GENWiki

Premier IT Outsourcing and Support Services within the UK

User Tools

Site Tools


rfc:rfc8337

Internet Engineering Task Force (IETF) M. Mathis Request for Comments: 8337 Google, Inc Category: Experimental A. Morton ISSN: 2070-1721 AT&T Labs

                                                            March 2018
          Model-Based Metrics for Bulk Transport Capacity

Abstract

 This document introduces a new class of Model-Based Metrics designed
 to assess if a complete Internet path can be expected to meet a
 predefined Target Transport Performance by applying a suite of IP
 diagnostic tests to successive subpaths.  The subpath-at-a-time tests
 can be robustly applied to critical infrastructure, such as network
 interconnections or even individual devices, to accurately detect if
 any part of the infrastructure will prevent paths traversing it from
 meeting the Target Transport Performance.
 Model-Based Metrics rely on mathematical models to specify a Targeted
 IP Diagnostic Suite, a set of IP diagnostic tests designed to assess
 whether common transport protocols can be expected to meet a
 predetermined Target Transport Performance over an Internet path.
 For Bulk Transport Capacity, the IP diagnostics are built using test
 streams and statistical criteria for evaluating the packet transfer
 that mimic TCP over the complete path.  The temporal structure of the
 test stream (e.g., bursts) mimics TCP or other transport protocols
 carrying bulk data over a long path.  However, they are constructed
 to be independent of the details of the subpath under test, end
 systems, or applications.  Likewise, the success criteria evaluates
 the packet transfer statistics of the subpath against criteria
 determined by protocol performance models applied to the Target
 Transport Performance of the complete path.  The success criteria
 also does not depend on the details of the subpath, end systems, or
 applications.

Mathis & Morton Experimental [Page 1] RFC 8337 Model-Based Metrics March 2018

Status of This Memo

 This document is not an Internet Standards Track specification; it is
 published for examination, experimental implementation, and
 evaluation.
 This document defines an Experimental Protocol for the Internet
 community.  This document is a product of the Internet Engineering
 Task Force (IETF).  It represents the consensus of the IETF
 community.  It has received public review and has been approved for
 publication by the Internet Engineering Steering Group (IESG).  Not
 all documents approved by the IESG are candidates for any level of
 Internet Standard; see Section 2 of RFC 7841.
 Information about the current status of this document, any errata,
 and how to provide feedback on it may be obtained at
 https://www.rfc-editor.org/info/rfc8337.

Copyright Notice

 Copyright (c) 2018 IETF Trust and the persons identified as the
 document authors.  All rights reserved.
 This document is subject to BCP 78 and the IETF Trust's Legal
 Provisions Relating to IETF Documents
 (https://trustee.ietf.org/license-info) in effect on the date of
 publication of this document.  Please review these documents
 carefully, as they describe your rights and restrictions with respect
 to this document.  Code Components extracted from this document must
 include Simplified BSD License text as described in Section 4.e of
 the Trust Legal Provisions and are provided without warranty as
 described in the Simplified BSD License.

Mathis & Morton Experimental [Page 2] RFC 8337 Model-Based Metrics March 2018

Table of Contents

 1. Introduction ....................................................4
 2. Overview ........................................................5
 3. Terminology .....................................................8
    3.1. General Terminology ........................................8
    3.2. Terminology about Paths ...................................10
    3.3. Properties ................................................11
    3.4. Basic Parameters ..........................................12
    3.5. Ancillary Parameters ......................................13
    3.6. Temporal Patterns for Test Streams ........................14
    3.7. Tests .....................................................15
 4. Background .....................................................16
    4.1. TCP Properties ............................................18
    4.2. Diagnostic Approach .......................................20
    4.3. New Requirements Relative to RFC 2330 .....................21
 5. Common Models and Parameters ...................................22
    5.1. Target End-to-End Parameters ..............................22
    5.2. Common Model Calculations .................................22
    5.3. Parameter Derating ........................................23
    5.4. Test Preconditions ........................................24
 6. Generating Test Streams ........................................24
    6.1. Mimicking Slowstart .......................................25
    6.2. Constant Window Pseudo CBR ................................27
    6.3. Scanned Window Pseudo CBR .................................28
    6.4. Concurrent or Channelized Testing .........................28
 7. Interpreting the Results .......................................29
    7.1. Test Outcomes .............................................29
    7.2. Statistical Criteria for Estimating run_length ............31
    7.3. Reordering Tolerance ......................................33
 8. IP Diagnostic Tests ............................................34
    8.1. Basic Data Rate and Packet Transfer Tests .................34
         8.1.1. Delivery Statistics at Paced Full Data Rate ........35
         8.1.2. Delivery Statistics at Full Data Windowed Rate .....35
         8.1.3. Background Packet Transfer Statistics Tests ........35
    8.2. Standing Queue Tests ......................................36
         8.2.1. Congestion Avoidance ...............................37
         8.2.2. Bufferbloat ........................................37
         8.2.3. Non-excessive Loss .................................38
         8.2.4. Duplex Self-Interference ...........................38
    8.3. Slowstart Tests ...........................................39
         8.3.1. Full Window Slowstart Test .........................39
         8.3.2. Slowstart AQM Test .................................39
    8.4. Sender Rate Burst Tests ...................................40
    8.5. Combined and Implicit Tests ...............................41
         8.5.1. Sustained Full-Rate Bursts Test ....................41
         8.5.2. Passive Measurements ...............................42

Mathis & Morton Experimental [Page 3] RFC 8337 Model-Based Metrics March 2018

 9. Example ........................................................43
    9.1. Observations about Applicability ..........................44
 10. Validation ....................................................45
 11. Security Considerations .......................................46
 12. IANA Considerations ...........................................47
 13. Informative References ........................................47
 Appendix A.  Model Derivations ....................................52
   A.1.  Queueless Reno ............................................52
 Appendix B.  The Effects of ACK Scheduling ........................53
 Acknowledgments ...................................................55
 Authors' Addresses ................................................55

1. Introduction

 Model-Based Metrics (MBM) rely on peer-reviewed mathematical models
 to specify a Targeted IP Diagnostic Suite (TIDS), a set of IP
 diagnostic tests designed to assess whether common transport
 protocols can be expected to meet a predetermined Target Transport
 Performance over an Internet path.  This document describes the
 modeling framework to derive the test parameters for assessing an
 Internet path's ability to support a predetermined Bulk Transport
 Capacity.
 Each test in TIDS measures some aspect of IP packet transfer needed
 to meet the Target Transport Performance.  For Bulk Transport
 Capacity, the TIDS includes IP diagnostic tests to verify that there
 is sufficient IP capacity (data rate), sufficient queue space at
 bottlenecks to absorb and deliver typical transport bursts, low
 enough background packet loss ratio to not interfere with congestion
 control, and other properties described below.  Unlike typical IP
 Performance Metrics (IPPM) that yield measures of network properties,
 Model-Based Metrics nominally yield pass/fail evaluations of the
 ability of standard transport protocols to meet the specific
 performance objective over some network path.
 In most cases, the IP diagnostic tests can be implemented by
 combining existing IPPM metrics with additional controls for
 generating test streams having a specified temporal structure (bursts
 or standing queues caused by constant bit rate streams, etc.) and
 statistical criteria for evaluating packet transfer.  The temporal
 structure of the test streams mimics transport protocol behavior over
 the complete path; the statistical criteria models the transport
 protocol's response to less-than-ideal IP packet transfer.  In
 control theory terms, the tests are "open loop".  Note that running a
 test requires the coordinated activity of sending and receiving
 measurement points.

Mathis & Morton Experimental [Page 4] RFC 8337 Model-Based Metrics March 2018

 This document addresses Bulk Transport Capacity.  It describes an
 alternative to the approach presented in "A Framework for Defining
 Empirical Bulk Transfer Capacity Metrics" [RFC3148].  Other Model-
 Based Metrics may cover other applications and transports, such as
 Voice over IP (VoIP) over UDP, RTP, and new transport protocols.
 This document assumes a traditional Reno TCP-style, self-clocked,
 window-controlled transport protocol that uses packet loss and
 Explicit Congestion Notification (ECN) Congestion Experienced (CE)
 marks for congestion feedback.  There are currently some experimental
 protocols and congestion control algorithms that are rate based or
 otherwise fall outside of these assumptions.  In the future, these
 new protocols and algorithms may call for revised models.
 The MBM approach, i.e., mapping Target Transport Performance to a
 Targeted IP Diagnostic Suite (TIDS) of IP tests, solves some
 intrinsic problems with using TCP or other throughput-maximizing
 protocols for measurement.  In particular, all throughput-maximizing
 protocols (especially TCP congestion control) cause some level of
 congestion in order to detect when they have reached the available
 capacity limitation of the network.  This self-inflicted congestion
 obscures the network properties of interest and introduces non-linear
 dynamic equilibrium behaviors that make any resulting measurements
 useless as metrics because they have no predictive value for
 conditions or paths different from that of the measurement itself.
 In order to prevent these effects, it is necessary to avoid the
 effects of TCP congestion control in the measurement method.  These
 issues are discussed at length in Section 4.  Readers who are
 unfamiliar with basic properties of TCP and TCP-like congestion
 control may find it easier to start at Section 4 or 4.1.
 A Targeted IP Diagnostic Suite does not have such difficulties.  IP
 diagnostics can be constructed such that they make strong statistical
 statements about path properties that are independent of measurement
 details, such as vantage and choice of measurement points.

2. Overview

 This document describes a modeling framework for deriving a Targeted
 IP Diagnostic Suite from a predetermined Target Transport
 Performance.  It is not a complete specification and relies on other
 standards documents to define important details such as packet type-P
 selection, sampling techniques, vantage selection, etc.  Fully
 Specified Targeted IP Diagnostic Suites (FSTIDSs) define all of these
 details.  A Targeted IP Diagnostic Suite (TIDS) refers to the subset
 of such a specification that is in scope for this document.  This
 terminology is further defined in Section 3.

Mathis & Morton Experimental [Page 5] RFC 8337 Model-Based Metrics March 2018

 Section 4 describes some key aspects of TCP behavior and what they
 imply about the requirements for IP packet transfer.  Most of the IP
 diagnostic tests needed to confirm that the path meets these
 properties can be built on existing IPPM metrics, with the addition
 of statistical criteria for evaluating packet transfer and, in a few
 cases, new mechanisms to implement the required temporal structure.
 (One group of tests, the standing queue tests described in
 Section 8.2, don't correspond to existing IPPM metrics, but suitable
 new IPPM metrics can be patterned after the existing definitions.)
 Figure 1 shows the MBM modeling and measurement framework.  The
 Target Transport Performance at the top of the figure is determined
 by the needs of the user or application, which are outside the scope
 of this document.  For Bulk Transport Capacity, the main performance
 parameter of interest is the Target Data Rate.  However, since TCP's
 ability to compensate for less-than-ideal network conditions is
 fundamentally affected by the Round-Trip Time (RTT) and the Maximum
 Transmission Unit (MTU) of the complete path, these parameters must
 also be specified in advance based on knowledge about the intended
 application setting.  They may reflect a specific application over a
 real path through the Internet or an idealized application and
 hypothetical path representing a typical user community.  Section 5
 describes the common parameters and models derived from the Target
 Transport Performance.

Mathis & Morton Experimental [Page 6] RFC 8337 Model-Based Metrics March 2018

                    Target Transport Performance
          (Target Data Rate, Target RTT, and Target MTU)
                                 |
                         ________V_________
                         |  mathematical  |
                         |     models     |
                         |                |
                         ------------------
        Traffic parameters |            | Statistical criteria
                           |            |
                    _______V____________V____Targeted IP____
                   |       |   * * *    | Diagnostic Suite  |
              _____|_______V____________V________________   |
            __|____________V____________V______________  |  |
            |           IP diagnostic tests            | |  |
            |              |            |              | |  |
            | _____________V__        __V____________  | |  |
            | |   traffic    |        |   Delivery  |  | |  |
            | |   pattern    |        |  Evaluation |  | |  |
            | |  generation  |        |             |  | |  |
            | -------v--------        ------^--------  | |  |
            |   |    v    test stream via   ^      |   | |--
            |   |  -->======================>--    |   | |
            |   |       subpath under test         |   |-
            ----V----------------------------------V--- |
                | |  |                             | |  |
                V V  V                             V V  V
            fail/inconclusive            pass/fail/inconclusive
        (traffic generation status)           (test result)
                 Figure 1: Overall Modeling Framework
 Mathematical TCP models are used to determine traffic parameters and
 subsequently to design traffic patterns that mimic TCP (which has
 burst characteristics at multiple time scales) or other transport
 protocols delivering bulk data and operating at the Target Data Rate,
 MTU, and RTT over a full range of conditions.  Using the techniques
 described in Section 6, the traffic patterns are generated based on
 the three Target parameters of the complete path (Target Data Rate,
 Target RTT, and Target MTU), independent of the properties of
 individual subpaths.  As much as possible, the test streams are
 generated deterministically (precomputed) to minimize the extent to
 which test methodology, measurement points, measurement vantage, or
 path partitioning affect the details of the measurement traffic.
 Section 7 describes packet transfer statistics and methods to test
 against the statistical criteria provided by the mathematical models.
 Since the statistical criteria typically apply to the complete path

Mathis & Morton Experimental [Page 7] RFC 8337 Model-Based Metrics March 2018

 (a composition of subpaths) [RFC6049], in situ testing requires that
 the end-to-end statistical criteria be apportioned as separate
 criteria for each subpath.  Subpaths that are expected to be
 bottlenecks would then be permitted to contribute a larger fraction
 of the end-to-end packet loss budget.  In compensation, subpaths that
 are not expected to exhibit bottlenecks must be constrained to
 contribute less packet loss.  Thus, the statistical criteria for each
 subpath in each test of a TIDS is an apportioned share of the end-to-
 end statistical criteria for the complete path that was determined by
 the mathematical model.
 Section 8 describes the suite of individual tests needed to verify
 all of the required IP delivery properties.  A subpath passes if and
 only if all of the individual IP diagnostic tests pass.  Any subpath
 that fails any test indicates that some users are likely to fail to
 attain their Target Transport Performance under some conditions.  In
 addition to passing or failing, a test can be deemed inconclusive for
 a number of reasons, including the following: the precomputed traffic
 pattern was not accurately generated, the measurement results were
 not statistically significant, the test failed to meet some required
 test preconditions, etc.  If all tests pass but some are
 inconclusive, then the entire suite is deemed to be inconclusive.
 In Section 9, we present an example TIDS that might be representative
 of High Definition (HD) video and illustrate how Model-Based Metrics
 can be used to address difficult measurement situations, such as
 confirming that inter-carrier exchanges have sufficient performance
 and capacity to deliver HD video between ISPs.
 Since there is some uncertainty in the modeling process, Section 10
 describes a validation procedure to diagnose and minimize false
 positive and false negative results.

