view Side-By-Side changes
Internet Engineering Task Force Gagan L. Choudhury Internet Draft Vera D. Sapozhnikova Expires inMay,September, 2003 AT&Tdraft-ietf-ospf-scalability-02.txtCategory: Best Current Practice draft-ietf-ospf-scalability-03.txt Anurag S. Maunder Sanera Systems Vishwas Manral Netplane SystemsNovember, 2002 Explicit Marking andMarch, 2003 Prioritized Treatment of Specific OSPF Packetsfor Faster ConvergenceandImproved Network Scalability and StabilityCongestion Avoidance Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Distribution of this memo is unlimited. AbstractIn this draft we propose the following mechanismsThis document proposes methods that are intended to improve the scalability and stability ofOSPF-based network: (1) Process the Hello packetslarge networks using OSPF protocol. The methods include processing OSPF Hellos and LSA Acknowledgements at a higher priority compared to other OSPFpackets. In order to facilitate this, explicitly mark the Hellopackets,to differentiate them fromand otherOSPF packets. One waycongestion avoidance procedures. Simulation results in support ofspecial marking is to use a different Diffservsome of the proposals are given in the appendix sections. Choudhury et. al. Best Current Practice [Page 1] Internet DraftExplicit Marking May,Prioritized Treatment September, 2003codepoint for Hello packets compared to otherTable of Contents 1. Motivation.....................................................2 2. The Proposals..................................................3 3. Security Considerations........................................4 4. Acknowledgments................................................4 5. References.....................................................5 6. Authors' Addresses.............................................5 Appendix A. LSA Storm: Causes and Impact..........................6 Appendix B. Simulation Study......................................8 Appendix B.1. The Network Under Simulation........................8 Appendix B.2. Simulation Results.................................11 Appendix B.3. Observations on Simulation Results.................15 Appendix C. Other Proposals......................................15 1. Motivation A large network running OSPFpackets. (2) In[Ref1] or OSPF-TE [Ref2] protocol may occasionally experience theabsencesimultaneous or near-simultaneous update ofspecial marking,a large number of link-state-advertisement messages, or LSAs. We call this event, an LSA storm and it may be initiated by an unscheduled failure or a scheduled maintenance or upgrade event. The failure may be hardware, software, or procedural inadditionnature. The LSA storm causes high CPU and memory utilization at the node processors causing incoming packets toit, use other mechanismsbe delayed or dropped. Delayed acknowledgements (beyond the retransmission timer value) results inorder not to missretransmissions, and delayed Hellopackets. One example is to treat any packet received over a link as a surrogate forpackets (beyond the router-dead interval) results in links being declared down. The retransmissions and additional LSA generations result in further CPU and memory usage, essentially causing aHello packet (an implicit Hello) forpositive feedback loop, which, in thepurpose of keepingextreme case, may drive thelink alive. (3)network to an unstable state. Thesame typedefault value ofexplicit markingretransmission timer is 5 seconds andprioritized treatment may be beneficial to other OSPF packets as well. One important example is LSA acknowledgment packetthatcan reduce retransmissions during periodsofcongestion. Other examples include (a) Database description (DBD) packet from a slave thatthe router-dead interval isused as an acknowledgement,40 seconds. However, recently there has been a lot of interest in significantly reducing OSPF convergence time and(b) LSAs carrying intra-area topology change information. It is possibleas part of thatsome implementations are already using one orplan much shorter (subsecond) Hello and router-dead intervals have been proposed [Ref3]. In such a scenario it will be moreoflikely for Hello packets to be delayed beyond theabove mechanismsrouter-dead interval during a network congestion event caused by an LSA storm. Appendix A explains in more detail LSA storm generation scenarios, its impact, and points out a few real-life examples of control-message storm generation. Appendix B presents a simulation study on this phenomenon. Choudhury et. al. Best Current Practice [Page 2] Internet Draft Prioritized Treatment September, 2003 In ordernottomissimprove theprocessingscalability and stability of networks we propose steps for prioritizing critical OSPF packetsduring periods ofand avoiding congestion.However, we suggest the above mechanisms to be included as partThe details of thestandard so that all implementations can benefit from them. Table of Contents 1. Introduction...................................................2proposals are given in Section 2.The Network Under Simulation...................................5 3. Simulation Results ............................................7 4. ObservationsWe also do a simulation study onSimulation Results ...........................11 5. Need for Prioritized Treatmenta subset ofCritical OSPF Packets and Special Marking to Facilitate That............................12 6. Summary.......................................................13 7. Acknowledgments...............................................14 8. References....................................................14 9. Authors' Addresses............................................15 1. Introduction Due to world-wide increased traffic demand, data networks are ever increasing in sizethe proposals interms of number of nodes, number of links, adjacencies per nodeAppendix B andLink State Database size. Our motivation is toshow that they indeed improve theabilityscalability and stability oflargenetworks using OSPF protocol. Appendix C provides some further proposals with similar goals. 2. The Proposals The proposals below are intended towithstandimprove thesimultaneous or near-simultaneous updatescalability and stability ofalargenumbernetworks using OSPF protocol. During periods oflink-state-advertisement messages, or LSAs. We call this event,network congestion they would reduce retransmissions, avoid anLSA storm. An LSA storm may be initiated dueinterface tomany reasons. Here are some examples: (a) one or more link failuresbe declared down due tofiber cuts, Choudhury et. al. [Page 2] Internet Draft Explicit Marking May, 2003 (b) oneHello packets being delayed beyond the RouterDeadInterval, and take other congestion avoidance steps. Either all, ormore node failuresa subset of the proposals may be implemented by a Router. It is also possible for somereason, e.g., software crashrouters to implement them fully orsome type of disasterpartially, and others to not implement them at all. (1) Classify all OSPF packets inan office complex hosting many nodes, (c) requirementtwo classes: a "high priority" class comprising oftaking downOSPF Hello packets and Link State Acknowledgement packets, andlater bringing back many nodes duringasoftware/hardware upgrade, (d) near-synchronization of the once-in-30-minutes refresh instants of some types of LSAs, (e) refresh"low priority" class comprising of allLSAs inother packets. The classification is accomplished by examining thesystem duringOSPF packet header. While receiving achange in software version. In additionpacket from a neighbor and while transmitting a packet tothe LSAs generated asadirect result of link/node failures, there may be other indirect LSAs as well. One example in MPLS networks is traffic engineering LSAs generated at other links asneighbor, try to process aresult of significant change in reserved