then
+ event causing the pseudo interrupt occurs (for example, a message
+ arrives satisfying a pending RECEIVE), the effect is exactly as if
+
+
+
+Walden [Page 4]
+
+RFC 62 IPC for Resource Sharing 3 August 1970
+
+
+ the hardware interrupted the process and transferred control to the
+ restart location. Enough information is saved for the process to
+ continue execution at the point it was interrupted after the
+ interrupt is serviced. If the process is asleep, it is readied and
+ the pseudo interrupt is saved until the process runs again and the
+ interrupt is then allowed. Any RECEIVE or RECEIVE ANY message port
+ may thus be used to provide process interrupts, event channels,
+ process synchronization, message transfers, etc. The user programs
+ what he wants.
+
+ It is left as an exercise to the reader to convince himself that the
+ monitor he is saddled with can be made to provide the six operations
+ described above -- most monitors can since these are only additional
+ supervisor calls.
+
+ An example. Suppose that our model time-sharing system is
+ initialized to have several processes always running. Additionally,
+ these permanent processes have some universally known and permanently
+ assigned ports<2>. Suppose that two of the permanently running
+ processes are the logger-process and the teletype-scanner-process.
+ When the teletype-scanner-process first starts running, it puts
+ itself to sleep awaiting an interrupt from the hardware teletype
+ scanner. The logger-process initially puts itself to sleep awaiting
+ a message from the teletype-scanner-process via well-known permanent
+ SEND and RECEIVE ports. The teleype-scanner-process keeps a table
+ indexed by teletype number, containing in each entry a pair of port
+ numbers to use to send characters from that teletype to a process and
+ a pair of port numbers to use to receive characters for that teletype
+ from a process. If a character arrives (waking up the teletype-
+ scanner- process) and the process does not have any entry for that
+ teletype, it gets a pair of unique numbers from the monitor (via
+ UNIQUE) and sends a message containing this pair of numbers to the
+ logger-process using the ports for which the logger-process is known
+ to have a RECEIVE pending. The scanner-process also enters the pair
+ of numbers in the teletype table, and sends the character and all
+ future characters from this teletype to the port with the first
+ number from the port with the second number. The scanner-process
+ must also pass a second pair of unique numbers to the logger-process
+ for it to use for teletype output and do a RECEIVE using these port
+ numbers. When the logger-process receives the message from the
+ scanner-process, it starts up a copy of what SDS 940 TSS [6] users
+ call the executive<3>, and passes the port numbers to this copy of
+ the executive, so that this executive-process can also do its inputs
+ and outputs to the teletype using these ports. If the logger-process
+ wants to get a job number and password from the user, it can
+ temporarily use the port numbers to communicate with the user before
+ it passes them on to the executive. The scanner-process could always
+ use the same port numbers for a particular teletype as long as the
+
+
+
+Walden [Page 5]
+
+RFC 62 IPC for Resource Sharing 3 August 1970
+
+
+ numbers were passed on to only one copy of the executive at a time.
+
+ It is important to distinguish between the act of passing a port from
+ one process to another and the act of passing a port number from one
+ process to another. In the previous example, where characters from a
+ particular teletype are sent either to the logger-process or an
+ executive-process by the teletype-scanner-process, the SEND port
+ always remains in the teletype-scanner-process while the RECEIVE port
+ moves from the logger-process to the executive process. On the other
+ hand, the SEND port number is passed between the logger-process and
+ the executive-process to enable the RECEIVE process to do a RECEIVE
+ from the correct SEND port. It is crucial that, once a process
+ transfers a port to some other process, the first process no longer
+ use the port. We could add a mechanism that enforces this. The
+ protected object system of [9] is one such mechanism. Using this
+ mechanism, a process executing a SEND would need a capability for the
+ SEND port and only one capability for this SEND port would exist in
+ the system at any given time. A process executing a RECEIVE would be
+ required to have a capability for the RECEIVE port, and only one
+ capability for this RECEIVE port would exist at a given time.
+ Without such a protection mechanism, a port implicitly moves from one
+ process to another by the processes merely using the port at disjoint
+ times even if the port's number is never explicitly passed.
+
+ Of course, if the protected object system is available to us, there
+ is really no need for two port numbers to be specified before a
+ transmission can take place. The fact that a process knows an
+ existing RECEIVE port number could be considered prima facie evidence
+ of the process' right to send to that port. The difference between
+ RECEIVE and RECEIVE ANY ports then depends solely on the number of
+ copies of a particular port number that have been passed out. A
+ system based on this approach would clearly be preferable to the one
+ described here if it was possible to assume that all autonomous
+ time-sharing systems in a network would adopt this protection
+ mechanism. If this assumption cannot be made, it seems more
+ practical to require both port numbers.
