Network Working Group                                         S. Bensley
Internet-Draft                                                 Microsoft
Intended status: Informational                                 L. Eggert
Expires: January 8, 2016                                          NetApp
                                                               D. Thaler
                                                      P. Balasubramanian
                                                                 G. Judd
                                                          Morgan Stanley
                                                            July 7, 2015

                  Microsoft's Datacenter TCP (DCTCP):
                 TCP Congestion Control for Datacenters


   This memo describes Datacenter TCP (DCTCP), an improvement to TCP
   congestion control for datacenter traffic.  DCTCP uses improved
   Explicit Congestion Notification (ECN) processing to estimate the
   fraction of bytes that encounter congestion, rather than simply
   detecting that some congestion has occurred.  DCTCP then scales the
   TCP congestion window based on this estimate.  This method achieves
   high burst tolerance, low latency, and high throughput with shallow-
   buffered switches.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 8, 2016.

Bensley, et al.          Expires January 8, 2016                [Page 1]

Internet-Draft                    DCTCP                        July 2015

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   4
   3.  DCTCP Algorithm . . . . . . . . . . . . . . . . . . . . . . .   4
     3.1.  Marking Congestion on the Switch  . . . . . . . . . . . .   4
     3.2.  Echoing Congestion Information on the Receiver  . . . . .   4
     3.3.  Processing Congestion Indications on the Sender . . . . .   5
     3.4.  Handling of SYN, SYN-ACK, RST Packets . . . . . . . . . .   7
   4.  Implementation Issues . . . . . . . . . . . . . . . . . . . .   7
   5.  Deployment Issues . . . . . . . . . . . . . . . . . . . . . .   8
   6.  Known Issues  . . . . . . . . . . . . . . . . . . . . . . . .   9
   7.  Implementation Status . . . . . . . . . . . . . . . . . . . .  10
   8.  Security Considerations . . . . . . . . . . . . . . . . . . .  10
   9.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  10
   10. Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  10
   11. References  . . . . . . . . . . . . . . . . . . . . . . . . .  11
     11.1.  Normative References . . . . . . . . . . . . . . . . . .  11
     11.2.  Informative References . . . . . . . . . . . . . . . . .  11
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  12

1.  Introduction

   Large datacenters necessarily need a large number of network switches
   to interconnect the servers in the datacenter.  Therefore, a
   datacenter can greatly reduce its capital expenditure by leveraging
   low cost switches.  However, low cost switches tend to have limited
   queue capacities and thus are more susceptible to packet loss due to

   Network traffic in the datacenter is often a mix of short and long
   flows, where the short flows require low latency and the long flows
   require high throughput.  Datacenters also experience incast bursts,

Bensley, et al.          Expires January 8, 2016                [Page 2]

Internet-Draft                    DCTCP                        July 2015

   where many endpoints send traffic to a single server at the same
   time.  For example, this is a natural consequence of MapReduce
   algorithms.  The worker nodes complete at approximately the same
   time, and all reply to the master node concurrently.

   These factors place some conflicting demands on the queue occupancy
   of a switch:

   o  The queue must be short enough that it does not impose excessive
      latency on short flows.

   o  The queue must be long enough to buffer sufficient data for the
      long flows to saturate the path bandwidth.

   o  The queue must be short enough to absorb incast bursts without
      excessive packet loss.

   Standard TCP congestion control [RFC5681] relies on segment loss to
   detect congestion.  This does not meet the demands described above.
   First, the short flows will start to experience unacceptable
   latencies before packet loss occurs.  Second, by the time TCP
   congestion control kicks in on the sender, most of the incast burst
   has already been dropped.

   [RFC3168] describes a mechanism for using Explicit Congestion
   Notification (ECN) from the switch for early detection of congestion,
   rather than waiting for segment loss to occur.  However, this method
   only detects the presence of congestion, not the extent.  In the
   presence of mild congestion, the TCP congestion window is reduced too
   aggressively and unnecessarily affects the throughput of long flows.

   Datacenter TCP (DCTCP) improvises upon traditional ECN processing by
   estimating the fraction of bytes that encounter congestion, rather
   than simply detecting that some congestion has occurred.  DCTCP then
   scales the TCP congestion window based on this estimate.  This method
   achieves high burst tolerance, low latency, and high throughput with
   shallow-buffered switches.

   It is recommended that DCTCP be deployed in a datacenter environment
   where the endpoints and the switching fabric are under a single
   administrative domain.  Deployment issues around coexistence of DCTCP
   and conventional TCP, and lack of a negotiating mechanism between
   sender and receiver, and possible mitigations are also discussed.

