Computer Networks

1
Computer Networks

• Lecture 2 Packet classification and Queue
  management
• Younghee Lee

2
Naming and Addressing

• Naming versus addressing
• naming is typically a high-level description
• addresses refer to specific physical resources
• distinction hard to define but often clear
• icu.ac.kr
• 128.9.23.93
• D74A049C2384
• Naming/addressing formats
• structure flat versus partitioned (hierarchical)
• duration dynamic versus static
• scope local versus global
• Domain Name System (DNS) names are names of hosts
• DNS binds host names to interfaces
• Routing binds interface names to paths

3
Name/Address Structure

• Hierarchical address space
• address space has structure sequence of fields
• fields identify autonomous organizations,
  geographical location, ..
• hierarchical can simplifies routing
• easily supports distributed assignment of
  addresses
• can result in inefficient use of the address
  space
• example IP addresses, postal address, telephone
  numbers, ..
• Flat address space
• address has no structure single field
• easier to use full address space
• lacks support for routing
• example IEEE addresses (48 bits)

4
IP Addressing introduction
223.1.1.1

• IP address 32-bit identifier for host, router
  interface
• interface connection between host, router and
  physical link
• routers typically have multiple interfaces
• host may have multiple interfaces
• IP addresses associated with interface, not host,
  router

223.1.2.9
223.1.1.4
223.1.1.3
223.1.1.1 11011111 00000001 00000001 00000001
223
1
1
1
5
IP addresses how to get one?

• Hosts (host portion)
• hard-coded by system admin in a file
• DHCP Dynamic Host Configuration Protocol
  dynamically get address plug-and-play
• host broadcasts DHCP discover msg
• DHCP server responds with DHCP offer msg
• host requests IP address DHCP request msg
• DHCP server sends address DHCP ack msg
• Auto-configuration
• IPv6 stateless autoconfiguration
• MANET AUTOCONF
• Standalone
• With gateway can be relatively simple but how to
  select gateway?
• Stand-alone for most of the time but temporarily
  connected to the infrastructured network
• e.g. car network connected while parked and
  disconnected otherwise
• Strong DAD, Prophet, AROD

6
Hierarchical addressing route aggregation
Hierarchical addressing allows efficient
advertisement of routing information
Organization 0
Organization 1
Send me anything with addresses beginning
200.23.16.0/20
Organization 2
Fly-By-Night-ISP
Internet
Organization 7
Send me anything with addresses beginning
199.31.0.0/16
ISPs-R-Us
7
IP Address Utilization (98)
http//www.caida.org/outreach/resources/learn/ipv4
space/
8
Problems with Simple Address Structure

• Address space is not used very efficiently.
• Address spaces for networks can only be 28,
  216, 224 in size
• Sizes differ by two orders of magnitude
• Organizations that do not fit in smaller network
  (e.g. 257 hosts) need to use a size that is
  significantly larger
• Running out of addresses.
• Especially true for mid-sized networks
• Class B greatest problem
• Sparsely populated but people refuse to give it
  back
• Class C too small for most domains
• Very few class A IANA (Internet Assigned
  Numbers Authority) very careful about giving
• Routing tables are becoming too big.
• 100 of thousands of entries

9
Whats wrong with Internetaddressing today?

• Hierarchical addressing allows excellent scaling
  properties
• But, forces addressing to conform to network
  topology
• Since topology is not static, addresses cant
  persistently identify hosts

10
Whats wrong with Internetaddressing today?

• But most network applications today require
  persistent identity
• Its hard to provide persistent identity in
  presence of hierarchical addressing
• Need to decouple identity from addressing
• Drastically complicates network configuration,
  mobility, address assignment
• Is hierarchy the only way to scale routing?

