Upload
weylin
View
18
Download
0
Embed Size (px)
DESCRIPTION
Modelling and Analysis of TCP’s Connection Management Procedures. Jonathan Billington and Bing Han Computer Systems Engineering Centre University of South Australia. Motivation. Finding design flaws of complex protocols such as TCP is an important and difficult research problem. - PowerPoint PPT Presentation
Citation preview
3 June 2005
1Paris Seminar
Modelling and Analysis of TCP’s Connection Management Procedures
Modelling and Analysis of TCP’s Connection Management Procedures
Jonathan Billington and Bing Han Computer Systems Engineering Centre
University of South Australia
3 June 2005 Paris Seminar 2
Motivation
Finding design flaws of complex protocols such as TCP is an important and difficult research problem.
Design flaws: – Specification rather than implementation– Including: deadlocks, livelocks, sequence inconsistency, dead
code, and so on … Important problem
– TCP provides a reliable data transfer service to many Internet applications.
– TCP is used as the basis of new protocols, e.g. DCCP Difficult problem
– TCP is a complex protocol.– The operation of TCP was originally specified in RFC 793
using narrative descriptions, message sequence diagrams, a FSM diagram and pseudo code.
3 June 2005 Paris Seminar 3
Outline
Research Scope – TCP Connection Management– Desired properties:
• Termination• Absence of deadlocks
Approach– Modelling approach– Analysis approach
Analysis Results
3 June 2005 Paris Seminar 4
TCP and its Environment
Two peer TCP entities communicate over the Internet Protocol (IP) as well as interacting with their application processes.
3 June 2005 Paris Seminar 5
TCP Segment Format
3 June 2005 Paris Seminar 6
Normal Connection Establishment
3 June 2005 Paris Seminar 7
Simultaneous Connection Establishment
3 June 2005 Paris Seminar 8
Normal Connection Release (Graceful Close)
3 June 2005 Paris Seminar 9
Simultaneous Connection Release
3 June 2005 Paris Seminar 10
TCP State Variables
SND_NXT (send next)– Stores the sequence number of the next segment to be sent.
RCV_NXT (receive next)– Stores the sequence number of the next segment to be
received. SND_UNA (send unacknowledged)
– Records the sequence number of the earliest segment that has been sent but has yet to be acknowledged.
ISS (initial send sequence number)– The first sequence number sent in a connection.
3 June 2005 Paris Seminar 11
Our Approach
Model TCP Connection Management using CPNs
Define desired properties using ML
Configure the CPN model
Generate the state spaces
Automatically check the terminal states using ML
3 June 2005 Paris Seminar 12
Top Level Page: TCP Overview
3 June 2005 Paris Seminar 13
Level 1 Level 1 Level
2 Level 2 Level
3 Level 3 Level
4 Level 4
1. Overview
2. Event Processing
3. User Commands Segment Processing Retransmissions
4. Command Pages State Pages
Model Statistics
Hierarchical Levels: 4
CPN Pages: 19
Places: 6
Substitution
transitions: 19
Executable
transitions: 97
3 June 2005 Paris Seminar 14
Desired Properties (Termination)
Successful
Abort
Successful
Abort
Successful
Release
Successful
Release
Successful
Establishment
Successful
Establishment
Proper
Establishment
Proper
Establishment
3 June 2005 Paris Seminar 15
Desired Terminal State for Establishment
)))1_(((
)))2_((()))2_(((
)))2_(((
)))1_((()))1_(((
)))2_(((
)))1_(((
)1_2(
)2_1(
TCBMfRcvNxt
TCBMfSndUnaTCBMfSndNxt
TCBMfRcvNxt
TCBMfSndUnaTCBMfSndNxt
ESTTCBMfState
ESTTCBMfState
emptyHHM
emptyHHM
dtc
dtcdtc
dtc
dtcdtc
dtc
dtc
dt
dt
Successful Establishment
Proper Establishment
3 June 2005 Paris Seminar 16
Acceptable Terminal State for Establishment
)),0,0,0,0(,`(1)2_(
)),,0,0,0(,`(1)2_(
)),0,0,0,0(,`(1)1_(
)1_2(
)2_1(
clsCLOSEDTCBM
or
lisISSLISTENTCBM
clsCLOSEDTCBM
emptyHHM
emptyHHM
at
at
at
at
at
3 June 2005 Paris Seminar 17
CPN Model Configurations – Some Examples
1`A_Open1)(User_M0 1`P_Open)2(User_M0
cls),(0,0,0,10)1`(CLOSED,1)(TCB_M0 cls)0),2(0,0,0,1`(CLOSED,)2(TCB_M0
Configuration
Initial Marking
A C_S
Opening
DC_S
Opening& Closing
ESim.
