QUIC Loss Detection and Congestion ControlFastlyjri.ietf@gmail.comGoogleianswett@google.com
Transport
QUICThis document describes loss detection and congestion control mechanisms for
QUIC.Discussion of this draft takes place on the QUIC working group mailing list
(quic@ietf.org), which is archived at
https://mailarchive.ietf.org/arch/search/?email_list=quic.Working Group information can be found at https://github.com/quicwg; source
code and issues list for this draft can be found at
https://github.com/quicwg/base-drafts/labels/-recovery.QUIC is a new multiplexed and secure transport atop UDP. QUIC builds on decades
of transport and security experience, and implements mechanisms that make it
attractive as a modern general-purpose transport. The QUIC protocol is
described in .QUIC implements the spirit of existing TCP loss recovery mechanisms, described
in RFCs, various Internet-drafts, and also those prevalent in the Linux TCP
implementation. This document describes QUIC congestion control and loss
recovery, and where applicable, attributes the TCP equivalent in RFCs,
Internet-drafts, academic papers, and/or TCP implementations.The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”,
“SHOULD NOT”, “RECOMMENDED”, “NOT RECOMMENDED”, “MAY”, and “OPTIONAL” in this
document are to be interpreted as described in BCP 14
when, and only when, they appear in all capitals, as shown here.Definitions of terms that are used in this document:
Any packet containing only one or more ACK frame(s).
Packets are considered in-flight when they have been sent and
are not ACK-only, and they are not acknowledged, declared lost,
or abandoned along with old keys.
All frames besides ACK or PADDING are considered ack-eliciting.
Packets that contain ack-eliciting frames elicit an ACK from the receiver
within the maximum ack delay and are called ack-eliciting packets.
Packets containing CRYPTO data sent in Initial or Handshake
packets.
Packets that do not increase the largest received packet number for its
packet number space by exactly one. Packets arrive out of order
when earlier packets are lost or delayed.All transmissions in QUIC are sent with a packet-level header, which indicates
the encryption level and includes a packet sequence number (referred to below as
a packet number). The encryption level indicates the packet number space, as
described in . Packet numbers never repeat within a packet
number space for the lifetime of a connection. Packet numbers monotonically
increase within a space, preventing ambiguity.This design obviates the need for disambiguating between transmissions and
retransmissions and eliminates significant complexity from QUIC’s interpretation
of TCP loss detection mechanisms.QUIC packets can contain multiple frames of different types. The recovery
mechanisms ensure that data and frames that need reliable delivery are
acknowledged or declared lost and sent in new packets as necessary. The types
of frames contained in a packet affect recovery and congestion control logic:All packets are acknowledged, though packets that contain no
ack-eliciting frames are only acknowledged along with ack-eliciting
packets.Long header packets that contain CRYPTO frames are critical to the
performance of the QUIC handshake and use shorter timers for
acknowledgement.Packets that contain only ACK frames do not count toward congestion control
limits and are not considered in-flight.PADDING frames cause packets to contribute toward bytes in flight without
directly causing an acknowledgment to be sent.Readers familiar with TCP’s loss detection and congestion control will find
algorithms here that parallel well-known TCP ones. Protocol differences between
QUIC and TCP however contribute to algorithmic differences. We briefly describe
these protocol differences below.QUIC uses separate packet number spaces for each encryption level, except 0-RTT
and all generations of 1-RTT keys use the same packet number space. Separate
packet number spaces ensures acknowledgement of packets sent with one level of
encryption will not cause spurious retransmission of packets sent with a
different encryption level. Congestion control and round-trip time (RTT)
measurement are unified across packet number spaces.TCP conflates transmission order at the sender with delivery order at the
receiver, which results in retransmissions of the same data carrying the same
sequence number, and consequently leads to “retransmission ambiguity”. QUIC
separates the two: QUIC uses a packet number to indicate transmission order,
and any application data is sent in one or more streams, with delivery order
determined by stream offsets encoded within STREAM frames.QUIC’s packet number is strictly increasing within a packet number space,
and directly encodes transmission order. A higher packet number signifies
that the packet was sent later, and a lower packet number signifies that
the packet was sent earlier. When a packet containing ack-eliciting
frames is detected lost, QUIC rebundles necessary frames in a new packet
with a new packet number, removing ambiguity about which packet is
acknowledged when an ACK is received. Consequently, more accurate RTT
measurements can be made, spurious retransmissions are trivially detected, and
mechanisms such as Fast Retransmit can be applied universally, based only on
packet number.This design point significantly simplifies loss detection mechanisms for QUIC.