3. Terminology

 Terms containing underscores (rather than spaces) appear in equations
 and typically have algorithmic definitions.

3.1. General Terminology

 Target:  A general term for any parameter specified by or derived
    from the user's application or transport performance requirements.
 Target Transport Performance:  Application or transport performance
    target values for the complete path.  For Bulk Transport Capacity
    defined in this document, the Target Transport Performance
    includes the Target Data Rate, Target RTT, and Target MTU as
    described below.

Mathis & Morton Experimental [Page 8] RFC 8337 Model-Based Metrics March 2018

 Target Data Rate:  The specified application data rate required for
    an application's proper operation.  Conventional Bulk Transport
    Capacity (BTC) metrics are focused on the Target Data Rate;
    however, these metrics have little or no predictive value because
    they do not consider the effects of the other two parameters of
    the Target Transport Performance -- the RTT and MTU of the
    complete paths.
 Target RTT (Round-Trip Time):  The specified baseline (minimum) RTT
    of the longest complete path over which the user expects to be
    able to meet the target performance.  TCP and other transport
    protocol's ability to compensate for path problems is generally
    proportional to the number of round trips per second.  The Target
    RTT determines both key parameters of the traffic patterns (e.g.,
    burst sizes) and the thresholds on acceptable IP packet transfer
    statistics.  The Target RTT must be specified considering
    appropriate packets sizes: MTU-sized packets on the forward path
    and ACK-sized packets (typically, header_overhead) on the return
    path.  Note that Target RTT is specified and not measured; MBM
    measurements derived for a given target_RTT will be applicable to
    any path with a smaller RTT.
 Target MTU (Maximum Transmission Unit):  The specified maximum MTU
    supported by the complete path over which the application expects
    to meet the target performance.  In this document, we assume a
    1500-byte MTU unless otherwise specified.  If a subpath has a
    smaller MTU, then it becomes the Target MTU for the complete path,
    and all model calculations and subpath tests must use the same
    smaller MTU.
 Targeted IP Diagnostic Suite (TIDS):  A set of IP diagnostic tests
    designed to determine if an otherwise ideal complete path
    containing the subpath under test can sustain flows at a specific
    target_data_rate using packets with a size of target_MTU when the
    RTT of the complete path is target_RTT.
 Fully Specified Targeted IP Diagnostic Suite (FSTIDS):  A TIDS
    together with additional specifications such as measurement packet
    type ("type-p" [RFC2330]) that are out of scope for this document
    and need to be drawn from other standards documents.
 Bulk Transport Capacity (BTC):  Bulk Transport Capacity metrics
    evaluate an Internet path's ability to carry bulk data, such as
    large files, streaming (non-real-time) video, and, under some
    conditions, web images and other content.  Prior efforts to define
    BTC metrics have been based on [RFC3148], which predates our
    understanding of TCP and the requirements described in Section 4.
    In general, "Bulk Transport" indicates that performance is

Mathis & Morton Experimental [Page 9] RFC 8337 Model-Based Metrics March 2018

    determined by the interplay between the network, cross traffic,
    and congestion control in the transport protocol.  It excludes
    situations where performance is dominated by the RTT alone (e.g.,
    transactions) or bottlenecks elsewhere, such as in the application
    itself.
 IP diagnostic tests:  Measurements or diagnostics to determine if
    packet transfer statistics meet some precomputed target.
 traffic patterns:  The temporal patterns or burstiness of traffic
    generated by applications over transport protocols such as TCP.
    There are several mechanisms that cause bursts at various
    timescales as described in Section 4.1.  Our goal here is to mimic
    the range of common patterns (burst sizes, rates, etc.), without
    tying our applicability to specific applications, implementations,
    or technologies, which are sure to become stale.
 Explicit Congestion Notification (ECN):  See [RFC3168].
 packet transfer statistics:  Raw, detailed, or summary statistics
    about packet transfer properties of the IP layer including packet
    losses, ECN Congestion Experienced (CE) marks, reordering, or any
    other properties that may be germane to transport performance.
 packet loss ratio:  As defined in [RFC7680].
 apportioned:  To divide and allocate, for example, budgeting packet
    loss across multiple subpaths such that the losses will accumulate
    to less than a specified end-to-end loss ratio.  Apportioning
    metrics is essentially the inverse of the process described in
    [RFC5835].
 open loop:  A control theory term used to describe a class of
    techniques where systems that naturally exhibit circular
    dependencies can be analyzed by suppressing some of the
    dependencies, such that the resulting dependency graph is acyclic.

3.2. Terminology about Paths

 See [RFC2330] and [RFC7398] for existing terms and definitions.
 data sender:  Host sending data and receiving ACKs.
 data receiver:  Host receiving data and sending ACKs.
 complete path:  The end-to-end path from the data sender to the data
    receiver.

Mathis & Morton Experimental [Page 10] RFC 8337 Model-Based Metrics March 2018

 subpath:  A portion of the complete path.  Note that there is no
    requirement that subpaths be non-overlapping.  A subpath can be as
    small as a single device, link, or interface.
 measurement point:  Measurement points as described in [RFC7398].
 test path:  A path between two measurement points that includes a
    subpath of the complete path under test.  If the measurement
    points are off path, the test path may include "test leads"
    between the measurement points and the subpath.
 dominant bottleneck:  The bottleneck that generally determines most
    packet transfer statistics for the entire path.  It typically
    determines a flow's self-clock timing, packet loss, and ECN CE
    marking rate, with other potential bottlenecks having less effect
    on the packet transfer statistics.  See Section 4.1 on TCP
    properties.
 front path:  The subpath from the data sender to the dominant
    bottleneck.
 back path:  The subpath from the dominant bottleneck to the receiver.
 return path:  The path taken by the ACKs from the data receiver to
    the data sender.
 cross traffic:  Other, potentially interfering, traffic competing for
    network resources (such as bandwidth and/or queue capacity).

3.3. Properties

 The following properties are determined by the complete path and
 application.  These are described in more detail in Section 5.1.
 Application Data Rate:  General term for the data rate as seen by the
    application above the transport layer in bytes per second.  This
    is the payload data rate and explicitly excludes transport-level
    and lower-level headers (TCP/IP or other protocols),
    retransmissions, and other overhead that is not part of the total
    quantity of data delivered to the application.
 IP rate:  The actual number of IP-layer bytes delivered through a
    subpath, per unit time, including TCP and IP headers, retransmits,
    and other TCP/IP overhead.  This is the same as IP-type-P Link
    Usage in [RFC5136].

Mathis & Morton Experimental [Page 11] RFC 8337 Model-Based Metrics March 2018

 IP capacity:  The maximum number of IP-layer bytes that can be
    transmitted through a subpath, per unit time, including TCP and IP
    headers, retransmits, and other TCP/IP overhead.  This is the same
    as IP-type-P Link Capacity in [RFC5136].
 bottleneck IP capacity:  The IP capacity of the dominant bottleneck
    in the forward path.  All throughput-maximizing protocols estimate
    this capacity by observing the IP rate delivered through the
    bottleneck.  Most protocols derive their self-clocks from the
    timing of this data.  See Section 4.1 and Appendix B for more
    details.
 implied bottleneck IP capacity:  The bottleneck IP capacity implied
    by the ACKs returning from the receiver.  It is determined by
    looking at how much application data the ACK stream at the sender
    reports as delivered to the data receiver per unit time at various
    timescales.  If the return path is thinning, batching, or
    otherwise altering the ACK timing, the implied bottleneck IP
    capacity over short timescales might be substantially larger than
    the bottleneck IP capacity averaged over a full RTT.  Since TCP
    derives its clock from the data delivered through the bottleneck,
    the front path must have sufficient buffering to absorb any data
    bursts at the dimensions (size and IP rate) implied by the ACK
    stream, which are potentially doubled during slowstart.  If the
    return path is not altering the ACK stream, then the implied
    bottleneck IP capacity will be the same as the bottleneck IP
    capacity.  See Section 4.1 and Appendix B for more details.
 sender interface rate:  The IP rate that corresponds to the IP
    capacity of the data sender's interface.  Due to sender efficiency
    algorithms, including technologies such as TCP segmentation
    offload (TSO), nearly all modern servers deliver data in bursts at
    full interface link rate.  Today, 1 or 10 Gb/s are typical.
 header_overhead:  The IP and TCP header sizes, which are the portion
    of each MTU not available for carrying application payload.
    Without loss of generality, this is assumed to be the size for
    returning acknowledgments (ACKs).  For TCP, the Maximum Segment
    Size (MSS) is the Target MTU minus the header_overhead.

3.4. Basic Parameters

 Basic parameters common to models and subpath tests are defined here.
 Formulas for target_window_size and target_run_length appear in
 Section 5.2.  Note that these are mixed between application transport
 performance (excludes headers) and IP performance (includes TCP
 headers and retransmissions as part of the IP payload).

Mathis & Morton Experimental [Page 12] RFC 8337 Model-Based Metrics March 2018

 Network power:  The observed data rate divided by the observed RTT.
    Network power indicates how effectively a transport protocol is
    filling a network.
 Window [size]:  The total quantity of data carried by packets
    in-flight plus the data represented by ACKs circulating in the
    network is referred to as the window.  See Section 4.1.  Sometimes
    used with other qualifiers (congestion window (cwnd) or receiver
    window) to indicate which mechanism is controlling the window.
 pipe size:  A general term for the number of packets needed in flight
    (the window size) to exactly fill a network path or subpath.  It
    corresponds to the window size, which maximizes network power.  It
    is often used with additional qualifiers to specify which path,
    under what conditions, etc.
 target_window_size:  The average number of packets in flight (the
    window size) needed to meet the Target Data Rate for the specified
    Target RTT and Target MTU.  It implies the scale of the bursts
    that the network might experience.
 run length:  A general term for the observed, measured, or specified
    number of packets that are (expected to be) delivered between
    losses or ECN CE marks.  Nominally, it is one over the sum of the
    loss and ECN CE marking probabilities, if they are independently
    and identically distributed.
 target_run_length:  The target_run_length is an estimate of the
    minimum number of non-congestion marked packets needed between
    losses or ECN CE marks necessary to attain the target_data_rate
    over a path with the specified target_RTT and target_MTU, as
    computed by a mathematical model of TCP congestion control.  A
    reference calculation is shown in Section 5.2 and alternatives in
    Appendix A.
 reference target_run_length:  target_run_length computed precisely by
    the method in Section 5.2.  This is likely to be slightly more
    conservative than required by modern TCP implementations.

3.5. Ancillary Parameters

 The following ancillary parameters are used for some tests:
 derating:  Under some conditions, the standard models are too
    conservative.  The modeling framework permits some latitude in
    relaxing or "derating" some test parameters, as described in
    Section 5.3, in exchange for a more stringent TIDS validation

Mathis & Morton Experimental [Page 13] RFC 8337 Model-Based Metrics March 2018

    procedures, described in Section 10.  Models can be derated by
    including a multiplicative derating factor to make tests less
    stringent.
 subpath_IP_capacity:  The IP capacity of a specific subpath.
 test path:  A subpath of a complete path under test.
 test_path_RTT:  The RTT observed between two measurement points using
    packet sizes that are consistent with the transport protocol.
    This is generally MTU-sized packets of the forward path and
    packets with a size of header_overhead on the return path.
 test_path_pipe:  The pipe size of a test path.  Nominally, it is the
    test_path_RTT times the test path IP_capacity.
 test_window:  The smallest window sufficient to meet or exceed the
    target_rate when operating with a pure self-clock over a test
    path.  The test_window is typically calculated as follows (but see
    the discussion in Appendix B about the effects of channel
    scheduling on RTT):
    ceiling(target_data_rate * test_path_RTT / (target_MTU -
    header_overhead))
    On some test paths, the test_window may need to be adjusted
    slightly to compensate for the RTT being inflated by the devices
    that schedule packets.

3.6. Temporal Patterns for Test Streams

 The terminology below is used to define temporal patterns for test
 streams.  These patterns are designed to mimic TCP behavior, as
 described in Section 4.1.
 packet headway:  Time interval between packets, specified from the
    start of one to the start of the next.  For example, if packets
    are sent with a 1 ms headway, there will be exactly 1000 packets
    per second.
 burst headway:  Time interval between bursts, specified from the
    start of the first packet of one burst to the start of the first
    packet of the next burst.  For example, if 4 packet bursts are
    sent with a 1 ms burst headway, there will be exactly 4000 packets
    per second.
 paced single packets:  Individual packets sent at the specified rate
    or packet headway.

Mathis & Morton Experimental [Page 14] RFC 8337 Model-Based Metrics March 2018

 paced bursts:  Bursts on a timer.  Specify any 3 of the following:
    average data rate, packet size, burst size (number of packets),
    and burst headway (burst start to start).  By default, the bursts
    are assumed to occur at full sender interface rate, such that the
    packet headway within each burst is the minimum supported by the
    sender's interface.  Under some conditions, it is useful to
    explicitly specify the packet headway within each burst.
 slowstart rate:  Paced bursts of four packets each at an average data
    rate equal to twice the implied bottleneck IP capacity (but not
    more than the sender interface rate).  This mimics TCP slowstart.
    This is a two-level burst pattern described in more detail in
    Section 6.1.  If the implied bottleneck IP capacity is more than
    half of the sender interface rate, the slowstart rate becomes the
    sender interface rate.
 slowstart burst:  A specified number of packets in a two-level burst
    pattern that resembles slowstart.  This mimics one round of TCP
    slowstart.
 repeated slowstart bursts:  Slowstart bursts repeated once per
    target_RTT.  For TCP, each burst would be twice as large as the
    prior burst, and the sequence would end at the first ECN CE mark
    or lost packet.  For measurement, all slowstart bursts would be
    the same size (nominally, target_window_size but other sizes might
    be specified), and the ECN CE marks and lost packets are counted.

