3 june 2005 1 paris seminar modelling and analysis of tcp’s connection management procedures...

3 June 2005

1Paris Seminar

Modelling and Analysis of TCP’s Connection Management Procedures

Modelling and Analysis of TCP’s Connection Management Procedures

Jonathan Billington and Bing Han Computer Systems Engineering Centre

University of South Australia

3 June 2005 Paris Seminar 2

Motivation

Finding design flaws of complex protocols such as TCP is an important and difficult research problem.

Design flaws: – Specification rather than implementation– Including: deadlocks, livelocks, sequence inconsistency, dead

code, and so on … Important problem

– TCP provides a reliable data transfer service to many Internet applications.

– TCP is used as the basis of new protocols, e.g. DCCP Difficult problem

– TCP is a complex protocol.– The operation of TCP was originally specified in RFC 793

using narrative descriptions, message sequence diagrams, a FSM diagram and pseudo code.


Outline

Research Scope – TCP Connection Management– Desired properties:

• Termination• Absence of deadlocks

Approach– Modelling approach– Analysis approach

Analysis Results


TCP and its Environment

Two peer TCP entities communicate over the Internet Protocol (IP) as well as interacting with their application processes.


TCP Segment Format


Normal Connection Establishment


Simultaneous Connection Establishment


Normal Connection Release (Graceful Close)


Simultaneous Connection Release


TCP State Variables

SND_NXT (send next)– Stores the sequence number of the next segment to be sent.

RCV_NXT (receive next)– Stores the sequence number of the next segment to be

received. SND_UNA (send unacknowledged)

– Records the sequence number of the earliest segment that has been sent but has yet to be acknowledged.

ISS (initial send sequence number)– The first sequence number sent in a connection.


Our Approach

Model TCP Connection Management using CPNs

Define desired properties using ML

Configure the CPN model

Generate the state spaces

Automatically check the terminal states using ML


Top Level Page: TCP Overview


Level 1 Level 1 Level

2 Level 2 Level

3 Level 3 Level

4 Level 4

1. Overview

2. Event Processing

3. User Commands Segment Processing Retransmissions

4. Command Pages State Pages

Model Statistics

Hierarchical Levels: 4

CPN Pages: 19

Places: 6

Substitution

transitions: 19

Executable

transitions: 97


Desired Properties (Termination)

Successful

Abort

Successful

Abort

Successful

Release

Successful

Release

Successful

Establishment

Successful

Establishment

Proper

Establishment

Proper

Establishment


Desired Terminal State for Establishment

)))1_(((

)))2_((()))2_(((

)))2_(((

)))1_((()))1_(((

)))2_(((

)))1_(((

)1_2(

)2_1(

TCBMfRcvNxt

TCBMfSndUnaTCBMfSndNxt

TCBMfRcvNxt

TCBMfSndUnaTCBMfSndNxt

ESTTCBMfState

ESTTCBMfState

emptyHHM

emptyHHM

dtc

dtcdtc

dtc

dtcdtc

dtc

dtc

dt

dt

Successful Establishment

Proper Establishment


Acceptable Terminal State for Establishment

)),0,0,0,0(,`(1)2_(

)),,0,0,0(,`(1)2_(

)),0,0,0,0(,`(1)1_(

)1_2(

)2_1(

clsCLOSEDTCBM

or

lisISSLISTENTCBM

clsCLOSEDTCBM

emptyHHM

emptyHHM

at

at

at

at

at


CPN Model Configurations – Some Examples

1À_Open1)(User_M0 1`P_Open)2(User_M0

cls),(0,0,0,10)1`(CLOSED,1)(TCB_M0 cls)0),2(0,0,0,1`(CLOSED,)2(TCB_M0

Configuration

Initial Marking

A C_S

Opening

DC_S

Opening& Closing

ESim.

Opening& Closing

`Close11À_Open1)(User_M0

`Close11À_Open1)(User_M0 `Close11`P_Open)2(User_M0

`Close11À_Open)2(User_M0

cls)0),2(0,0,0,1`(CLOSED,)2(TCB_M0

cls),(0,0,0,10)1`(CLOSED,1)(TCB_M0

cls),(0,0,0,10)1`(CLOSED,1)(TCB_M0

cls)0),2(0,0,0,1`(CLOSED,)2(TCB_M0


Analysis Results of Model 1: No Loss, No Retrans

Reordering channel with no loss

No retransmission Run on a machine

with 2.6GHz Pentium CPU and 1GB RAM.

Config

Time |V| |A| TMs DLs

ABCDEFGHIJK

00003011001

1142572252850513553567973742

1260924558260918707921411291896

221363413234

00012000000


Initial Marking

1User_1: 1`A_Open++1`CloseUser_2: 1`P_Open++1`CloseH1_H2: emptyH2_H1: emptyTCB 1: 1`{CLOSED,{RCV_NXT=0,SND_NXT=0,SND_UNA=0,ISS=10},cls}TCB 2: 1`{CLOSED,{RCV_NXT=0,SND_NXT=0,SND_UNA=0,ISS=20},cls}


Dead Marking

95User_1: emptyUser_2: emptyH1_H2: emptyH2_H1: emptyTCB 1: 1`{FIN_W2,{RCV_NXT=21,SND_NXT=12,SND_UNA=12,ISS=10},cls}TCB 2: 1`{CLOSING,{RCV_NXT=12,SND_NXT=22,SND_UNA=21,ISS=20},lis}


A Reachability Graph Path to the Deadlock of Config.D


Connection Release Fails


Analysis Results of Model 2 (Configuration D)

Config D

hh:mm:ss

|V| |A| TMs DLs

(0,0,0,1)

(0,1,0,0)

(1,0,0,0)

(0,1,0,1)

(0,0,1,0)

(1,1,0,0)

(1,0,0,1)

(0,0,1,1)

(0,1,1,0)

(1,1,0,1)

(1,0,1,0)

(0,1,1,1)

(1,0,1,1)

00:00:0100:00:0100:00:0200:00:1100:00:1500:00:1500:00:1600:00:2800:04:2600:05:0700:07:1600:14:3400:48:35

130913621810874310156103811048116612648716538177940104046126098

3899349848103112234825330563807159184258399273981317337426872530381

57611111610152424243232

1222042004000

Reordering channel with no loss

Retransmissions Run on a

machine with 2.6GHz Pentium CPU and 1GB RAM.


Analysis Results of Model 2 (Configuration E)

Config E hh:mm:ss |V| |A| TMs DLs(0,0,0,1)(0,1,0,0)(1,0,0,0)(0,0,1,0)(0,1,0,1)

00:00:4800:06:2600:22:5000:25:2509:10:37

193544529398627122654328023

751581639843926105165301524604

821241229

28808


Conclusions

Over a reordering channel without loss, TCP terminates correctly in the following scenarios:– Client-server connection establishment– Simultaneous connection establishment – Orderly release after the connection is established– Aborting of connections

However, TCP can deadlock when the user releases the connection before it is established, i.e., while the TCP entity is in SYN_RCVD.

Retransmissions of the FIN in state FIN_WAIT_1 or CLOSING removes these deadlocks.


Configuration: 1`A_Open++1`Close and 1`P_Open

Nodes:28

Arcs: 37

DMs:

4


Configuration: 1`A_Open and 1`P_Open++1`Close

Nodes:25

Arcs: 33

DMs:

3

3 june 2005 1 paris seminar modelling and analysis of tcp’s connection management procedures...

Documents