+
+ Note that in the interprocess communication system (IPC) being
+ described here, when two processes wish to communicate they set up
+ the connection themselves, and they are free to do it in a mutually
+ convenient manner. For instance, they can exchange port numbers or
+ one process can pick all the port numbers and instruct the other
+ process which to use. However, in a particular implementation of a
+ time-sharing system, the builders of the system might choose to
+ restrict the processes' execution of SENDs and RECEIVEs and might
+ forbid arbitrary passing around of ports and port numbers, requiring
+ instead that the monitor be called (or some other special program) to
+ perform these functions.
+
+
+
+Walden [Page 6]
+
+RFC 62 IPC for Resource Sharing 3 August 1970
+
+
+ Flow control is provided in this IPC by the simple method of never
+ starting data transmission resultant from a SEND from one process
+ until a RECEIVE is executed by the receiver. Of course, interprocess
+ messages may also be sent back and forth suggesting that a process
+ stop sending or that space be allocated.
+
+ Generally, well-known permanently-assigned ports are used via RECEIVE
+ ANY and SEND FROM ANY. The permanent ports will most often be used
+ for starting processes and, consequently, little data will be sent
+ via them. If a process if running (perhaps asleep), and has a
+ RECEIVE ANY pending, then any process knowing the receive port number
+ can talk to that process without going through loggers. This is
+ obviously essential within a local time-sharing system and seems very
+ useful in a more general network if the ideal of resource sharing is
+ to be reached. For instance, in a resource sharing network, the
+ programs in the subroutine libraries at all sites might have RECEIVE
+ ANYs always pending over permanently assigned ports with well-known
+ port numbers. Thus, to use a particular network resource such as a
+ matrix manipulation hardware, a process running anywhere in the
+ network can send a message to the matrix inversion subroutine
+ containing the matrix to be inverted and the port numbers to be used
+ for returning the results.
+
+ An additional example demonstrates the use of the FORTRAN compiler.
+ We have already explained how a user sits down at his teletype and
+ gets connected to an executive. We go on from there. The user is
+ typing in and out of the executive which is doing SENDs and RECEIVEs.
+ Eventually the user types RUN FORTRAN, and executive asks the monitor
+ to start up a copy of the FORTRAN compiler and passes to FORTRAN as
+ start up parameters the port numbers the executive was using to talk
+ to the teletype. (This, at least conceptually, FORTRAN is passed a
+ port at which to RECEIVE characters from the teletype and a port from
+ which to SEND characters to the teletype.) FORTRAN is, of course,
+ expecting these parameters and does SENDs and RECEIVEs via the
+ indicated ports to discover from the user what input and output files
+ the user wants to use. FORTRAN types INPUT FILE? to the user, who
+ responds F001. FORTRAN then sends a message to the file-system-
+ process, which is asleep waiting for something to do. The message is
+ sent via well-known ports and it asks the file system to open F001
+ for input. The message also contains a pair of port numbers that the
+ file-system process can use to send its reply. The file-system looks
+ up F001, opens it for input, make some entries in its open file
+ tables, and sends back to FORTRAN a message containing the port
+ numbers that FORTRAN can use to read the file. The same procedure is
+ followed for the output file. When the compilation is complete,
+ FORTRAN returns the teletype port numbers (and the ports) back to the
+ executive that has been asleep waiting for a message from FORTRAN,
+ and then FORTRAN halts itself. The file-system-process goes back to
+
+
+
+Walden [Page 7]
+
+RFC 62 IPC for Resource Sharing 3 August 1970
+
+
+ sleep when it has nothing else to do<4>.
+
+ Again, the file-system process can keep a small collection of port
+ numbers which it uses over and over if it can get file system users
+ to return the port numbers when they have finished with them. Of
+ course, when this collection of port numbers has eventually dribbled
+ away, the file system can get some new unique numbers from the
+ monitor.
+
+
+3. A System for Interprocess Communication Between Remote Processes
+
+ The IPC described in the previous section easily generalizes to allow
+ interprocess communication between processes at geographically
+ different locations as, for example, within a computer network.