3.7. Tests

 The tests described in this document can be grouped according to
 their applicability.
 Capacity tests:  Capacity tests determine if a network subpath has
    sufficient capacity to deliver the Target Transport Performance.
    As long as the test stream is within the proper envelope for the
    Target Transport Performance, the average packet losses or ECN CE
    marks must be below the statistical criteria computed by the
    model.  As such, capacity tests reflect parameters that can
    transition from passing to failing as a consequence of cross
    traffic, additional presented load, or the actions of other
    network users.  By definition, capacity tests also consume
    significant network resources (data capacity and/or queue buffer
    space), and the test schedules must be balanced by their cost.
 Monitoring tests:  Monitoring tests are designed to capture the most
    important aspects of a capacity test without presenting excessive
    ongoing load themselves.  As such, they may miss some details of

Mathis & Morton Experimental [Page 15] RFC 8337 Model-Based Metrics March 2018

    the network's performance but can serve as a useful reduced-cost
    proxy for a capacity test, for example, to support continuous
    production network monitoring.
 Engineering tests:  Engineering tests evaluate how network algorithms
    (such as Active Queue Management (AQM) and channel allocation)
    interact with TCP-style self-clocked protocols and adaptive
    congestion control based on packet loss and ECN CE marks.  These
    tests are likely to have complicated interactions with cross
    traffic and, under some conditions, can be inversely sensitive to
    load.  For example, a test to verify that an AQM algorithm causes
    ECN CE marks or packet drops early enough to limit queue occupancy
    may experience a false pass result in the presence of cross
    traffic.  It is important that engineering tests be performed
    under a wide range of conditions, including both in situ and bench
    testing, and over a wide variety of load conditions.  Ongoing
    monitoring is less likely to be useful for engineering tests,
    although sparse in situ testing might be appropriate.

4. Background

 When "Framework for IP Performance Metrics" [RFC2330] was published
 in 1998, sound Bulk Transport Capacity (BTC) measurement was known to
 be well beyond our capabilities.  Even when "A Framework for Defining
 Empirical Bulk Transfer Capacity Metrics" [RFC3148] was published, we
 knew that we didn't really understand the problem.  Now, in
 hindsight, we understand why assessing BTC is such a difficult
 problem:
 o  TCP is a control system with circular dependencies -- everything
    affects performance, including components that are explicitly not
    part of the test (for example, the host processing power is not
    in-scope of path performance tests).
 o  Congestion control is a dynamic equilibrium process, similar to
    processes observed in chemistry and other fields.  The network and
    transport protocols find an operating point that balances opposing
    forces: the transport protocol pushing harder (raising the data
    rate and/or window) while the network pushes back (raising packet
    loss ratio, RTT, and/or ECN CE marks).  By design, TCP congestion
    control keeps raising the data rate until the network gives some
    indication that its capacity has been exceeded by dropping packets
    or adding ECN CE marks.  If a TCP sender accurately fills a path
    to its IP capacity (e.g., the bottleneck is 100% utilized), then
    packet losses and ECN CE marks are mostly determined by the TCP
    sender and how aggressively it seeks additional capacity; they are
    not determined by the network itself, because the network must
    send exactly the signals that TCP needs to set its rate.

Mathis & Morton Experimental [Page 16] RFC 8337 Model-Based Metrics March 2018

 o  TCP's ability to compensate for network impairments (such as loss,
    delay, and delay variation, outside of those caused by TCP itself)
    is directly proportional to the number of send-ACK round-trip
    exchanges per second (i.e., inversely proportional to the RTT).
    As a consequence, an impaired subpath may pass a short RTT local
    test even though it fails when the subpath is extended by an
    effectively perfect network to some larger RTT.
 o  TCP has an extreme form of the Observer Effect (colloquially known
    as the "Heisenberg Effect").  Measurement and cross traffic
    interact in unknown and ill-defined ways.  The situation is
    actually worse than the traditional physics problem where you can
    at least estimate bounds on the relative momentum of the
    measurement and measured particles.  In general, for network
    measurement, you cannot determine even the order of magnitude of
    the effect.  It is possible to construct measurement scenarios
    where the measurement traffic starves real user traffic, yielding
    an overly inflated measurement.  The inverse is also possible: the
    user traffic can fill the network, such that the measurement
    traffic detects only minimal available capacity.  In general, you
    cannot determine which scenario might be in effect, so you cannot
    gauge the relative magnitude of the uncertainty introduced by
    interactions with other network traffic.
 o  As a consequence of the properties listed above, it is difficult,
    if not impossible, for two independent implementations (hardware
    or software) of TCP congestion control to produce equivalent
    performance results [RFC6576] under the same network conditions.
 These properties are a consequence of the dynamic equilibrium
 behavior intrinsic to how all throughput-maximizing protocols
 interact with the Internet.  These protocols rely on control systems
 based on estimated network metrics to regulate the quantity of data
 to send into the network.  The packet-sending characteristics in turn
 alter the network properties estimated by the control system metrics,
 such that there are circular dependencies between every transmission
 characteristic and every estimated metric.  Since some of these
 dependencies are nonlinear, the entire system is nonlinear, and any
 change anywhere causes a difficult-to-predict response in network
 metrics.  As a consequence, Bulk Transport Capacity metrics have not
 fulfilled the analytic framework envisioned in [RFC2330].
 Model-Based Metrics overcome these problems by making the measurement
 system open loop: the packet transfer statistics (akin to the network
 estimators) do not affect the traffic or traffic patterns (bursts),
 which are computed on the basis of the Target Transport Performance.
 A path or subpath meeting the Target Transfer Performance

Mathis & Morton Experimental [Page 17] RFC 8337 Model-Based Metrics March 2018

 requirements would exhibit packet transfer statistics and estimated
 metrics that would not cause the control system to slow the traffic
 below the Target Data Rate.

4.1. TCP Properties

 TCP and other self-clocked protocols (e.g., the Stream Control
 Transmission Protocol (SCTP)) carry the vast majority of all Internet
 data.  Their dominant bulk data transport behavior is to have an
 approximately fixed quantity of data and acknowledgments (ACKs)
 circulating in the network.  The data receiver reports arriving data
 by returning ACKs to the data sender, and the data sender typically
 responds by sending approximately the same quantity of data back into
 the network.  The total quantity of data plus the data represented by
 ACKs circulating in the network is referred to as the "window".  The
 mandatory congestion control algorithms incrementally adjust the
 window by sending slightly more or less data in response to each ACK.
 The fundamentally important property of this system is that it is
 self-clocked: the data transmissions are a reflection of the ACKs
 that were delivered by the network, and the ACKs are a reflection of
 the data arriving from the network.
 A number of protocol features cause bursts of data, even in idealized
 networks that can be modeled as simple queuing systems.
 During slowstart, the IP rate is doubled on each RTT by sending twice
 as much data as was delivered to the receiver during the prior RTT.
 Each returning ACK causes the sender to transmit twice the data the
 ACK reported arriving at the receiver.  For slowstart to be able to
 fill the pipe, the network must be able to tolerate slowstart bursts
 up to the full pipe size inflated by the anticipated window reduction
 on the first loss or ECN CE mark.  For example, with classic Reno
 congestion control, an optimal slowstart has to end with a burst that
 is twice the bottleneck rate for one RTT in duration.  This burst
 causes a queue that is equal to the pipe size (i.e., the window is
 twice the pipe size), so when the window is halved in response to the
 first packet loss, the new window will be the pipe size.
 Note that if the bottleneck IP rate is less than half of the capacity
 of the front path (which is almost always the case), the slowstart
 bursts will not by themselves cause significant queues anywhere else
 along the front path; they primarily exercise the queue at the
 dominant bottleneck.
 Several common efficiency algorithms also cause bursts.  The self-
 clock is typically applied to groups of packets: the receiver's
 delayed ACK algorithm generally sends only one ACK per two data
 segments.  Furthermore, modern senders use TCP segmentation offload

Mathis & Morton Experimental [Page 18] RFC 8337 Model-Based Metrics March 2018

 (TSO) to reduce CPU overhead.  The sender's software stack builds
 super-sized TCP segments that the TSO hardware splits into MTU-sized
 segments on the wire.  The net effect of TSO, delayed ACK, and other
 efficiency algorithms is to send bursts of segments at full sender
 interface rate.
 Note that these efficiency algorithms are almost always in effect,
 including during slowstart, such that slowstart typically has a two-
 level burst structure.  Section 6.1 describes slowstart in more
 detail.
 Additional sources of bursts include TCP's initial window [RFC6928],
 application pauses, channel allocation mechanisms, and network
 devices that schedule ACKs.  Appendix B describes these last two
 items.  If the application pauses (e.g., stops reading or writing
 data) for some fraction of an RTT, many TCP implementations catch up
 to their earlier window size by sending a burst of data at the full
 sender interface rate.  To fill a network with a realistic
 application, the network has to be able to tolerate sender interface
 rate bursts large enough to restore the prior window following
 application pauses.
 Although the sender interface rate bursts are typically smaller than
 the last burst of a slowstart, they are at a higher IP rate so they
 potentially exercise queues at arbitrary points along the front path
 from the data sender up to and including the queue at the dominant
 bottleneck.  It is known that these bursts can hurt network
 performance, especially in conjunction with other queue pressure;
 however, we are not aware of any models for estimating the impact or
 prescribing limits on the size or frequency of sender rate bursts.
 In conclusion, to verify that a path can meet a Target Transport
 Performance, it is necessary to independently confirm that the path
 can tolerate bursts at the scales that can be caused by the above
 mechanisms.  Three cases are believed to be sufficient:
 o  Two-level slowstart bursts sufficient to get connections started
    properly.
 o  Ubiquitous sender interface rate bursts caused by efficiency
    algorithms.  We assume four packet bursts to be the most common
    case, since it matches the effects of delayed ACK during
    slowstart.  These bursts should be assumed not to significantly
    affect packet transfer statistics.

Mathis & Morton Experimental [Page 19] RFC 8337 Model-Based Metrics March 2018

 o  Infrequent sender interface rate bursts that are the maximum of
    the full target_window_size and the initial window size (10
    segments in [RFC6928]).  The target_run_length may be derated for
    these large fast bursts.
 If a subpath can meet the required packet loss ratio for bursts at
 all of these scales, then it has sufficient buffering at all
 potential bottlenecks to tolerate any of the bursts that are likely
 introduced by TCP or other transport protocols.

4.2. Diagnostic Approach

 A complete path is expected to be able to attain a specified Bulk
 Transport Capacity if the path's RTT is equal to or smaller than the
 Target RTT, the path's MTU is equal to or larger than the Target MTU,
 and all of the following conditions are met:
 1.  The IP capacity is above the Target Data Rate by a sufficient
     margin to cover all TCP/IP overheads.  This can be confirmed by
     the tests described in Section 8.1 or any number of IP capacity
     tests adapted to implement MBM.
 2.  The observed packet transfer statistics are better than required
     by a suitable TCP performance model (e.g., fewer packet losses or
     ECN CE marks).  See Section 8.1 or any number of low- or fixed-
     rate packet loss tests outside of MBM.
 3.  There is sufficient buffering at the dominant bottleneck to
     absorb a slowstart burst large enough to get the flow out of
     slowstart at a suitable window size.  See Section 8.3.
 4.  There is sufficient buffering in the front path to absorb and
     smooth sender interface rate bursts at all scales that are likely
     to be generated by the application, any channel arbitration in
     the ACK path, or any other mechanisms.  See Section 8.4.
 5.  When there is a slowly rising standing queue at the bottleneck,
     then the onset of packet loss has to be at an appropriate point
     (in time or in queue depth) and has to be progressive, for
     example, by use of Active Queue Management [RFC7567].  See
     Section 8.2.
 6.  When there is a standing queue at a bottleneck for a shared media
     subpath (e.g., a half-duplex link), there must be a suitable
     bound on the interaction between ACKs and data, for example, due
     to the channel arbitration mechanism.  See Section 8.2.4.

Mathis & Morton Experimental [Page 20] RFC 8337 Model-Based Metrics March 2018

 Note that conditions 1 through 4 require capacity tests for
 validation and thus may need to be monitored on an ongoing basis.
 Conditions 5 and 6 require engineering tests, which are best
 performed in controlled environments (e.g., bench tests).  They won't
 generally fail due to load but may fail in the field (e.g., due to
 configuration errors, etc.) and thus should be spot checked.
 A tool that can perform many of the tests is available from
 [MBMSource].

4.3. New Requirements Relative to RFC 2330

 Model-Based Metrics are designed to fulfill some additional
 requirements that were not recognized at the time RFC 2330 [RFC2330]
 was published.  These missing requirements may have significantly
 contributed to policy difficulties in the IP measurement space.  Some
 additional requirements are:
 o  IP metrics must be actionable by the ISP -- they have to be
    interpreted in terms of behaviors or properties at the IP or lower
    layers that an ISP can test, repair, and verify.
 o  Metrics should be spatially composable, such that measures of
    concatenated paths should be predictable from subpaths.
 o  Metrics must be vantage point invariant over a significant range
    of measurement point choices, including off-path measurement
    points.  The only requirements for Measurement Point (MP)
    selection should be that the RTT between the MPs is below some
    reasonable bound and that the effects of the "test leads"
    connecting MPs to the subpath under test can be calibrated out of
    the measurements.  The latter might be accomplished if the test
    leads are effectively ideal or their properties can be deducted
    from the measurements between the MPs.  While many tests require
    that the test leads have at least as much IP capacity as the
    subpath under test, some do not, for example, the Background
    Packet Transfer Statistics Tests described in Section 8.1.3.
 o  Metric measurements should be repeatable by multiple parties with
    no specialized access to MPs or diagnostic infrastructure.  It
    should be possible for different parties to make the same
    measurement and observe the same results.  In particular, it is
    important that both a consumer (or the consumer's delegate) and
    ISP be able to perform the same measurement and get the same
    result.  Note that vantage independence is key to meeting this
    requirement.