11
Flat host identifier?

• Why not route on flat host identifiers?
• Assign addresses independently of network
  topology
• Benefits
• No separate name resolution system required
• Simpler network config/allocation/mobility
• Simpler network-layer access controls
• Challenge flat identifiers break aggregation
• Is it possible to scalably route without
  aggregation?
• Cant use a DHT
• Assumes point-to-point routing
• Doesnt support routing policies

12
Basic mechanisms behind ROFL

• Goal 1 Scale to Internet topologies
• Mechanism DHT-style routing, maintain source
  routes to successors/fingers
• Provides Scalable network routing without
  aggregation
• Goal 2 Support for BGP policies
• Mechanism Intelligently choose
  successors/fingers to conform to ISP
  relationships
• Provides Support for policies, operational model
  of BGP

13
Basic mechanisms behind ROFL

• Identifiers
• self-certifying identifiers
• host's or router's identity is tied to a
  public-private key pair
• identifier (ID) is a hash of its public key.
• Source Routes
• hosts are assigned to a first-hop or gateway
  router through either DHCP or manual
  configuration
• A host's ID is resident at this gateway router,
  so each router maintains a set of resident IDs
  (in addition to its own ID)
• and it maintains source routes to their
  successors on their behalf.
• The router at which an ID is resident the ID's
  hosting router.
• A source route or path from one ID to another is
  a hop-by-hop series of physically connected
  router IDs that goes from one hosting router to
  another

14
How ROFL works
15
How ROFL works
16
NATs

• NAT maps (private source IP, source port) onto
  (public source IP, unique source port)
• reverse mapping on the way back
• destination host does not know that is process is
  happening
• Very simple working solution.
• NAT functionality fits well with firewalls

Priv A IP
B IP
A
B IP
Priv A IP
A Port
B Port
B Port
A Port
B IP
Publ A IP
B IP
Publ A IP
B
A Port
B Port
B Port
A Port
17
NAT/firewall traversal of VoIP

• Types of NAT functionality.
• Full Cone If a host behind a NAT sends a packet
  from addressport AB, the NAT process
  translates the addressport AB to XY and
  causes a binding of AB to XY. Any incoming
  packets (from any address) destined for XY are
  translated to AB.
• Partial/Restricted Cone full cone, However,
  once that first packet comes inward, the bindings
  are turned into complete four-component bindings.
  This enforces only packets from that source to be
  accepted and NATed from now onward.
• Symmetric Cone If a host behind a NAT sends a
  packet from addressport AB to CD, the NAT
  process translates the source addressport AB
  to XY and causes a binding of AB to CD
  to XY. Only packets from CD to XY are
  accepted in the reverse direction and these are
  NATed to AB.

18
NAT/firewall traversal of VoIP
19
NAT/firewall traversal of VoIP

• NAT problem
• Bindings can only be initiated by outgoing
  traffic.
• Unsolicited incoming calls cannot be supported.
• Like incoming call of PABX cant be translated
  without attendant.

20
NAT/firewall traversal of VoIP

• Solutions to NAT problem
• Universal Plug and Play (UPnP)
• limited to small installations.
• Simple Traversal of UDP Through Network Address
  Translation devices (STUN)
• STUN does not work with the type most commonly
  found in corporate networks - the symmetric NAT.
• TURN
• ICE
• Application Layer Gateway
• Manual Configuration
• Tunnel Techniques

21
NAT/firewall traversal of VoIP

• STUN
• The STUN protocol enables a SIP client to
  discover whether it is behind a NAT, and to
  determine the type of NAT.
• STUN server This is what I see as the source
  address and port
• TURN
• Server that is inserted in the media and
  signalling path. This TURN server is located
  either in the customers DMZ or in the Service
  Provider network.
• Increase latency and packet loss

22
Skype From the KaZaA community

• A peer-to-peer VoIP client developed by KaZaa in
  2003 P2P SIP
• It has better voice quality than the MSN and
  Yahoo IM applications
• It encrypts calls end-to-end, and stores user
  information in a decentralized fashion
• Auto-detect NAT/firewall settings
• STUN and TURN
• Allows searching a user (e.g., kun)
• Promote to super node
• Based on availability, capacity
• Conferencing