+
+ Consider first a simple configuration of processes distributed around
+ the points of a star. At each point of the star there is an
+ autonomous operating system<5>. A rather large, smart computer
+ system, called the Network Controller, exists at the center of the
+ star. No processes can run in this center system, but rather it
+ should be thought of as an extension of the monitor of each of the
+ operating systems in the network.
+
+ If the Network Controller is able to perform the operations SEND,
+ RECEIVE, SEND FROM ANY, RECEIVE ANY, and UNIQUE and if all of the
+ monitors in all of the time-sharing systems in the network do not
+ perform these operations themselves but rather ask the Network
+ Controller to perform these operations for them, then the problem of
+ interprocess communication between remote processes if solved. No
+ further changes are necessary since the Network Controller can keep
+ track of which RECEIVEs have been executed and which SENDs have been
+ executed and match them up just as the monitor did in the model
+ time-sharing system. A networkwide port numbering scheme is also
+ possible with the Network Controller knowing where (i.e., at which
+ site) a particular port is at a particular time.
+
+ Next, consider a more complex network in which there is no common
+ center point, making it necessary to distribute the functions
+ performed by the Network Controller among the network nodes. In the
+ rest of this section I will show that it is possible to efficiently
+ and conveniently distribute the functions performed by the star
+ Network Controller among the many network sites and still enable
+ general interprocess communication between remote processes.
+
+ Some changes must be made to each of the four SEND/RECEIVE operations
+ described above to adapt them for use in a distributed Network
+ Controller. To RECEIVE is added a parameter specifying a site to
+
+
+
+Walden [Page 8]
+
+RFC 62 IPC for Resource Sharing 3 August 1970
+
+
+ which the RECEIVE is to be sent. To the SEND FROM ANY and SEND
+ messages is added a site to send the SEND to although this is
+ normally the local site. Both RECEIVE and RECEIVE ANY have added the
+ provision for obtaining the source site of any received message.
+ Thus, when a RECEIVE is executed, the RECEIVE is sent to the site
+ specified, possibly a remote site. Concurrently a SEND is sent to
+ the same site, normally the local site of the process executing the
+ SEND. At this site, called the rendezvous site, the RECEIVE is
+ matched with the proper SEND and the message transmission is allowed
+ to take place from the SEND site to the site from whence the RECEIVE
+ came.
+
+ A RECEIVE ANY never leaves its originating site and therein lies the
+ necessity for SEND FROM ANY, since it must be possible to send a
+ message to a RECEIVE ANY port and not have the message blocked
+ waiting for a RECEIVE at the sending site. It is possible to
+ construct a system so the SEND/RECEIVE rendezvous takes place at the
+ RECEIVE site and eliminates the SEND FROM ANY operation, but in my
+ judgment the ability to block a normal SEND transmission at the
+ source site more than makes up for the added complexity.
+
+ At each site a rendezvous table is kept. This table contains an
+ entry for each unmatched SEND or RECEIVE received at that site and
+ also an entry for all RECEIVE ANYs given at that site. A matching
+ SEND/RECEIVE pair is cleared from the table as soon as the match
+ takes place. As in the similar table kept in the model time-sharing,
+ SEND and RECEIVE entries are timed out if unmatched for too long and
+ the originator is notified. RECEIVE ANY entries are cleared from the
+ table when a fulfilling message arrives.
+
+ The final change necessary to distribute the Network Controller
+ functions is to give each site a portion of the unique numbers to
+ distribute via its UNIQUE operation. I'll discuss this topic further
+ below.
+
+ To make it clear to the reader how the distributed Network Controller
+ works, an example follows. The details of what process picks port
+ numbers, etc., are only exemplary and are not a standard specified as
+ part of the IPC.
+
+ Suppose that, for two sites in the network, K and L, process A at
+ site K wishes to communicate with process B at site L. Process B has
+ a RECEIVE ANY pending at port M.
+
+
+
+
+
+
+
+
+Walden [Page 9]
+
+RFC 62 IPC for Resource Sharing 3 August 1970
+
+
+ SITE K SITE L
+
+ ______ ______
+ / \ / \
+ / \ / \
+ / \ / \
+ / \ / \
+ | | | |
+ | Process A | | Process B |
+ | | | |
+ \ / \ /
+ \ / RECEIVE--> port M /
+ \ / ANY \ /
+ \______/ \______/
+
+
+ Process A, fortunately, knows of the existence of port M at site L and
+ sends a message using the SEND FROM ANY operation from port N to port
+ M. The message contains two port numbers and instructions for process
+ B to SEND messages for process A to port P from port Q. Site K's site
+ number is appended to this message along with the message's SEND port N.