Mathis & Morton Experimental [Page 21] RFC 8337 Model-Based Metrics March 2018

5. Common Models and Parameters

5.1. Target End-to-End Parameters

 The target end-to-end parameters are the Target Data Rate, Target
 RTT, and Target MTU as defined in Section 3.  These parameters are
 determined by the needs of the application or the ultimate end user
 and the complete Internet path over which the application is expected
 to operate.  The target parameters are in units that make sense to
 layers above the TCP layer: payload bytes delivered to the
 application.  They exclude overheads associated with TCP and IP
 headers, retransmits and other protocols (e.g., DNS).  Note that
 IP-based network services include TCP headers and retransmissions as
 part of delivered payload; this difference (header_overhead) is
 recognized in calculations below.
 Other end-to-end parameters defined in Section 3 include the
 effective bottleneck data rate, the sender interface data rate, and
 the TCP and IP header sizes.
 The target_data_rate must be smaller than all subpath IP capacities
 by enough headroom to carry the transport protocol overhead,
 explicitly including retransmissions and an allowance for
 fluctuations in TCP's actual data rate.  Specifying a
 target_data_rate with insufficient headroom is likely to result in
 brittle measurements that have little predictive value.
 Note that the target parameters can be specified for a hypothetical
 path (for example, to construct TIDS designed for bench testing in
 the absence of a real application) or for a live in situ test of
 production infrastructure.
 The number of concurrent connections is explicitly not a parameter in
 this model.  If a subpath requires multiple connections in order to
 meet the specified performance, that must be stated explicitly, and
 the procedure described in Section 6.4 applies.

5.2. Common Model Calculations

 The Target Transport Performance is used to derive the
 target_window_size and the reference target_run_length.
 The target_window_size is the average window size in packets needed
 to meet the target_rate, for the specified target_RTT and target_MTU.
 To calculate target_window_size:
 target_window_size = ceiling(target_rate * target_RTT / (target_MTU -
 header_overhead))

Mathis & Morton Experimental [Page 22] RFC 8337 Model-Based Metrics March 2018

 The target_run_length is an estimate of the minimum required number
 of unmarked packets that must be delivered between losses or ECN CE
 marks, as computed by a mathematical model of TCP congestion control.
 The derivation here is parallel to the derivation in [MSMO97] and, by
 design, is quite conservative.
 The reference target_run_length is derived as follows.  Assume the
 subpath_IP_capacity is infinitesimally larger than the
 target_data_rate plus the required header_overhead.  Then,
 target_window_size also predicts the onset of queuing.  A larger
 window will cause a standing queue at the bottleneck.
 Assume the transport protocol is using standard Reno-style Additive
 Increase Multiplicative Decrease (AIMD) congestion control [RFC5681]
 (but not Appropriate Byte Counting [RFC3465]) and the receiver is
 using standard delayed ACKs.  Reno increases the window by one packet
 every pipe size worth of ACKs.  With delayed ACKs, this takes two
 RTTs per increase.  To exactly fill the pipe, the spacing of losses
 must be no closer than when the peak of the AIMD sawtooth reached
 exactly twice the target_window_size.  Otherwise, the multiplicative
 window reduction triggered by the loss would cause the network to be
 underfilled.  Per [MSMO97] the number of packets between losses must
 be the area under the AIMD sawtooth.  They must be no more frequent
 than every 1 in ((3/2)*target_window_size)*(2*target_window_size)
 packets, which simplifies to:
 target_run_length = 3*(target_window_size^2)
 Note that this calculation is very conservative and is based on a
 number of assumptions that may not apply.  Appendix A discusses these
 assumptions and provides some alternative models.  If a different
 model is used, an FSTIDS must document the actual method for
 computing target_run_length and the ratio between alternate
 target_run_length and the reference target_run_length calculated
 above, along with a discussion of the rationale for the underlying
 assumptions.
 Most of the individual parameters for the tests in Section 8 are
 derived from target_window_size and target_run_length.

5.3. Parameter Derating

 Since some aspects of the models are very conservative, the MBM
 framework permits some latitude in derating test parameters.  Rather
 than trying to formalize more complicated models, we permit some test
 parameters to be relaxed as long as they meet some additional
 procedural constraints:

Mathis & Morton Experimental [Page 23] RFC 8337 Model-Based Metrics March 2018

 o  The FSTIDS must document and justify the actual method used to
    compute the derated metric parameters.
 o  The validation procedures described in Section 10 must be used to
    demonstrate the feasibility of meeting the Target Transport
    Performance with infrastructure that just barely passes the
    derated tests.
 o  The validation process for an FSTIDS itself must be documented in
    such a way that other researchers can duplicate the validation
    experiments.
 Except as noted, all tests below assume no derating.  Tests for which
 there is not currently a well-established model for the required
 parameters explicitly include derating as a way to indicate
 flexibility in the parameters.

5.4. Test Preconditions

 Many tests have preconditions that are required to assure their
 validity.  Examples include the presence or non-presence of cross
 traffic on specific subpaths; negotiating ECN; and a test stream
 preamble of appropriate length to achieve stable access to network
 resources in the presence of reactive network elements (as defined in
 Section 1.1 of [RFC7312]).  If preconditions are not properly
 satisfied for some reason, the tests should be considered to be
 inconclusive.  In general, it is useful to preserve diagnostic
 information as to why the preconditions were not met and any test
 data that was collected even if it is not useful for the intended
 test.  Such diagnostic information and partial test data may be
 useful for improving the test or test procedures themselves.
 It is important to preserve the record that a test was scheduled;
 otherwise, precondition enforcement mechanisms can introduce sampling
 bias.  For example, canceling tests due to cross traffic on
 subscriber access links might introduce sampling bias in tests of the
 rest of the network by reducing the number of tests during peak
 network load.
 Test preconditions and failure actions must be specified in an
 FSTIDS.

6. Generating Test Streams

 Many important properties of Model-Based Metrics, such as vantage
 independence, are a consequence of using test streams that have
 temporal structures that mimic TCP or other transport protocols
 running over a complete path.  As described in Section 4.1, self-

Mathis & Morton Experimental [Page 24] RFC 8337 Model-Based Metrics March 2018

 clocked protocols naturally have burst structures related to the RTT
 and pipe size of the complete path.  These bursts naturally get
 larger (contain more packets) as either the Target RTT or Target Data
 Rate get larger or the Target MTU gets smaller.  An implication of
 these relationships is that test streams generated by running self-
 clocked protocols over short subpaths may not adequately exercise the
 queuing at any bottleneck to determine if the subpath can support the
 full Target Transport Performance over the complete path.
 Failing to authentically mimic TCP's temporal structure is part of
 the reason why simple performance tools such as iPerf, netperf, nc,
 etc., have the reputation for yielding false pass results over short
 test paths, even when a subpath has a flaw.
 The definitions in Section 3 are sufficient for most test streams.
 We describe the slowstart and standing queue test streams in more
 detail.
 In conventional measurement practice, stochastic processes are used
 to eliminate many unintended correlations and sample biases.
 However, MBM tests are designed to explicitly mimic temporal
 correlations caused by network or protocol elements themselves.  Some
 portions of these systems, such as traffic arrival (e.g., test
 scheduling), are naturally stochastic.  Other behaviors, such as
 back-to-back packet transmissions, are dominated by implementation-
 specific deterministic effects.  Although these behaviors always
 contain non-deterministic elements and might be modeled
 stochastically, these details typically do not contribute
 significantly to the overall system behavior.  Furthermore, it is
 known that real protocols are subject to failures caused by network
 property estimators suffering from bias due to correlation in their
 own traffic.  For example, TCP's RTT estimator used to determine the
 Retransmit Timeout (RTO), can be fooled by periodic cross traffic or
 start-stop applications.  For these reasons, many details of the test
 streams are specified deterministically.
 It may prove useful to introduce fine-grained noise sources into the
 models used for generating test streams in an update of Model-Based
 Metrics, but the complexity is not warranted at the time this
 document was written.

6.1. Mimicking Slowstart

 TCP slowstart has a two-level burst structure as shown in Figure 2.
 The fine time structure is caused by efficiency algorithms that
 deliberately batch work (CPU, channel allocation, etc.) to better
 amortize certain network and host overheads.  ACKs passing through
 the return path typically cause the sender to transmit small bursts

Mathis & Morton Experimental [Page 25] RFC 8337 Model-Based Metrics March 2018

 of data at the full sender interface rate.  For example, TCP
 Segmentation Offload (TSO) and Delayed Acknowledgment both contribute
 to this effect.  During slowstart, these bursts are at the same
 headway as the returning ACKs but are typically twice as large (e.g.,
 have twice as much data) as the ACK reported was delivered to the
 receiver.  Due to variations in delayed ACK and algorithms such as
 Appropriate Byte Counting [RFC3465], different pairs of senders and
 receivers produce slightly different burst patterns.  Without loss of
 generality, we assume each ACK causes four packet sender interface
 rate bursts at an average headway equal to the ACK headway; this
 corresponds to sending at an average rate equal to twice the
 effective bottleneck IP rate.  Each slowstart burst consists of a
 series of four packet sender interface rate bursts such that the
 total number of packets is the current window size (as of the last
 packet in the burst).
 The coarse time structure is due to each RTT being a reflection of
 the prior RTT.  For real transport protocols, each slowstart burst is
 twice as large (twice the window) as the previous burst but is spread
 out in time by the network bottleneck, such that each successive RTT
 exhibits the same effective bottleneck IP rate.  The slowstart phase
 ends on the first lost packet or ECN mark, which is intended to
 happen after successive slowstart bursts merge in time: the next
 burst starts before the bottleneck queue is fully drained and the
 prior burst is complete.
 For the diagnostic tests described below, we preserve the fine time
 structure but manipulate the coarse structure of the slowstart bursts
 (burst size and headway) to measure the ability of the dominant
 bottleneck to absorb and smooth slowstart bursts.
 Note that a stream of repeated slowstart bursts has three different
 average rates, depending on the averaging time interval.  At the
 finest timescale (a few packet times at the sender interface), the
 peak of the average IP rate is the same as the sender interface rate;
 at a medium timescale (a few ACK times at the dominant bottleneck),
 the peak of the average IP rate is twice the implied bottleneck IP
 capacity; and at timescales longer than the target_RTT and when the
 burst size is equal to the target_window_size, the average rate is
 equal to the target_data_rate.  This pattern corresponds to repeating
 the last RTT of TCP slowstart when delayed ACK and sender-side byte
 counting are present but without the limits specified in Appropriate
 Byte Counting [RFC3465].

Mathis & Morton Experimental [Page 26] RFC 8337 Model-Based Metrics March 2018

 time ==>    ( - equals one packet)
 Fine time structure of the packet stream:
  1. — —- —- —- —-
 |<>| sender interface rate bursts (typically 3 or 4 packets)
 |<===>| burst headway (from the ACK headway)
 \____repeating sender______/
        rate bursts
 Coarse (RTT-level) time structure of the packet stream:
  1. — —- —- —- —- —- —- …
 |<========================>| slowstart burst size (from the window)
 |<==============================================>| slowstart headway
                                                     (from the RTT)
 \__________________________/                     \_________ ...
     one slowstart burst                     Repeated slowstart bursts
             Figure 2: Multiple Levels of Slowstart Bursts

6.2. Constant Window Pseudo CBR

 Pseudo constant bit rate (CBR) is implemented by running a standard
 self-clocked protocol such as TCP with a fixed window size.  If that
 window size is test_window, the data rate will be slightly above the
 target_rate.
 Since the test_window is constrained to be an integer number of
 packets, for small RTTs or low data rates, there may not be
 sufficiently precise control over the data rate.  Rounding the
 test_window up (as defined above) is likely to result in data rates
 that are higher than the target rate, but reducing the window by one
 packet may result in data rates that are too small.  Also, cross
 traffic potentially raises the RTT, implicitly reducing the rate.
 Cross traffic that raises the RTT nearly always makes the test more
 strenuous (i.e., more demanding for the network path).
 Note that Constant Window Pseudo CBR (and Scanned Window Pseudo CBR
 in the next section) both rely on a self-clock that is at least
 partially derived from the properties of the subnet under test.  This
 introduces the possibility that the subnet under test exhibits
 behaviors such as extreme RTT fluctuations that prevent these
 algorithms from accurately controlling data rates.

Mathis & Morton Experimental [Page 27] RFC 8337 Model-Based Metrics March 2018

 An FSTIDS specifying a Constant Window Pseudo CBR test must
 explicitly indicate under what conditions errors in the data rate
 cause tests to be inconclusive.  Conventional paced measurement
 traffic may be more appropriate for these environments.

6.3. Scanned Window Pseudo CBR

 Scanned Window Pseudo CBR is similar to the Constant Window Pseudo
 CBR described above, except the window is scanned across a range of
 sizes designed to include two key events: the onset of queuing and
 the onset of packet loss or ECN CE marks.  The window is scanned by
 incrementing it by one packet every 2*target_window_size delivered
 packets.  This mimics the additive increase phase of standard Reno
 TCP congestion avoidance when delayed ACKs are in effect.  Normally,
 the window increases are separated by intervals slightly longer than
 twice the target_RTT.
 There are two ways to implement this test: 1) applying a window clamp
 to standard congestion control in a standard protocol such as TCP and
 2) stiffening a non-standard transport protocol.  When standard
 congestion control is in effect, any losses or ECN CE marks cause the
 transport to revert to a window smaller than the clamp, such that the
 scanning clamp loses control of the window size.  The NPAD (Network
 Path and Application Diagnostics) pathdiag tool is an example of this
 class of algorithms [Pathdiag].
 Alternatively, a non-standard congestion control algorithm can
 respond to losses by transmitting extra data, such that it maintains
 the specified window size independent of losses or ECN CE marks.
 Such a stiffened transport explicitly violates mandatory Internet
 congestion control [RFC5681] and is not suitable for in situ testing.
 It is only appropriate for engineering testing under laboratory
 conditions.  The Windowed Ping tool implements such a test [WPING].
 This tool has been updated (see [mpingSource]).
 The test procedures in Section 8.2 describe how to the partition the
 scans into regions and how to interpret the results.