Most TCP mechanisms implicitly attempt to infer transmission ordering based on
TCP sequence numbers - a non-trivial task, especially when TCP timestamps are
not available.QUIC ends a loss epoch when a packet sent after loss is declared is
acknowledged. TCP waits for the gap in the sequence number space to be filled,
and so if a segment is lost multiple times in a row, the loss epoch may not
end for several round trips. Because both should reduce their congestion windows
only once per epoch, QUIC will do it correctly once for every round trip that
experiences loss, while TCP may only do it once across multiple round trips.QUIC ACKs contain information that is similar to TCP SACK, but QUIC does not
allow any acked packet to be reneged, greatly simplifying implementations on
both sides and reducing memory pressure on the sender.QUIC supports many ACK ranges, opposed to TCP’s 3 SACK ranges. In high loss
environments, this speeds recovery, reduces spurious retransmits, and ensures
forward progress without relying on timeouts.QUIC endpoints measure the delay incurred between when a packet is received and
when the corresponding acknowledgment is sent, allowing a peer to maintain a
more accurate round-trip time estimate (see Section 13.2 of ).At a high level, an endpoint measures the time from when a packet was sent to
when it is acknowledged as a round-trip time (RTT) sample. The endpoint uses
RTT samples and peer-reported host delays (see Section 13.2 of
) to generate a statistical description of the connection’s
RTT. An endpoint computes the following three values: the minimum value
observed over the lifetime of the connection (min_rtt), an
exponentially-weighted moving average (smoothed_rtt), and the variance in the
observed RTT samples (rttvar).An endpoint generates an RTT sample on receiving an ACK frame that meets the
following two conditions:the largest acknowledged packet number is newly acknowledged, andat least one of the newly acknowledged packets was ack-eliciting.The RTT sample, latest_rtt, is generated as the time elapsed since the largest
acknowledged packet was sent:An RTT sample is generated using only the largest acknowledged packet in the
received ACK frame. This is because a peer reports host delays for only the
largest acknowledged packet in an ACK frame. While the reported host delay is
not used by the RTT sample measurement, it is used to adjust the RTT sample in
subsequent computations of smoothed_rtt and rttvar .To avoid generating multiple RTT samples using the same packet, an ACK frame
SHOULD NOT be used to update RTT estimates if it does not newly acknowledge the
largest acknowledged packet.An RTT sample MUST NOT be generated on receiving an ACK frame that does not
newly acknowledge at least one ack-eliciting packet. A peer does not send an
ACK frame on receiving only non-ack-eliciting packets, so an ACK frame that is
subsequently sent can include an arbitrarily large Ack Delay field. Ignoring
such ACK frames avoids complications in subsequent smoothed_rtt and rttvar
computations.A sender might generate multiple RTT samples per RTT when multiple ACK frames
are received within an RTT. As suggested in , doing so might result
in inadequate history in smoothed_rtt and rttvar. Ensuring that RTT estimates
retain sufficient history is an open research question.min_rtt is the minimum RTT observed over the lifetime of the connection.
min_rtt is set to the latest_rtt on the first sample in a connection, and to the
lesser of min_rtt and latest_rtt on subsequent samples.An endpoint uses only locally observed times in computing the min_rtt and does
not adjust for host delays reported by the peer. Doing so allows the endpoint
to set a lower bound for the smoothed_rtt based entirely on what it observes
(see ), and limits potential underestimation due to
erroneously-reported delays by the peer.smoothed_rtt is an exponentially-weighted moving average of an endpoint’s RTT
samples, and rttvar is the endpoint’s estimated variance in the RTT samples.The calculation of smoothed_rtt uses path latency after adjusting RTT samples
for host delays. For packets sent in the ApplicationData packet number space,
a peer limits any delay in sending an acknowledgement for an ack-eliciting
packet to no greater than the value it advertised in the max_ack_delay transport
parameter. Consequently, when a peer reports an Ack Delay that is greater than
its max_ack_delay, the delay is attributed to reasons out of the peer’s control,
such as scheduler latency at the peer or loss of previous ACK frames. Any
delays beyond the peer’s max_ack_delay are therefore considered effectively
part of path delay and incorporated into the smoothed_rtt estimate.When adjusting an RTT sample using peer-reported acknowledgement delays, an
endpoint:MUST ignore the Ack Delay field of the ACK frame for packets sent in the
Initial and Handshake packet number space.MUST use the lesser of the value reported in Ack Delay field of the ACK frame
and the peer’s max_ack_delay transport parameter.MUST NOT apply the adjustment if the resulting RTT sample is smaller than the
min_rtt. This limits the underestimation that a misreporting peer can cause
to the smoothed_rtt.On the first RTT sample in a connection, the smoothed_rtt is set to the
latest_rtt.smoothed_rtt and rttvar are computed as follows, similar to . On
the first RTT sample in a connection:On subsequent RTT samples, smoothed_rtt and rttvar evolve as follows:QUIC senders use both ack information and timeouts to detect lost packets, and
this section provides a description of these algorithms.If a packet is lost, the QUIC transport needs to recover from that loss, such
as by retransmitting the data, sending an updated frame, or abandoning the
frame. For more information, see Section 13.3 of .Acknowledgement-based loss detection implements the spirit of TCP’s Fast
Retransmit , Early Retransmit , FACK , SACK loss
recovery , and RACK . This section
provides an overview of how these algorithms are implemented in QUIC.A packet is declared lost if it meets all the following conditions:The packet is unacknowledged, in-flight, and was sent prior to an
acknowledged packet.Either its packet number is kPacketThreshold smaller than an acknowledged
packet (), or it was sent long enough in the past
().The acknowledgement indicates that a packet sent later was delivered, while the
packet and time thresholds provide some tolerance for packet reordering.Spuriously declaring packets as lost leads to unnecessary retransmissions and
may result in degraded performance due to the actions of the congestion
controller upon detecting loss. Implementations that detect spurious
retransmissions and increase the reordering threshold in packets or time MAY
choose to start with smaller initial reordering thresholds to minimize recovery
latency.The RECOMMENDED initial value for the packet reordering threshold
(kPacketThreshold) is 3, based on best practices for TCP loss detection
.Some networks may exhibit higher degrees of reordering, causing a sender to
detect spurious losses. Implementers MAY use algorithms developed for TCP, such
as TCP-NCR , to improve QUIC’s reordering resilience.Once a later packet packet within the same packet number space has been