Bensley, et al.          Expires January 8, 2016                [Page 3]

Internet-Draft                    DCTCP                        July 2015

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in [RFC2119].

3.  DCTCP Algorithm

   There are three components involved in the DCTCP algorithm:

   o  The switch (or other intermediate device on the network) detects
      congestion and sets the Congestion Encountered (CE) codepoint in
      the IP header.

   o  The receiver echoes the congestion information back to the sender
      using the ECN-Echo (ECE) flag in the TCP header.

   o  The sender reacts to the congestion indication by reducing the TCP
      congestion window (cwnd).

3.1.  Marking Congestion on the Switch

   The switch indicates congestion to the end nodes by setting the CE
   codepoint in the IP header as specified in Section 5 of [RFC3168].
   For example, the switch may be configured with a congestion
   threshold.  When a packet arrives at the switch and its queue length
   is greater than the congestion threshold, the switch sets the CE
   codepoint in the packet.  For example, Section 3.4 of [DCTCP10]
   suggests threshold marking with a threshold K > (RTT * C)/7, where C
   is the sending rate in packets per second.  However, the actual
   algorithm for marking congestion is an implementation detail of the
   switch and will generally not be known to the sender and receiver.
   Therefore, sender and receiver MUST NOT assume that a particular
   marking algorithm is implemented by the switching fabric.

3.2.  Echoing Congestion Information on the Receiver

   According to Section 6.1.3 of [RFC3168], the receiver sets the ECE
   flag if any of the packets being acknowledged had the CE code point
   set.  The receiver then continues to set the ECE flag until it
   receives a packet with the Congestion Window Reduced (CWR) flag set.
   However, the DCTCP algorithm requires more detailed congestion
   information.  In particular, the sender must be able to determine the
   number of sent bytes that encountered congestion.  Thus, the scheme
   described in [RFC3168] does not suffice.

   One possible solution is to ACK every packet and set the ECE flag in
   the ACK if and only if the CE code point was set in the packet being

Bensley, et al.          Expires January 8, 2016                [Page 4]

Internet-Draft                    DCTCP                        July 2015

   acknowledged.  However, this prevents the use of delayed ACKs, which
   are an important performance optimization in datacenters.

   Instead, DCTCP introduces a new Boolean TCP state variable, DCTCP
   Congestion Encountered (DCTCP.CE), which is initialized to false and
   stored in the Transmission Control Block (TCB).  When sending an ACK,
   the ECE flag MUST be set if and only if DCTCP.CE is true.  When
   receiving packets, the CE codepoint MUST be processed as follows:

   1.  If the CE codepoint is set and DCTCP.CE is false, send an ACK for
       any previously unacknowledged packets and set DCTCP.CE to true.

   2.  If the CE codepoint is not set and DCTCP.CE is true, send an ACK
       for any previously unacknowledged packets and set DCTCP.CE to

   3.  Otherwise, ignore the CE codepoint.

3.3.  Processing Congestion Indications on the Sender

   The sender estimates the fraction of sent bytes that encountered
   congestion.  The current estimate is stored in a new TCP state
   variable, DCTCP.Alpha, which is initialized to 1 and MUST be updated
   as follows:

      DCTCP.Alpha = DCTCP.Alpha * (1 - g) + g * M


   o  g is the estimation gain, a real number between 0 and 1.  The
      selection of g is left to the implementation.  See Section 4 for
      further considerations.

   o  M is the fraction of sent bytes that encountered congestion during
      the previous observation window, where the observation window is
      chosen to be approximately the Round Trip Time (RTT).  In
      particular, an observation window ends when all the sent bytes in
      flight at the beginning of the window have been acknowledged.

   In order to update DCTCP.Alpha, the TCP state variables defined in
   [RFC0793] are used, and three additional TCP state variables are

   o  DCTCP.WindowEnd: The TCP sequence number threshold for beginning a
      new observation window; initialized to SND.UNA.

   o  DCTCP.BytesSent: The number of bytes sent during the current
      observation window; initialized to zero.