6.4. Concurrent or Channelized Testing

 The procedures described in this document are only directly
 applicable to single-stream measurement, e.g., one TCP connection or
 measurement stream.  In an ideal world, we would disallow all
 performance claims based on multiple concurrent streams, but this is
 not practical due to at least two issues.  First, many very high-rate
 link technologies are channelized and at last partially pin the flow-
 to-channel mapping to minimize packet reordering within flows.

Mathis & Morton Experimental [Page 28] RFC 8337 Model-Based Metrics March 2018

 Second, TCP itself has scaling limits.  Although the former problem
 might be overcome through different design decisions, the latter
 problem is more deeply rooted.
 All congestion control algorithms that are philosophically aligned
 with [RFC5681] (e.g., claim some level of TCP compatibility,
 friendliness, or fairness) have scaling limits; that is, as a long
 fat network (LFN) with a fixed RTT and MTU gets faster, these
 congestion control algorithms get less accurate and, as a
 consequence, have difficulty filling the network [CCscaling].  These
 properties are a consequence of the original Reno AIMD congestion
 control design and the requirement in [RFC5681] that all transport
 protocols have similar responses to congestion.
 There are a number of reasons to want to specify performance in terms
 of multiple concurrent flows; however, this approach is not
 recommended for data rates below several megabits per second, which
 can be attained with run lengths under 10000 packets on many paths.
 Since the required run length is proportional to the square of the
 data rate, at higher rates, the run lengths can be unreasonably
 large, and multiple flows might be the only feasible approach.
 If multiple flows are deemed necessary to meet aggregate performance
 targets, then this must be stated both in the design of the TIDS and
 in any claims about network performance.  The IP diagnostic tests
 must be performed concurrently with the specified number of
 connections.  For the tests that use bursty test streams, the bursts
 should be synchronized across streams unless there is a priori
 knowledge that the applications have some explicit mechanism to
 stagger their own bursts.  In the absence of an explicit mechanism to
 stagger bursts, many network and application artifacts will sometimes
 implicitly synchronize bursts.  A test that does not control burst
 synchronization may be prone to false pass results for some
 applications.

7. Interpreting the Results

7.1. Test Outcomes

 To perform an exhaustive test of a complete network path, each test
 of the TIDS is applied to each subpath of the complete path.  If any
 subpath fails any test, then a standard transport protocol running
 over the complete path can also be expected to fail to attain the
 Target Transport Performance under some conditions.
 In addition to passing or failing, a test can be deemed to be
 inconclusive for a number of reasons.  Proper instrumentation and
 treatment of inconclusive outcomes is critical to the accuracy and

Mathis & Morton Experimental [Page 29] RFC 8337 Model-Based Metrics March 2018

 robustness of Model-Based Metrics.  Tests can be inconclusive if the
 precomputed traffic pattern or data rates were not accurately
 generated; the measurement results were not statistically
 significant; the required preconditions for the test were not met; or
 other causes.  See Section 5.4.
 For example, consider a test that implements Constant Window Pseudo
 CBR (Section 6.2) by adding rate controls and detailed IP packet
 transfer instrumentation to TCP (e.g., using the extended performance
 statistics for TCP as described in [RFC4898]).  TCP includes built-in
 control systems that might interfere with the sending data rate.  If
 such a test meets the required packet transfer statistics (e.g., run
 length) while failing to attain the specified data rate, it must be
 treated as an inconclusive result, because we cannot a priori
 determine if the reduced data rate was caused by a TCP problem or a
 network problem or if the reduced data rate had a material effect on
 the observed packet transfer statistics.
 Note that for capacity tests, if the observed packet transfer
 statistics meet the statistical criteria for failing (based on
 acceptance of hypothesis H1 in Section 7.2), the test can be
 considered to have failed because it doesn't really matter that the
 test didn't attain the required data rate.
 The important new properties of MBM, such as vantage independence,
 are a direct consequence of opening the control loops in the
 protocols, such that the test stream does not depend on network
 conditions or IP packets received.  Any mechanism that introduces
 feedback between the path's measurements and the test stream
 generation is at risk of introducing nonlinearities that spoil these
 properties.  Any exceptional event that indicates that such feedback
 has happened should cause the test to be considered inconclusive.
 Inconclusive tests may be caused by situations in which a test
 outcome is ambiguous because of network limitations or an unknown
 limitation on the IP diagnostic test itself, which may have been
 caused by some uncontrolled feedback from the network.
 Note that procedures that attempt to search the target parameter
 space to find the limits on a parameter such as target_data_rate are
 at risk of breaking the location-independent properties of Model-
 Based Metrics if any part of the boundary between passing,
 inconclusive, or failing results is sensitive to RTT (which is
 normally the case).  For example, the maximum data rate for a
 marginal link (e.g., exhibiting excess errors) is likely to be
 sensitive to the test_path_RTT.  The maximum observed data rate over
 the test path has very little value for predicting the maximum rate
 over a different path.

Mathis & Morton Experimental [Page 30] RFC 8337 Model-Based Metrics March 2018

 One of the goals for evolving TIDS designs will be to keep sharpening
 the distinctions between inconclusive, passing, and failing tests.
 The criteria for inconclusive, passing, and failing tests must be
 explicitly stated for every test in the TIDS or FSTIDS.
 One of the goals for evolving the testing process, procedures, tools,
 and measurement point selection should be to minimize the number of
 inconclusive tests.
 It may be useful to keep raw packet transfer statistics and ancillary
 metrics [RFC3148] for deeper study of the behavior of the network
 path and to measure the tools themselves.  Raw packet transfer
 statistics can help to drive tool evolution.  Under some conditions,
 it might be possible to re-evaluate the raw data for satisfying
 alternate Target Transport Performance.  However, it is important to
 guard against sampling bias and other implicit feedback that can
 cause false results and exhibit measurement point vantage
 sensitivity.  Simply applying different delivery criteria based on a
 different Target Transport Performance is insufficient if the test
 traffic patterns (bursts, etc.) do not match the alternate Target
 Transport Performance.

7.2. Statistical Criteria for Estimating run_length

 When evaluating the observed run_length, we need to determine
 appropriate packet stream sizes and acceptable error levels for
 efficient measurement.  In practice, can we compare the empirically
 estimated packet loss and ECN CE marking ratios with the targets as
 the sample size grows?  How large a sample is needed to say that the
 measurements of packet transfer indicate a particular run length is
 present?
 The generalized measurement can be described as recursive testing:
 send packets (individually or in patterns) and observe the packet
 transfer performance (packet loss ratio, other metric, or any marking
 we define).
 As each packet is sent and measured, we have an ongoing estimate of
 the performance in terms of the ratio of packet loss or ECN CE marks
 to total packets (i.e., an empirical probability).  We continue to
 send until conditions support a conclusion or a maximum sending limit
 has been reached.
 We have a target_mark_probability, one mark per target_run_length,
 where a "mark" is defined as a lost packet, a packet with ECN CE
 mark, or other signal.  This constitutes the null hypothesis:

Mathis & Morton Experimental [Page 31] RFC 8337 Model-Based Metrics March 2018

 H0:  no more than one mark in target_run_length =
    3*(target_window_size)^2 packets
 We can stop sending packets if ongoing measurements support accepting
 H0 with the specified Type I error = alpha (= 0.05, for example).
 We also have an alternative hypothesis to evaluate: is performance
 significantly lower than the target_mark_probability?  Based on
 analysis of typical values and practical limits on measurement
 duration, we choose four times the H0 probability:
 H1:  one or more marks in (target_run_length/4) packets
 and we can stop sending packets if measurements support rejecting H0
 with the specified Type II error = beta (= 0.05, for example), thus
 preferring the alternate hypothesis H1.
 H0 and H1 constitute the success and failure outcomes described
 elsewhere in this document; while the ongoing measurements do not
 support either hypothesis, the current status of measurements is
 inconclusive.
 The problem above is formulated to match the Sequential Probability
 Ratio Test (SPRT) [Wald45] [Montgomery90].  Note that as originally
 framed, the events under consideration were all manufacturing
 defects.  In networking, ECN CE marks and lost packets are not
 defects but signals, indicating that the transport protocol should
 slow down.
 The Sequential Probability Ratio Test also starts with a pair of
 hypotheses specified as above:
 H0:  p0 = one defect in target_run_length
 H1:  p1 = one defect in target_run_length/4
 As packets are sent and measurements collected, the tester evaluates
 the cumulative defect count against two boundaries representing H0
 Acceptance or Rejection (and acceptance of H1):
 Acceptance line:  Xa = -h1 + s*n
 Rejection line:  Xr = h2 + s*n
 where n increases linearly for each packet sent and

Mathis & Morton Experimental [Page 32] RFC 8337 Model-Based Metrics March 2018

 h1 =  { log((1-alpha)/beta) }/k
 h2 =  { log((1-beta)/alpha) }/k
 k  =  log{ (p1(1-p0)) / (p0(1-p1)) }
 s  =  [ log{ (1-p0)/(1-p1) } ]/k
 for p0 and p1 as defined in the null and alternative hypotheses
 statements above, and alpha and beta as the Type I and Type II
 errors.
 The SPRT specifies simple stopping rules:
 o  Xa < defect_count(n) < Xr: continue testing
 o  defect_count(n) <= Xa: Accept H0
 o  defect_count(n) >= Xr: Accept H1
 The calculations above are implemented in the R-tool for Statistical
 Analysis [Rtool], in the add-on package for Cross-Validation via
 Sequential Testing (CVST) [CVST].
 Using the equations above, we can calculate the minimum number of
 packets (n) needed to accept H0 when x defects are observed.  For
 example, when x = 0:
 Xa = 0  = -h1 + s*n
 and  n = h1 / s
 Note that the derivations in [Wald45] and [Montgomery90] differ.
 Montgomery's simplified derivation of SPRT may assume a Bernoulli
 processes, where the packet loss probabilities are independent and
 identically distributed, making the SPRT more accessible.  Wald's
 seminal paper showed that this assumption is not necessary.  It helps
 to remember that the goal of SPRT is not to estimate the value of the
 packet loss rate but only whether or not the packet loss ratio is
 likely (1) low enough (when we accept the H0 null hypothesis),
 yielding success or (2) too high (when we accept the H1 alternate
 hypothesis), yielding failure.

7.3. Reordering Tolerance

 All tests must be instrumented for packet-level reordering [RFC4737].
 However, there is no consensus for how much reordering should be
 acceptable.  Over the last two decades, the general trend has been to

Mathis & Morton Experimental [Page 33] RFC 8337 Model-Based Metrics March 2018

 make protocols and applications more tolerant to reordering (for
 example, see [RFC5827]), in response to the gradual increase in
 reordering in the network.  This increase has been due to the
 deployment of technologies such as multithreaded routing lookups and
 Equal-Cost Multipath (ECMP) routing.  These techniques increase
 parallelism in the network and are critical to enabling overall
 Internet growth to exceed Moore's Law.
 With transport retransmission strategies, there are fundamental
 trade-offs among reordering tolerance, how quickly losses can be
 repaired, and overhead from spurious retransmissions.  In advance of
 new retransmission strategies, we propose the following strawman:
 transport protocols should be able to adapt to reordering as long as
 the reordering extent is not more than the maximum of one quarter
 window or 1 ms, whichever is larger.  (These values come from
 experience prototyping Early Retransmit [RFC5827] and related
 algorithms.  They agree with the values being proposed for "RACK: a
 time-based fast loss detection algorithm" [RACK].)  Within this limit
 on reorder extent, there should be no bound on reordering density.
 By implication, recording that is less than these bounds should not
 be treated as a network impairment.  However, [RFC4737] still
 applies: reordering should be instrumented, and the maximum
 reordering that can be properly characterized by the test (because of
 the bound on history buffers) should be recorded with the measurement
 results.
 Reordering tolerance and diagnostic limitations, such as the size of
 the history buffer used to diagnose packets that are way out of
 order, must be specified in an FSTIDS.

8. IP Diagnostic Tests

 The IP diagnostic tests below are organized according to the
 technique used to generate the test stream as described in Section 6.
 All of the results are evaluated in accordance with Section 7,
 possibly with additional test-specific criteria.
 We also introduce some combined tests that are more efficient when
 networks are expected to pass but conflate diagnostic signatures when
 they fail.

8.1. Basic Data Rate and Packet Transfer Tests

 We propose several versions of the basic data rate and packet
 transfer statistics test that differ in how the data rate is
 controlled.  The data can be paced on a timer or window controlled
 (and self-clocked).  The first two tests implicitly confirm that

Mathis & Morton Experimental [Page 34] RFC 8337 Model-Based Metrics March 2018

 sub_path has sufficient raw capacity to carry the target_data_rate.
 They are recommended for relatively infrequent testing, such as an
 installation or periodic auditing process.  The third test,
 Background Packet Transfer Statistics, is a low-rate test designed
 for ongoing monitoring for changes in subpath quality.

8.1.1. Delivery Statistics at Paced Full Data Rate

 This test confirms that the observed run length is at least the
 target_run_length while relying on timer to send data at the
 target_rate using the procedure described in Section 6.1 with a burst
 size of 1 (single packets) or 2 (packet pairs).
 The test is considered to be inconclusive if the packet transmission
 cannot be accurately controlled for any reason.
 RFC 6673 [RFC6673] is appropriate for measuring packet transfer
 statistics at full data rate.