bandwidth resulting from rerouting"high priority" packet ahead ofLabel Switched Paths (LSPs)a "low priority" packet. (2) Reset the Inactivity Timer for an interface whenever any OSPF packet is received over thatwent down duringinterface (currently this is done only for thelink/node failure. The LSA storm causes high CPU and memory utilization atHello packet). So OSPF would declare thenode processors causing incoming packetsinterface to bedelayeddown only if no OSPF packet is received over that interface for a period equaling ordropped. Delayed acknowledgements (beyondexceeding theretransmission timer value) results in retransmissions, and delayed Hello packets (beyondRouterDeadInterval. (3) Use an Exponential Backoff algorithm for determining the value of theRouter-Dead interval) results in links being declared down. A trunk-down event causes RouterLSAgeneration by its end-point nodes. If traffic engineering LSAs areretransmission interval (RxmtInterval). Let R(i) represent the RxmtInterval value usedfor each link then that typeduring the i-th retransmission ofLSAs would also be generated byan LSA. Use theend-point nodes and potentially elsewhere as well duefollowing algorithm tosignificant changes in reserved bandwidths at other links caused by the failurecompute R(i) R(1) = Rmin R(i+1) = Min(KR(i),Rmax) for i>=1 Choudhury et. al. Best Current Practice [Page 3] Internet Draft Prioritized Treatment September, 2003 where K, Rmin and Rmax are constants andreroute of LSPs originally usingthefailed trunk. Eventually, whenfunction Min(.,.) represents thelink recovers that would also trigger additional Routerminimum value of its two arguments. Example values for K, Rmin andtraffic engineering LSAs. The retransmissionsRmax may be 2, 5 seconds andadditional LSA generations result in further CPU40 seconds respectively. (4) Implicit Congestion Detection andmemory usage, essentially causingAction Based on That: If there is control message congestion at apositive feedback loop. We define the LSA storm size asnode, its neighbors do not know about that explicitly. However, they can implicitly detect it based on the number of unacknowledged LSAsin the original storm and not counting any additional LSAs resulting from the feedback loop described above.to this node. Ifthe LSA storm is too largethis number exceeds a certain "high water mark" then thepositive feedback loop mentioned above may be large enoughrate at which LSAs are sent toindefinitely sustainthis node should be reduced. At alarge CPU and memory utilization at many network nodes, thereby drivingfuture time, if thenetworknumber of unacknowledged LSAs toan unstable state. Inthis node falls below a certain "low water mark" then thepast, network outage events have been reported in IP and ATM networks using link-state protocols such as OSPF, IS-IS, PNNI or some proprietary variants. See, for example [Ref1-Ref4]. In many of these examples, large scale floodingnormal rate of sending LSAsor other similar control messages (either naturally or triggered by some bug or inappropriate Choudhury et. al. [Page 3] Internet Draft Explicit Marking May, 2003 procedure) have been partly or fully responsible for network instability and outage. It has been suggested [Ref5]toreducethis node should be resumed. An example value for theHello interval"high water mark" may be 20 unacknowledged LSAs andRouter-Dead interval significantly in orderthat forOSPF to detect link failures and recoveries faster. Reduction of Router-Dead interval would make it even more likelythe "low water mark" may be 10 unacknowledged LSAs. An example value forlinks tothe rate on exceeding the "high water mark" may bedeclared down due50% the normal rate. (5) Throttling Adjacencies tomissed Hellos. We usebe Brought Up Simultaneously: If asimulation modelnode tries toshow that there isbring up acertain LSA storm size threshold above which the network may show unstable behavior caused bylarge number ofretransmissions, link failures dueadjacencies tomissed Hello packets and subsequent link recoveries. We also showits neighbors simultaneously then thatthe LSA storm size causing instabilitymaybe substantially increased by providing prioritized treatmentcause severe congestion due toHellodatabase synchronization and LSAAcknowledgment packets. Furthermore, if we prioritize Hello packets then even when the network operates somewhat above the stability threshold, links are not declared down due to missed Hellos. This implies that even though thereflooding activities. It iscontrol plane congestion due to many retransmissions, the data plane stays up and no new LSAs are generated (besides the ones in the original storm and the refreshes). Based on these observations we propose prioritized treatment of Hello, LSA acknowledgment and other critical OSPF packets and a special marking to facilitate that. One might arguerecommended thatthe scalability issue of large networksduring such a situation no more than "n" adjacencies should besolved solely by dividing the network hierarchically into multiple areas so that floodingbrought up simultaneously. Once a subset ofLSAs remains localized within areas. However, this approach increases the network management and design complexity and may result in less optimal routing between areas. Also, ASE LSAs are flooded throughout the AS and itadjacencies have been brought up successfully, newer adjacencies may bea problem if there are large numbers of them. Furthermore, a largebrought up as long as the number ofsummary LSAssimultaneous adjacencies being brought up does not exceed "n". An example value for "n" mayneed tobeflooded across Areas and their numbers would increase significantly if multiple Area Border Routers are employed4. 3. Security Considerations This memo does not create any new security issues for thepurpose of reliability. Thus it is important to allowOSPF protocol. Security considerations for thenetwork to grow towards as large a size as possible under a single area. Our proposal here is synergistic with a broader set of scalability and stability improvement proposals. [Ref6, Ref7] proposes flooding overhead reductionbase OSPF protocol are covered incase more than one interface goes[Ref1]. 4. Acknowledgments We would like to acknowledge thesame neighbor. [Ref8] proposes a mechanism for greatly reducing LSA refreshes in stable topologies. [Ref9] compares several restricted flooding algorithms in termssupport oftheir ability to withstand large LSA stormsOSPF WG chairs Rohit Dube, Acee Lindem, androbustness to failure conditions. [Ref10] proposes a wide range of congestion controlJohn Moy. We also acknowledge Jerry Ash, Margaret Chiosi, Elie Francis, Jeff Han, Beth Munson, Roshan Rao, Moshe Segal, Mike Wardlow, andfailure recovery mechanisms.Pat Wirth for collaboration and encouragement in our scalability improvement efforts for Link-State-Protocol based networks. Choudhury et. al. Best Current Practice [Page 4] Internet DraftExplicit Marking May,Prioritized Treatment September, 2003Section 2 describes the network under simulation and Section 3 provides the simulation results. Section 4 gives the basic observations based on the simulation results. Section 5 explains the need for prioritized treatment of certain critical5. References [Ref1] J. Moy, "OSPF Version 2", RFC 2328, April, 1998. [Ref2] D. Katz, D. Yeung, K. Kompella, "Traffic Engineering Extension to OSPFpacketsVersion 2," Work in Progress. [Ref3] C. Alaettinoglu, V. Jacobson andspecial marking to facilitate that. Section 6 gives the summary. 