Sweep-line Analysis of

DCCP Connection

Management

Somsak Vanit-Anunchai

Jonathan Billington

Guy Edward Gallasch

25th October 2006

CPN'06 - 25/10/2006

Motivation: Protocol Verification• As parameter values increase, State Explosion is encountered.• A possible solution: Sweep-line exploration.

– ‘Sweep’ through the state space, deleting states on-the-fly. • Sweep-line has been applied to industrially relevant protocols:

– Wireless Transaction Protocol (WTP) (ICATPN’02)– Internet Open Trading Protocol (IOTP) (CPN’04)– Transmission Control Protocol (TCP) (ICFEM’05)– Datagram Congestion Control Protocol (DCCP) (CPN’05,MASCOTS’06)

• Sweep-line has extended analysis to scenarios that could not be reached before.

• However: the reduction in memory is rarely higher than a factor of 10.– A greater reduction in memory is desired !!!

• To develop an effective progress mapping for the DCCP connection management CPN model.

• To boldly extend the analysis of the Datagram Congestion Control Protocol to cases where no analysis has gone before! ( With thanks to Star Trek )

• Instead of modifying the Sweep-line, we transform the problem that Sweep-line operates on, so that it becomes more efficient.

Approach:

Goal:

CPN'06 - 25/10/2006

The Sweep-line Method (briefly)

0

2 3

5 6

8

4

1

2

3

4

The conceptual

“Sweep Line”1

Progress increases down the

page

7

CPN'06 - 25/10/2006

About DCCP…

• DCCP (Request For Comments (RFC) 4340) is designed to overcome the risk of congestion collapse in the Internet caused by User Datagram Protocol (UDP) traffic (delay sensitive applications, e.g. streaming media)

• In the protocol stack:

• Many similarities with TCP, e.g. – Connection oriented

– Congestion control/avoidance mechanisms

But is quite different

Internet Protocol (IP)

Transmission Control

Protocol (TCP)

DCCP User Datagram Protocol (UDP)

Network Layer

Transport Layer

CPN'06 - 25/10/2006

CPN Model of DCCP Connection Management

• A CPN Model of DCCP’s Connection Management procedures was created. It comprises:– 4 hierarchical levels

– 6 places

– 22 substitution transitions

– 53 executable transitions

– 18 functions

• The model is parameterised with the Maximum Number of Retransmissions for various packets (types of message, sent between protocol entities).

• Numerous scenarios have been analysed for different sets of application commands (issued by the users of each protocol entity).

CPN'06 - 25/10/2006

DCCP-CM CPN model Top-level Page

CPN'06 - 25/10/2006

Typical message sequence: Connection Setup

OPEN

PARTOPEN

RESPOND

CLOSEDCLOSED

LISTENRequest (seq=x)

Response (seq=y,ack=x)

[active open]

REQUEST

Ack (seq=x+1,ack=y)

OPEN

Data (seq=y+1)

[passive open]

Client: Initial Send Sequence Number = x

Server: Initial Send Sequence Number = y

CPN'06 - 25/10/2006

“Intuitive” Sources of Progress

1. Values of sequence number variables: a) Greatest Sequence No. Sent (GSS)b) Greatest Sequence No. Received (GSR)c) Greatest Acknowledgement No. Received (GAR)

2. Progression through the Major states: (I)nitial

CLOSED

(F)inalCLOSED

3. Processing of Application Commands- Command tokens consumed => increasing progress

CPN'06 - 25/10/2006

More Subtle Sources of Progress

When in the Idle States (CLOSED, LISTEN and TIMEWAIT):

1. When an entity receives a Reset packet, it discards this, thus the total number of packets over both channels decreases by one.

- Decreasing no. of packets infers increasing progress

2. When an entity receives a non-Reset packet, it responds with a Reset packet. The total number of packets is the same, but the summation of all sequence and acknowledgement numbers of the packets in both channels increases by one

- Increasing summation infers increasing progress

But still, the best reduction we can get from Sweep-line is a factor of 10! (and only in some cases)

CPN'06 - 25/10/2006

A new perspective on an old idea…• We add new variables to the model to record

information that will differentiate states:– Purposely inducing state explosion, rather than

modelling to reduce explosion as much as possible.

• As more variables are added to the model:– The model is changed Augmented model.

– Total size of the state space is larger due to explosion.

• Despite the larger overall state space, the peak number of states stored in memory is smaller:– The ratio of peak/total states decreases by more than

the increase in total states due to explosion.

• The added variables are only used for calculating progress values:– They do not affect protocol behaviour.

CPN'06 - 25/10/2006

What about the Initial Sequence Number Received (ISR) by each entity?

OPEN

PARTOPEN

RESPOND

CLOSEDCLOSED

LISTENRequest (seq=x)

Response (seq=y,ack=x)

[active open]

REQUEST

Ack (seq=x+1,ack=y)

OPEN

Data (seq=y+1)

[passive open]

(C_ISR=y)

(S_ISR=x)

“Connection Setup” Message Sequence Revisited

CPN'06 - 25/10/2006

2,174 nodes

S_ISR =5

1,427 nodes

S_ISR =6

No S_ISR

Conventional State Space

Total nodes = 14,756

11,155 nodes

Consider the state space of a Connection Setup AND Connection Release procedure, where both Client and

Server Initial Send Sequence Numbers are 5…

Includes opening states before ISR is known, and closing states where ISR is ‘forgotten’

CPN'06 - 25/10/2006

11,182 nodes

S_ISR =5

7,579 nodes

S_ISR =6

No S_ISR 60 nodes

No S_ISR 60 nodes

S_ISR=511,182 nodes

S_ISR=67,579 nodes

BUT Peak nodes = 11,939 (a decrease of 19%, down from 14,756)

But… when we store S_ISR permanently (once it is known):Introduce a new variable to store S_ISR, even after it is ‘forgotten’ by the server.

Total nodes = 18,821(an increase of 28%, up from 14,756)

Construct a progress mapping to sweep in this order:

Some states become

“duplicated”

CPN'06 - 25/10/2006

C_ISR =5 -->6,686 nodes

C_ISR =6 -->4,684 nodes

S_ISR =5

No C_ISR 560 nodes

C_ISR =5 -->7,158 nodes

S_ISR =6 No C_ISR 454 nodes 6

5

4

32

Sweeping order => 1, 2, 3, 4, 5, 6

- Continue performing a similar procedure within 3,4,6, and so on….

Further division, when we store C_ISR:

No S_ISR 60 nodes

1

BUT Peak nodes = 7,158 (a decrease of 51%, down from 14,756)

Total nodes = 19,602(an increase of 33%, up from 14,756)

CPN'06 - 25/10/2006

Some Experimental Results– Configuration A: Client user issues Active Open, Server user issues Passive Open.

Full Reachability

Graph

Sweep-line operating on the

Augmented modelDecreasing trend in space

and time

CPN'06 - 25/10/2006

Further Comments and Conclusions

• We have developed a more effective progress mapping for our DCCP Connection Management CPN model.

• We have proposed a new way of applying Sweep-line to combat the state explosion problem:– Exploding the state space to get greater reduction.

– Transforming the problem, not the method.

• Previously when applying sweep-line to industrially relevant models, the reduction in peak states stored has never been greater than a factor of 10.

• This new approach has given us a reduction by a factor of 270 (in configurations not shown here).

• Both time and space performance improve as the size of the original state space increases.

• New results have been obtained for scenarios that were too large for conventional reachability analysis.

CPN'06 - 25/10/2006

Thankyou!

Any questions?