+
+ SITE K SITE L
+
+ ______ ______
+ / \ / \
+ / \ / \
+ / \ / \
+ / \ / \
+ | | | |
+ | Process A | | Process B |
+ | | | |
+ \ port N / \ port M /
+ \ /--->SEND FROM --->\ /
+ \ / ANY \ /
+ \______/ \______/
+
+ to port M, site L
+
+ containing K,N,P, & Q
+
+ Process A now executes a RECEIVE at port P from port Q. Process A
+ specifies the rendezvous site to be site L.
+
+
+
+
+
+
+
+
+Walden [Page 10]
+
+RFC 62 IPC for Resource Sharing 3 August 1970
+
+
+ SITE K SITE L
+
+ ______ ______
+ / \ / \
+ / \ / \
+ / \ Rendezvous/ \
+ / \ table \
+ | | | |
+ | Process A | ^ | Process B |
+ | | | | |
+ \ port P / | \ /
+ \ / | \ /
+ \ / <--RECEIVE __/ \ /
+ \______/ MESSAGE \______/
+
+ to site L
+
+ containing P, Q, & K
+
+
+ A RECEIVE message is sent from site K to site L and is entered in the
+ rendezvous table at site L. At some other time, process B executes a
+ SEND to port P from port Q specifying site L as the rendezvous site.
+
+
+ SITE K SITE L
+
+ ______ ______
+ / \ / \
+ / \ / \
+ / \ Rendezvous/ \
+ / \ table \
+ | | | |
+ | Process A | | Process B |
+ | | | |
+ \ port P / <--------- port Q /
+ \ / \ /
+ \ / SEND \ /
+ \______/ \______/
+ to site L
+
+ containing P & Q
+
+ A rendezvous is made, the rendezvous table is cleared, and the
+ transmission to port P at site K takes place. The SEND site number
+ (and conceivably the SEND port number) is appended to the messages of
+ the transmission for the edification of the receiving process.
+
+
+
+
+Walden [Page 11]
+
+RFC 62 IPC for Resource Sharing 3 August 1970
+
+
+ SITE K SITE L
+
+ ______ ______
+ / \ / \
+ / \ / \
+ / \ / \
+ / \ / \
+ | | | |
+ | Process A | | Process B |
+ | | | |
+ \ port P / \ port Q /
+ \ /<--transmission<--\ /
+ \ / \ /
+ \______/ to port P, site K \______/
+
+ containing data and L
+
+ Process B may simultaneously wish to execute a RECEIVE from port N at
+ port M.
+
+ Note that there is only one important control message in this system
+ which moves between sites, the type of message that is called a
+ Host/Host protocol message in [2]. This control message is the
+ RECEIVE message. There are two other possible intersite control
+ messages: an error message to the originating site when a RECEIVE or
+ SEND is timed out, and the SEND message in the rare case when the
+ rendezvous site is not the SEND site. There must also be a standard
+ format for messages between ports. For example, the following:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Walden [Page 12]
+
+RFC 62 IPC for Resource Sharing 3 August 1970
+
+
+ _________________ __________________ _____________
+ | rendezvous site | <6> | destination site | | source site |
+ |-----------------| |------------------| |-------------|
+ | RECEIVE port | | RECEIVE port | | RECEIVE port|
+ |-----------------| |------------------| |-------------|
+ | SEND port | | SEND port | | SEND port |
+ |-----------------| |------------------| |-------------|
+ | | | source site | | |
+ | | |------------------| | |
+ | | | | | |
+ | | | | | |
+ | | | | | |
+ | | | | | |
+ | data | | data | | data |
+ | | | | | |
+ | | | | | |
+ | | | | | |
+ | | | | | |
+ |_________________| |__________________| |_____________|
+ transmitted transmitted received
+ by SEND by Network by RECEIVE
+ process Controller process
+
+ In the model time-sharing system it was possible to pass a port form
+ process to process. This is still possible with a distributed Network
+ Controller.
+
+ Remember that, for a message to be sent from one process to another, a
+ SEND to port M from port N and a RECEIVE at port M from port N must
+ rendezvous, normally at the SEND site. Both processes keep track of
+ where they think the rendezvous site is and supply this site as a
+ parameter of appropriate operations. The RECEIVE process thinks it is
+ the SEND site also. Since once a SEND and a RECEIVE rendezvous the
+ transmission is sent to the source of the RECEIVE and the entry in the
+ rendezvous table is cleared and must be set up again for each further
+ transmission from N to M, it is easy for a RECEIVE port to be moved.