2. TheH. Yu, "Towards Milli- second IGP Convergence," Work in Progress. [Ref4] Pappalardo, D., "AT&T, customers grapple with ATM net outage," NetworkUnder Simulation We generate a random network over a rectangular grid using a modified versionWorld, February 26, 2001. [Ref5] "AT&T announces cause ofWaxman's algorithm [Ref11] that ensures that theframe-relay networkis connected and has a pre-specified number of nodes, links, maximum number of neighbors per node,outage," AT&T Press Release, April 22, 1998. [Ref6] Cholewka, K., "MCI Outage Has Domino Effect," Inter@ctive Week, August 20, 1999. [Ref7] Jander, M., "In Qwest Outage, ATM Takes Some Heat," Light Reading, April 6, 2001. [Ref8] A. Zinin andmaximum number of adjacencies per node. The rectangular grid resembles the continental U.S.A. with maximum one-way propagation delay of 30 msM. Shand, "Flooding Optimizations inthe East-West direction and maximum one-way propagation delay of 15 msLink-State Routing Protocols," Work inthe North-South direction. We consider two different network sizesProgress. [Ref9] J. Moy, "Flooding over Parallel Point-to-Point Links," Work in progress. [Ref10] P. Pillay-Esnault, "OSPF Refresh and flooding reduction in stable topologies," Work in progress. [Ref11] J. Ash, G. Choudhury, V. Sapozhnikova, M. Sherif, A. Maunder, V. Manral, "Congestion Avoidance & Control for OSPF Networks", Work in Progress. [Ref12] B. M. Waxman, "Routing of Multipoint Connections," IEEE Journal on Selected Areas in Communications, 6(9):1617-1622, 1988. 6. Authors' Addresses Gagan L. Choudhury AT&T Room D5-3C21 200 Laurel Avenue Middletown, NJ, 07748 USA Phone: (732)420-3721 email: gchoudhury@att.com Choudhury et. al. Best Current Practice [Page 5] Internet Draft Prioritized Treatment September, 2003 Vera D. Sapozhnikova AT&T Room C5-2C29 200 Laurel Avenue Middletown, NJ, 07748 USA Phone: (732)420-2653 email: sapozhnikova@att.com Anurag S. Maunder Sanera Systems 370 San Aleso Ave. Second Floor Sunnyvale, CA 94085 Phone: (408)734-6123 email: amaunder@sanera.net Vishwas Manral NetPlane 189, Prashasan Nagar, Road Number 72 Jubilee Hills, Hyderabad India email: Vishwasm@netplane.com Appendix A. LSA Storm: Causes and Impact An LSA storm may be initiated due to many reasons. Here are some examples: (a) one or more link failures due to fiber cuts, (b) one or more node failures for some reason, e.g., software crash or some type of disaster (including power outage) in an office complex hosting many nodes, (c) Link/node flapping, (d) requirement of taking down and later bringing back many nodes during a software/hardware upgrade, (e) near-synchronization of the once-in-30-minutes refresh instants of a subset of LSAs, (f) refresh of all LSAs in the system during a change in software version, Choudhury et. al. Best Current Practice [Page 6] Internet Draft Prioritized Treatment September, 2003 (g) injecting a large number of external routes to OSPF due to a procedural error. In addition to the LSAs generated asexplaineda direct result of link/node failures, there may be other indirect LSAs as well. One example in MPLS networks is traffic engineering LSAs generated at other links as a result of significant change in reserved bandwidth resulting from rerouting of Label Switched Paths (LSPs) that went down during the link/node failure. The LSA storm causes high CPU and memory utilization at the node processors causing incoming packets to be delayed or dropped. Delayed acknowledgements (beyond the retransmission timer value) results in retransmissions, and delayed Hello packets (beyond the Router-Dead interval) results inSection 3. The network has a flat, single-area topology. Each node is alinks being declared down. A trunk-down event causes RouterandLSA generation by its end-point nodes. If traffic engineering LSAs are used for each linkis a point-to-pointthen that type of LSAs would also be generated by the end-point nodes and potentially elsewhere as well due to significant changes in reserved bandwidths at other links caused by the failure and reroute of LSPs originally using the failed trunk. Eventually, when the linkconnecting two routers. We assumerecovers thatnodewould also trigger additional Router and traffic engineering LSAs. The retransmissions and additional LSA generations result in further CPU and memory(notusage, essentially causing a positive feedback loop. We define thelink bandwidth) isLSA storm size as themain bottlenecknumber of LSAs in the original storm and not counting any additional LSAs resulting from the feedback loop described above. If the LSAflooding process. This will typicallystorm is too large then the positive feedback loop mentioned above may betruelarge enough to indefinitely sustain a large CPU and memory utilization at many network nodes, thereby driving the network to an unstable state. In the past, network outage events have been reported in IP and ATM networks using link-state protocols such as OSPF, IS-IS, PNNI or some proprietary variants. See, forhigh speed links (e.g., OC3example [Ref4-Ref7]. In many of these examples, large scale flooding of LSAs or other similar control messages (either naturally or triggered by some bug or inappropriate procedure) have been partly orabove) and/or links where OSPF traffic gets an adequate Quality of Service (QoS) compared to other traffic. Different Timers: LSA refresh interval = 1800 seconds, Hello refresh interval = 10 Seconds, Router-Dead interval = 40 seconds, LSA retransmission interval: two values are considered, 10 secondsfully responsible for network instability and5 Seconds (note thatoutage. In Appendix B, we use aretransmissionsimulation model to show that there isdisabled on the receipt of either an explicit acknowledgment oraduplicatecertain LSAover the same interface that acts as an implicit acknowledgment) Minimum time between successive generation ofstorm size threshold above which thesame LSA = 5 seconds, Minimum time between successive Dijkstra SPF calculations is 1 second. Packingnetwork may show unstable behavior caused by large number ofLSAs: It is assumedretransmissions, link failures due to missed Hello packets and subsequent link recoveries. We also show thatfor any given node,theLSAs generated over a 1-second period are packed togetherLSA storm size causing instability may be substantially increased by providing prioritized treatment toformHello and LSA Acknowledgment packets and by using anLSU but no more than 3 LSAs are packed in one LSU. LSU/Ack/Hello Processing Times: All processing times are expressed in terms of the parameter T. Two values of T are considered, 1 msexponential backoff Choudhury et. al. Best Current Practice [Page5]7] Internet DraftExplicit Marking May,Prioritized Treatment September, 2003 algorithm for determining the LSA retransmission interval. Furthermore, if we prioritize Hello packets then even when the network operates somewhat above the stability threshold, links are not declared down due to missed Hellos. This implies that even though there is control plane congestion due to many retransmissions, the data plane stays up and0.5 ms. Inno new LSAs are generated (besides thecase of a dedicated processor for processing OSPF packetsones in theprocessing time reported representsoriginal storm and thetrue processing time. Ifrefreshes). These observations are theprocessor does other work and only a fractionbasis ofits capacity can be dedicated to OSPF processing then we have to inflate the processing time appropriately to gettheeffective processing time andfirst three proposals inthat case it is assumedSection 2. One might argue that theinflation factor is already takenscalability issue of large networks should be solved solely by dividing the network hierarchically intoaccount as partmultiple areas so that flooding of LSAs remains localized within areas. However, this approach increases thereported processing time. The fixed time to send or receive any LSU, Ack or Hello packet is T. In addition, a variable processing time is used for LSUnetwork management andAck depending on the numberdesign complexity andtypes ofmay result in less optimal routing between areas. Also, ASE LSAspacked. No