8.1.2. Delivery Statistics at Full Data Windowed Rate

 This test confirms that the observed run length is at least the
 target_run_length while sending at an average rate approximately
 equal to the target_data_rate, by controlling (or clamping) the
 window size of a conventional transport protocol to test_window.
 Since losses and ECN CE marks cause transport protocols to reduce
 their data rates, this test is expected to be less precise about
 controlling its data rate.  It should not be considered inconclusive
 as long as at least some of the round trips reached the full
 target_data_rate without incurring losses or ECN CE marks.  To pass
 this test, the network must deliver target_window_size packets in
 target_RTT time without any losses or ECN CE marks at least once per
 two target_window_size round trips, in addition to meeting the run
 length statistical test.

8.1.3. Background Packet Transfer Statistics Tests

 The Background Packet Transfer Statistics Test is a low-rate version
 of the target rate test above, designed for ongoing lightweight
 monitoring for changes in the observed subpath run length without
 disrupting users.  It should be used in conjunction with one of the
 above full-rate tests because it does not confirm that the subpath
 can support raw data rate.
 RFC 6673 [RFC6673] is appropriate for measuring background packet
 transfer statistics.

Mathis & Morton Experimental [Page 35] RFC 8337 Model-Based Metrics March 2018

8.2. Standing Queue Tests

 These engineering tests confirm that the bottleneck is well behaved
 across the onset of packet loss, which typically follows after the
 onset of queuing.  Well behaved generally means lossless for
 transient queues, but once the queue has been sustained for a
 sufficient period of time (or reaches a sufficient queue depth),
 there should be a small number of losses or ECN CE marks to signal to
 the transport protocol that it should reduce its window or data rate.
 Losses that are too early can prevent the transport from averaging at
 the target_data_rate.  Losses that are too late indicate that the
 queue might not have an appropriate AQM [RFC7567] and, as a
 consequence, be subject to bufferbloat [wikiBloat].  Queues without
 AQM have the potential to inflict excess delays on all flows sharing
 the bottleneck.  Excess losses (more than half of the window) at the
 onset of loss make loss recovery problematic for the transport
 protocol.  Non-linear, erratic, or excessive RTT increases suggest
 poor interactions between the channel acquisition algorithms and the
 transport self-clock.  All of the tests in this section use the same
 basic scanning algorithm, described here, but score the link or
 subpath on the basis of how well it avoids each of these problems.
 Some network technologies rely on virtual queues or other techniques
 to meter traffic without adding any queuing delay, in which case the
 data rate will vary with the window size all the way up to the onset
 of load-induced packet loss or ECN CE marks.  For these technologies,
 the discussion of queuing in Section 6.3 does not apply, but it is
 still necessary to confirm that the onset of losses or ECN CE marks
 be at an appropriate point and progressive.  If the network
 bottleneck does not introduce significant queuing delay, modify the
 procedure described in Section 6.3 to start the scan at a window
 equal to or slightly smaller than the test_window.
 Use the procedure in Section 6.3 to sweep the window across the onset
 of queuing and the onset of loss.  The tests below all assume that
 the scan emulates standard additive increase and delayed ACK by
 incrementing the window by one packet for every 2*target_window_size
 packets delivered.  A scan can typically be divided into three
 regions: below the onset of queuing, a standing queue, and at or
 beyond the onset of loss.
 Below the onset of queuing, the RTT is typically fairly constant, and
 the data rate varies in proportion to the window size.  Once the data
 rate reaches the subpath IP rate, the data rate becomes fairly
 constant, and the RTT increases in proportion to the increase in
 window size.  The precise transition across the start of queuing can
 be identified by the maximum network power, defined to be the ratio

Mathis & Morton Experimental [Page 36] RFC 8337 Model-Based Metrics March 2018

 data rate over the RTT.  The network power can be computed at each
 window size, and the window with the maximum is taken as the start of
 the queuing region.
 If there is random background loss (e.g., bit errors), precise
 determination of the onset of queue-induced packet loss may require
 multiple scans.  At window sizes large enough to cause loss in
 queues, all transport protocols are expected to experience periodic
 losses determined by the interaction between the congestion control
 and AQM algorithms.  For standard congestion control algorithms, the
 periodic losses are likely to be relatively widely spaced, and the
 details are typically dominated by the behavior of the transport
 protocol itself.  For the case of stiffened transport protocols (with
 non-standard, aggressive congestion control algorithms), the details
 of periodic losses will be dominated by how the window increase
 function responds to loss.

8.2.1. Congestion Avoidance

 A subpath passes the congestion avoidance standing queue test if more
 than target_run_length packets are delivered between the onset of
 queuing (as determined by the window with the maximum network power
 as described above) and the first loss or ECN CE mark.  If this test
 is implemented using a standard congestion control algorithm with a
 clamp, it can be performed in situ in the production internet as a
 capacity test.  For an example of such a test, see [Pathdiag].
 For technologies that do not have conventional queues, use the
 test_window in place of the onset of queuing.  That is, a subpath
 passes the congestion avoidance standing queue test if more than
 target_run_length packets are delivered between the start of the scan
 at test_window and the first loss or ECN CE mark.

8.2.2. Bufferbloat

 This test confirms that there is some mechanism to limit buffer
 occupancy (e.g., that prevents bufferbloat).  Note that this is not
 strictly a requirement for single-stream bulk transport capacity;
 however, if there is no mechanism to limit buffer queue occupancy,
 then a single stream with sufficient data to deliver is likely to
 cause the problems described in [RFC7567] and [wikiBloat].  This may
 cause only minor symptoms for the dominant flow but has the potential
 to make the subpath unusable for other flows and applications.
 The test will pass if the onset of loss occurs before a standing
 queue has introduced delay greater than twice the target_RTT or
 another well-defined and specified limit.  Note that there is not yet
 a model for how much standing queue is acceptable.  The factor of two

Mathis & Morton Experimental [Page 37] RFC 8337 Model-Based Metrics March 2018

 chosen here reflects a rule of thumb.  In conjunction with the
 previous test, this test implies that the first loss should occur at
 a queuing delay that is between one and two times the target_RTT.
 Specified RTT limits that are larger than twice the target_RTT must
 be fully justified in the FSTIDS.

8.2.3. Non-excessive Loss

 This test confirms that the onset of loss is not excessive.  The test
 will pass if losses are equal to or less than the increase in the
 cross traffic plus the test stream window increase since the previous
 RTT.  This could be restated as non-decreasing total throughput of
 the subpath at the onset of loss.  (Note that when there is a
 transient drop in subpath throughput and there is not already a
 standing queue, a subpath that passes other queue tests in this
 document will have sufficient queue space to hold one full RTT worth
 of data).
 Note that token bucket policers will not pass this test, which is as
 intended.  TCP often stumbles badly if more than a small fraction of
 the packets are dropped in one RTT.  Many TCP implementations will
 require a timeout and slowstart to recover their self-clock.  Even if
 they can recover from the massive losses, the sudden change in
 available capacity at the bottleneck wastes serving and front-path
 capacity until TCP can adapt to the new rate [Policing].

8.2.4. Duplex Self-Interference

 This engineering test confirms a bound on the interactions between
 the forward data path and the ACK return path when they share a half-
 duplex link.
 Some historical half-duplex technologies had the property that each
 direction held the channel until it completely drained its queue.
 When a self-clocked transport protocol, such as TCP, has data and
 ACKs passing in opposite directions through such a link, the behavior
 often reverts to stop-and-wait.  Each additional packet added to the
 window raises the observed RTT by two packet times, once as the
 additional packet passes through the data path and once for the
 additional delay incurred by the ACK waiting on the return path.
 The Duplex Self-Interference Test fails if the RTT rises by more than
 a fixed bound above the expected queuing time computed from the
 excess window divided by the subpath IP capacity.  This bound must be
 smaller than target_RTT/2 to avoid reverting to stop-and-wait
 behavior (e.g., data packets and ACKs both have to be released at
 least twice per RTT).

Mathis & Morton Experimental [Page 38] RFC 8337 Model-Based Metrics March 2018

8.3. Slowstart Tests

 These tests mimic slowstart: data is sent at twice the effective
 bottleneck rate to exercise the queue at the dominant bottleneck.

8.3.1. Full Window Slowstart Test

 This capacity test confirms that slowstart is not likely to exit
 prematurely.  To perform this test, send slowstart bursts that are
 target_window_size total packets and accumulate packet transfer
 statistics as described in Section 7.2 to score the outcome.  The
 test will pass if it is statistically significant that the observed
 number of good packets delivered between losses or ECN CE marks is
 larger than the target_run_length.  The test will fail if it is
 statistically significant that the observed interval between losses
 or ECN CE marks is smaller than the target_run_length.
 The test is deemed inconclusive if the elapsed time to send the data
 burst is not less than half of the time to receive the ACKs.  (That
 is, it is acceptable to send data too fast, but sending it slower
 than twice the actual bottleneck rate as indicated by the ACKs is
 deemed inconclusive).  The headway for the slowstart bursts should be
 the target_RTT.
 Note that these are the same parameters that are used for the
 Sustained Full-Rate Bursts Test, except the burst rate is at
 slowstart rate rather than sender interface rate.

8.3.2. Slowstart AQM Test

 To perform this test, do a continuous slowstart (send data
 continuously at twice the implied IP bottleneck capacity) until the
 first loss; stop and allow the network to drain and repeat; gather
 statistics on how many packets were delivered before the loss, the
 pattern of losses, maximum observed RTT, and window size; and justify
 the results.  There is not currently sufficient theory to justify
 requiring any particular result; however, design decisions that
 affect the outcome of this tests also affect how the network balances
 between long and short flows (the "mice vs. elephants" problem).  The
 queue sojourn time for the first packet delivered after the first
 loss should be at least one half of the target_RTT.
 This engineering test should be performed on a quiescent network or
 testbed, since cross traffic has the potential to change the results
 in ill-defined ways.

Mathis & Morton Experimental [Page 39] RFC 8337 Model-Based Metrics March 2018

8.4. Sender Rate Burst Tests

 These tests determine how well the network can deliver bursts sent at
 the sender's interface rate.  Note that this test most heavily
 exercises the front path and is likely to include infrastructure that
 may be out of scope for an access ISP, even though the bursts might
 be caused by ACK compression, thinning, or channel arbitration in the
 access ISP.  See Appendix B.
 Also, there are a several details about sender interface rate bursts
 that are not fully defined here.  These details, such as the assumed
 sender interface rate, should be explicitly stated in an FSTIDS.
 Current standards permit TCP to send full window bursts following an
 application pause.  (Congestion Window Validation [RFC2861] and
 updates to support Rate-Limited Traffic [RFC7661] are not required).
 Since full window bursts are consistent with standard behavior, it is
 desirable that the network be able to deliver such bursts; otherwise,
 application pauses will cause unwarranted losses.  Note that the AIMD
 sawtooth requires a peak window that is twice target_window_size, so
 the worst-case burst may be 2*target_window_size.
 It is also understood in the application and serving community that
 interface rate bursts have a cost to the network that has to be
 balanced against other costs in the servers themselves.  For example,
 TCP Segmentation Offload (TSO) reduces server CPU in exchange for
 larger network bursts, which increase the stress on network buffer
 memory.  Some newer TCP implementations can pace traffic at scale
 [TSO_pacing] [TSO_fq_pacing].  It remains to be determined if and how
 quickly these changes will be deployed.
 There is not yet theory to unify these costs or to provide a
 framework for trying to optimize global efficiency.  We do not yet
 have a model for how many server rate bursts should be tolerated by
 the network.  Some bursts must be tolerated by the network, but it is
 probably unreasonable to expect the network to be able to efficiently
 deliver all data as a series of bursts.
 For this reason, this is the only test for which we encourage
 derating.  A TIDS could include a table containing pairs of derating
 parameters: burst sizes and how much each burst size is permitted to
 reduce the run length, relative to the target_run_length.

Mathis & Morton Experimental [Page 40] RFC 8337 Model-Based Metrics March 2018

8.5. Combined and Implicit Tests

 Combined tests efficiently confirm multiple network properties in a
 single test, possibly as a side effect of normal content delivery.
 They require less measurement traffic than other testing strategies
 at the cost of conflating diagnostic signatures when they fail.
 These are by far the most efficient for monitoring networks that are
 nominally expected to pass all tests.

8.5.1. Sustained Full-Rate Bursts Test

 The Sustained Full-Rate Bursts Test implements a combined worst-case
 version of all of the capacity tests above.  To perform this test,
 send target_window_size bursts of packets at server interface rate
 with target_RTT burst headway (burst start to next burst start), and
 verify that the observed packet transfer statistics meets the
 target_run_length.
 Key observations:
 o  The subpath under test is expected to go idle for some fraction of
    the time, determined by the difference between the time to drain
    the queue at the subpath_IP_capacity and the target_RTT.  If the
    queue does not drain completely, it may be an indication that the
    subpath has insufficient IP capacity or that there is some other
    problem with the test (e.g., it is inconclusive).
 o  The burst sensitivity can be derated by sending smaller bursts
    more frequently (e.g., by sending target_window_size*derate packet
    bursts every target_RTT*derate, where "derate" is less than one).
 o  When not derated, this test is the most strenuous capacity test.
 o  A subpath that passes this test is likely to be able to sustain
    higher rates (close to subpath_IP_capacity) for paths with RTTs
    significantly smaller than the target_RTT.
 o  This test can be implemented with instrumented TCP [RFC4898],
    using a specialized measurement application at one end (e.g.,
    [MBMSource]) and a minimal service at the other end (e.g.,
    [RFC863] and [RFC864]).
 o  This test is efficient to implement, since it does not require
    per-packet timers, and can make use of TSO in modern network
    interfaces.

Mathis & Morton Experimental [Page 41] RFC 8337 Model-Based Metrics March 2018

 o  If a subpath is known to pass the standing queue engineering tests
    (particularly that it has a progressive onset of loss at an
    appropriate queue depth), then the Sustained Full-Rate Bursts Test
    is sufficient to assure that the subpath under test will not
    impair Bulk Transport Capacity at the target performance under all
    conditions.  See Section 8.2 for a discussion of the standing
    queue tests.
 Note that this test is clearly independent of the subpath RTT or
 other details of the measurement infrastructure, as long as the
 measurement infrastructure can accurately and reliably deliver the
 required bursts to the subpath under test.

