We believe that these forms of subverting end-to-end congestion control are no worse for the subverted flow than if the adversary had simply dropped the packets of that flow itself. The receiver of the packet echoes the congestion indication to the sender, which reduces its transmission rate as if it detected a dropped packet. The saving grace in this particular case is that there is no congested router upstream expecting a reaction from setting the CE bit. There is a potential of unfairness in that another flow that goes through the congested router could react to the CE bit set while the flow that has the CE bit erased could see better performance.
|Date Added:||20 February 2010|
|File Size:||61.43 Mb|
|Operating Systems:||Windows NT/2000/XP/2003/2003/7/8/10 MacOS 10/X|
|Price:||Free* [*Free Regsitration Required]|
Views Read Edit View history. However, these attacks would require an ability for the attacker to use valid TCP sequence numbers, and any attacker with this 3618 and with the ability to spoof IP source addresses could damage the TCP connection without using the ECN flags.
Then, the congested router could begin to drop rather than mark arriving packets. Rrfc has been discussed in the section on "Non-compliance in the Network".
When the level of congestion is sufficiently reduced, the congested queue can return from the packet-dropping regime to the packet-marking rdc. This overloaded-one-bit alternative, explored in [ Floyd94 ], would have involved a single bit with two values.
For an ECN-capable transport, this would cause the transport to unnecessarily react to congestion.
RFC 3168: The Addition of Explicit Congestion Notification (ECN) to IP
Thus, the consequences would be to increase the level of congestion in the network. With ECN, the congestion is indicated by setting the ECN field within an IP packet to CE and is echoed back by the receiver to the transmitter by 316 proper bits in the header of the transport protocol. A rfv new piece of work after RFC was to describe the ECN procedure with retransmitted data packets, that an ECT codepoint should not be set on retransmitted data packets.
First, the one-bit implementation has more limited functionality for the treatment of CE packets at a second congested router. Consider a CE packet that arrives at a second congested router, and is selected by the active rdc management at that router for either marking or dropping.
Information on RFC » RFC Editor
Non-ECN-Based Methods of Subverting End-to-end Congestion Control We have shown that, in many cases, a malicious or broken router that is able to change the bits in the ECN field can do no more damage than if it had simply dropped the packet in question.
The incremental updating of the IPv4 checksum after the CE codepoint was set would work as follows: Some prior deployments of ECN-capable TCP might not conform to the new requirement not to set an ECT codepoint on retransmitted packets; we do not believe this will cause significant problems in practice.
BitsECN Field: The last change, however, would have the effect. For this reason and for reasons described earlier in relation to retransmitted packetsit is desirable to have the ECT codepoint set on a per-packet basis. In the two-bit implementation, the second congested router has the choice of either dropping the CE packet, or of leaving it alone with the CE codepoint set. This change does not affect the treatment of that packet along the rest of the path.
Passive support in the most popular websites has increased from 8.
Explicit Congestion Notification
While this second outcome evens out the fairness, the ECN-capable flows would still receive little benefit from being ECN-capable, because the increased congestion would drive the router to packet- dropping behavior.
First was to describe the changes to IPsec tunnels in detail, and extensively discuss the security implications of ECN now included as Sections 18 and 19 of this document.
Archived copy as title Pages using RFC magic links Articles containing potentially dated statements from All articles containing potentially dated statements All articles with unsourced statements Articles with unsourced statements from June Articles with unsourced statements from December Articles containing potentially dated statements from July An attacker that could successfully send such a spoofed acknowledgement packet could also send a spoofed RST packet, or do other equally damaging operations to the TCP connection.
One difference between the one-bit and two-bit implementations concerns packets that traverse multiple congested routers. Assume that the adversary is subverting end-to-end congestion control along the path traveled by A packets only, by either falsely indicating ECN-Capability upstream of the point where congestion occurs, or erasing the congestion indication downstream.
Either of these two methods of subverting end-to-end congestion control can potentially introduce more damage to the network and possibly to the flow itself than if the adversary had simply dropped packets from that flow. The potential consequences of falsely indicating ECN-capability are discussed further in Section 19 below.
RFC - part 3 of 3
A second possible use for the fourth ECN codepoint would have been to give the router two separate codepoints for the indication of congestion, CE 0 and CE 1for mild and severe congestion respectively.
If the congested queue reaches the packet-dropping stage, then the subversion of end-to-end congestion control might or might not be of overall benefit to the subverted flow, depending on that flow's relative tradeoffs between throughput, loss, and delay. The fallback mechanism attempts ECN connectivity in the initial setup of outgoing connections, with a graceful fallback for transmissions without ECN capability, mitigating issues with ECN-intolerant hosts or firewalls.