variable processing time is used for Hello. Variable processing time per Router LSA is (0.5 + 0.17L)T where L is the number of adjacencies advertised byare flooded throughout theRouter LSA. For other LSA types (e.g., ASE LSA orAS and it may be a"Link" LSA carrying traffic engineering information aboutproblem if there are large numbers of them. Furthermore, alink), the variable processing time per LSA is 0.5T. Variable processing time for an Ack is 25% thatlarge number ofthe corresponding LSA. It issummary LSAs may need to benoted thatflooded across Areas and their numbers would increase significantly if multipleLSAsArea Border Routers arepacked in a single LSU packet thenemployed for thefixed processing timepurpose of reliability. Thus it isneeded only once butimportant to allow thevariable processing timenetwork to grow towards as large a size as possible under a single area. Our proposal here isneeded for every componentsynergistic with a broader set ofthe packet. The processing time values we use are roughlyscalability and stability improvement proposals. [Ref8, Ref9] proposes flooding overhead reduction in case more than one interface goes to the same neighbor. [Ref10] proposes a mechanism for greatly reducing LSA refreshes in stable topologies. [Ref11] proposes a wide range ofwhat has been observed in an operational network. LSU/Ack/Hello Priority: Two non-preemptive priority levelscongestion control andthree priority scenarios are considered. Within each priority level processing is FIFO with new packetsfailure recovery mechanisms. Appendix B. Simulation Study The main motivation oflower priority being dropped when the lower priority queuethis study isfull. The higher priority packets are never dropped. In Priority scenario 1, all LSUs/Acks/Hellos received at a node are queued atto show thelower priority. In Priority scenario 2, Hellos received at a node are queued atnetwork congestion and instability caused by large LSA storms and thehigher priority but LSUs/Acks are queued at lower priority. In Priority scenario 3, Hellosimprovement in stability andAcks received atscalability that can be achieved by following the proposals in this memo. Appendix B.1. The Network Under Simulation We generate a random network over anode are queued at the higher priority but LSUs are queued at lower priority. All packets generated internally torectangular grid using anode (usually triggered bymodified version of Waxman's algorithm [Ref12] that ensures that the network is connected and has atimer) are processed atpre-specified number of nodes, links, maximum number of neighbors per node, and maximum number of adjacencies per node. The rectangular grid resembles thehigher priority. This includescontinental U.S.A. with maximum one-way propagation delay of 30 ms in theinitial LSA storm, LSA refresh, Hello refresh, LSA retransmissionEast-West direction andnew LSA generation after detectionmaximum one-way propagation delay of 15 ms in the North-South direction. We consider two different network sizes as explained in Section B.2. The network has afailure or recovery. Buffer Size for Incoming LSUs/Acks/Hellos (lower priority): Bufferflat, single-area topology. Choudhury et. al. Best Current Practice [Page6]8] Internet DraftExplicit Marking May,Prioritized Treatment September, 2003sizeEach node isassumed to be 2000 packets whereapacket is either an Ack, LSU, or Hello. LSA Refresh: Each LSARouter and each link isrefreshed once in 1800 secondsa point-to-point link connecting two routers. We assume that node CPU and memory (not therefresh instants of various LSAslink bandwidth) is the main bottleneck in theLSDB are assumed toLSA flooding process. This will typically beuniformly distributed over the 1800 seconds period, i.e., they are completely unsynchronized. If however,true for high speed links (e.g., OC3 or above) and/or links where OSPF traffic gets anLSA is generated as partadequate Quality ofthe initialService (QoS) compared to other traffic. Different Timers: LSAstorm then it goes on a newrefreshschedule of once ininterval = 1800seconds starting from its generation time.seconds, Hello refresh interval = 10 Seconds, Router-Dead interval = 40 seconds, LSAStorm Generation: As defined earlier, "LSA storm" is the simultaneous or near simultaneous generation of a large number of LSAs. In the case of only Routerretransmission interval: two values are considered, 10 seconds andASE LSAs we normally assume5 Seconds (note thatthe number of ASE LSAs in the storma retransmission isabout 4 times that of the Router LSAs, butdisabled on theratio is allowed to change ifreceipt of eitherthe Routeran explicit acknowledgment or a duplicate LSA over theASE LSAs have reached their maximum possible value. In the case of only Router and Link LSAs (carrying traffic engineering information) we normally assumesame interface thatthe numberacts as an implicit acknowledgment) Minimum time between successive generation ofLink LSAs inthestormsame LSA = 5 seconds, Minimum time between successive Dijkstra SPF calculations isabout 4 times that1 second. Packing ofthe Router LSAs, but the ratioLSAs: It isallowed to change if either the Router or the Link LSAs have reached their maximum possible value. Forassumed that for any givenLSA storm we keep generating LSAs starting from Node index 1 and moving upwards and stop untilnode, thecorrect number of LSAs of each type have been generated. TheLSAs generatedat any given node is assumedover a 1-second period are packed together tostart atform aninstant uniformly distributed between 20LSU but no more than 3 LSAs are packed in one LSU. LSU/Ack/Hello Processing Times: All processing times are expressed in terms of the parameter T. Two values of T are considered, 1 ms and30 seconds from0.5 ms. In thestartcase of a dedicated processor for processing OSPF packets thesimulation. Successive LSA generations atprocessing time reported represents the true processing time. If the processor does other work and only anode are assumed tofraction of its capacity can bespaced apart by 400 ms. It isdedicated tobe noted that duringOSPF processing then we have to inflate theperiod of observation there are other LSAs generated besidesprocessing time appropriately to get theoneseffective processing time and inthe storm. These include refresh of LSAsthatare notcase it is assumed that the inflation factor is already taken into account as part of thestorm and LSAs generated duereported processing time. The fixed time topossible link failures and subsequent possible link recoveries. Failure/Recovery of Links: If nosend or receive any LSU, Ack or Hello packet isreceived overT. In addition, alink (due to CPU/memory congestion) for longer than Router-Dead Interval then the linkvariable processing time isdeclared down. At a later time, if Hellos are received thenused for LSU and Ack depending on thelink would be declared up. Whenever a linknumber and types of LSAs packed. No variable processing time isdeclared up or down, oneused for Hello. Variable processing time per Router LSA isgenerated by each Router on(0.5 + 0.17L)T where L is thetwo sidesnumber of adjacencies advertised by thepoint-to-point link. If "Link LSAs"Router LSA. For other LSA types (e.g., ASE LSA or a "Link" LSA carrying traffic engineering information about a link), the variable processing time per LSA isused then it0.5T. Variable processing time for an Ack isassumed25% thateach Router would also generate a Linkof the corresponding LSA.In this case itChoudhury et. al. Best Current Practice [Page 9] Internet Draft Prioritized Treatment September, 2003 It isalso assumed that duetorerouting of LSPs, three other links in the network (selected randomly in the simulation) would have significant change in reserved bandwidth which would resultbe noted that if multiple LSAs are packed inone Link LSA being generated