+ If a process sends both the port numbers and the rendezvous site
+ number to a new process at some other site which executes a RECEIVE
+ using these same old port numbers and rendezvous site specification,
+ the SENDer never knows the RECEIVEr has moved. It is slightly harder
+ for a send port to move. However, if it does, the pair of port
+ numbers that has been being used for a SEND and the original
+ rendezvous site number are passed to the new site. The process at the
+ new SEND site specifies the old rendezvous site with the first SEND
+ from the new site. The RECEIVE process will also still think the
+ rendezvous site is the old site, so the SEND and RECEIVE will meet at
+ the old site. When they meet, the entry in the table at that site is
+ cleared, and both the SEND and RECEIVE messages are sent to the new
+
+
+
+Walden [Page 13]
+
+RFC 62 IPC for Resource Sharing 3 August 1970
+
+
+ SEND site just as if they had been destined for there in the first
+ place. The SEND and RECEIVE then meet again at the new rendezvous
+ site and transmission may continue as if the port had never moved.
+ Since all transmissions contain the source site number, further
+ RECEIVEs will be sent to the new rendezvous site. It is possible to
+ discover that this special manipulation must take place because a SEND
+ message is received at a site that did not originate the SEND
+ message<7>. Note that the SEND port and the RECEIVE port can move
+ concurrently.
+
+ Of course, all of this could have also been done if the processes had
+ sent messages back and forth announcing any potential moves and the
+ new site numbers.
+
+ A problem that may have occurred to the reader is how the SEND and
+ RECEIVE buffers get matched for size. The easiest solution would be
+ to require that all buffers have a common size but this is
+ unacceptable since it does not easily extend to a situation where
+ processes in autonomous operating systems are attempting to
+ communicate. A second solution is for the processes to pass messages
+ specifying buffer sizes. If this solution is adopted, excessive data
+ sent from the SEND process and unable to fix into the RECEIVE buffer
+ is discarded and the RECEIVE process notified. The solution has great
+ appeal on account of its simplicity. A third solution would be for
+ the RECEIVE buffer size to be passed to the SEND site with RECEIVE
+ message and to notify the SEND process when too much data is sent or
+ even to pass the RECEIVE buffer size on to the SEND process. This
+ last method would also permit the Network Controller at the SEND site
+ to make two or more SENDs out of one, if that was necessary to match a
+ smaller RECEIVE buffer size.
+
+ The maintenance of unique numbers is also a problem when the processes
+ are geographically distributed. Three solutions to this problem are
+ presented here. The first possibility is for the autonomous operating
+ systems to ask the Network Controller for the unique numbers
+ originally and then guarantee the integrity of any unique numbers
+ currently owned by local processes and programs using whatever means
+ are at the operating system's disposal. In this case, the Network
+ Controller would provide a method for a unique number to be sent from
+ one site to another and would vouch for the number's identity at the
+ new site. The second method is simply to give the unique numbers to
+ the processes that are using them, depending on the non-malicious
+ behavior of the processes to preserve the unique numbers, or if an
+ accident should happen, the two passwords (SEND and RECEIVE port
+ numbers) that are required to initiate a transmission. If the unique
+ numbers are given out in a non-sequential manner and are reasonably
+ long (say 32 bits), there is little danger. In the final method, a
+ user identification is included in the port numbers and the individual
+
+
+
+Walden [Page 14]
+
+RFC 62 IPC for Resource Sharing 3 August 1970
+
+
+ operating systems guarantee the integrity of these identification
+ bits. Thus a process, while not able to be sure that the correct port
+ is transmitting to him, can be sure that some port of the correct user
+ is transmitting. This is the so-called virtual net concept suggested
+ by W. Crowther [2].<8>
+
+ A third difficult problem arises when remote processes wish to
+ communicate, the problem of maintaining high bandwidth connections
+ between the remote processes. The solution to this problem lies in
+ allowing the processes considerable information about the state of an
+ on-going transmission. First, we examine a SEND process in detail.
+ When a process executes a SEND, the local portion of the Network
+ Controller passes the SEND on to the rendezvous site, normally the
+ local site. When a RECEIVE arrives matching a pending SEND, the
+ Network Controller notifies the SEND process by causing an interrupt
+ to the specified restart location. Simultaneously the Network
+ Controller starts shipping the SEND buffer to the RECEIVE site. When
+ transmission is complete, a flag is set which the SEND process can
+ test. While a transmission is taking place, the process may ask the
+ Network Controller to perform other operations, including other SENDs.