Bensley, et al.          Expires January 8, 2016                [Page 5]

Internet-Draft                    DCTCP                        July 2015

   o  DCTCP.BytesMarked: The number of bytes sent during the current
      observation window that encountered congestion; initialized to

   The congestion estimator on the sender MUST process acceptable ACKs
   as follows:

   1.  Compute the bytes acknowledged (TCP SACK options [RFC2018] are

          BytesAcked = SEG.ACK - SND.UNA

   2.  Update the bytes sent:

          DCTCP.BytesSent += BytesAcked

   3.  If the ECE flag is set, update the bytes marked:

          DCTCP.BytesMarked += BytesAcked

   4.  If the sequence number is less than or equal to DCTCP.WindowEnd,
       then stop processing.  Otherwise, the end of the observation
       window was reached, so proceed to update the congestion estimate
       as follows:

   5.  Compute the congestion level for the current observation window:

          M = DCTCP.BytesMarked / DCTCP.BytesSent

   6.  Update the congestion estimate:

          DCTCP.Alpha = DCTCP.Alpha * (1 - g) + g * M

   7.  Determine the end of the next observation window:

          DCTCP.WindowEnd = SND.NXT

   8.  Reset the byte counters:

          DCTCP.BytesSent = DCTCP.BytesMarked = 0

   Rather than always halving the congestion window as described in
   [RFC3168], when the sender receives an indication of congestion
   (ECE), the sender MUST update cwnd as follows:

      cwnd = cwnd * (1 - DCTCP.Alpha / 2)

Bensley, et al.          Expires January 8, 2016                [Page 6]

Internet-Draft                    DCTCP                        July 2015

   Thus, when no sent byte experienced congestion, DCTCP.Alpha equals
   zero, and cwnd is left unchanged.  When all sent bytes experienced
   congestion, DCTCP.Alpha equals one, and cwnd is reduced by half.
   Lower levels of congestion will result in correspondingly smaller
   reductions to cwnd.

   Just as specified in [RFC3168], TCP should not react to congestion
   indications more than once every window of data.  The setting of the
   "Congestion Window Reduced" (CWR) bit is also exactly as per

3.4.  Handling of SYN, SYN-ACK, RST Packets

   [RFC3168] requires that compliant TCP MUST NOT set ECT on SYN or SYN-
   ACK packets.  [RFC5562] proposes setting ECT on SYN-ACK packets, but
   maintains the restriction of no ECT on SYN packets.  Both these RFCs
   prohibit ECT in SYN packets due to security concerns regarding
   malicious SYN packets with ECT set.  These RFCs, however, are
   intended for general Internet use, and do not directly apply to a
   controlled datacenter deployment.  The switching fabric can drop TCP
   packets that do not have the ECT set in the IP header.  If SYN and
   SYN-ACK packets for DCTCP connections are non-ECT they will be
   dropped with high probability.  For DCTCP connections the sender
   SHOULD set ECT for SYN, SYN-ACK and RST packets.

4.  Implementation Issues

   As noted in Section 3.3, the implementation must choose a suitable
   estimation gain.  [DCTCP10] provides a theoretical basis for
   selecting the gain.  However, it may be more practical to use
   experimentation to select a suitable gain for a particular network
   and workload.  The Microsoft implementation of DCTCP in Windows
   Server 2012 uses a fixed estimation gain of 1/16.

   The implementation must also decide when to use DCTCP.  Datacenter
   servers may need to communicate with endpoints outside the
   datacenter, where DCTCP is unsuitable or unsupported.  Thus, a global
   configuration setting to enable DCTCP will generally not suffice.
   DCTCP may be configured based on the IP address of the remote
   endpoint.  Microsoft Windows Server 2012 also supports automatic
   selection of DCTCP if the estimated RTT is less than 10 msec and ECN
   is successfully negotiated, under the assumption that if the RTT is
   low, then the two endpoints are likely on the same datacenter

   To prevent incast throughput collapse the minimum RTO (MinRTO) used
   by TCP should be lowered significantly.  The default value of MinRTO
   in Windows is 300 msec which is much greater than the maximum

Bensley, et al.          Expires January 8, 2016                [Page 7]

Internet-Draft                    DCTCP                        July 2015

   latencies inside a datacenter.  Server 2012 onwards the MinRTO value
   is configurable allowing values as low as 10 msec on a per subnet or
   per TCP port basis or even globally.  A lower MinRTO value requires
   corresponding a lower delayed ACK timeout on the receiver.  It is
   recommended that the implementation allow configuration of lower
   timeouts for DCTCP connections.

   In the same vein, it is also recommended that the implementation
   allow configuration of restarting the cwnd of idle DCTCP connections
   as described in [RFC5681] since network conditions change rapidly in
   the datacenter.  The implementation can also allow configuration for
   discarding the value of DCTCP.Alpha after cwnd restart and timeouts.