acknowledged, an endpoint SHOULD declare an earlier packet lost if it was sent
a threshold amount of time in the past. To avoid declaring packets as lost too
early, this time threshold MUST be set to at least kGranularity. The time
threshold is:If packets sent prior to the largest acknowledged packet cannot yet be declared
lost, then a timer SHOULD be set for the remaining time.Using max(SRTT, latest_RTT) protects from the two following cases:the latest RTT sample is lower than the SRTT, perhaps due to reordering where
the acknowledgement encountered a shorter path;the latest RTT sample is higher than the SRTT, perhaps due to a sustained
increase in the actual RTT, but the smoothed SRTT has not yet caught up.The RECOMMENDED time threshold (kTimeThreshold), expressed as a round-trip time
multiplier, is 9/8.Implementations MAY experiment with absolute thresholds, thresholds from
previous connections, adaptive thresholds, or including RTT variance. Smaller
thresholds reduce reordering resilience and increase spurious retransmissions,
and larger thresholds increase loss detection delay.A Probe Timeout (PTO) triggers sending one or two probe datagrams when
ack-eliciting packets are not acknowledged within the expected period of
time or the handshake has not been completed. A PTO enables a connection to
recover from loss of tail packets or acknowledgements. The PTO algorithm used
in QUIC implements the reliability functions of Tail Loss Probe
, RTO and
F-RTO algorithms for TCP , and the timeout computation is based on
TCP’s retransmission timeout period .When an ack-eliciting packet is transmitted, the sender schedules a timer for
the PTO period as follows:kGranularity, smoothed_rtt, rttvar, and max_ack_delay are defined in
and .The PTO period is the amount of time that a sender ought to wait for an
acknowledgement of a sent packet. This time period includes the estimated
network roundtrip-time (smoothed_rtt), the variance in the estimate (4*rttvar),
and max_ack_delay, to account for the maximum time by which a receiver might
delay sending an acknowledgement.The PTO value MUST be set to at least kGranularity, to avoid the timer expiring
immediately.When a PTO timer expires, the PTO period MUST be set to twice its current
value. This exponential reduction in the sender’s rate is important because
the PTOs might be caused by loss of packets or acknowledgements due to severe
congestion. The life of a connection that is experiencing consecutive PTOs is
limited by the endpoint’s idle timeout.A sender computes its PTO timer every time an ack-eliciting packet is sent. A
sender might choose to optimize this by setting the timer fewer times if it
knows that more ack-eliciting packets will be sent within a short period of
time.The probe timer is not set if the time threshold loss
detection timer is set. The time threshold loss detection timer is expected
to both expire earlier than the PTO and be less likely to spuriously retransmit
data.The initial probe timeout for a new connection or new path SHOULD be
set to twice the initial RTT. Resumed connections over the same network
SHOULD use the previous connection’s final smoothed RTT value as the resumed
connection’s initial RTT. If no previous RTT is available, the initial RTT
SHOULD be set to 500ms, resulting in a 1 second initial timeout as recommended
in .A connection MAY use the delay between sending a PATH_CHALLENGE and receiving
a PATH_RESPONSE to seed initial_rtt for a new path, but the delay SHOULD NOT
be considered an RTT sample.Until the server has validated the client’s address on the path, the amount of
data it can send is limited, as specified in Section 8.1 of .
Data at Initial encryption MUST be retransmitted before Handshake data and
data at Handshake encryption MUST be retransmitted before any ApplicationData
data. If no data can be sent, then the PTO alarm MUST NOT be armed until
data has been received from the client.Since the server could be blocked until more packets are received from the
client, it is the client’s responsibility to send packets to unblock the server
until it is certain that the server has finished its address validation
(see Section 8 of ). That is, the client MUST set the
probe timer if the client has not received an acknowledgement for one of its
Handshake or 1-RTT packets.Prior to handshake completion, when few to none RTT samples have been
generated, it is possible that the probe timer expiration is due to an
incorrect RTT estimate at the client. To allow the client to improve its RTT
estimate, the new packet that it sends MUST be ack-eliciting. If Handshake
keys are available to the client, it MUST send a Handshake packet, and
otherwise it MUST send an Initial packet in a UDP datagram of at least 1200
bytes.Initial packets and Handshake packets may never be acknowledged, but they are
removed from bytes in flight when the Initial and Handshake keys are discarded.When a PTO timer expires, a sender MUST send at least one ack-eliciting packet
as a probe, unless there is no data available to send. An endpoint MAY send up
to two full-sized datagrams containing ack-eliciting packets, to avoid an
expensive consecutive PTO expiration due to a single lost datagram.It is possible that the sender has no new or previously-sent data to send. As
an example, consider the following sequence of events: new application data is
sent in a STREAM frame, deemed lost, then retransmitted in a new packet, and
then the original transmission is acknowledged. In the absence of any new
application data, a PTO timer expiration now would find the sender with no new
or previously-sent data to send.When there is no data to send, the sender SHOULD send a PING or other
ack-eliciting frame in a single packet, re-arming the PTO timer.Alternatively, instead of sending an ack-eliciting packet, the sender MAY mark
any packets still in flight as lost. Doing so avoids sending an additional
packet, but increases the risk that loss is declared too aggressively, resulting
in an unnecessary rate reduction by the congestion controller.Consecutive PTO periods increase exponentially, and as a result, connection
recovery latency increases exponentially as packets continue to be dropped in
the network. Sending two packets on PTO expiration increases resilience to
packet drops, thus reducing the probability of consecutive PTO events.Probe packets sent on a PTO MUST be ack-eliciting. A probe packet SHOULD carry
new data when possible. A probe packet MAY carry retransmitted unacknowledged
data when new data is unavailable, when flow control does not permit new data to
be sent, or to opportunistically reduce loss recovery delay. Implementations
MAY use alternate strategies for determining the content of probe packets,
including sending new or retransmitted data based on the application’s
priorities.When the PTO timer expires multiple times and new data cannot be sent,
implementations must choose between sending the same payload every time
or sending different payloads. Sending the same payload may be simpler
and ensures the highest priority frames arrive first. Sending different
payloads each time reduces the chances of spurious retransmission.Delivery or loss of packets in flight is established when an ACK frame is
received that newly acknowledges one or more packets.A PTO timer expiration event does not indicate packet loss and MUST NOT cause
prior unacknowledged packets to be marked as lost. When an acknowledgement
is received that newly acknowledges packets, loss detection proceeds as
dictated by packet and time threshold mechanisms; see .A Retry or Version Negotiation packet causes a client to send another Initial
packet, effectively restarting the connection process and resetting congestion
control and loss recovery state, including resetting any pending timers. Either
packet indicates that the Initial was received but not processed. Neither
packet can be treated as an acknowledgment for the Initial.The client MAY however compute an RTT estimate to the server as the time period
from when the first Initial was sent to when a Retry or a Version Negotiation
packet is received. The client MAY use this value to seed the RTT estimator for
a subsequent connection attempt to the server.When packet protection keys are discarded (see Section 4.9 of ), all
packets that were sent with those keys can no longer be acknowledged because
their acknowledgements cannot be processed anymore. The sender MUST discard
all recovery state associated with those packets and MUST remove them from
the count of bytes in flight.Endpoints stop sending and receiving Initial packets once they start exchanging
Handshake packets (see Section 17.2.2.1 of ). At this point,
recovery state for all in-flight Initial packets is discarded.When 0-RTT is rejected, recovery state for all in-flight 0-RTT packets is
discarded.If a server accepts 0-RTT, but does not buffer 0-RTT packets that arrive
before Initial packets, early 0-RTT packets will be declared lost, but that
is expected to be infrequent.It is expected that keys are discarded after packets encrypted with them would
be acknowledged or declared lost. Initial secrets however might be destroyed
sooner, as soon as handshake keys are available (see Section 4.9.1 of
).The majority of constants were derived from best common practices among widely
deployed TCP implementations on the internet. Exceptions follow.A shorter delayed ack time of 25ms was chosen because longer delayed acks can
delay loss recovery and for the small number of connections where less than
packet per 25ms is delivered, acking every packet is beneficial to congestion
control and loss recovery.QUIC’s congestion control is based on TCP NewReno . NewReno is a
congestion window based congestion control. QUIC specifies the congestion
window in bytes rather than packets due to finer control and the ease of
appropriate byte counting .QUIC hosts MUST NOT send packets if they would increase bytes_in_flight (defined
in ) beyond the available congestion window, unless the
packet is a probe packet sent after a PTO timer expires, as described in
.Implementations MAY use other congestion control algorithms, such as
Cubic , and endpoints MAY use different algorithms from one another.
The signals QUIC provides for congestion control are generic and are designed
to support different algorithms.If a path has been verified to support ECN, QUIC treats a Congestion Experienced
codepoint in the IP header as a signal of congestion. This document specifies an
endpoint’s response when its peer receives packets with the Congestion
Experienced codepoint. As discussed in , endpoints are permitted to
experiment with other response functions.QUIC begins every connection in slow start and exits slow start upon loss or
upon increase in the ECN-CE counter. QUIC re-enters slow start anytime the
congestion window is less than ssthresh, which only occurs after persistent
congestion is declared. While in slow start, QUIC increases the congestion
window by the number of bytes acknowledged when each acknowledgment is
processed.Slow start exits to congestion avoidance. Congestion avoidance in NewReno
uses an additive increase multiplicative decrease (AIMD) approach that
increases the congestion window by one maximum packet size per
congestion window acknowledged. When a loss is detected, NewReno halves
the congestion window and sets the slow start threshold to the new
congestion window.Recovery is a period of time beginning with detection of a lost packet or an
increase in the ECN-CE counter. Because QUIC does not retransmit packets,
it defines the end of recovery as a packet sent after the start of recovery
being acknowledged. This is slightly different from TCP’s definition of
recovery, which ends when the lost packet that started recovery is acknowledged.The recovery period limits congestion window reduction to once per round trip.
During recovery, the congestion window remains unchanged irrespective of new
losses or increases in the ECN-CE counter.During the handshake, some packet protection keys might not be
available when a packet arrives. In particular, Handshake and 0-RTT packets
cannot be processed until the Initial packets arrive, and 1-RTT packets
cannot be processed until the handshake completes. Endpoints MAY
ignore the loss of Handshake, 0-RTT, and 1-RTT packets that might arrive before
the peer has packet protection keys to process those packets.Probe packets MUST NOT be blocked by the congestion controller. A sender MUST
however count these packets as being additionally in flight, since these packets
add network load without establishing packet loss. Note that sending probe
packets might cause the sender’s bytes in flight to exceed the congestion window
until an acknowledgement is received that establishes loss or delivery of
packets.When an ACK frame is received that establishes loss of all in-flight packets
sent over a long enough period of time, the network is considered to be
experiencing persistent congestion. Commonly, this can be established by
consecutive PTOs, but since the PTO timer is reset when a new ack-eliciting
packet is sent, an explicit duration must be used to account for those cases
where PTOs do not occur or are substantially delayed. This duration is computed
as follows:For example, assume:smoothed_rtt = 1
rttvar = 0
max_ack_delay = 0
kPersistentCongestionThreshold = 3If an eck-eliciting packet is sent at time = 0, the following scenario would
illustrate persistent congestion:t=0Send Pkt #1 (App Data)t=1Send Pkt #2 (PTO 1)t=3Send Pkt #3 (PTO 2)t=7Send Pkt #4 (PTO 3)t=8Recv ACK of Pkt #4The first three packets are determined to be lost when the ACK of packet 4 is
received at t=8. The congestion period is calculated as the time between the
oldest and newest lost packets: (3 - 0) = 3. The duration for persistent
congestion is equal to: (1 * kPersistentCongestionThreshold) = 3. Because the
threshold was reached and because none of the packets between the oldest and the
newest packets are acknowledged, the network is considered to have experienced
persistent congestion.When persistent congestion is established, the sender’s congestion window MUST
be reduced to the minimum congestion window (kMinimumWindow). This response of
collapsing the congestion window on persistent congestion is functionally
similar to a sender’s response on a Retransmission Timeout (RTO) in TCP
after Tail Loss Probes (TLP) .This document does not specify a pacer, but it is RECOMMENDED that a sender pace
sending of all in-flight packets based on input from the congestion
controller. For example, a pacer might distribute the congestion window over
the SRTT when used with a window-based controller, and a pacer might use the
rate estimate of a rate-based controller.An implementation should take care to architect its congestion controller to
work well with a pacer. For instance, a pacer might wrap the congestion
controller and control the availability of the congestion window, or a pacer
might pace out packets handed to it by the congestion controller. Timely
delivery of ACK frames is important for efficient loss recovery. Packets
containing only ACK frames should therefore not be paced, to avoid delaying
their delivery to the peer.As an example of a well-known and publicly available implementation of a flow
pacer, implementers are referred to the Fair Queue packet scheduler (fq qdisc)
in Linux (3.11 onwards).A congestion window that is under-utilized SHOULD NOT be increased in either
slow start or congestion avoidance. This can happen due to insufficient
application data or flow control credit.A sender MAY use the pipeACK method described in section 4.3 of
to determine if the congestion window is sufficiently utilized.A sender that paces packets (see ) might delay sending packets
and not fully utilize the congestion window due to this delay. A sender
should not consider itself application limited if it would have fully
utilized the congestion window without pacing delay.Bursting more than an initial window’s worth of data into the network might
cause short-term congestion and losses. Implemementations SHOULD either use
pacing or reduce their congestion window to limit such bursts.A sender MAY implement alternate mechanisms to update its congestion window
after periods of under-utilization, such as those proposed for TCP in
.Congestion control fundamentally involves the consumption of signals – both
loss and ECN codepoints – from unauthenticated entities. On-path attackers can
spoof or alter these signals. An attacker can cause endpoints to reduce their
sending rate by dropping packets, or alter send rate by changing ECN codepoints.Packets that carry only ACK frames can be heuristically identified by observing
packet size. Acknowledgement patterns may expose information about link
characteristics or application behavior. Endpoints can use PADDING frames or
bundle acknowledgments with other frames to reduce leaked information.A receiver can misreport ECN markings to alter the congestion response of a
sender. Suppressing reports of ECN-CE markings could cause a sender to
increase their send rate. This increase could result in congestion and loss.A sender MAY attempt to detect suppression of reports by marking occasional
packets that they send with ECN-CE. If a packet marked with ECN-CE is not
reported as having been marked when the packet is acknowledged, the sender
SHOULD then disable ECN for that path.Reporting additional ECN-CE markings will cause a sender to reduce their sending
rate, which is similar in effect to advertising reduced connection flow control
limits and so no advantage is gained by doing so.Endpoints choose the congestion controller that they use. Though congestion
controllers generally treat reports of ECN-CE markings as equivalent to loss
, the exact response for each controller could be different. Failure
to correctly respond to information about ECN markings is therefore difficult to
detect.This document has no IANA actions. Yet.QUIC: A UDP-Based Multiplexed and Secure TransportFastlyMozillaUsing TLS to Secure QUICMozillasn3rdKey words for use in RFCs to Indicate Requirement LevelsIn many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.Ambiguity of Uppercase vs Lowercase in RFC 2119 Key WordsRFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.Relaxing Restrictions on Explicit Congestion Notification (ECN) ExperimentationThis memo updates RFC 3168, which specifies Explicit Congestion Notification (ECN) as an alternative to packet drops for indicating network congestion to endpoints. It relaxes restrictions in RFC 3168 that hinder experimentation towards benefits beyond just removal of loss. This memo summarizes the anticipated areas of experimentation and updates RFC 3168 to enable experimentation in these areas. An Experimental RFC in the IETF document stream is required to take advantage of any of these enabling updates. In addition, this memo makes related updates to the ECN specifications for RTP in RFC 6679 and for the Datagram Congestion Control Protocol (DCCP) in RFCs 4341, 4342, and 5622. This memo also records the conclusion of the ECN nonce experiment in RFC 3540 and provides the rationale for reclassification of RFC 3540 from Experimental to Historic; this reclassification enables new experimental use of the ECT(1) codepoint.Forward Acknowledgement: Refining TCP Congestion ControlComputing TCP's Retransmission TimerThis document defines the standard algorithm that Transmission Control Protocol (TCP) senders are required to use to compute and manage their retransmission timer. It expands on the discussion in Section 4.2.3.1 of RFC 1122 and upgrades the requirement of supporting the algorithm from a SHOULD to a MUST. This document obsoletes RFC 2988. [STANDARDS-TRACK]TCP Congestion ControlThis document defines TCP's four intertwined congestion control algorithms: slow start, congestion avoidance, fast retransmit, and fast recovery. In addition, the document specifies how TCP should begin transmission after a relatively long idle period, as well as discussing various acknowledgment generation methods. This document obsoletes RFC 2581. [STANDARDS-TRACK]Early Retransmit for TCP and Stream Control Transmission Protocol (SCTP)This document proposes a new mechanism for TCP and Stream Control Transmission Protocol (SCTP) that can be used to recover lost segments when a connection's congestion window is small. The "Early Retransmit" mechanism allows the transport to reduce, in certain special circumstances, the number of duplicate acknowledgments required to trigger a fast retransmission. This allows the transport to use fast retransmit to recover segment losses that would otherwise require a lengthy retransmission timeout. [STANDARDS-TRACK]A Conservative Loss Recovery Algorithm Based on Selective Acknowledgment (SACK) for TCPThis document presents a conservative loss recovery algorithm for TCP that is based on the use of the selective acknowledgment (SACK) TCP option. The algorithm presented in this document conforms to the spirit of the current congestion control specification (RFC 5681), but allows TCP senders to recover more effectively when multiple segments are lost from a single flight of data. This document obsoletes RFC 3517 and describes changes from it. [STANDARDS-TRACK]RACK: a time-based fast loss detection algorithm for TCPThis document presents a new TCP loss detection algorithm called RACK ("Recent ACKnowledgment"). RACK uses the notion of time, instead of packet or sequence counts, to detect losses, for modern TCP implementations that can support per-packet timestamps and the selective acknowledgment (SACK) option. It is intended to