+ A second SEND over a pair of ports already in the act of transmission
+ is noted and the SEND becomes active as soon as the first transmission
+ is complete. A third identical SEND results in an error message to
+ the SENDing process. Next, we examine a RECEIVE process in detail.
+ When a process executes a RECEIVE, the RECEIVE is sent to the
+ rendezvous site. When data resultant from this RECEIVE starts to
+ arrive at the RECEIVE site, the RECEIVE process is notified via an
+ interrupt to the specified restart location. When the transmission is
+ complete, a flag is set which the RECEIVE process can test. A second
+ RECEIVE over the same port pair is allowed. A third results in an
+ error message to the RECEIVE process. Thus, there is sufficient
+ machinery to allow a pair of processes always to have both a
+ transmission in progress and the next one pending. Therefore, no
+ efficiency is lost. On the other hand, each transmission must be
+ preceded by a RECEIVE into a specified buffer, thus continuing to
+ provide complete flow control.
+
+
+4. A Potential Application
+
+ Only one resource sharing computer network currently exists, the
+ ARPA Computer Network. In this section, I discuss application of the
+ system described in this paper to the ARPA Network [2][5][9].
+
+ The ARPA Network currently incorporates ten sites spread across the
+ United States. Each site consists of one to three (potentially four)
+ independent computer systems called Hosts and one communications
+ computer system called an IMP. All of the Hosts at a site are
+
+
+
+Walden [Page 15]
+
+RFC 62 IPC for Resource Sharing 3 August 1970
+
+
+ directly connected to the IMP. The IMPs themselves are connected
+ together by 50-kilobit phone lines (much higher rate lines are a
+ potential), although each IMP is connected to only one to five other
+ IMPs. The IMPs provide a communications subnet through which the
+ Hosts communicate. Data is sent through the communications subnet in
+ messages of arbitrary size (currently about 8000 bits) called network
+ messages. When a network message is received by the IMP at the
+ destination site, that IMP sends an acknowledgment, called a RFNM, to
+ the source site.
+
+ A system for interprocess communication for the ARPA Network (let us
+ call this IPC for ARPA) is currently being designed by the Network
+ Working Group, under the chairmanship of S. Crocker of UCLA. Their
+ design is somewhat constrained by the communications subnet [5]<9>.
+ I would like to compare point-by-point IPC for ARPA with the one
+ developed in this paper; however, such a comparison would first
+ require description here, almost from scratch, of the current state
+ of IPC for ARPA since very little up-to-date information about IPC
+ for ARPA appears in the open literature [2]. Also, IPC for ARPA is
+ quite complex and the working documents describing it now run to many
+ hundred pages, making any description lengthy and inappropriate for
+ this paper.<10> Therefore, I shall make only a few scattered
+ comparisons of the two systems, the first of which are implicit in
+ this paragraph.
+
+ The interprocess communication system being developed for the ARPA
+ Network comes in several almost distinct pieces: The Host/IMP
+ protocol, IMP/IMP protocol, and the Host/Host protocol. The IMPs
+ have sole responsibility for correctly transmitting bits from one
+ site to another. The Hosts have sole responsibility for making
+ interprocess connections. Both the Host and IMP are concerned and
+ take a little responsibility for flow control and message sequencing.
+ Applications of the interprocess communication system described in
+ this paper leads me to make a different allocation of responsibility.
+ The IMP still continues to move bits from on site to another
+ correctly but the Network Controller also resides in the IMP, and
+ flow control is completely in the hands of the processes running in
+ the Hosts, although using the mechanisms provided by the IMPs.
+
+ The IMPs provide the SEND, RECEIVE, SEND FROM ANY, RECEIVE ANY, and
+ UNIQUE operations in slightly altered forms for the Hosts and also
+ maintain the rendezvous tables, including moving of SEND ports when
+ necessary. Putting these operations in the IMP requires the
+ Host/Host protocol program to be written only once, rather than many
+ times as is currently being done in the ARPA Network. It is perhaps
+ useful to step through the five operations again.