   [RFC3168] forbids the ECN-marking of pure ACK packets because of the
   inability of TCP to mitigate ACK-path congestion and protocol-wise
   preferential treatment by routers.  However dropping pure ACKs rather
   than ECN marking them is disadvantageous in traffic scenarios typical
   in the datacenter.  Because of the prevalence of bursty traffic
   patterns which involve transient congestion, the dropping of ACKS
   causes subsequent retransmission.  It is recommended that the
   implementation a configuration knob that forces ECT on TCP pure ACK

5.  Deployment Issues

   DCTCP and conventional TCP congestion control does not coexist well.
   In DCTCP, the marking threshold is set very low value to reduce
   queueing delay, thus a relatively small amount of congestion will
   exceed the marking threshold.  During such periods of congestion,
   conventional TCP will suffer packet losses and quickly scale back
   cwnd.  DCTCP, on the other hand, will use the fraction of marked
   packets to scale back cwnd.  Thus rate reduction in DCTCP will be
   much lower than that of conventional TCP, and DCTCP traffic will
   dominate conventional TCP traffic traversing the same link.  Hence if
   the traffic in the datacenter is a mix of conventional TCP and DCTCP,
   it is recommended that DCTCP traffic be segregated from conventional
   TCP traffic.  [MORGANSTANLEY] describes a deployment that uses IP
   DSCP bits where AQM is applied to DCTCP traffic, while TCP traffic is
   managed via drop-tail queueing.

   Today's commodity switches allow configuration of a different
   marking/drop profile for non-TCP and non-IP packets.  Non-TCP and
   non-IP packets should be able to pass through the switch unless the
   switch is really out of buffers.  If the traffic in the datacenter
   consists of such traffic (including UDP), one possible mitigation
   would be to mark IP packets as ECT even when there is no transport
   that is reacting to the marking.

Bensley, et al.          Expires January 8, 2016                [Page 8]

Internet-Draft                    DCTCP                        July 2015

   Since DCTCP relies on congestion marking by the switch, DCTCP can
   only be deployed in datacenters where the network infrastructure
   supports ECN.  The switches may also support configuration of the
   congestion threshold used for marking.  The proposed parameterization
   can be configured with switches that implement RED.  [DCTCP10]
   provides a theoretical basis for selecting the congestion threshold,
   but as with estimation gain, it may be more practical to rely on
   experimentation or simply to use the default configuration of the
   device.  DCTCP will degrade to loss-based congestion control when
   transiting a congested drop-tail link.

   DCTCP requires changes on both the sender and the receiver, so both
   endpoints must support DCTCP.  Furthermore, DCTCP provides no
   mechanism for negotiating its use, so both endpoints must be
   configured through some out-of-band mechanism to use DCTCP.  A
   variant of DCTCP that can be deployed unilaterally and only requires
   standard ECN behavior has been described in [ODCTCP][BSDCAN], but
   requires additional experimental evaluation.

6.  Known Issues

   DCTCP relies on the sender's ability to reconstruct the stream of CE
   codepoints received by the remote endpoint.  To accomplish this,
   DCTCP avoids using a single ACK packet to acknowledge segments
   received both with and without the CE codepoint set.  However, if one
   or more ACK packets are dropped, it is possible that a subsequent ACK
   will cumulatively acknowledge a mix of CE and non-CE segments.  This
   will, of course, result in a less accurate congestion estimate.
   There are some potential mitigations:

   o  Even with a degraded congestion estimate, DCTCP may still perform
      better than [RFC3168].

   o  If the estimation gain is small relative to the packet loss rate,
      the estimate may not be degraded much.

   o  If packet losses mostly occur under heavy congestion, most drops
      will occur during an unbroken string of CE packets, and the
      estimate will be unaffected.

   However, the affect of packet drops on DCTCP under real world
   conditions has not been analyzed.

   DCTCP provides no mechanism for negotiating its use.  Thus, there is
   additional management and configuration overhead required to ensure
   that DCTCP is not used with non-DCTCP endpoints.  The affect of using
   DCTCP with a standard ECN endpoint has been analyzed in
   [ODCTCP][BSDCAN].  Furthermore, it is possible that other

Bensley, et al.          Expires January 8, 2016                [Page 9]

Internet-Draft                    DCTCP                        July 2015

   implementations may also modify [RFC3168] behavior without
   negotiation, causing further interoperability issues.

   Much like standard TCP, DCTCP is biased against flows with longer
   RTTs.  A method for improving the fairness of DCTCP has been proposed
   in [ADCTCP], but requires additional experimental evaluation.

7.  Implementation Status

   This section documents the implementation status of the specification
   in this document, as recommended by [RFC6982].

   This document describes DCTCP as implemented in Microsoft Windows
   Server 2012.  Since publication of the first versions of this
   document, the Linux [LINUX] and FreeBSD [FREEBSD] operating systems
   have also implemented support for DCTCP in a way that is believed to
   follow this document.