8.5.2. Passive Measurements

 Any non-throughput-maximizing application, such as fixed-rate
 streaming media, can be used to implement passive or hybrid (defined
 in [RFC7799]) versions of Model-Based Metrics with some additional
 instrumentation and possibly a traffic shaper or other controls in
 the servers.  The essential requirement is that the data transmission
 be constrained such that even with arbitrary application pauses and
 bursts, the data rate and burst sizes stay within the envelope
 defined by the individual tests described above.
 If the application's serving data rate can be constrained to be less
 than or equal to the target_data_rate and the serving_RTT (the RTT
 between the sender and client) is less than the target_RTT, this
 constraint is most easily implemented by clamping the transport
 window size to serving_window_clamp (which is set to the test_window
 and computed for the actual serving path).
 Under the above constraints, the serving_window_clamp will limit both
 the serving data rate and burst sizes to be no larger than the
 parameters specified by the procedures in Section 8.1.2, 8.4, or
 8.5.1.  Since the serving RTT is smaller than the target_RTT, the
 worst-case bursts that might be generated under these conditions will
 be smaller than called for by Section 8.4, and the sender rate burst
 sizes are implicitly derated by the serving_window_clamp divided by
 the target_window_size at the very least.  (Depending on the
 application behavior, the data might be significantly smoother than
 specified by any of the burst tests.)
 In an alternative implementation, the data rate and bursts might be
 explicitly controlled by a programmable traffic shaper or by pacing
 at the sender.  This would provide better control over transmissions
 but is more complicated to implement, although the required
 technology is available [TSO_pacing] [TSO_fq_pacing].

Mathis & Morton Experimental [Page 42] RFC 8337 Model-Based Metrics March 2018

 Note that these techniques can be applied to any content delivery
 that can be operated at a constrained data rate to inhibit TCP
 equilibrium behavior.
 Furthermore, note that Dynamic Adaptive Streaming over HTTP (DASH) is
 generally in conflict with passive Model-Based Metrics measurement,
 because it is a rate-maximizing protocol.  It can still meet the
 requirement here if the rate can be capped, for example, by knowing a
 priori the maximum rate needed to deliver a particular piece of
 content.

9. Example

 In this section, we illustrate a TIDS designed to confirm that an
 access ISP can reliably deliver HD video from multiple content
 providers to all of its customers.  With modern codecs, minimal HD
 video (720p) generally fits in 2.5 Mb/s.  Due to the ISP's
 geographical size, network topology, and modem characteristics, the
 ISP determines that most content is within a 50 ms RTT of its users.
 (This example RTT is sufficient to cover the propagation delay to
 continental Europe or to either coast of the United States with low-
 delay modems; it is sufficient to cover somewhat smaller geographical
 regions if the modems require additional delay to implement advanced
 compression and error recovery.)
              +----------------------+-------+---------+
              | End-to-End Parameter | value | units   |
              +----------------------+-------+---------+
              | target_rate          | 2.5   | Mb/s    |
              | target_RTT           | 50    | ms      |
              | target_MTU           | 1500  | bytes   |
              | header_overhead      | 64    | bytes   |
              |                      |       |         |
              | target_window_size   | 11    | packets |
              | target_run_length    | 363   | packets |
              +----------------------+-------+---------+
                  Table 1: 2.5 Mb/s over a 50 ms Path
 Table 1 shows the default TCP model with no derating and, as such, is
 quite conservative.  The simplest TIDS would be to use the Sustained
 Full-Rate Bursts Test, described in Section 8.5.1.  Such a test would
 send 11 packet bursts every 50 ms and confirm that there was no more
 than 1 packet loss per 33 bursts (363 total packets in 1.650
 seconds).

Mathis & Morton Experimental [Page 43] RFC 8337 Model-Based Metrics March 2018

 Since this number represents the entire end-to-end loss budget,
 independent subpath tests could be implemented by apportioning the
 packet loss ratio across subpaths.  For example, 50% of the losses
 might be allocated to the access or last mile link to the user, 40%
 to the network interconnections with other ISPs, and 1% to each
 internal hop (assuming no more than 10 internal hops).  Then, all of
 the subpaths can be tested independently, and the spatial composition
 of passing subpaths would be expected to be within the end-to-end
 loss budget.

9.1. Observations about Applicability

 Guidance on deploying and using MBM belong in a future document.
 However, the example above illustrates some of the issues that may
 need to be considered.
 Note that another ISP, with different geographical coverage,
 topology, or modem technology may need to assume a different
 target_RTT and, as a consequence, a different target_window_size and
 target_run_length, even for the same target_data rate.  One of the
 implications of this is that infrastructure shared by multiple ISPs,
 such as Internet Exchange Points (IXPs) and other interconnects may
 need to be evaluated on the basis of the most stringent
 target_window_size and target_run_length of any participating ISP.
 One way to do this might be to choose target parameters for
 evaluating such shared infrastructure on the basis of a hypothetical
 reference path that does not necessarily match any actual paths.
 Testing interconnects has generally been problematic: conventional
 performance tests run between measurement points adjacent to either
 side of the interconnect are not generally useful.  Unconstrained TCP
 tests, such as iPerf [iPerf], are usually overly aggressive due to
 the small RTT (often less than 1 ms).  With a short RTT, these tools
 are likely to report inflated data rates because on a short RTT,
 these tools can tolerate very high packet loss ratios and can push
 other cross traffic off of the network.  As a consequence, these
 measurements are useless for predicting actual user performance over
 longer paths and may themselves be quite disruptive.  Model-Based
 Metrics solves this problem.  The interconnect can be evaluated with
 the same TIDS as other subpaths.  Continuing our example, if the
 interconnect is apportioned 40% of the losses, 11 packet bursts sent
 every 50 ms should have fewer than one loss per 82 bursts (902
 packets).

Mathis & Morton Experimental [Page 44] RFC 8337 Model-Based Metrics March 2018

10. Validation

 Since some aspects of the models are likely to be too conservative,
 Section 5.2 permits alternate protocol models, and Section 5.3
 permits test parameter derating.  If either of these techniques is
 used, we require demonstrations that such a TIDS can robustly detect
 subpaths that will prevent authentic applications using state-of-the-
 art protocol implementations from meeting the specified Target
 Transport Performance.  This correctness criteria is potentially
 difficult to prove, because it implicitly requires validating a TIDS
 against all possible paths and subpaths.  The procedures described
 here are still experimental.
 We suggest two approaches, both of which should be applied.  First,
 publish a fully open description of the TIDS, including what
 assumptions were used and how it was derived, such that the research
 community can evaluate the design decisions, test them, and comment
 on their applicability.  Second, demonstrate that applications do
 meet the Target Transport Performance when running over a network
 testbed that has the tightest possible constraints that still allow
 the tests in the TIDS to pass.
 This procedure resembles an epsilon-delta proof in calculus.
 Construct a test network such that all of the individual tests of the
 TIDS pass by only small (infinitesimal) margins, and demonstrate that
 a variety of authentic applications running over real TCP
 implementations (or other protocols as appropriate) meets the Target
 Transport Performance over such a network.  The workloads should
 include multiple types of streaming media and transaction-oriented
 short flows (e.g., synthetic web traffic).
 For example, for the HD streaming video TIDS described in Section 9,
 the IP capacity should be exactly the header_overhead above 2.5 Mb/s,
 the per packet random background loss ratio should be 1/363 (for a
 run length of 363 packets), the bottleneck queue should be 11
 packets, and the front path should have just enough buffering to
 withstand 11 packet interface rate bursts.  We want every one of the
 TIDS tests to fail if we slightly increase the relevant test
 parameter, so, for example, sending a 12-packet burst should cause
 excess (possibly deterministic) packet drops at the dominant queue at
 the bottleneck.  This network has the tightest possible constraints
 that can be expected to pass the TIDS, yet it should be possible for
 a real application using a stock TCP implementation in the vendor's
 default configuration to attain 2.5 Mb/s over a 50 ms path.
 The most difficult part of setting up such a testbed is arranging for
 it to have the tightest possible constraints that still allow it to
 pass the individual tests.  Two approaches are suggested:

Mathis & Morton Experimental [Page 45] RFC 8337 Model-Based Metrics March 2018

 o  constraining (configuring) the network devices not to use all
    available resources (e.g., by limiting available buffer space or
    data rate)
 o  pre-loading subpaths with cross traffic
 Note that it is important that a single tightly constrained
 environment just barely passes all tests; otherwise, there is a
 chance that TCP can exploit extra latitude in some parameters (such
 as data rate) to partially compensate for constraints in other
 parameters (e.g., queue space).  This effect is potentially
 bidirectional: extra latitude in the queue space tests has the
 potential to enable TCP to compensate for insufficient data-rate
 headroom.
 To the extent that a TIDS is used to inform public dialog, it should
 be fully documented publicly, including the details of the tests,
 what assumptions were used, and how it was derived.  All of the
 details of the validation experiment should also be published with
 sufficient detail for the experiments to be replicated by other
 researchers.  All components should be either open source or fully
 described proprietary implementations that are available to the
 research community.

11. Security Considerations

 Measurement is often used to inform business and policy decisions
 and, as a consequence, is potentially subject to manipulation.
 Model-Based Metrics are expected to be a huge step forward because
 equivalent measurements can be performed from multiple vantage
 points, such that performance claims can be independently validated
 by multiple parties.
 Much of the acrimony in the Net Neutrality debate is due to the
 historical lack of any effective vantage-independent tools to
 characterize network performance.  Traditional methods for measuring
 Bulk Transport Capacity are sensitive to RTT and as a consequence
 often yield very different results when run local to an ISP or
 interconnect and when run over a customer's complete path.  Neither
 the ISP nor customer can repeat the other's measurements, leading to
 high levels of distrust and acrimony.  Model-Based Metrics are
 expected to greatly improve this situation.
 Note that in situ measurements sometimes require sending synthetic
 measurement traffic between arbitrary locations in the network and,
 as such, are potentially attractive platforms for launching DDoS

Mathis & Morton Experimental [Page 46] RFC 8337 Model-Based Metrics March 2018

 attacks.  All active measurement tools and protocols must be designed
 to minimize the opportunities for these misuses.  See the discussion
 in Section 7 of [RFC7594].
 Some of the tests described in this document are not intended for
 frequent network monitoring since they have the potential to cause
 high network loads and might adversely affect other traffic.
 This document only describes a framework for designing a Fully
 Specified Targeted IP Diagnostic Suite.  Each FSTIDS must include its
 own security section.

12. IANA Considerations

 This document has no IANA actions.

13. Informative References

 [RFC863]   Postel, J., "Discard Protocol", STD 21, RFC 863,
            DOI 10.17487/RFC0863, May 1983,
            <https://www.rfc-editor.org/info/rfc863>.
 [RFC864]   Postel, J., "Character Generator Protocol", STD 22,
            RFC 864, DOI 10.17487/RFC0864, May 1983,
            <https://www.rfc-editor.org/info/rfc864>.
 [RFC2330]  Paxson, V., Almes, G., Mahdavi, J., and M. Mathis,
            "Framework for IP Performance Metrics", RFC 2330,
            DOI 10.17487/RFC2330, May 1998,
            <https://www.rfc-editor.org/info/rfc2330>.
 [RFC2861]  Handley, M., Padhye, J., and S. Floyd, "TCP Congestion
            Window Validation", RFC 2861, DOI 10.17487/RFC2861, June
            2000, <https://www.rfc-editor.org/info/rfc2861>.
 [RFC3148]  Mathis, M. and M. Allman, "A Framework for Defining
            Empirical Bulk Transfer Capacity Metrics", RFC 3148,
            DOI 10.17487/RFC3148, July 2001,
            <https://www.rfc-editor.org/info/rfc3148>.
 [RFC3168]  Ramakrishnan, K., Floyd, S., and D. Black, "The Addition
            of Explicit Congestion Notification (ECN) to IP",
            RFC 3168, DOI 10.17487/RFC3168, September 2001,
            <https://www.rfc-editor.org/info/rfc3168>.
 [RFC3465]  Allman, M., "TCP Congestion Control with Appropriate Byte
            Counting (ABC)", RFC 3465, DOI 10.17487/RFC3465, February
            2003, <https://www.rfc-editor.org/info/rfc3465>.

Mathis & Morton Experimental [Page 47] RFC 8337 Model-Based Metrics March 2018

 [RFC4737]  Morton, A., Ciavattone, L., Ramachandran, G., Shalunov,
            S., and J. Perser, "Packet Reordering Metrics", RFC 4737,
            DOI 10.17487/RFC4737, November 2006,
            <https://www.rfc-editor.org/info/rfc4737>.
 [RFC4898]  Mathis, M., Heffner, J., and R. Raghunarayan, "TCP
            Extended Statistics MIB", RFC 4898, DOI 10.17487/RFC4898,
            May 2007, <https://www.rfc-editor.org/info/rfc4898>.
 [RFC5136]  Chimento, P. and J. Ishac, "Defining Network Capacity",
            RFC 5136, DOI 10.17487/RFC5136, February 2008,
            <https://www.rfc-editor.org/info/rfc5136>.
 [RFC5681]  Allman, M., Paxson, V., and E. Blanton, "TCP Congestion
            Control", RFC 5681, DOI 10.17487/RFC5681, September 2009,
            <https://www.rfc-editor.org/info/rfc5681>.
 [RFC5827]  Allman, M., Avrachenkov, K., Ayesta, U., Blanton, J., and
            P. Hurtig, "Early Retransmit for TCP and Stream Control
            Transmission Protocol (SCTP)", RFC 5827,
            DOI 10.17487/RFC5827, May 2010,
            <https://www.rfc-editor.org/info/rfc5827>.
 [RFC5835]  Morton, A., Ed. and S. Van den Berghe, Ed., "Framework for
            Metric Composition", RFC 5835, DOI 10.17487/RFC5835, April
            2010, <https://www.rfc-editor.org/info/rfc5835>.
 [RFC6049]  Morton, A. and E. Stephan, "Spatial Composition of
            Metrics", RFC 6049, DOI 10.17487/RFC6049, January 2011,
            <https://www.rfc-editor.org/info/rfc6049>.
 [RFC6576]  Geib, R., Ed., Morton, A., Fardid, R., and A. Steinmitz,
            "IP Performance Metrics (IPPM) Standard Advancement
            Testing", BCP 176, RFC 6576, DOI 10.17487/RFC6576, March
            2012, <https://www.rfc-editor.org/info/rfc6576>.
 [RFC6673]  Morton, A., "Round-Trip Packet Loss Metrics", RFC 6673,
            DOI 10.17487/RFC6673, August 2012,
            <https://www.rfc-editor.org/info/rfc6673>.
 [RFC6928]  Chu, J., Dukkipati, N., Cheng, Y., and M. Mathis,
            "Increasing TCP's Initial Window", RFC 6928,
            DOI 10.17487/RFC6928, April 2013,
            <https://www.rfc-editor.org/info/rfc6928>.