bya single LSU packet then therouters onfixed processing time is needed only once but thetwo endsvariable processing time is needed for every component ofeach such link. 3. Simulation Results In this sectionthe packet. The processing time values westudyuse are roughly in therelative performancesame range ofthewhat has been observed in an operational network. LSU/Ack/Hello Priority: Two non-preemptive priority levels and threeChoudhury et. al. [Page 7] Internet Draft Explicit Marking May, 2003 Prioritypriority scenariosdefined earlier (noare considered. Within each priorityto Hello or Ack,level processing is FIFO with new packets of lower priorityto Hello only,being dropped when the lower priority queue is full. The higher priority packets are never dropped. In Priority scenario 1, all LSUs/Acks/Hellos received at a node are queued at the lower priority. In Priority scenario 2, Hellos received at a node are queued at the higher priority but LSUs/Acks are queued at lower priority. In Priority scenario 3, Hellos and Acks received at a node are queued at the higher priority but LSUs are queued at lower priority. All packets generated internally toboth Hello and Ack) witharange of Network sizes,node (usually triggered by a timer) are processed at the higher priority. This includes the initial LSAretransmission timer values,storm, LSAtypes, processing time values and Hello/Router-Dead-Interval values: Network size: Two networks are considered. Network 1 has 100 nodes, 1200 links, maximum number of neighbors per node is 30 and maximum number of adjacencies per node is 50 (same neighbor may have more than one adjacencies). Network 2 has 50 nodes, 600 links, maximum number of neighbors per node is 25refresh, Hello refresh, LSA retransmission andmaximum numbernew LSA generation after detection ofadjacencies per node is 48. Dijkstra SPF calculation timea failure or recovery. Buffer Size forNetwork 1Incoming LSUs/Acks/Hellos (lower priority): Buffer size is assumed to be100 ms and that for Network 22000 packets where a packet isassumed to be 70 ms.either an Ack, LSU, or Hello. LSAType:Refresh: Eachnode has 1 RouterLSA(Total of 100 for Network 1is refreshed once in 1800 seconds and50 for Network 2). There are no Networkthe refresh instants of various LSAssince all linksin the LSDB arepoint-to-point links and no Summary LSAs sinceassumed to be uniformly distributed over thenetwork has only one area. Regarding other1800 seconds period, i.e., they are completely unsynchronized. If however, an LSA is generated as part of the initial LSA storm then it goes on a new refresh schedule of once in 1800 seconds starting from its generation time. LSAtypes we consider two situations.Storm Generation: As defined earlier, "LSA storm" is the simultaneous or near simultaneous generation of a large number of LSAs. InSituation 1 we assume that there are no ASE LSAs and each link has one "Link" LSA carrying traffic engineering information (Totalthe case of2400 for Network 1only Router and1200 for Network 2). In Situation 2ASE LSAs we normally assume thatthere are no "Link" LSAs and half ofthenodes are ASA-Border nodes and each border node has 10number of ASE LSAs(Total of 500 for Network 1 and 250 for Network 2). We identify Situation 1 as "Link LSAs" and Situation 2 as "ASE LSAs". LSA retransmission timer value: Two values are considered, 10 seconds and 5 seconds (default value). Processing time values: Processing times for LSUs, Acks and Hello packets have been previously expressedinterms of a common parameter T. Two values are considered for T, which are 1 ms and 0.5 ms respectively. Hello/Router-Dead-Interval: Itthe storm isassumedabout 4 times thatRouter-Dead intervalof the Router LSAs, but the ratio isfour timesallowed to change if either theHello interval.Router or the ASE LSAs have reached their maximum possible value. Inonethe caseitof only Router and Link LSAs (carrying traffic engineering information) we normally assume that the number of Link LSAs in the storm isassumedabout 4 times thatHello intervalof the Router LSAs, but the ratio is10 secondsallowed to change if either the Router or the Link LSAs have reached their maximum possible value. For any given LSA storm we keep generating LSAs starting from Node index 1 andRouter-Dead-Interval is 40 seconds (default values),moving upwards andinstop until theother case itcorrect number of LSAs of each type have been generated. The LSAs generated at any given node is assumedthat Hello interval is 2 seconds and Router-Dead-Interval is 8 seconds. Based on Network size, LSA typeto start at an instant uniformly distributed between 20 andprocessing time values we develop 6 Test cases as follows: Case 1: Network 1, Link LSAs, retransmission timer = 10 sec., T = 1 ms, Hello/Router-Dead-Interval = 10/40 sec. Case 2: Network 1, ASE LSAs, retransmission timer = 10 sec., T = 1 ms, Hello/Router-Dead-Interval = 10/40 sec. Case 3: Network 1, Link LSAs, retransmission timer = 5 sec.,30 seconds Choudhury et. al. Best Current Practice [Page8]10] Internet DraftExplicit Marking May,Prioritized Treatment September, 2003T = 1 ms, Hello/Router-Dead-Interval = 10/40 sec. Case 4: Network 1, Link LSAs, retransmission timer = 10 sec., T = 0.5 ms, Hello/Router-Dead-Interval = 10/40 sec. Case 5: Network 1, Link LSAs, retransmission timer = 10 sec., T = 1 ms, Hello/Router-Dead-Interval = 2/8 sec. Case 6: Network 2, Link LSAs, retransmission timer = 10 sec., T = 1 ms, Hello/Router-Dead-Interval = 10/40 sec. For each case and for each Priority scenario we studyfrom the start of the simulation. Successive LSA generations at a node are assumed to be spaced apart by 400 ms. It is to be noted that during the period of observation there are other LSAs generated besides the ones in thenetwork stability as a functionstorm. These include refresh of LSAs that are not part of thesizestorm and LSAs generated due to possible link failures and subsequent possible link recoveries. Failure/Recovery of Links: If no Hello is received over a link (due to CPU/memory congestion) for longer than Router-Dead Interval then theLSA storm. The stabilitylink isdetermined by looking atdeclared down. At a later time, if Hellos are received then thenumber of non-converged LSUs aslink would be declared up. Whenever afunction of time. An examplelink isshown in Table 1 for Case 1 and Priority scenario 1 (No priority to Hellosdeclared up orAcks). =========|========================================================== | Number of Non-Converged LSUs in the Network at Time(in sec) LSA | STORM |====|=====|=====|=====|=====|=====|=====|=====|========|== SIZE |10s | 20s | 30s | 35s | 40s | 50s | 60s | 80s | 100s | =========|====|=====|=====|=====|=====|=====|=====|=====|========|== 100 | 0 | 0 | 24 | 29 | 24 | 1 | 0 | 1 | 1 | (Stable)| | | | | | | | | | ---------|----|-----|-----|-----|-----|-----|-----|-----|--------|-- 140 | 0 | 0 | 35 | 48 | 46 | 27 | 14 | 1 | 1 | (Stable)| | | | | | | | | | ---------|----|-----|-----|-----|-----|-----|-----|-----|--------|-- 160 | 0 | 0 | 38 | 57 | 55 | 40 | 26 | 65 | 203 | (Unstable) | | | | | | | | | =========|========================================================== Table 1: Network Stability Vs.down, one Router LSAStorm (Case 1, No priorityis generated by each Router on the two sides of the point-to-point link. If "Link LSAs" carrying traffic engineering information is used then it is assumed that each Router would also generate a Link LSA. In this case it is also assumed that due toHello/Ack) Thererouting of LSPs, three other links in the network (selected randomly in the simulation) would have significant change in reserved bandwidth which would result in one Link LSAstorm starts a little after 20 seconds and so for some periodbeing generated by the routers on the two ends oftime after thateach such link. Appendix B.2. Simulation Results