replace the conventional DUPACK threshold approach and its variants, as well as other nonstandard approaches.Improving the Robustness of TCP to Non-Congestion EventsThis document specifies Non-Congestion Robustness (NCR) for TCP. In the absence of explicit congestion notification from the network, TCP uses loss as an indication of congestion. One of the ways TCP detects loss is using the arrival of three duplicate acknowledgments. However, this heuristic is not always correct, notably in the case when network paths reorder segments (for whatever reason), resulting in degraded performance. TCP-NCR is designed to mitigate this degraded performance by increasing the number of duplicate acknowledgments required to trigger loss recovery, based on the current state of the connection, in an effort to better disambiguate true segment loss from segment reordering. This document specifies the changes to TCP, as well as the costs and benefits of these modifications. This memo defines an Experimental Protocol for the Internet community.Tail Loss Probe (TLP): An Algorithm for Fast Recovery of Tail LossesRetransmission timeouts are detrimental to application latency, especially for short transfers such as Web transactions where timeouts can often take longer than all of the rest of a transaction. The primary cause of retransmission timeouts are lost segments at the tail of transactions. This document describes an experimental algorithm for TCP to quickly recover lost segments at the end of transactions or when an entire window of data or acknowledgments are lost. Tail Loss Probe (TLP) is a sender-only algorithm that allows the transport to recover tail losses through fast recovery as opposed to lengthy retransmission timeouts. If a connection is not receiving any acknowledgments for a certain period of time, TLP transmits the last unacknowledged segment (loss probe). In the event of a tail loss in the original transmissions, the acknowledgment from the loss probe triggers SACK/FACK based fast recovery. TLP effectively avoids long timeouts and thereby improves TCP performance.Forward RTO-Recovery (F-RTO): An Algorithm for Detecting Spurious Retransmission Timeouts with TCPThe purpose of this document is to move the F-RTO (Forward RTO-Recovery) functionality for TCP in RFC 4138 from Experimental to Standards Track status. The F-RTO support for Stream Control Transmission Protocol (SCTP) in RFC 4138 remains with Experimental status. See Appendix B for the differences between this document and RFC 4138.Spurious retransmission timeouts cause suboptimal TCP performance because they often result in unnecessary retransmission of the last window of data. This document describes the F-RTO detection algorithm for detecting spurious TCP retransmission timeouts. F-RTO is a TCP sender-only algorithm that does not require any TCP options to operate. After retransmitting the first unacknowledged segment triggered by a timeout, the F-RTO algorithm of the TCP sender monitors the incoming acknowledgments to determine whether the timeout was spurious. It then decides whether to send new segments or retransmit unacknowledged segments. The algorithm effectively helps to avoid additional unnecessary retransmissions and thereby improves TCP performance in the case of a spurious timeout. [STANDARDS-TRACK]The NewReno Modification to TCP's Fast Recovery AlgorithmRFC 5681 documents the following four intertwined TCP congestion control algorithms: slow start, congestion avoidance, fast retransmit, and fast recovery. RFC 5681 explicitly allows certain modifications of these algorithms, including modifications that use the TCP Selective Acknowledgment (SACK) option (RFC 2883), and modifications that respond to "partial acknowledgments" (ACKs that cover new data, but not all the data outstanding when loss was detected) in the absence of SACK. This document describes a specific algorithm for responding to partial acknowledgments, referred to as "NewReno". This response to partial acknowledgments was first proposed by Janey Hoe. This document obsoletes RFC 3782. [STANDARDS-TRACK]TCP Congestion Control with Appropriate Byte Counting (ABC)This document proposes a small modification to the way TCP increases its congestion window. Rather than the traditional method of increasing the congestion window by a constant amount for each arriving acknowledgment, the document suggests basing the increase on the number of previously unacknowledged bytes each ACK covers. This change improves the performance of TCP, as well as closes a security hole TCP receivers can use to induce the sender into increasing the sending rate too rapidly. This memo defines an Experimental Protocol for the Internet community.CUBIC for Fast Long-Distance NetworksCUBIC is an extension to the current TCP standards. It differs from the current TCP standards only in the congestion control algorithm on the sender side. In particular, it uses a cubic function instead of a linear window increase function of the current TCP standards to improve scalability and stability under fast and long-distance networks. CUBIC and its predecessor algorithm have been adopted as defaults by Linux and have been used for many years. This document provides a specification of CUBIC to enable third-party implementations and to solicit community feedback through experimentation on the performance of CUBIC.Updating TCP to Support Rate-Limited TrafficThis document provides a mechanism to address issues that arise when TCP is used for traffic that exhibits periods where the sending rate is limited by the application rather than the congestion window. It provides an experimental update to TCP that allows a TCP sender to restart quickly following a rate-limited interval. This method is expected to benefit applications that send rate-limited traffic using TCP while also providing an appropriate response if congestion is experienced.This document also evaluates the Experimental specification of TCP Congestion Window Validation (CWV) defined in RFC 2861 and concludes that RFC 2861 sought to address important issues but failed to deliver a widely used solution. This document therefore reclassifies the status of RFC 2861 from Experimental to Historic. This document obsoletes RFC 2861.Increasing TCP's Initial WindowThis document proposes an experiment to increase the permitted TCP initial window (IW) from between 2 and 4 segments, as specified in RFC 3390, to 10 segments with a fallback to the existing recommendation when performance issues are detected. It discusses the motivation behind the increase, the advantages and disadvantages of the higher initial window, and presents results from several large-scale experiments showing that the higher initial window improves the overall performance of many web services without resulting in a congestion collapse. The document closes with a discussion of usage and deployment for further experimental purposes recommended by the IETF TCP Maintenance and Minor Extensions (TCPM) working group.We now describe an example implementation of the loss detection mechanisms
described in .To correctly implement congestion control, a QUIC sender tracks every
ack-eliciting packet until the packet is acknowledged or lost.