+
+ SEND. The Host gives the IMP a SEND port number, a RECEIVE port
+
+
+
+Walden [Page 16]
+
+RFC 62 IPC for Resource Sharing 3 August 1970
+
+
+ number, the rendezvous site, and a buffer specification (e.g., start
+ and end, or beginning and length). The SEND is sent to the
+ rendezvous site IMP, normally the local IMP. When a matching RECEIVE
+ arrives at the local IMP, the Host is notified of the RECEIVE port of
+ the just arrived message. This port number is sufficient to identify
+ the SENDing process, although a given operating system may have to
+ keep internal tables mapping this port number into a useful internal
+ process identifier. Simultaneously, the IMP begins to ask the Host
+ for specific pieces of the SEND buffer, sending these pieces as
+ network messages to the destination site. If a RFNM is not received
+ for too long, implying a network message has been lost in the
+ network, the Host is asked for the same data again and it is
+ retransmitted.<11> Except for the last piece of a buffer, the IMP
+ requests pieces from the Host which are common multiplies of the word
+ size of the source Host, IMP, and destination Host. This avoids
+ mid-transmission word alignment problems.
+
+ RECEIVE. The Host gives the IMP a SEND port, a RECEIVE port, a
+ rendezvous site, and a buffer description. The RECEIVE message is
+ sent to the rendezvous site. As the network messages making up a
+ transmission arrive for the RECEIVE port, they are passed to the Host
+ along with RECEIVE port number (and perhaps the SEND port number),
+ and an indication to the Host where to put this data in its input
+ buffer. When the last network message of the SEND buffer is passed
+ into the Host, it is marked accordingly and the Host can then detect
+ this. (It is conceivable that the RECEIVE message could also
+ allocate a piece of network bandwidth while making its network
+ traverse to the rendezvous site.)
+
+ RECEIVE ANY. The Host gives the IMP a RECEIVE port and a buffer
+ descriptor. This works the same as RECEIVE but assumes the local
+ site to be the rendezvous site.
+
+ SEND FROM ANY. The Host gives the IMP RECEIVE and SEND ports, the
+ destination site, and a buffer descriptor. The IMP requests and
+ transmits the buffer as fast as possible. A SEND FROM ANY for a
+ non-existent port is discarded at the destination site.
+
+ In the ARPA Network, the Hosts are required by the IMPs to physically
+ break their transmissions into network messages, and successive
+ messages of a single transmission must be delayed until the RFNM is
+ received for the previous message. In the system described here,
+ since RFNMs are tied to the transmission of a particular piece of
+ buffer and since the Hosts allow the IMPs to reassemble buffers in
+ the Hosts by the IMP telling the Host where to put each buffer piece
+ then pieces of a single buffer can be transmitted in parallel network
+ messages and several RFNMs can be outstanding simultaneously. This
+ enables The Hosts to deal with transmissions of more natural sizes
+
+
+
+Walden [Page 17]
+
+RFC 62 IPC for Resource Sharing 3 August 1970
+
+
+ and higher bandwidth for a single transmission.
+
+ For additional efficiency, the IMP might know the approximate time it
+ takes for a RECEIVE to get to a particular other site and warn the
+ Host to wake up a process shortly before the arrival of a message for
+ that process is imminent.
+
+
+ 5. Conclusion
+
+ Since the system described in this paper has not been implemented, I
+ have no clearly demonstrable conclusions nor any performance reports.
+ Instead, I conclude with four openly subjective claims.
+
+ 1) The interprocess communication system described in Section 2 is
+ simpler and more general than most existing systems of equivalent
+ power and is more powerful than most intra time-sharing system
+ communication systems currently available.
+
+ 2) Time-sharing systems structured like the model in Section 2 should
+ be studied by designers of time-sharing systems who may see a
+ computer network in their future, as structure seems to enable
+ joining a computer network with a minimum of difficulty.
+
+ 3) As computer networks become more common, remote interprocess
+ communication systems like the one described in Section 3 should be
+ studied. The system currently being developed for ARPA is a step in
+ the wrong direction, being addressed, in my opinion, more to
+ communication between monitors than to communication between
+ processes and consequently subverting convenient resource sharing.
+
+ 4) The application of the system as described in Section 4 is much
+ simpler to implement and more powerful than the system currently
+ being constructed for the ARPA Network, and I suggest that
+ implementation of my method be seriously considered for adoption by
+ the ARPA Network.
+
+
+ <Footnotes>
+
+ 1. Almost any of the common definitions of a process would suit the
+ needs of this paper.
+
+ 2. Or perhaps there is only one permanently known port, which
+ belongs to a directory-process that keeps a table of
+ permanent-process/well-know-port associations.