In this section we study thenumberrelative performance ofnon-converged LSUs should stay highthe three priority scenarios defined earlier (no priority to Hello or Ack, priority to Hello only, andthen come down forpriority to both Hello and Ack) with astable network. This happens for LSA stormsrange ofsizes 100 and 140. With anNetwork sizes, LSAstormretransmission timer values, LSA types, processing time values and Hello/Router-Dead-Interval values: Network size: Two networks are considered. Network 1 has 100 nodes, 1200 links, maximum number ofsize 160, theneighbors per node is 30 and maximum number ofnon-converged LSUs stay high indefinitely due to repeated retransmissions, link failures due to missed Hellos foradjacencies per node is 50 (same neighbor may have more thanthe Router-Dead interval which generates additional LSAs and also due to subsequent link recoveries which again generate additional LSAs. We define network stability threshold as theone adjacencies). Network 2 has 50 nodes, 600 links, maximum number of neighbors per node is 25 and maximumallowable LSA storm size for which thenumber ofChoudhury et. al. [Page 9] Internet Draft Explicit Marking May, 2003 non-converged LSUs come downadjacencies per node is 48. Dijkstra SPF calculation time for Network 1 is assumed toa low level after some time. It turns outbe 100 ms and that forthis example the stability thresholdNetwork 2 is150. The network behavior as a function of the LSA storm size canassumed to becategorized as follows: (1) If the70 ms. LSAstorm is well below the stability threshold then the CPU/memory congestion lasts onlyType: Each node has 1 Router LSA (Total of 100 fora short periodNetwork 1 andduring this period there50 for Network 2). There arevery few retransmissions, very few dropped OSPF packets andnolink failures due to missed Hellos. This type of LSA stormsNetwork LSAs since all links areobserved routinely in operational networkspoint-to-point links andnetworks recover from them easily. (2) Ifno Summary LSAs since the network has only one area. Regarding other LSAstorm is just below the stability threshold then the CPU/memory congestion lasts for a longer period and during this periodtypes we consider two situations. In Situation 1 we assume that theremay be considerable amount of retransmissions and dropped OSPF packets. If Hello packetsarenot given priority then there may also be some link failures due to missed Hellos. However, the network does go back to a stable state eventually. This type of LSA storm may happen rarely in operational networks and they recover from it with some difficulty. (3) If theno ASE LSAs and each link has one "Link" LSAstorm is above the stability threshold then the CPU/memory congestion may last indefinitely unless some special procedurecarrying traffic engineering information (Total of 2400 forrelieving congestion is followed. During this periodNetwork 1 and 1200 for Network 2). In Situation 2 we assume that there areconsiderable amount of retransmissionsno "Link" LSAs anddropped OSPF packets. If Hello packetshalf of the nodes arenot given priority then there would also be link failures due to missed Hellos. This typeASA-Border nodes and each border node has 10 ASE LSAs (Total ofLSA storm may happen very rarely in operational networks500 for Network 1 andusually some manual procedure such250 for Network 2). We identify Situation 1 astaking down adjacencies in heavily congested nodes is needed. (4) If"Link LSAs" and Situation 2 as "ASE LSAs". LSA retransmission timer value: Two values are considered, 10 seconds and 5 seconds (default value). Choudhury et. al. Best Current Practice [Page 11] Internet Draft Prioritized Treatment September, 2003 Processing time values: Processing times for LSUs, Acks and Hello packetsare given priority then the network stability threshold increases, i.e., the network can withstandhave been previously expressed in terms of alarger LSA storm. Furthermore, even if the network operates at or somewhat above this higher stability threshold, Helloscommon parameter T. Two values arestill not missedconsidered for T, which are 1 ms and 0.5 ms respectively. Hello/Router-Dead-Interval: It is assumed that Router-Dead interval is four times the Hello interval. In one case it is assumed that Hello interval is 10 seconds andso there are no link failures. So even if thereRouter-Dead-Interval iscongestion40 seconds (default values), and in thecontrol plane due to increased retransmissions requiring some special procedures for congestion reduction, the data plane remains unaffected. (5) If bothother case it is assumed that Helloand Acknowledgement packets are given priority then the stability threshold increases even further. Choudhury et. al. [Page 10] Internet Draft Explicit Marking May, 2003 In Tableinterval is 2we show the network stability threshold for the five different casesseconds andfor the three different priority scenarios defined earlier. |===========|========================================================| | | Maximum AllowableRouter-Dead-Interval is 8 seconds. Based on Network size, LSAStorm Size For | | Case |=================|==================|===================| | Number | No Priority to |Priority to Hello | Priority to Hello | | | Hello or Ack | Only |type andAck | |===========|=================|==================|===================| |processing time values we develop 6 Test cases as follows: Case 1: Network 1, Link LSAs, retransmission timer = 10 sec., T = 1| 150 | 190 | 250 | |___________|_________________|__________________|___________________| |ms, Hello/Router-Dead-Interval = 10/40 sec. Case2 | 185 | 215 | 285 | |___________|_________________|__________________|___________________| |2: Network 1, ASE LSAs, retransmission timer = 10 sec., T = 1 ms, Hello/Router-Dead-Interval = 10/40 sec. Case3 | 115 | 127 | 170 | |___________|_________________|__________________|___________________| |3: Network 1, Link LSAs, retransmission timer = 5 sec., T = 1 ms, Hello/Router-Dead-Interval = 10/40 sec. Case4 | 320 | 375 | 580 | |___________|_________________|__________________|___________________| |4: Network 1, Link LSAs, retransmission timer = 10 sec., T = 0.5 ms, Hello/Router-Dead-Interval = 10/40 sec. Case5 | 120 | 175 | 225 | |___________|_________________|__________________|___________________| |5: Network 1, Link LSAs, retransmission timer = 10 sec., T = 1 ms, Hello/Router-Dead-Interval = 2/8 sec. Case6 | 185 | 224 | 285 | |___________|_________________|__________________|___________________| Table 2: Maximum Allowable LSA Storm for a Stable6: Network4. Observations on Simulation Results Table 2 shows that in all cases prioritizing Hello packets increases the network stability threshold,2, Link LSAs, retransmission timer = 10 sec., T = 1 ms, Hello/Router-Dead-Interval = 10/40 sec. For each case andin addition, prioritization of LSA Acknowledgment packets increases the stability threshold even further. The reasonsfor each Priority scenario we study theabove observations arenetwork stability asfollows. The main sources of sustained CPU/memory congestion (or positive feedback loop) following an LSA storm are (1) LSA retransmissions and (2) links being declared down due to missed Hellos which in turn causes further LSA generation and future recoverya function of thelink causing even more LSA generation. Prioritizing Hello packets avoids and practically eliminates the second sourcesize ofcongestion. Prioritizing Acknowledgements significantly reducesthefirst source of congestion, i.e.,LSAretransmissions. Itstorm. The stability isto be noted that retransmissions can not be completely eliminated due to the following reasons. Firstly, only the explicit Acknowledgments are prioritized but duplicate LSAs carrying implicit Acknowledgments are still served at the lower priority. Secondly, LSAs may get greatly