It is expected that implementations will be able to access this information by
packet number and crypto context and store the per-packet fields
() for loss recovery and congestion control.After a packet is declared lost, the endpoint can track it for an amount of
time comparable to the maximum expected packet reordering, such as 1 RTT.
This allows for detection of spurious retransmissions.Sent packets are tracked for each packet number space, and ACK
processing only applies to a single space.
The packet number of the sent packet.
A boolean that indicates whether a packet is ack-eliciting.
If true, it is expected that an acknowledgement will be received,
though the peer could delay sending the ACK frame containing it
by up to the MaxAckDelay.
A boolean that indicates whether the packet counts towards bytes in
flight.
The number of bytes sent in the packet, not including UDP or IP
overhead, but including QUIC framing overhead.
The time the packet was sent.Constants used in loss recovery are based on a combination of RFCs, papers, and
common practice. Some may need to be changed or negotiated in order to better
suit a variety of environments.
Maximum reordering in packets before packet threshold loss detection
considers a packet lost. The RECOMMENDED value is 3.
Maximum reordering in time before time threshold loss detection
considers a packet lost. Specified as an RTT multiplier. The RECOMMENDED
value is 9/8.
Timer granularity. This is a system-dependent value. However, implementations
SHOULD use a value no smaller than 1ms.
The RTT used before an RTT sample is taken. The RECOMMENDED value is 500ms.
An enum to enumerate the three packet number spaces.Variables required to implement the congestion control mechanisms
are described in this section.
The most recent RTT measurement made when receiving an ack for
a previously unacked packet.
The smoothed RTT of the connection, computed as described in
The RTT variance, computed as described in
The minimum RTT seen in the connection, ignoring ack delay.
The maximum amount of time by which the receiver intends to delay
acknowledgments for packets in the ApplicationData packet number space. The
actual ack_delay in a received ACK frame may be larger due to late timers,
reordering, or lost ACKs.
Multi-modal timer used for loss detection.
The number of times a PTO has been sent without receiving an ack.
The time the most recent ack-eliciting packet was sent.
The largest packet number acknowledged in the packet number space so far.
The time at which the next packet in that packet number space will be
considered lost based on exceeding the reordering window in time.
An association of packet numbers in a packet number space to information
about them. Described in detail above in .At the beginning of the connection, initialize the loss detection variables as
follows:After a packet is sent, information about the packet is stored. The parameters
to OnPacketSent are described in detail above in .Pseudocode for OnPacketSent follows:When an ACK frame is received, it may newly acknowledge any number of packets.Pseudocode for OnAckReceived and UpdateRtt follow:When a packet is acknowledged for the first time, the following OnPacketAcked
function is called. Note that a single ACK frame may newly acknowledge several
packets. OnPacketAcked must be called once for each of these newly acknowledged
packets.OnPacketAcked takes two parameters: acked_packet, which is the struct detailed
in , and the packet number space that this ACK frame was
sent for.Pseudocode for OnPacketAcked follows:QUIC loss detection uses a single timer for all timeout loss detection. The
duration of the timer is based on the timer’s mode, which is set in the packet
and timer events further below. The function SetLossDetectionTimer defined
below shows how the single timer is set.This algorithm may result in the timer being set in the past, particularly if
timers wake up late. Timers set in the past SHOULD fire immediately.Pseudocode for SetLossDetectionTimer follows:When the loss detection timer expires, the timer’s mode determines the action
to be performed.Pseudocode for OnLossDetectionTimeout follows:DetectLostPackets is called every time an ACK is received and operates on
the sent_packets for that packet number space.Pseudocode for DetectLostPackets follows:We now describe an example implementation of the congestion controller described
in .Constants used in congestion control are based on a combination of RFCs,
papers, and common practice. Some may need to be changed or negotiated
in order to better suit a variety of environments.
The sender’s maximum payload size. Does not include UDP or IP overhead. The
max packet size is used for calculating initial and minimum congestion
windows. The RECOMMENDED value is 1200 bytes.
Default limit on the initial amount of data in flight, in bytes. Taken from
, but increased slightly to account for the smaller 8 byte
overhead of UDP vs 20 bytes for TCP. The RECOMMENDED value is the minimum
of 10 * kMaxDatagramSize and max(2* kMaxDatagramSize, 14720)).
Minimum congestion window in bytes. The RECOMMENDED value is
2 * kMaxDatagramSize.
Reduction in congestion window when a new loss event is detected.
The RECOMMENDED value is 0.5.
Period of time for persistent congestion to be established, specified as a PTO
multiplier. The rationale for this threshold is to enable a sender to use
initial PTOs for aggressive probing, as TCP does with Tail Loss Probe (TLP)
, before establishing persistent congestion, as TCP does with
a Retransmission Timeout (RTO) . The RECOMMENDED value for
kPersistentCongestionThreshold is 3, which is approximately equivalent to
having two TLPs before an RTO in TCP.Variables required to implement the congestion control mechanisms
are described in this section.
The highest value reported for the ECN-CE counter in the packet number space
by the peer in an ACK frame. This value is used to detect increases in the
reported ECN-CE counter.
The sum of the size in bytes of all sent packets that contain at least one
ack-eliciting or PADDING frame, and have not been acked or declared
lost. The size does not include IP or UDP overhead, but does include the QUIC
header and AEAD overhead. Packets only containing ACK frames do not count
towards bytes_in_flight to ensure congestion control does not impede
congestion feedback.