8.  Security Considerations

   DCTCP enhances ECN and thus inherits the security considerations
   discussed in [RFC3168].  The processing changes introduced by DCTCP
   do not exacerbate these considerations or introduce new ones.  In
   particular, with either algorithm, the network infrastructure or the
   remote endpoint can falsely report congestion and thus cause the
   sender to reduce cwnd.  However, this is no worse than what can be
   achieved by simply dropping packets.

9.  IANA Considerations

   This document has no actions for IANA.

10.  Acknowledgements

   The DCTCP algorithm was originally proposed and analyzed in [DCTCP10]
   by Mohammad Alizadeh, Albert Greenberg, Dave Maltz, Jitu Padhye,
   Parveen Patel, Balaji Prabhakar, Sudipta Sengupta, and Murari

   Lars Eggert has received funding from the European Union's Horizon
   2020 research and innovation program 2014-2018 under grant agreement
   No. 644866 ("SSICLOPS").  This document reflects only the authors'
   views and the European Commission is not responsible for any use that
   may be made of the information it contains.

Bensley, et al.          Expires January 8, 2016               [Page 10]

Internet-Draft                    DCTCP                        July 2015

11.  References

11.1.  Normative References

   [RFC0793]  Postel, J., "Transmission Control Protocol", STD 7, RFC
              793, September 1981.

   [RFC2018]  Mathis, M., Mahdavi, J., Floyd, S., and A. Romanow, "TCP
              Selective Acknowledgment Options", RFC 2018, October 1996.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC3168]  Ramakrishnan, K., Floyd, S., and D. Black, "The Addition
              of Explicit Congestion Notification (ECN) to IP", RFC
              3168, September 2001.

11.2.  Informative References

   [RFC5681]  Allman, M., Paxson, V., and E. Blanton, "TCP Congestion
              Control", RFC 5681, September 2009.

   [RFC5562]  Kuzmanovic, A., Mondal, A., Floyd, S., and K.
              Ramakrishnan, "Adding Explicit Congestion Notification
              (ECN) Capability to TCP's SYN/ACK Packets", RFC 5562, June

   [RFC6982]  Sheffer, Y. and A. Farrel, "Improving Awareness of Running
              Code: The Implementation Status Section", RFC 6982, July

   [DCTCP10]  Alizadeh, M., Greenberg, A., Maltz, D., Padhye, J., Patel,
              P., Prabhakar, B., Sengupta, S., and M. Sridharan, "Data
              Center TCP (DCTCP)", Proc. ACM SIGCOMM 2010 Conference
              (SIGCOMM 10), August 2010,

   [ODCTCP]   Kato, M., "Improving Transmission Performance with One-
              Sided Datacenter TCP", M.S. Thesis, Keio University, 2014,

   [BSDCAN]   Kato, M., Eggert, L., Zimmermann, A., van Meter, R., and
              H. Tokuda, "Extensions to FreeBSD Datacenter TCP for
              Incremental Deployment Support", BSDCan 2015, June 2015,

Bensley, et al.          Expires January 8, 2016               [Page 11]

Internet-Draft                    DCTCP                        July 2015

   [ADCTCP]   Alizadeh, M., Javanmard, A., and B. Prabhakar, "Analysis
              of DCTCP: Stability, Convergence, and Fairness", Proc. ACM
              SIGMETRICS Joint International Conference on Measurement
              and Modeling of Computer Systems (SIGMETRICS 11), June
              2011, <>.

   [LINUX]    Borkmann, D. and F. Westphal, "Linux DCTCP patch", 2014,

   [FREEBSD]  Kato, M. and H. Panchasara, "DCTCP (Data Center TCP)
              implementation", 2015,

              Judd, G., "Attaining the Promise and Avoiding the Pitfalls
              of TCP in the Datacenter", Proc. 12th USENIX Symposium on
              Networked Systems Design and Implementation (NSDI 15), May
              2015, <

Authors' Addresses

   Stephen Bensley
   One Microsoft Way
   Redmond, WA  98052

   Phone: +1 425 703 5570

   Lars Eggert
   Sonnenallee 1
   Kirchheim  85551

   Phone: +49 151 120 55791

Bensley, et al.          Expires January 8, 2016               [Page 12]

Internet-Draft                    DCTCP                        July 2015

   Dave Thaler

   Phone: +1 425 703 8835

   Praveen Balasubramanian

   Phone: +1 425 538 2782

   Glenn Judd
   Morgan Stanley

   Phone: +1 973 979 6481

Bensley, et al.          Expires January 8, 2016               [Page 13]