delayed or droppeddetermined by looking at theinput queuenumber ofreceivers and therefore Acknowledgments may not even get generatednon-converged LSUs as a function of time. An example is shown inwhich case prioritizing Acks would not help. Another factorTable 1 for Case 1 and Priority scenario 1 (No priority tokeep in mind is that sinceHellosand Acks are prioritized, the LSAs see bigger delay and potential foror Acks). Choudhury et. al. Best Current Practice [Page11]12] Internet DraftExplicit Marking May,Prioritized Treatment September, 2003dropping. However, the simulation results show that on the whole prioritizing Hello and LSA Acks are always beneficial and significantly improve the network stability threshold. Our simulation study also showed that in each of the cases, instead=========|========================================================== | Number ofprioritizing Hello packets if we treat any packet received over a link as a surrogate for a Hello packet (an implicit Hello) then we get about the same stability threshold as obtained with prioritizing Hello packets. If we prioritize Hello packets then even when the network operates somewhat aboveNon-Converged LSUs in thestability threshold, links are not declared down due to missed Hellos. This implies that even though there is control plane congestion dueNetwork at Time(in sec) LSA | STORM |====|=====|=====|=====|=====|=====|=====|=====|========|== SIZE |10s | 20s | 30s | 35s | 40s | 50s | 60s | 80s | 100s | =========|====|=====|=====|=====|=====|=====|=====|=====|========|== 100 | 0 | 0 | 24 | 29 | 24 | 1 | 0 | 1 | 1 | (Stable)| | | | | | | | | | ---------|----|-----|-----|-----|-----|-----|-----|-----|--------|-- 140 | 0 | 0 | 35 | 48 | 46 | 27 | 14 | 1 | 1 | (Stable)| | | | | | | | | | ---------|----|-----|-----|-----|-----|-----|-----|-----|--------|-- 160 | 0 | 0 | 38 | 57 | 55 | 40 | 26 | 65 | 203 | (Unstable) | | | | | | | | | =========|========================================================== Table 1: Network Stability Vs. LSA Storm (Case 1, No priority tomany retransmissions, the data plane stays up and no new LSAs are generated (besides the ones in the originalHello/Ack) The LSA storm starts a little after 20 seconds andthe refreshes) 5. Needso forPrioritized Treatmentsome period ofCritical OSPF Packets and Special Marking to Facilitate That The observations in the previous section clearly showtime after thatprioritizing Hellothe number of non-converged LSUs should stay high and then come down for a stable network. This happens for LSAAcknowledgment packets are greatly beneficial in improving the scalabilitystorms of sizes 100 andstability140. With an LSA storm oflarge networks. In addition to these packets it may be beneficial to treat certain other OSPF packets at the higher priority as well. One example (duringsize 160, thedatabase exchange process between neighbors following anumber of non-converged LSUs stay high indefinitely due to repeated retransmissions, linkrecovery) is the Database Description packet from a slave that is used as an acknowledgmentfailures due to missed Hellos for more than theprevious Database Description packet sent from the master. Another example is an LSA carrying a change informationRouter-Dead interval whichmay trigger SPF calculationgenerates additional LSAs andrerouting of Label Switched Paths. It is preferablealso due totransmit this information faster than other LSAs in thesubsequent link recoveries which again generate additional LSAs. We define networkthat are just once-in-30-minutes refreshes and typically would not trigger any route computation or route change. Given that there is a needstability threshold as the maximum allowable LSA storm size forproviding prioritized treatment to certain OSPF packets,which thenext natural question is hownumber of non-converged LSUs come down tofacilitatea low level after some time. It turns out that for thisprioritization. If itexample the stability threshold ispossible to examine150. The network behavior as a function of thepacket header (forLSA storm size can be categorized as follows: (1) If thepurpose of prioritization) much faster than processingLSA storm is well below thewhole packetstability threshold thenprioritized treatment is possible without any protocol changes. However, we also propose that a special marking be usedthe CPU/memory congestion lasts only forcategorizing alla short period and during this period there are very few retransmissions, very few dropped OSPF packetsinto one of two priority classes. It is also importantand no link failures due toseparately mark OSPF packetsmissed Hellos. This type of LSA storms are observed routinely in operational networks and networks recover fromother IP packets. One way to do thisthem easily. (2) If the LSA storm isto reserve two diffserv Choudhury et. al. [Page 12] Internet Draft Explicit Marking May, 2003 codepoints, onejust below the stability threshold then the CPU/memory congestion lasts forhigher priority OSPF packetsa longer period andanother one for lower priority OSPF packets. Withduring thisspecial marking it wouldperiod there may beeasy for OSPF implementers to treat Hello, LSA acknowledgment,considerable amount of retransmissions andother criticaldropped OSPF packets. If Hello packetsat a higherare not given priorityand thereby significantly improve the scalability and stability of networks using OSPF. 6. Summary In this draft we point out thatthen there may also be some link failures due to Choudhury et. al. Best Current Practice [Page 13] Internet Draft Prioritized Treatment September, 2003 missed Hellos. However, thenode processors of a largenetworkmay be subjecteddoes go back to asustained CPU/Memory congestion as a resultstable state eventually. This type ofa largeLSA stormcaused bymay happen rarely in operational networks and they recover from it with sometype of failure/recovery of nodes/links or synchronization among refreshes. There is a certaindifficulty. (3) If the LSA stormsize thresholdis abovewhichthenetworkstability threshold then the CPU/memory congestion mayshow unstable behavior caused by large numberlast indefinitely unless some special procedure for relieving congestion is followed. During this period there are considerable amount ofretransmissions,retransmissions and dropped OSPF packets. If Hello packets are not given priority then there would also be link failures due to missedHello packets and subsequent link recoveries. Using a simulation study we show that theHellos. This type of LSA stormsize causing instabilitymaybe substantially increased by providing prioritized treatment to Hellohappen very rarely in operational networks andLSA Acknowledgment packets. Furthermore, if we prioritizeusually some manual procedure such as taking down adjacencies in heavily congested nodes is needed. (4) If Hello packets are given priority then the network stability threshold increases, i.e., the network can withstand a larger LSA storm. Furthermore, evenwhenif the network operates at or somewhat abovethethis higher stability threshold,linksHellos are still notdeclared down due tomissedHellos. This implies thatand so there are no link failures. So eventhoughif there is congestion in the control planecongestiondue tomany retransmissions, the data plane stays up and no new LSAs are generated (besides the ones in the original storm and the refreshes). Based on the above observations we propose the following: (1) Processincreased retransmissions requiring some special procedures for congestion reduction, the data plane remains unaffected. (5) If both Hello and Acknowledgement packetsat a higherare given prioritycompared to other OSPF packets.then the stability threshold increases even further. Inorder to facilitate this, explicitly markTable 2 we show theHello packets, to differentiate them from other OSPF packets. One way