23
IPv6

• Initial motivation 32-bit address space
  completely allocated by 2008.
• 128 bit address
• Additional motivation
• header format helps speed processing/forwarding
• header changes to facilitate QoS
• new anycast address route to best of several
  replicated servers
• IPv6 datagram format
• fixed-length 40 byte header
• no fragmentation allowed

24
IPv6 Header Flow Label

• A flow
• A sequence of packets sent from a particular
  source to a particular (unicast or multicast)
  destination for which the source desires special
  handling by the intervening routers.
• A flow may comprise multiple TCP connections
  file transfer application
• A single application may generate multiple flow
  multimedia conferencing
• one flow for audio, one for graphic window, ..
  With different requirements
• Rules applied to the flow label
• The source assigns a flow label to a flow. Chosen
  randomly in range 1 to 224-1.
• a table with 224 (16 million) entries memory
  burden.
• on entry in the table per active flow search
  the entire table
• hash table approach, CAM?

25
Migration from IPv4 to IPv6

• Interoperability with IPv4 is necessary for
  gradual deployment.
• Two mechanisms
• dual stack operation IPv6 nodes support both
  address types
• tunneling tunnel IPv6 packets through IPv4
  clouds
• Unfortunately there is little motivation for any
  one organization to move to IPv6.
• the challenge is the existing hosts (using IPv4
  addresses)
• little benefit unless one can consistently use
  IPv6
• can no longer talk to IPv4 nodes
• stretching address space through address
  translation seems to work reasonably well

26
Dual Stack Approach
27
Tunneling
IPv6 inside IPv4 where needed
28
IPv6 Stateless Autoconfiguration

• Local communication with no intervention
• Generate link-local address
• corresponds to installed Ethernet network
  adapters. The last 64 bits of the IPv6 address is
  known as the interface identifier. It is derived
  from the 48-bit MAC address of the network
  adapter.
• Perform Duplicate Address Detection
• This looks like this
• FE80000XXXXXXXXXXXXXXXX prefix of
  FE80/64
• The Xs are the EUI-64 address.(extended unique
  identifier 24 for company id)
• They could be a random 64 bit address also.
• The only requirement is that the address be
  unique.
• Start sending data
• Global communication with no stateful server
• Adds devices with no user configuration
• Stateful configuration DHCP

29
Routing IP routing

• Each switch has forwarding table of destination ?
  next hop
• Distributed routing algorithm for calculating
  forwarding tables
• Routing table size
• One entry for every host on the Internet
• 100M entries,doubling every year
• One entry for every LAN
• Every host on LAN shares prefix
• Still too many, doubling every year
• One entry for every organization
• Every host in organization shares prefix
• Requires careful address allocation
• Advantages
• Stateless simple error recovery
• Disadvantages
• Every switch knows about every destination
• Potentially large tables
• All packets to destination take same route

30
Longest Prefix Match is Harder than Exact Match

• The destination address of an arriving packet
  does not carry with it the information to
  determine the length of the longest matching
  prefix
• Hence, one needs to search among the space of all
  prefix lengths as well as the space of all
  prefixes of a given length
• Metrics for Lookup Algorithms
• Speed ( number of memory accesses)
• Storage requirements ( amount of memory)
• Low update time (support 5K updates/s)
• Scalability
• With length of prefix IPv4 unicast (32b),
  Ethernet (48b), IPv4 multicast (64b), IPv6
  unicast (128b)
• With size of routing table (sweetspot for
  todays designs 1 million)
• Flexibility in implementation
• Low preprocessing time

31
Longest Prefix Match

• LPM in IPv4Use 32 exact match algorithms for LPM!

Exact match against prefixes of length 1
Exact match against prefixes of length 2
Port
Priority Encode and pick
Exact match against prefixes of length 32
32
Patricia Tries

• Trie Use binary tree paths to encode prefixes
• Advantage simple to implement
• Disadvantage one lookup may take O(m), where m
  is number of bits (32 in the case of IPv4)

1
0
1
0
0
001xx 2 0100x 3 10xxx 1 01100 5
1
0
1
1
2
0
0
3
0
5
33
Skip Count vs. Path Compression
0
(Skip count) Skip 2 or 11 (path compressed)
1
P1
0
1
0
1
P1
P2
0
1
P2
0
0
1
1
P4
P3
P4
P3

• Removing one way branches ensures of trie nodes
  is at most twice of prefixes (case trie
  containing a small number of very long strings)
• Patricia tries
• Using a skip count requires exact match at end
  and backtracking on failure ? path compression
  simpler

34
Fast Longest Prefix Match

• Luleas Routing Lookup Algorithm (Sigcomm97)
• use a three-level data structure
• Multi-bit Tries
• Controlled Prefix Expansion Sri98
• Binary Search on Prefix Intervals Lampson98
• Binary search on prefixes Waldvogel Sigcomm
  97
• Longest prefix matching using bloom filters
• Route caches
• Temporal locality
• Many packets to same destination

35
Fast Longest Prefix Match

• Content addressable memory (CAM)
• Hardware based route lookup
• Input tag, output value associated with tag
• Requires exact match with tag
• Multiple cycles (1 per prefix searched) with
  single CAM
• Multiple CAMs (1 per prefix) searched in parallel
• Ternary CAM
• 0,1,dont care values in tag match
• Priority (I.e. longest prefix) by order of
  entries in CAM

36
Performance Comparison Complexity
37
Performance Comparison
38
Packet classification

• Packet classification
• The process of categorizing packets into flows
  in an Internet router
• All packets belonging to the same flow obey a
  predefined rule and are processed in a similar
  manner by the router
• Flow-aware router keeps track of flows and
  perform similar processing on packets in a flow
• Non best effort services, firewalls, QoS
• Flow-unaware router (packet-by-packet router)
  treats each incoming packet individually

39
Example of Classification Rules

• Access-control in firewalls
• Deny all e-mail traffic from ISP-X to Y
• Policy-based routing
• Route IP telephony traffic from X to Y via ATM
• Differentiate quality of service
• Ensure that no more than 50 Mbps are injected
  from ISP-X
• Committed Access Rate (rate limiting)
• Rate limit WWW traffic from subinterface739 to
  10Mbps

40
Complexity Hard Problem

• N rules and k header fields for k 2
• O(log Nk-1) time and O(N) space
• O(log N) time and O(Nk) space
• How many rules?
• Largest for firewalls similar ? 1700
• Diffserv/QoS ? much larger ? 100k (?)

41
Multi-field Packet Classification
Given a classifier with N rules, find the action
associated with the highest priority rule
matching an incoming packet.
Example packet (5.168.3.32, 152.133.171.71, ,
TCP)
42
Flow-aware Router Basic Architectural Components
Routing, resource reservation, admission control,
SLAs
Control
Datapath per-packet processing
Switching
Special processing
Packet classification
Routing lookup
Scheduling
43
Packet Classification Problem Definition

• Given a classifier C with N rules, Rj, 1 ? j ? N,
  where Rj consists of three entities
• A regular expression Rji, 1 ? i ? d, on each of
  the d header fields,
• A number, pri(Rj), indicating the priority of the
  rule in the classifier, and
• An action, referred to as action(Rj).

For an incoming packet P with the header
considered as a d-tuple of points (P1, P2, ,
Pd), the d-dimensional packet classification
problem is to find the rule Rm with the highest
priority among all the rules Rj matching the
d-tuple i.e., pri(Rm) pri(Rj), ? j ? m, 1 ? j
? N, such that Pi matches Rji, 1 ? i ? d. We
call rule Rm the best matching rule for packet P.
44
Example 4D classifier
45
Example Classification Results
46
Classification is a Generalization of Lookup

• Classifier routing table
• One-dimension (destination address)
• Rule routing table entry
• Regular expression prefix
• Action (next-hop-address, port)
• Priority prefix-length

47
Example

• Two-dimension space, i.e., classification based
  on two fields
• Complexity depends on the layout, i.e., how many
  distinct regions are created

48
Classification algorithm

• Linear search
• The simplest data structure is a linked list of
  rules stored in order of decreasing priority

49
Recursive Flow Classification Gupta99
Observations

• Difficult to achieve both high classification
  rate and reasonable storage in the worst case
• Real classifiers exhibit structure and redundancy
• A practical scheme could exploit this structure
  and redundancy

50
RFC Classifier Dataset

• 793 classifiers from 101 ISP and enterprise
  networks with a total of 41505 rules.
• Classifier (policy database)
• 40 classifiers more than 100 rules. Biggest
  classifier had 1733 rules.
• Maximum of 4 fields per rule source IP address,
  destination IP address, protocol and destination
  port number.

51
RFC

• Problem formulation
• Map S bits (i.e., the bits of all the F fields)
  to T bits (i.e., the class identifier)
• Main idea
• Create a 2S size table with pre-computed values
  each entry contains the class identifier
• Only one memory access needed
• but this is impractical ? require huge memory
• Use recursion trade speed (number of memory
  accesses) for memory footprint

52
The RFC Algorithm

• At each stage the algorithm maps one set of
  values to a smaller set
• A set of memories return a value shorter than the
  index of the memory access
• Split the F fields in chunks
• 1. Use the value of each chunk to index into a
  table
• Indexing is done in parallel
• 2. Combine results from previous phase, and
  repeat
• 3. In the final phase we obtain only one value
  that is action

53
Chunking of a Packet
54
The RFC Algorithm
55
Complete Example
indxc105c11
indxc026c033c05
56
(No Transcript)
57
Choice of Reduction Tree
0
1
2
3
4
5
Number of phases P 3 10 memory accesses
58
RFC Classification Time

• Pipelined hardware 30 Mpps (worst case OC192)
  using two 4Mb SRAMs and two 64Mb SDRAMs at
  125MHz.
• Software (3 phases) 1 Mpps in the worst case and
  1.4-1.7 Mpps in the average case. (average case
  OC48) performance measured using Intel Vtune
  simulator on a windows NT platform

59
RFC Pros and Cons

• Advantages
• Exploits structure of real-life classifiers
• Suitable for multiple fields
• Supports non-contiguous masks
• Fast accesses

• Disadvantages
• Depends on structure of classifiers
• Large pre-processing time
• Incremental updates slow
• Large worst-case storage requirements

60
Summary of classification schemes
61

Summary of classification schemes

• Lookup/Classification Chip Vendors
• Switch-on
• Fastchip
• Agere
• Solidum
• Siliconaccess
• TCAM vendors Netlogic, Lara, Sibercore, Mosaid,
  Klsi etc.
• Packet classification still an area of active
  research

62
Congestion avoidance

• Motivation
• Drops are the only widely used indicator of
  congestion
• TCP - drops and retransmissions
• Buffer size
• Space for bursts of packets
• Latency

63
FIFO Drop-tail Problems

• surge of congestion in TCP slow start etc.,
• retransmission adding to the load on the network
• global synchronization end hosts react to same
  events
• router centric congestion avoidance
• DECbit
• EPD in TCP over ATM
• Full queues
• no room for bursts of packets
• Routers are forced to have large queues to
  maintain high utilizations High latency bigger
  buffer - bigger delay
• TCP detects congestion from loss
• Forces network to have long standing queues in
  steady-state

64
FIFO Drop-tail Problems

• Lock-out phenomena
• Drop-tail routers treat bursty traffic poorly
• Traffic gets synchronized easily ? allows a few
  flows to monopolize the queue space
• Does not separate between different flows
• Susceptible to misbehaving flows.
• No policing send more packets ? get more service

65
The DECbit Scheme

• Basic ideas
• On congestion, router sets congestion indication
  (CI) bit on packet
• Receiver relays bit to sender
• Sender adjusts sending rate
• Key design questions
• When to set CI bit?
• How does sender respond to CI?

66
Random Early Detection(RED)

• Motivation
• surge of congestion in TCP slow start etc.,
• retransmission adding to the load on the network
• global synchronization
• router centric congestion avoidance
• EPD in TCP over ATM
• bigger buffer - bigger delay
• in case of self-similar traffic
• RED
• proactive packet discard
• In the context of ISA, RED can be exercised on
  queues for elastic traffic.

67
RED Design Goal

• Congestion Avoidance
• detect the onset of congestion to maintain the
  network in a region of low delay and high
  throughput
• Global synchronization avoidance
• implicit notification by dropping packets to as
  many connections as necessary
• Avoidance of bias against bursty traffic
• Maintain shorter queues
• Accommodate bursts
• Bound on average queue length
• control the average queue size and therefore
  average delay
• Queue size should reflect ability to accept
  bursts rather than steady-state queuing
• Fairness in drops (proportional)

68
Design

• Solution of Lock-out Problem?
• Random drop
• Packet arriving when queue is full causes some
  random packet to be dropped
• Drop front
• On full queue, drop packet at head of queue
• Random drop and drop front solve the lock-out
  problem but not the full-queues problem
• Solution of Full Queues Problem?
• Drop packets before queue becomes full (early
  drop)
• Intuition notify senders of incipient congestion
• Avoid window synchronization
• Randomly mark packets
• Avoid bias against bursty traffic shorter queue
• Some protection against ill-behaved users

69
RED Algorithm

• Calculating average queue size
• exponentially weighted average of previous queue
  length
• to filter out transient congestion at the router
• (1-wq)avg wqq
• small value of weight is wq recommended wq
  0.002
• estimating m of small packets during the idle
  period.
• Determining packet discard
• The closer avg is to THmax, the higher the
  probability of discard
• As long as avg is in the critical range, we keep
  a count of how many consecutive packets escape
  discard the higher the value of count, the
  higher the probability of discard

70
RED Algorithm
71
RED Algorithm

• Upper bound on wq depends on minth
• Want to ignore transient congestion
• Can calculate the queue average if a burst
  arrives
• Set wq such that certain burst size does not
  exceed minth
• Lower bound on wq to detect congestion relatively
  quickly
• Typical wq 0.002
• minth determined by the utilization requirement
• Tradeoff between queuing delay and utilization
• Relationship between maxth and minth
• Want to ensure that feedback has enough time to
  make difference in load
• Depends on average queue increase in one RTT
• Paper suggest ratio of 2
• Current rule of thumb is factor of 3

72
RED Algorithm

• Queues arent full
• Bursts are accommodated
• Lower latency
• Smarter drops
• better feedback
• more evenly distributed
• RED probability parameter Figure below
• comparison of drop tail and RED performance

73
Extending RED for Flow Isolation

• Problem what to do with non-cooperative flows?
• Fair queuing achieves isolation using per-flow
  state expensive at backbone routers
• How can we isolate unresponsive flows without
  per-flow state?
• RED penalty box
• Monitor history for packet drops, identify flows
  that use disproportionate bandwidth
• Isolate and punish those flows

74
Explicit Congestion Notification(ECN)

• The goal is to provide explicit congestion
  notification to senders.
• Complements the implicit feedback through packet
  drops
• Bits 6-7 of the TOS bit form the ECN field.
• The ECN-Capable Transport (ECT) bit is set by the
  sender to indicate that the end-points are
  ECN-capable
• The Congestion Experience (CE) bit is set by the
  router to signal congestion
• The ECN is received by the receiver, who is
  responsible for forwarding the information to the
  sender.

V/HL
TOS
Length
ID
Flags/Offset
TTL
Prot.
H. Checksum
Source IP address
Destination IP address
Options..
75
Use of ECN with TCP

• Receiver signals congestion to the sender by
  setting the ECN-Echo flag in the TCP header.
• Bit 9 in the reserved field of the TCP header
• Deals correctly with asymmetric routes
• ECN-Echo flag also used to negotiate ECN use
• The TCP sender should respond to ECN feedback as
  if a single packet loss occurred.
• Reduce the congestion window size
• ECN and RED are supposed to leverage each other.
• The router should set the CE bit if it would
  otherwise have dropped the packet (for a non-ECN
  enabled flow)
• When RED is used, this happens before the queues
  fill up so ECN and RED combined can result in
  congestion notification without packet loss

76
FRED (Fair Random Early Drop )design goal(Sigcomm
97)

• Fairness
• Protect all TCP flows from effects of aggressive
  flows
• Protect fragile TCP flows
• Flows that send little data and want to avoid
  loss
• Establish drop rate proportional to load

77
FRED (Fair Random Early Drop )design goal
Connection Database
f2
f3
f1
fN


...
3
1
3
1
...

Strikes
Network Interface
Classifier

• Maintain a single FIFO queue but track the number
  of packets in the queue from each connection
• Drop packets from a connection when the
  connection exceeds its share of the queues
  capacity
• Drops are proportional to bandwidth used
• Unresponsive flows are identified and penalized

78
FRED

• Maintain per flow state only for active flows
  (ones having packets in the buffer)
• minq and maxq ? min and max number of buffers a
  flow is allowed occupy
• avgcq average buffers per flow
• Strike count of number of times flow has exceeded
  maxq

79
FRED

• Non-adaptive flows
• Flows with high strike count are not allowed more
  than avgcq buffers
• Allows adaptive flows to occasionally burst to
  maxq but repeated attempts incur penalty

80
FRED Fragile Flows

• Flows that send little data and want to avoid
  loss
• minq is meant to protect these
• What should minq be?
• When large number of flows ? 2-4 packets
• Needed for TCP behavior
• When small number of flows ? increase to avgcq

81
TCP Performance with FRED
UDP blast
FIFO RED FRED
TCP Throughput (Kbytes/Sec)
Time (seconds)
82
CHOKe

• CHOse and Keep/Kill (Infocom 2000)
• Existing schemes to penalize unresponsive flows
  (FRED/penalty box) introduce additional
  complexity
• Simple, stateless scheme
• During congested periods
• Compare new packet with random pkt in queue
• If from same flow, drop both
• If not, use RED to decide fate of new packet
• Can improve behavior by selecting more than one
  comparison packet
• Needed when more than one misbehaving flow
• Does not completely solve problem
• Aggressive flows are punished but not limited to
  fair share
• Not good for low degree of multiplexing

83
Blue

• Uses packet loss and link idle events instead of
  average queue length
• Hard to decide what is transient and what is
  severe with queue length
• Based on observation that RED is often forced
  into drop-tail mode
• Adapt to how bursty and persistent congestion is
  by looking at loss/idle events
• Basic algorithm
• Upon packet loss, if no update in freeze_time
  then increase pm by d1
• pm Marking rate
• Upon link idle, if no update in freeze_time then
  decrease pm by d2
• d1 d2 ? since more critical to react quickly
  to increase in load
• Advantages
• More stable marking rate queue length
• Avoids dropping packets
• Much better behavior with small buffers

84
Core-Stateless Fair Queueing

• Core-Stateless Fair Queueing Achieving
  Approximately Fair Allocations in High Speed
  Networks
• SIGCOM99
• Ingress edge routers compute per-flow rate
  estimates and insert these estimates as labels
  into each packet header.
• Labels are updated at each router based only on
  aggregate information.
• FIFO queueing with probabilistic dropping of
  packets on input is employed at core routers.

85
Edge Core Router Architecture