Modeling And Solving Deficiencies Of TCP Congestion Control Mechanism

The congestion control mechanism of Transmission Control Protocol(TCP)aims at controlling serious congestion while fully utilizing bandwidth resources in network.However,recent researches show that TCP congestion control has several design deficiencies that severely degrade network's communication performance.Through building mathematical models,this paper comprehensively analyzes the deficiencies of TCP congestion control in three representative network scenarios including low rate denial of service attack,“many-to-one” data transmission in datacenter networks,and high-bandwidth-delay product networks,and then solves these deficiencies in practical methods.Specifically,this paper has the following major contributions and innovations:First,in terms of TCP throughput,this paper models and analyzes the deficiencies of TCP congestion control in low-rate denial of service attack(LDoS)scenarios to reveal TCP's deficiencies in retransmission timeout and slow start algorithms.Moreover,to show the harmfulness of these deficiencies,this paper designs a new LDoS attack strategy that is more effective than the existing ones.At last,this paper proposes an LDoS defense system to solve these deficiencies.LDoS is a representative type of Denial of Service attack(DoS),which is one of the major threatens to the Internet.By periodically forcing TCP enter retransmission timeout,LDoS can severely throttle TCP throughput with low average attack rate(compared to traditional flood Do S).This paper models the impact of network environment and attack configuration on TCP throughput to study TCP's deficiencies under LDoS attack.The model innovatively reveals a security loophole of slow start(exponentially expands congestion window),i.e.,TCP has a large congestion window when slow start ends,but it has low average throughput during slow start.Therefore,by launching attack pulses after slow starts,attacker can cause serious network congestion and trigger TCP timeout with a small amount of attack packets.Enlightened by this fact,this paper designs an attack strategy that outperforms the existing LDoS strategies with lower attack rate and higher efficiency.In addition,the TCP throughput model indicates that LDoS attack rate is an increasing function of bottleneck link's buffer size.Hence,this paper proposes an LDoS defense scheme to remedy TCP's security deficiencies by dynamically adjusting link buffer size while under LDoS attack.In this way,attacker must increase attack rate and cannot optimize attack settings via predicting the ending time of timeout and slow start.Simulation results demonstrate that this defense scheme can TCP throughput under LDoS by more than 260%.Second,in terms of TCP Incast rate,this paper models and analyzes the deficiencies of TCP retransmission timeout algorithm for “many-to-one” communication scenarios in datacenter networks to uncover the conditions on which Incast rate is minimal.Furthermore,this paper proposes an Incast control scheme named AAIC to remedy the above deficiencies of TCP timeout algorithm.In “many-to-one” communication scenarios,many servers concurrently transmit data to one receiver application via TCP connections.As the number of concurrent servers grows,TCP connections will encounter more timeouts,and hence their overall throughput will decrease to below 10% of the ideal throughput.This phenomenon of TCP throughput collapse is so-called “TCP Incast”.This paper proposes an Incast rate model to quantitatively describe the impact of TCP connection variables and datacenter network settings on Incast rate,and reveals an deficiency of TCP retransmission timeout in datacenter “many-to-one” scenarios,i.e.,the Incast rate increases with the growth of TCP timeout rate,whereas the latter increases with the deviation of the concurrent TCP connections' sending windows and the number of concurrent TCP connections.To remedy this deficiency,this paper proposes an Incast control scheme named AAIC,which is based on an innovative “sliding connection window” mechanism.AAIC regulates the deviation of concurrent connections' sending windows through configuring TCP advertised window field at the receiver-side application,and it adaptively adjust sliding connection window to determine the reasonable number of concurrent connections.Simulation results show that AAIC is able to prevent Incast and maintain high TCP throughput even in highly dynamic network environments(with multiple bottleneck links and background flows).Third,in terms of communication performance including link utilization,fairness,and stability,this paper reviews the analytical models of the deficiencies of TCP congestion avoidance algorithm in high-bandwidth-delay-product networks,and reveals the poor communication performance brought by TCP's use of packet loss as congestion indicator.Moreover,this paper designs a congestion control protocol named ECDN-ACC that has better communication performance to improve the deficiencies of TCP congestion avoidance.The explosive development of communication technology greatly increases the range of network bandwidth and delay,resulting in high-bandwidth-delay-product(high BDP)networks.In such network environments,TCP congestion avoidance severely degrades network's communication performance.Congestion avoidance deduces the binary state of network congestion(congested or not)based on packet loss(lost or not),thus it makes congestion window adjustments that are too coarse-grained to adapt to complex and dynamic congestion states in high-BDP networks.To solve this problem fundamentally,network must provide data sender with explicit and accurate feedbacks about congestion degree,so that sender can adapt congestion window to congestion states in a fine-grained way.Following this idea,this paper designs a congestion control protocol based on explicit and accurate feedback of congestion degree,named ECDN-ACC.This new protocol exploits the randomness of the IP identifier field in the IP header to encode congestion degree into the ECN field,and then precisely and adaptively adjust sender's congestion window according to congestion degree feedbacks.This paper proves the feedback accuracy of ECDN-ACC in terms of statistics,and proves the stability of ECDN-ACC's window adjustment algorithm in terms of control theory.Simulation results indicate that,compare to the existing congestion control protocols,ECDN-ACC is able to achieve higher link utilization,lower queue length,and smaller average flow completion time,while maintaining reasonable fairness among flows with different delays.This paper studies and remedies the deficiencies of TCP congestion control through analytical models.These theoretical results are helpful for improving TCP's performance in terms of security,link utilization,and fairness,which provides scientific guidelines for the evolution of current network as well as the design of next-generation Internet.