of special marking is to use anetwork stability threshold for the five differentDiffserv codepointcases and forHello packets compared to other OSPF packets. (2) Intheabsence of special marking, or in additionthree different priority scenarios defined earlier. |===========|========================================================| | | Maximum Allowable LSA Storm Size For | | Case |=================|==================|===================| | Number | No Priority toit, use other mechanisms in order not|Priority tomissHellopackets. One example is| Priority totreat any packet received over a link as a surrogate for aHellopacket (an implicit Hello) for the purpose of keeping the link alive. Our simulation study shows that this mechanism is just as effective as explicitly prioritizing| | | Hellopackets. (3) The same type of explicit markingor Ack | Only | andprioritized treatment may be beneficial to other OSPF packets as well. One important example is LSA acknowledgment packet that can reduce retransmissions during periods of congestion. Our simulationAck | |===========|=================|==================|===================| | Case 1 | 150 | 190 | 250 | |___________|_________________|__________________|___________________| | Case 2 | 185 | 215 | 285 | |___________|_________________|__________________|___________________| | Case 3 | 115 | 127 | 170 | |___________|_________________|__________________|___________________| | Case 4 | 320 | 375 | 580 | |___________|_________________|__________________|___________________| | Case 5 | 120 | 175 | 225 | |___________|_________________|__________________|___________________| | Case 6 | 185 | 224 | 285 | |___________|_________________|__________________|___________________| Table 2: Maximum Allowable LSA Storm for a Stable Network Choudhury et. al. Best Current Practice [Page13]14] Internet DraftExplicit Marking May,Prioritized Treatment September, 2003studyWe also considered one more scenario with priority to Hello and Ack and with a truncated binary exponential backoff of the retransmission interval with an upper limit of 40 seconds (for the same LSA, each successive retransmission interval is doubled but not to exceed 40 seconds). The maximum allowed LSA storm size for this scenario significantly exceeded the numbers given in the third column. Appendix B.3. Observations on Simulation Results Table 2 shows thatprioritization of bothin all cases prioritizing Hello packets increases the network stability threshold, and in addition, prioritization of LSA Acknowledgment packetsis considerably more effective than just prioritizing Hello packets. Other examples include (a) Database description (DBD) packet from a slave that is usedincreases the stability threshold even further. The reasons for the above observations are as follows. The main sources of sustained CPU/memory congestion (or positive feedback loop) following anacknowledgement,LSA storm are (1) LSA retransmissions and(b) LSAs carrying intra-area topology change information.(2) links being declared down due to missed Hellos which in turn causes further LSA generation and future recovery of the link causing even more LSA generation. Prioritizing Hello packets avoids and practically eliminates the second source of congestion. Prioritizing Acknowledgements significantly reduces the first source of congestion, i.e., LSA retransmissions. It ispossibleto be noted thatsome implementationsretransmissions can not be completely eliminated due to the following reasons. Firstly, only the explicit Acknowledgments arealready using oneprioritized but duplicate LSAs carrying implicit Acknowledgments are still served at the lower priority. Secondly, LSAs may get greatly delayed ormore ofdropped at theabove mechanismsinput queue of receivers and therefore Acknowledgments may not even get generated inorderwhich case prioritizing Acks would not help. Another factor tomisskeep in mind is that since Hellos and Acks are prioritized, theprocessing of critical packets during periods of congestion.LSAs see bigger delay and potential for dropping. However,we suggest the above mechanisms to be included as part ofthestandard sosimulation results show thatall implementations can benefit from them. 7. Acknowledgments We would like to acknowledge Jerry Ash, Margaret Chiosi, Elie Francis, Jeff Han, Beth Munson, Roshan Rao, Moshe Segal, Mike Wardlow,on the whole prioritizing Hello andPat Wirth for collaborationLSA Acks are always beneficial andencouragementsignificantly improve the network stability threshold. As stated inour scalability improvement efforts for Link-State-Protocol based networks. 8. References [Ref1] Pappalardo, D., "AT&T, customers grapple with ATM net outage," Network World, February 26, 2001. [Ref2] "AT&T announces causeSection B.2, exponenetial backoff offrame-relayLSA retransmission interval further increases the networkoutage," AT&T Press Release, April 22, 1998. [Ref3] Cholewka, K., "MCI Outage Has Domino Effect," Inter@ctive Week, August 20, 1999. [Ref4] Jander, M., "In Qwest Outage, ATM Takes Some Heat," Light Reading, April 6, 2001. [Ref5] C. Alaettinoglu, V. Jacobson and H. Yu, "Towards Milli- second IGP Convergence," Work in Progress. [Ref6] A. Zinin and M. Shand, "Flooding Optimizations in Link-State Routing Protocols," Workstability threshold. Our simulation study also showed that inProgress. [Ref7] J. Moy, "Floodingeach of the cases, instead of prioritizing Hello packets if we treat any packet received overParallel Point-to-Point Links," Work in progress. [Ref8] P. Pillay-Esnault, "OSPF Refresha link as a surrogate for a Hello packet (an implicit Hello) then we get about the same stability threshold as obtained with prioritizing Hello packets. Appendix C. Other Proposals (1) Explicit Marking: In Section 2 we proposed that OSPF packets be classified to "high" andflooding reduction in"low" priority classes based on examining the OSPF packet header. In some cases (particularly Choudhury et. al. Best Current Practice [Page14]15] Internet DraftExplicit Marking May,Prioritized Treatment September, 2003stable topologies," Workinprogress. [Ref9] G. Choudhury, V. Manral, "LSA Flooding Optimization Algorithmsthe receiver) this examination may be computationally costly. An alternative would be the use of different TOS (DSCP) bits marking for high andTheir Simulation Study," Work in progress. [Ref10] J. Ash, G. Choudhury, V. Sapozhnikova, M. Sherif, A. Maunder, V. Manral, "Congestion Avoidance & Controllow priority OSPF packets respectively. The exact specification of this marking is for further study. (2) Other High Priority OSPFNetworks", WorkPackets: Besides the packets designated as high priority inProgress. [Ref11] B. M. Waxman, "RoutingSection 2 there may be other packets with a need for high priority designation. One example is the Database Description (DBD) packet from a slave (during the database synchronization process) that is used as an acknowledgement. A second example is an LSA carrying intra-area topology change information (this may trigger SPF calculation and rerouting ofMultipoint Connections," IEEE Journal on Selected Areas in Communications, 6(9):1617-1622, 1988. 9. Authors' Addresses Gagan L. Choudhury AT&T Room D5-3C21 200 Laurel Avenue Middletown, NJ, 07748 USA Phone: (732)420-3721 email: gchoudhury@att.com Vera D. Sapozhnikova AT&T Room C5-2C29 200 Laurel Avenue Middletown, NJ, 07748 USA Phone: (732)420-2653 email: sapozhnikova@att.com Anurag S. Maunder Sanera Systems 370 San Aleso Ave. Second Floor Sunnyvale, CA 94085 Phone: (408)734-6123 email: amaunder@sanera.net Vishwas Manral NetPlane 189, Prashasan Nagar, Road Number 72 Jubilee Hills, Hyderabad India email: Vishwasm@netplane.comLabel Switched paths and so fast processing of this packet may improve OSPF/LDP convergence times). Choudhury et. al. Best Current Practice [Page15]16] ----