Mathis & Morton Experimental [Page 48] RFC 8337 Model-Based Metrics March 2018

 [RFC7312]  Fabini, J. and A. Morton, "Advanced Stream and Sampling
            Framework for IP Performance Metrics (IPPM)", RFC 7312,
            DOI 10.17487/RFC7312, August 2014,
            <https://www.rfc-editor.org/info/rfc7312>.
 [RFC7398]  Bagnulo, M., Burbridge, T., Crawford, S., Eardley, P., and
            A. Morton, "A Reference Path and Measurement Points for
            Large-Scale Measurement of Broadband Performance",
            RFC 7398, DOI 10.17487/RFC7398, February 2015,
            <https://www.rfc-editor.org/info/rfc7398>.
 [RFC7567]  Baker, F., Ed. and G. Fairhurst, Ed., "IETF
            Recommendations Regarding Active Queue Management",
            BCP 197, RFC 7567, DOI 10.17487/RFC7567, July 2015,
            <https://www.rfc-editor.org/info/rfc7567>.
 [RFC7594]  Eardley, P., Morton, A., Bagnulo, M., Burbridge, T.,
            Aitken, P., and A. Akhter, "A Framework for Large-Scale
            Measurement of Broadband Performance (LMAP)", RFC 7594,
            DOI 10.17487/RFC7594, September 2015,
            <https://www.rfc-editor.org/info/rfc7594>.
 [RFC7661]  Fairhurst, G., Sathiaseelan, A., and R. Secchi, "Updating
            TCP to Support Rate-Limited Traffic", RFC 7661,
            DOI 10.17487/RFC7661, October 2015,
            <https://www.rfc-editor.org/info/rfc7661>.
 [RFC7680]  Almes, G., Kalidindi, S., Zekauskas, M., and A. Morton,
            Ed., "A One-Way Loss Metric for IP Performance Metrics
            (IPPM)", STD 82, RFC 7680, DOI 10.17487/RFC7680, January
            2016, <https://www.rfc-editor.org/info/rfc7680>.
 [RFC7799]  Morton, A., "Active and Passive Metrics and Methods (with
            Hybrid Types In-Between)", RFC 7799, DOI 10.17487/RFC7799,
            May 2016, <https://www.rfc-editor.org/info/rfc7799>.
 [AFD]      Pan, R., Breslau, L., Prabhakar, B., and S. Shenker,
            "Approximate fairness through differential dropping", ACM
            SIGCOMM Computer Communication Review, Volume 33, Issue 2,
            DOI 10.1145/956981.956985, April 2003.
 [CCscaling]
            Paganini, F., Doyle, J., and S. Low, "Scalable laws for
            stable network congestion control", Proceedings of IEEE
            Conference on Decision and Control,,
            DOI 10.1109/CDC.2001.980095, December 2001.

Mathis & Morton Experimental [Page 49] RFC 8337 Model-Based Metrics March 2018

 [CVST]     Krueger, T. and M. Braun, "R package: Fast Cross-
            Validation via Sequential Testing", version 0.1, 11 2012.
 [iPerf]    Wikipedia, "iPerf", November 2017,
            <https://en.wikipedia.org/w/
            index.php?title=Iperf&oldid=810583885>.
 [MBMSource]
            "mbm", July 2016, <https://github.com/m-lab/MBM>.
 [Montgomery90]
            Montgomery, D., "Introduction to Statistical Quality
            Control", 2nd Edition, ISBN 0-471-51988-X, 1990.
 [mpingSource]
            "mping", July 2016, <https://github.com/m-lab/mping>.
 [MSMO97]   Mathis, M., Semke, J., Mahdavi, J., and T. Ott, "The
            Macroscopic Behavior of the TCP Congestion Avoidance
            Algorithm", Computer Communications Review, Volume 27,
            Issue 3, DOI 10.1145/263932.264023, July 1997.
 [Pathdiag] Mathis, M., Heffner, J., O'Neil, P., and P. Siemsen,
            "Pathdiag: Automated TCP Diagnosis", Passive and Active
            Network Measurement, Lecture Notes in Computer Science,
            Volume 4979, DOI 10.1007/978-3-540-79232-1_16, 2008.
 [Policing] Flach, T., Papageorge, P., Terzis, A., Pedrosa, L., Cheng,
            Y., Karim, T., Katz-Bassett, E., and R. Govindan, "An
            Internet-Wide Analysis of Traffic Policing", Proceedings
            of ACM SIGCOMM, DOI 10.1145/2934872.2934873, August 2016.
 [RACK]     Cheng, Y., Cardwell, N., Dukkipati, N., and P. Jha, "RACK:
            a time-based fast loss detection algorithm for TCP", Work
            in Progress, draft-ietf-tcpm-rack-03, March 2018.
 [Rtool]    R Development Core Team, "R: A language and environment
            for statistical computing", R Foundation for Statistical
            Computing, Vienna, Austria, ISBN 3-900051-07-0, 2011,
            <http://www.R-project.org/>.
 [TSO_fq_pacing]
            Dumazet, E. and Y. Chen, "TSO, fair queuing, pacing:
            three's a charm", Proceedings of IETF 88, TCPM WG,
            November 2013,
            <https://www.ietf.org/proceedings/88/slides/
            slides-88-tcpm-9.pdf>.

Mathis & Morton Experimental [Page 50] RFC 8337 Model-Based Metrics March 2018

 [TSO_pacing]
            Corbet, J., "TSO sizing and the FQ scheduler", August
            2013, <https://lwn.net/Articles/564978/>.
 [Wald45]   Wald, A., "Sequential Tests of Statistical Hypotheses",
            The Annals of Mathematical Statistics, Volume 16, Number
            2, pp. 117-186, June 1945,
            <http://www.jstor.org/stable/2235829>.
 [wikiBloat]
            Wikipedia, "Bufferbloat", January 2018,
            <https://en.wikipedia.org/w/
            index.php?title=Bufferbloat&oldid=819293377>.
 [WPING]    Mathis, M., "Windowed Ping: An IP Level Performance
            Diagnostic", Computer Networks and ISDN Systems, Volume
            27, Issue 3, DOI 10.1016/0169-7552(94)90119-8, June 1994.

Mathis & Morton Experimental [Page 51] RFC 8337 Model-Based Metrics March 2018

Appendix A. Model Derivations

 The reference target_run_length described in Section 5.2 is based on
 very conservative assumptions: that all excess data in flight (i.e.,
 the window size) above the target_window_size contributes to a
 standing queue that raises the RTT and that classic Reno congestion
 control with delayed ACKs is in effect.  In this section we provide
 two alternative calculations using different assumptions.
 It may seem out of place to allow such latitude in a measurement
 method, but this section provides offsetting requirements.
 The estimates provided by these models make the most sense if network
 performance is viewed logarithmically.  In the operational Internet,
 data rates span more than eight orders of magnitude, RTT spans more
 than three orders of magnitude, and packet loss ratio spans at least
 eight orders of magnitude if not more.  When viewed logarithmically
 (as in decibels), these correspond to 80 dB of dynamic range.  On an
 80 dB scale, a 3 dB error is less than 4% of the scale, even though
 it represents a factor of 2 in untransformed parameter.
 This document gives a lot of latitude for calculating
 target_run_length; however, people designing a TIDS should consider
 the effect of their choices on the ongoing tussle about the relevance
 of "TCP friendliness" as an appropriate model for Internet capacity
 allocation.  Choosing a target_run_length that is substantially
 smaller than the reference target_run_length specified in Section 5.2
 strengthens the argument that it may be appropriate to abandon "TCP
 friendliness" as the Internet fairness model.  This gives developers
 incentive and permission to develop even more aggressive applications
 and protocols, for example, by increasing the number of connections
 that they open concurrently.

A.1. Queueless Reno

 In Section 5.2, models were derived based on the assumption that the
 subpath IP rate matches the target rate plus overhead, such that the
 excess window needed for the AIMD sawtooth causes a fluctuating queue
 at the bottleneck.
 An alternate situation would be a bottleneck where there is no
 significant queue and losses are caused by some mechanism that does
 not involve extra delay, for example, by the use of a virtual queue
 as done in Approximate Fair Dropping [AFD].  A flow controlled by
 such a bottleneck would have a constant RTT and a data rate that
 fluctuates in a sawtooth due to AIMD congestion control.  Assume the

Mathis & Morton Experimental [Page 52] RFC 8337 Model-Based Metrics March 2018

 losses are being controlled to make the average data rate meet some
 goal that is equal to or greater than the target_rate.  The necessary
 run length to meet the target_rate can be computed as follows:
 For some value of Wmin, the window will sweep from Wmin packets to
 2*Wmin packets in 2*Wmin RTT (due to delayed ACK).  Unlike the
 queuing case where Wmin = target_window_size, we want the average of
 Wmin and 2*Wmin to be the target_window_size, so the average data
 rate is the target rate.  Thus, we want Wmin =
 (2/3)*target_window_size.
 Between losses, each sawtooth delivers (1/2)(Wmin+2*Wmin)(2Wmin)
 packets in 2*Wmin RTTs.
 Substituting these together, we get:
 target_run_length = (4/3)(target_window_size^2)
 Note that this is 44% of the reference_run_length computed earlier.
 This makes sense because under the assumptions in Section 5.2, the
 AMID sawtooth caused a queue at the bottleneck, which raised the
 effective RTT by 50%.

Appendix B. The Effects of ACK Scheduling

 For many network technologies, simple queuing models don't apply: the
 network schedules, thins, or otherwise alters the timing of ACKs and
 data, generally to raise the efficiency of the channel allocation
 algorithms when confronted with relatively widely spaced small ACKs.
 These efficiency strategies are ubiquitous for half-duplex, wireless,
 and broadcast media.
 Altering the ACK stream by holding or thinning ACKs typically has two
 consequences: it raises the implied bottleneck IP capacity, making
 the fine-grained slowstart bursts either faster or larger, and it
 raises the effective RTT by the average time that the ACKs and data
 are delayed.  The first effect can be partially mitigated by
 re-clocking ACKs once they are beyond the bottleneck on the return
 path to the sender; however, this further raises the effective RTT.
 The most extreme example of this sort of behavior would be a half-
 duplex channel that is not released as long as the endpoint currently
 holding the channel has more traffic (data or ACKs) to send.  Such
 environments cause self-clocked protocols under full load to revert
 to extremely inefficient stop-and-wait behavior.  The channel
 constrains the protocol to send an entire window of data as a single

Mathis & Morton Experimental [Page 53] RFC 8337 Model-Based Metrics March 2018

 contiguous burst on the forward path, followed by the entire window
 of ACKs on the return path.  (A channel with this behavior would fail
 the Duplex Self-Interference Test described in Section 8.2.4).
 If a particular return path contains a subpath or device that alters
 the timing of the ACK stream, then the entire front path from the
 sender up to the bottleneck must be tested at the burst parameters
 implied by the ACK scheduling algorithm.  The most important
 parameter is the implied bottleneck IP capacity, which is the average
 rate at which the ACKs advance snd.una.  Note that thinning the ACK
 stream (relying on the cumulative nature of seg.ack to permit
 discarding some ACKs) causes most TCP implementations to send
 interface rate bursts to offset the longer times between ACKs in
 order to maintain the average data rate.
 Note that due to ubiquitous self-clocking in Internet protocols,
 ill-conceived channel allocation mechanisms are likely to increases
 the queuing stress on the front path because they cause larger full
 sender rate data bursts.
 Holding data or ACKs for channel allocation or other reasons (such as
 forward error correction) always raises the effective RTT relative to
 the minimum delay for the path.  Therefore, it may be necessary to
 replace target_RTT in the calculation in Section 5.2 by an
 effective_RTT, which includes the target_RTT plus a term to account
 for the extra delays introduced by these mechanisms.

Mathis & Morton Experimental [Page 54] RFC 8337 Model-Based Metrics March 2018

Acknowledgments

 Ganga Maguluri suggested the statistical test for measuring loss
 probability in the target run length.  Alex Gilgur and Merry Mou
 helped with the statistics.
 Meredith Whittaker improved the clarity of the communications.
 Ruediger Geib provided feedback that greatly improved the document.
 This work was inspired by Measurement Lab: open tools running on an
 open platform, using open tools to collect open data.  See
 <http://www.measurementlab.net/>.

Authors' Addresses

 Matt Mathis
 Google, Inc
 1600 Amphitheatre Parkway
 Mountain View, CA  94043
 United States of America
 Email: mattmathis@google.com
 Al Morton
 AT&T Labs
 200 Laurel Avenue South
 Middletown, NJ  07748
 United States of America
 Phone: +1 732 420 1571
 Email: acmorton@att.com

Mathis & Morton Experimental [Page 55]

/data/webs/external/dokuwiki/data/pages/rfc/rfc8337.txt · Last modified: 2018/03/16 00:08 by 127.0.0.1

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki