Internet-Draft | Anomalous Packets Handling for DetNet | February 2024 |
Liu, et al. | Expires 1 September 2024 | [Page] |
In deterministic networking (DetNet), there may be resource conflicts at the flow aggregation nodes, resulting in network anomalies. The existing mechanisms for handling anomalous packets in the data plane are crude, such as discarding or processing them as BE flows, so the network performance may be worse than applying traditional QoS. Therefore, in order to handle the anomalous traffic, the data plane should implement an enhanced handling mechanism.¶
This document proposes an anomalous packet handling solution for anomalous traffic in DetNet. This solution includes two policies: the packet squeezing policy and the packet degrading policy, which can be applied flexibly to a variety of queuing mechanisms, thereby ensuring that network traffic for deterministic services is preferentially scheduled in anomalous situations.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 1 September 2024.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
DetNet is able to provide real-time application services with deterministic guarantees such as bounded latency, low jitter, and low packet loss rate, as per [RFC8655]. One of the major technologies of DetNet is resource allocation, as per [RFC8938]. Resource allocation reduces the packet loss and jitter caused by network congestion by allocating available resources to specified DetNet flows. In order to avoid resource conflicts at the aggregation nodes in the network, it is necessary for the control plane and the data plane to be applied in conjunction. The control plane orchestrates the paths of DetNet flows to avoid resource conflicts. And the data plane transmits DetNet flows by the orchestration result from the control plane, with traffic shaping, flow admission, and encapsulation of forwarding information of the flow, etc., to avoid traffic congestion at aggregation nodes so as to guarantee the QoS of services in the DetNet domain.¶
Each node in the end-to-end path may be an aggregation node. Aggregated flows that belong to the same traffic class will share the reserved resources at the outgoing port. Ideally, the transmission of each member flow of the same traffic class strictly conforms to the scheduling of the control plane, thus being able to satisfy the strict requirements of a narrowly deterministic network. However, due to the diversity of deterministic flows, this ideal case is often difficult to fulfill. For example, there are bursts under a fine-granularity time dimension at times, and consequently, limiting the transmission rate according to the average bandwidth is unable to meet the demand of deterministic flows. As well, the variability of packet length also creates obstacles for resource management. If the control plane always allocates resources according to the maximum packet length, it may lead to a serious waste of network resources. However, it may lead to resource conflicts if network resources are reserved according to the average packet length. Besides, the performance of software and hardware in the network are both affecting factors. In the control plane, there may be loopholes in the algorithm, leading to inevitable resource conflicts in some extreme scenarios. In the data plane, protocol messages with the highest priority may be sent frequently under certain circumstances. For example, the ARP protocol is frequently triggered under abnormal circumstances, so the resources for sending service packets are preempted by the ARP protocol packets; hence, the lower-priority packets cannot be transmitted in time.¶
To deal with the above network anomalies, the control plane should properly schedule resources to avoid resource conflict at the aggregation nodes. As defined in [RFC8865], it proposes a service protection solution such as PREOF based on multi-path transmission. Although PREOF can avoid performance reduction by reserving a large amount of redundant resources for the specified service flows, it may cause a serious waste of resources or even a light load in the network, which further reduces the advantage of deterministic technologies. In the data plane, the existing mechanisms are relatively simple and crude. For example, the data plane may choose to discard packets directly or buffer packets until the resources allocated to its traffic class become available. Both of the solutions will result in even worse QoS than BE flows. So that, for the data plane, the anomalies can not be handled by relying solely on the orchestration of the control plane or being equipped to cope with normal traffic.¶
Therefore, the processing of anomalous packets from deterministic services should be automatically optimized in the data plane. That is, in addition to the function of forwarding normal deterministic flows, the data plane should also be equipped with an automatically enhanced processing mechanism for anomalous packets. The processing of anomalous packets is an indispensable part of the future implementation and application of the entire deterministic network technology.¶
This document proposes an anomalous packet handling policy and solution for anomalous traffic in DetNet. It supports two anomalous packet handling policies, including packet squeezing and packet degrading, in the data plane and allows the control plane and users to configure the enabling policies and relevant parameters. This document also provides a specific squeezing and degrading procedure for various queuing mechanisms.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].¶
The real-time detection in the data plane should detect anomalous forwarding behaviors. When anomalous packets are detected, enhanced processing policies such as packet squeezing and degrading are applied to the packets to ensure deterministic flows are scheduled preferentially in abnormal situations.¶
The detection of anomalous forwarding is related to the queuing mechanisms in the data plane. It may be identified based on the depth of the buffer queue. When receiving a deterministic packet, the node determines the target output queue according to the parameter carried in the packet. As to the timeslot-based queuing mechanism, local nodes obtain the target outgoing timeslot of the packets according to the timeslot mapping relationship. As to the delay-based queuing mechanism, the target timeslot at the local node is calculated by the parameters carried in the packet, such as the time budget and bounded latency. Before the packet enters the queue corresponding to the target outgoing timeslot, the depth of the buffer queue should be obtained. If the number of packets allowed to be carried in the buffer queue does not exceed the depth, the packets will be properly enqueued. Otherwise, if the number of packets exceeds the threshold, an anomaly will be discovered.¶
This solution supports two anomalous packets handling policies to enhance the data plane: the squeezing policy and the degrading policy. These policies can be enabled simultaneously, selectively, or neither. If neither of them is enabled, the existing anomalous packets handling solutions will be used, such as discarding or degrading the packets to be treated as BE flow.¶
The data plane supports and enables the squeezing policy, setting the squeezing threshold. For anomalous traffic that exceeds the allowed capability but falls short of the squeezing threshold, the system can select the squeezing policy to process these packets. It will then enqueue the packets and record the number of squeezed bits. Packets that are not sent within the allotted time can be squeezed into the next time slot until the buffer queue is empty, according to the squeezing policy. Squeezing policy supports a variety of queuing mechanisms but is not available in all data planes.¶
For the delay-based queuing mechanism, the residence time of packets at the local node is added and recorded. At downstream nodes, packets can be forwarded based on the remaining time budget. For the timeslot-based queuing mechanisms, packets are sent in the next cycle. For the rate-based queuing mechanisms, packets are assigned to a lower service rate.¶
Taking the timeslot-based queuing mechanism as an example, Figure 1 illustrates how the squeezing policy is processed. Assume that the maximum number of bits allowed to be carried in each timeslot is 4000 bits, and the squeezing threshold is set to 2000 bits. The packet length of a service flow is fixed at 1000 bits; the target timeslot of packets with serial numbers 1 to 4 is timeslot 1, and the target timeslot of packets with serial numbers 5 to 7 is timeslot 2. Assume that, due to the existence of aggregated traffic, the current depth of queue 1 is 2000 bits.¶
Figure 1 illustrates the processing of packets in the service flow with serial numbers 1 through 7. Packets 1 and 2 are put into queue 1 sequentially. Therefore, queue 1 has reached the permitted carrying threshold of 4000 bits. When packets 3 and 4 arrive, they are determined to be anomalous packets.¶
It has been detected that the squeezing policy is currently enabled, and the squeezing threshold is 2000 bits. The packets 3 and 4 are processed in squeezing mode and enter queue 2, but still carry timeslot label 1 while being sent to the next node.¶
According to the squeeze policy, packets 3 and 4 are squeezed into timeslot 2 for transmission. The buffer depth of the queue corresponding to timeslot 2 has reached 2000 bits, allowing packets 5, 6, and 7 whose target timeslot is timeslot 2 to enter queue 2. Hence, queue 2 reaches the upper limit of 4000 bits, and packet 7 is marked as an anomalous packet, put into queue 2, and postponed to timeslot 3 for transmission.¶
At the aggregation node, if there are continuous bursts exceeding its carrying capacity, due to the configuration of the squeezing policy, packets exceeding the timeslot carrying capacity will continue to be squeezed into subsequent timeslots and set off chain reactions. If the range of timeslots affected by successive squeezing is not restricted, the squeezed packets in each timeslot will accumulate infinitely, which will seriously affect the guarantee of deterministic transmission.¶
One solution to restrict successive squeezing is to introduce a synchronization threshold—a specified number of timeslots after which the timeslot is realigned with the buffer queue to recover synchronization.¶
Another feasible solution is to set the squeezing threshold to decrease exponentially. When burst aggregation causes multiple timeslots to experience successive squeezing, the first timeslot's squeezing threshold is a preset value, the second timeslot's squeezing threshold is half of the preset value, and so on. This process of exponential decay continues until a timeslot's squeezing threshold is less than the packet size, at which point squeezing is prohibited in the current timeslot, thereby limiting the impact of the successive squeezing.¶
The data plane supports and enables the degrading policy and configures the degrading parameters. Degrading policy and squeezing policy can optionally be applied together. The anomalous traffic exceeding the squeezing threshold is processed by the degrading policy. The degrading policy can also be deployed independently. For anomalous packets beyond the allowed buffer capacity, the degrading policy can be applied directly.¶
In the case of the delay-based queuing mechanism, packets are delayed based on the target sending time. The delayed period can be flexibly configured due to the level of busyness at the current outgoing port. When using the timeslot-based queuing mechanism, packets are redirected to a queue with a lower priority. In the case of the rate-based queuing mechanism, packets are redirected to a queue with a lower priority.¶
It is possible to combine the squeezing policy and the degrading policy. When anomalous packets exceed the squeezing threshold, the degrading policy will take over. Taking the timeslot-based queuing mechanism as an example, the anomalous packet processed by the squeezing policy still enters the buffer queue corresponding to their target timeslot, and the timeslot information carried in the packet remains unchanged, allowing it to be recovered at the subsequent node. In order to prepare the abnormal packet for future scheduling and forwarding, the degrading policy will change the internal scheduling parameters of the anomalous packet, modify the existing fields of the packet, or insert new fields into the packet for subsequent scheduling and forwarding. Anomalies can be recovered at downstream nodes by using anomalous information that is either carried in packets or recorded by the controller.¶
Using the timeslot-based queuing mechanism as an example, Figure 3 illustrates how anomalous packets are processed by combining degrading and squeezing policies. It is assumed that each timeslot is allowed to carry up to 4000 bits. And timeslots 1 through 3 have the following priority order, from high to low: timeslot 1 > timeslot 3 > timeslot 2. The nodes at the forwarding plane are configured by the controller plane to enable the degrading and squeezing policies. The squeezing threshold of the queue is 2000 bits, and the degrading policy is set to degrade to the next lower priority.¶
The size of each packet of a service flow is fixed at 1000 bits. The target timeslot of packets with serial numbers 1 to 4 is timeslot 1, and the target timeslot of packets with serial numbers 5 to 7 is timeslot 2. When the packet with sequence number 1 arrives at the node, the current depth of queue 1 is 3000 bits, and the current buffer depth of queues 2 and 3 is 0 bit.¶
The processing of packets 1 to 7 of this service flow is shown in Figure 3. First, packet 1 is put into queue 1. Then, the buffer depth of queue 1 reaches the allowed carrying threshold of 4000 bits. When packets 2, 3, and 4 arrive, since queue 1 has reached the allowed threshold, they are judged to be anomalous packets. According to the squeezing policy, packets 2 and 3 are put into queue 1 while being squeezed into timeslot 2 for transmission. By this time, the depth of queue 1 reaches the squeezing threshold, the degrading policy is triggered, and packet 4 will enter queue 3. For packets 5, 6, and 7 with target timeslot 2, the buffer depth of queue 2 does not exceed the carrying threshold, so packets 5, 6, and 7 can be put into queue 2. Among them, packet 7 actually occupies the time resources of timeslot 3 for transmission due to the successive squeezing of the preceding timeslots.¶
The following anomaly handling policies are involved in this document:¶
If the data plane does not enable the squeezing or degrading policy, or neither the squeezing policy nor the degrading policy is applicable, anomalous packets will be processed by the existing natural processing methods, such as discarding. When the data plane supports multiple anomalous packets handling policies, the enabled policies and related parameters can be configured by the control plane.¶
After automatically handling anomalies according to the squeezing policy or degrading policy, the data plane should report the anomalies to the controller immediately, so that the controller can perceive the details of the anomalies in the network and take action on them, for example, re-orchestration, flow entry re-configuration, resource expansion, etc. The anomalous information should be passed to the next node so that the downstream nodes can adjust the forwarding behavior or restore the original parameters of the packets according to the anomalous information. The anomalous information reported by the data plane includes, but is not limited to:¶
When the node in the data plane receives a DetNet packet, it first detects whether there is an anomaly. If the packet is anomalous, the node will start the anomalous packets handling procedure. Then, which anomalous packets handling policies are supported at the local node should be acknowledged. If the enhanced anomalous packets handling policies are not enabled, the packets will be processed by the existing mechanisms, for example, directly discarded, treated as BE flow, processed in a normal QoS queue, or postponed to the next period. If only one of the squeezing policy and the degrading policy is enabled, anomalous packets are processed according to the specified policy. If both the squeezing policy and degrading policy are enabled, the local node first detects whether the number of anomalous packets exceeds the squeezing threshold. If not, anomalous packets will be processed according to the squeezing policy. Otherwise, the system processes packets according to the degrading policy. And then it sends the anomalous information to the controller or the downstream node.¶
TBA¶
TBA¶
TBA¶