+
+ 3. That program which prints file directories, tells who is on other
+
+
+
+Walden [Page 18]
+
+RFC 62 IPC for Resource Sharing 3 August 1970
+
+
+ teletypes, runs subsystems, etc.
+
+ 4. The reader should have noticed by now that I do not like to think
+ of a new process (consisting of a new conceptual copy of a
+ program) being started up each time another user wishes to use
+ the program. Rather, I like to think of the program as a single
+ process which knows it is being used simultaneously by many other
+ processes and consciously multiplexes among the users or delays
+ service to users until it can get around to them.
+
+ 5. I use operating system rather than time-sharing system in this
+ section to point up the fact that the autonomous systems at the
+ network nodes may be either full blown time-sharing systems in
+ their own right, and individual process in a larger
+ geographically distributed time-sharing system, or merely
+ autonomous sites wishing to communicate.
+
+ 6. For a SEND FROM ANY message, the rendezvous site is the
+ destination site.
+
+ 7. For readers familiar with the once-proposed re-connection scheme
+ for the ARPA Network, the above system is simple, comparatively,
+ because there are no permanent connections to break and move;
+ that is, connections only exist fleetingly in the system
+ described here and can therefore be remade between any pair of
+ processes which at any time happen to know each other's port
+ numbers and have some clue where they each are.
+
+ 8. Crowther says this is not the virtual net concept.
+
+ 9. As one of the builders of the ARPA communications subnet, I am
+ partially responsible for these constraints.
+
+ 10. The reader having access to the ARPA working documents may want
+ to read Specifications for the Interconnection of a Host to
+ an IMP, BBN Report No. 1822; and ARPA Network Working Group
+ Notes #36, 37, 38, 39, 42, 44, 46, 47, 48, 49, 50, 54, 55, 56,
+ 57, 58, 59, 60.
+
+ 11. This also allows messages to be completely thrown away by the IMP
+ subnet it that should ever be useful.
+
+
+ [REFERENCES]
+
+ 1. Ackerman, W., and Plummer, W. An implementation of a
+ multi-processing computer system. Proc. ACM Symp. on
+ Operating System Principles, Gatlinsburg, Tenn.,
+
+
+
+Walden [Page 19]
+
+RFC 62 IPC for Resource Sharing 3 August 1970
+
+
+ Oct. 1-4, 1967.
+
+ 2. Carr, C. Crocker, S., and Cerf, V. Host/Host communication
+ protocol in the ARPA network. Proc. AFIPS 1970 Spring
+ Joint Comput. Conf., Vol. 36, AFIPS Press, Montvale, N.J.,
+ pp. 589-597.
+
+ 3. Dennis, J., and VanHorn, E. Programming semantics for
+ multiprogrammed computations. Comm. ACM 9, 3 (March,
+ 1966), 143-155.
+
+ 4. Hansen, P.B. The nucleus of a multiprogramming system. Comm.
+ ACM 13, 4 (April, 1970), 238-241, 250.
+
+ 5. Heart, F., Kahn, R., Ornstein, S., Crowther, W., and Walden, D.
+ The interface message processor for the ARPA computer
+ network. Proc. AFIPS 1970 Spring Joint Comput. Conf., Vol.
+ 36, AFIPS Press, Montvale, N.J., pp. 551-567.
+
+ 6. Lampson, B. SDS 940 Lectures, circulated informally.
+
+ 7. _______. An overview of the CAL time-sharing system. Computer
+ Center, University of California, Berkeley, Calif.
+
+ 8. _______. Dynamic protection structures. Proc. AFIPS 1969 Fall
+ Joint Comput. Conf., Vol. 35, AFIPS Press, Montvale, N.J.,
+ pp. 27-38.
+
+ 9. Roberts, L., and Wessler, B. Computer network development to
+ achive resource sharing. Proc. AFIPS 1970 Spring Joint
+ Comput. Conf., Vol. 36, AFIPS Press, Monvale, N.J., pp.
+ 543-549.
+
+ 10. Spier, M., and Organick, E. The MULTICS interprocess
+ communication facility. Proc. ACM Second Symp. on Operating
+ Systems Principles, Princeton University, Oct. 20-22, 1969.
+
+
+
+Author's Address
+
+ D. C. Walden
+ Bolt Bernakek and Newman, Inc.
+ Cambridge, Massachusetts
+
+
+ [ This RFC was put into machine readable form for entry ]
+ [ into the online RFC archives by Adam Costello 3/97 ]
+
+
+Walden [Page 20]
+