Maximum number of bytes-in-flight that may be sent.
The time when QUIC first detects congestion due to loss or ECN, causing
it to enter congestion recovery. When a packet sent after this time is
acknowledged, QUIC exits congestion recovery.
Slow start threshold in bytes. When the congestion window is below ssthresh,
the mode is slow start and the window grows by the number of bytes
acknowledged.At the beginning of the connection, initialize the congestion control
variables as follows:Whenever a packet is sent, and it contains non-ACK frames, the packet
increases bytes_in_flight.Invoked from loss detection’s OnPacketAcked and is supplied with the
acked_packet from sent_packets.Invoked from ProcessECN and OnPacketsLost when a new congestion event is
detected. May start a new recovery period and reduces the congestion
window.Invoked when an ACK frame with an ECN section is received from the peer.Invoked from DetectLostPackets when packets are deemed lost.RFC Editor’s Note: Please remove this section prior to
publication of a final version of this document.Issue and pull request numbers are listed with a leading octothorp.PTO should always send an ack-eliciting packet (#2895)Unify the Handshake Timer with the PTO timer (#2648, #2658, #2886)Move ACK generation text to transport draft (#1860, #2916)No changesPath validation can be used as initial RTT value (#2644, #2687)max_ack_delay transport parameter defaults to 0 (#2638, #2646)Ack Delay only measures intentional delays induced by the implementation
(#2596, #2786)Change kPersistentThreshold from an exponent to a multiplier (#2557)Send a PING if the PTO timer fires and there’s nothing to send (#2624)Set loss delay to at least kGranularity (#2617)Merge application limited and sending after idle sections. Always limit
burst size instead of requiring resetting CWND to initial CWND after
idle (#2605)Rewrite RTT estimation, allow RTT samples where a newly acked packet is
ack-eliciting but the largest_acked is not (#2592)Don’t arm the handshake timer if there is no handshake data (#2590)Clarify that the time threshold loss alarm takes precedence over the
crypto handshake timer (#2590, #2620)Change initial RTT to 500ms to align with RFC6298 (#2184)Change IW byte limit to 14720 from 14600 (#2494)Update PTO calculation to match RFC6298 (#2480, #2489, #2490)Improve loss detection’s description of multiple packet number spaces and
pseudocode (#2485, #2451, #2417)Declare persistent congestion even if non-probe packets are sent and don’t
make persistent congestion more aggressive than RTO verified was (#2365,
#2244)Move pseudocode to the appendices (#2408)What to send on multiple PTOs (#2380)After Probe Timeout discard in-flight packets or send another (#2212, #1965)Endpoints discard initial keys as soon as handshake keys are available (#1951,
#2045)0-RTT state is discarded when 0-RTT is rejected (#2300)Loss detection timer is cancelled when ack-eliciting frames are in flight
(#2117, #2093)Packets are declared lost if they are in flight (#2104)After becoming idle, either pace packets or reset the congestion controller
(#2138, 2187)Process ECN counts before marking packets lost (#2142)Mark packets lost before resetting crypto_count and pto_count (#2208, #2209)Congestion and loss recovery state are discarded when keys are discarded
(#2327)Unify TLP and RTO into a single PTO; eliminate min RTO, min TLP and min crypto
timeouts; eliminate timeout validation (#2114, #2166, #2168, #1017)Redefine how congestion avoidance in terms of when the period starts (#1928,
#1930)Document what needs to be tracked for packets that are in flight (#765, #1724,
#1939)Integrate both time and packet thresholds into loss detection (#1969, #1212,
#934, #1974)Reduce congestion window after idle, unless pacing is used (#2007, #2023)Disable RTT calculation for packets that don’t elicit acknowledgment (#2060,
#2078)Limit ack_delay by max_ack_delay (#2060, #2099)Initial keys are discarded once Handshake are avaialble (#1951, #2045)Reorder ECN and loss detection in pseudocode (#2142)Only cancel loss detection timer if ack-eliciting packets are in flight
(#2093, #2117)Used max_ack_delay from transport params (#1796, #1782)Merge ACK and ACK_ECN (#1783)Corrected the lack of ssthresh reduction in CongestionEvent pseudocode (#1598)Considerations for ECN spoofing (#1426, #1626)Clarifications for PADDING and congestion control (#837, #838, #1517, #1531,
#1540)Reduce early retransmission timer to RTT/8 (#945, #1581)Packets are declared lost after an RTO is verified (#935, #1582)Changes to manage separate packet number spaces and encryption levels (#1190,
#1242, #1413, #1450)Added ECN feedback mechanisms and handling; new ACK_ECN frame (#804, #805,
#1372)No significant changes.Improved text on ack generation (#1139, #1159)Make references to TCP recovery mechanisms informational (#1195)Define time_of_last_sent_handshake_packet (#1171)Added signal from TLS the data it includes needs to be sent in a Retry packet
(#1061, #1199)Minimum RTT (min_rtt) is initialized with an infinite value (#1169)No significant changes.Clarified pacing and RTO (#967, #977)Include Ack Delay in RTO(and TLP) computations (#981)Ack Delay in SRTT computation (#961)Default RTT and Slow Start (#590)Many editorial fixes.No significant changes.Add more congestion control text (#776)No significant changes.No significant changes.Integrate F-RTO (#544, #409)Add congestion control (#545, #395)Require connection abort if a skipped packet was acknowledged (#415)Simplify RTO calculations (#142, #417)Overview added to loss detectionChanges initial default RTT to 100msAdded time-based loss detection and fixes early retransmitClarified loss recovery for handshake packetsFixed references and made TCP references informativeImproved description of constants and ACK behaviorAdopted as base for draft-ietf-quic-recoveryUpdated authors/editors listAdded table of contents