1. Sweep-line Analysis of DCCP Connection Management Somsak Vanit-Anunchai Jonathan Billington Guy Edward Gallasch 25 th October 2006

2. CPN'06 - 25/10/2006 Motivation: Protocol Verification As parameter values increase, State Explosion is encountered. A possible solution: Sweep-line exploration. –‘ Sweep ’ through the state space, deleting states on-the-fly. Sweep-line has been applied to industrially relevant protocols: –Wireless Transaction Protocol (WTP) (ICATPN ’ 02) –Internet Open Trading Protocol (IOTP) (CPN ’ 04) –Transmission Control Protocol (TCP) (ICFEM ’ 05) –Datagram Congestion Control Protocol (DCCP) (CPN ’ 05,MASCOTS ’ 06) Sweep-line has extended analysis to scenarios that could not be reached before. However: the reduction in memory is rarely higher than a factor of 10. –A greater reduction in memory is desired !!! To develop an effective progress mapping for the DCCP connection management CPN model. To boldly extend the analysis of the Datagram Congestion Control Protocol to cases where no analysis has gone before! ( With thanks to Star Trek ) Instead of modifying the Sweep-line, we transform the problem that Sweep-line operates on, so that it becomes more efficient. Approach: Goal:

3. CPN'06 - 25/10/2006 The Sweep-line Method (briefly) 0 2 3 5 6 8 4 1 2 3 4 The conceptual “Sweep Line” 1 Progress increases down the page 7

4. CPN'06 - 25/10/2006 About DCCP … DCCP (Request For Comments (RFC) 4340) is designed to overcome the risk of congestion collapse in the Internet caused by User Datagram Protocol (UDP) traffic (delay sensitive applications, e.g. streaming media) In the protocol stack: Many similarities with TCP, e.g. –Connection oriented –Congestion control/avoidance mechanisms But is quite different Internet Protocol (IP) Transmission Control Protocol (TCP) DCCP User Datagram Protocol (UDP) Network Layer Transport Layer

5. CPN'06 - 25/10/2006 CPN Model of DCCP Connection Management A CPN Model of DCCP’s Connection Management procedures was created. It comprises: –4 hierarchical levels –6 places –22 substitution transitions –53 executable transitions –18 functions The model is parameterised with the Maximum Number of Retransmissions for various packets (types of message, sent between protocol entities). Numerous scenarios have been analysed for different sets of application commands (issued by the users of each protocol entity).

6. CPN'06 - 25/10/2006 DCCP-CM CPN model Top-level Page

7. CPN'06 - 25/10/2006 Typical message sequence: Connection Setup OPEN PARTOPEN RESPOND CLOSED LISTEN Request (seq=x) Response (seq=y,ack=x) [active open] REQUEST Ack (seq=x+1,ack=y) OPEN Data (seq=y+1) [passive open] Client: Initial Send Sequence Number = x Server: Initial Send Sequence Number = y

8. CPN'06 - 25/10/2006 “Intuitive” Sources of Progress 1. Values of sequence number variables: a) Greatest Sequence No. Sent (GSS) b) Greatest Sequence No. Received (GSR) c) Greatest Acknowledgement No. Received (GAR) 2. Progression through the Major states: (I)nitial CLOSED (F)inal CLOSED 3. Processing of Application Commands - Command tokens consumed => increasing progress

9. CPN'06 - 25/10/2006 More Subtle Sources of Progress When in the Idle States (CLOSED, LISTEN and TIMEWAIT): 1.When an entity receives a Reset packet, it discards this, thus the total number of packets over both channels decreases by one. - Decreasing no. of packets infers increasing progress 2.When an entity receives a non-Reset packet, it responds with a Reset packet. The total number of packets is the same, but the summation of all sequence and acknowledgement numbers of the packets in both channels increases by one - Increasing summation infers increasing progress But still, the best reduction we can get from Sweep- line is a factor of 10! (and only in some cases)

10. CPN'06 - 25/10/2006 A new perspective on an old idea… We add new variables to the model to record information that will differentiate states: –Purposely inducing state explosion, rather than modelling to reduce explosion as much as possible. As more variables are added to the model: –The model is changed  Augmented model. –Total size of the state space is larger due to explosion. Despite the larger overall state space, the peak number of states stored in memory is smaller: –The ratio of peak/total states decreases by more than the increase in total states due to explosion. The added variables are only used for calculating progress values: –They do not affect protocol behaviour.

11. CPN'06 - 25/10/2006 What about the Initial Sequence Number Received (ISR) by each entity? OPEN PARTOPEN RESPOND CLOSED LISTEN Request (seq=x) Response (seq=y,ack=x) [active open] REQUEST Ack (seq=x+1,ack=y) OPEN Data (seq=y+1) [passive open] (C_ISR=y) (S_ISR=x) “Connection Setup” Message Sequence Revisited

12. CPN'06 - 25/10/2006 2,174 nodes S_ISR =5 1,427 nodes S_ISR =6 No S_ISR Conventional State Space Total nodes = 14,756 11,155 nodes Consider the state space of a Connection Setup AND Connection Release procedure, where both Client and Server Initial Send Sequence Numbers are 5… Includes opening states before ISR is known, and closing states where ISR is ‘forgotten’

13. CPN'06 - 25/10/2006 11,182 nodes S_ISR =5 7,579 nodes S_ISR =6 No S_ISR 60 nodes No S_ISR 60 nodes S_ISR=5 11,182 nodes S_ISR=6 7,579 nodes BUT Peak nodes = 11,939 (a decrease of 19%, down from 14,756) But… when we store S_ISR permanently (once it is known): Introduce a new variable to store S_ISR, even after it is ‘forgotten’ by the server. Total nodes = 18,821 (an increase of 28%, up from 14,756) Construct a progress mapping to sweep in this order: Some states become “duplicated”

14. CPN'06 - 25/10/2006 C_ISR =5 -->6,686 nodes C_ISR =6 -->4,684 nodes S_ISR =5 No C_ISR 560 nodes C_ISR =5 -->7,158 nodes S_ISR =6 No C_ISR 454 nodes 6 5 4 3 2 Sweeping order => 1, 2, 3, 4, 5, 6 - Continue performing a similar procedure within 3,4,6, and so on…. Further division, when we store C_ISR: No S_ISR 60 nodes 1 BUT Peak nodes = 7,158 (a decrease of 51%, down from 14,756) Total nodes = 19,602 (an increase of 33%, up from 14,756)

15. CPN'06 - 25/10/2006 Some Experimental Results – Configuration A: Client user issues Active Open, Server user issues Passive Open. Full Reachability Graph Sweep-line operating on the Augmented model Decreasing trend in space and time

16. CPN'06 - 25/10/2006 Further Comments and Conclusions We have developed a more effective progress mapping for our DCCP Connection Management CPN model. We have proposed a new way of applying Sweep-line to combat the state explosion problem: –Exploding the state space to get greater reduction. –Transforming the problem, not the method. Previously when applying sweep-line to industrially relevant models, the reduction in peak states stored has never been greater than a factor of 10. This new approach has given us a reduction by a factor of 270 (in configurations not shown here). Both time and space performance improve as the size of the original state space increases. New results have been obtained for scenarios that were too large for conventional reachability analysis.

17. CPN'06 - 25/10/2006 Thankyou! Any questions?