Opening& Closing
`Close11`A_Open1)(User_M0
`Close11`A_Open1)(User_M0 `Close11`P_Open)2(User_M0
`Close11`A_Open)2(User_M0
cls)0),2(0,0,0,1`(CLOSED,)2(TCB_M0
cls),(0,0,0,10)1`(CLOSED,1)(TCB_M0
cls),(0,0,0,10)1`(CLOSED,1)(TCB_M0
cls)0),2(0,0,0,1`(CLOSED,)2(TCB_M0
3 June 2005 Paris Seminar 18
Analysis Results of Model 1: No Loss, No Retrans
Reordering channel with no loss
No retransmission Run on a machine
with 2.6GHz Pentium CPU and 1GB RAM.
Config
Time |V| |A| TMs DLs
ABCDEFGHIJK
00003011001
1142572252850513553567973742
1260924558260918707921411291896
221363413234
00012000000
3 June 2005 Paris Seminar 19
Initial Marking
1User_1: 1`A_Open++1`CloseUser_2: 1`P_Open++1`CloseH1_H2: emptyH2_H1: emptyTCB 1: 1`{CLOSED,{RCV_NXT=0,SND_NXT=0,SND_UNA=0,ISS=10},cls}TCB 2: 1`{CLOSED,{RCV_NXT=0,SND_NXT=0,SND_UNA=0,ISS=20},cls}
3 June 2005 Paris Seminar 20
Dead Marking
95User_1: emptyUser_2: emptyH1_H2: emptyH2_H1: emptyTCB 1: 1`{FIN_W2,{RCV_NXT=21,SND_NXT=12,SND_UNA=12,ISS=10},cls}TCB 2: 1`{CLOSING,{RCV_NXT=12,SND_NXT=22,SND_UNA=21,ISS=20},lis}
3 June 2005 Paris Seminar 21
A Reachability Graph Path to the Deadlock of Config.D
3 June 2005 Paris Seminar 22
Connection Release Fails
3 June 2005 Paris Seminar 23
Analysis Results of Model 2 (Configuration D)
Config D
hh:mm:ss
|V| |A| TMs DLs
(0,0,0,1)
(0,1,0,0)
(1,0,0,0)
(0,1,0,1)
(0,0,1,0)
(1,1,0,0)
(1,0,0,1)
(0,0,1,1)
(0,1,1,0)
(1,1,0,1)
(1,0,1,0)
(0,1,1,1)
(1,0,1,1)
00:00:0100:00:0100:00:0200:00:1100:00:1500:00:1500:00:1600:00:2800:04:2600:05:0700:07:1600:14:3400:48:35
130913621810874310156103811048116612648716538177940104046126098
3899349848103112234825330563807159184258399273981317337426872530381
57611111610152424243232
1222042004000
Reordering channel with no loss
Retransmissions Run on a
machine with 2.6GHz Pentium CPU and 1GB RAM.
3 June 2005 Paris Seminar 24
Analysis Results of Model 2 (Configuration E)
Config E hh:mm:ss |V| |A| TMs DLs(0,0,0,1)(0,1,0,0)(1,0,0,0)(0,0,1,0)(0,1,0,1)
00:00:4800:06:2600:22:5000:25:2509:10:37
193544529398627122654328023
751581639843926105165301524604
821241229
28808
3 June 2005 Paris Seminar 25
Conclusions
Over a reordering channel without loss, TCP terminates correctly in the following scenarios:– Client-server connection establishment– Simultaneous connection establishment – Orderly release after the connection is established– Aborting of connections
However, TCP can deadlock when the user releases the connection before it is established, i.e., while the TCP entity is in SYN_RCVD.
Retransmissions of the FIN in state FIN_WAIT_1 or CLOSING removes these deadlocks.
3 June 2005 Paris Seminar 26
Configuration: 1`A_Open++1`Close and 1`P_Open
Nodes:28
Arcs: 37
DMs:
4
3 June 2005 Paris Seminar 27
Configuration: 1`A_Open and 1`P_Open++1`Close
Nodes:25
Arcs: 33
DMs:
3