Model Based Metrics for Bulk Transport Capacity
draft-ietf-ippm-model-based-metrics-13

IP Performance Working Group                                   M. Mathis
Internet-Draft                                               Google, Inc
Intended status: Experimental                                  A. Morton
Expires: March 19, 2018                                        AT&T Labs
                                                      September 15, 2017


            Model Based Metrics for Bulk Transport Capacity
               draft-ietf-ippm-model-based-metrics-12.txt

Abstract

   We introduce a new class of Model Based Metrics designed to assess if
   a complete Internet path can be expected to meet a predefined Target
   Transport Performance by applying a suite of IP diagnostic tests to
   successive subpaths.  The subpath-at-a-time tests can be robustly
   applied to critical infrastructure, such as network interconnections
   or even individual devices, to accurately detect if any part of the
   infrastructure will prevent paths traversing it from meeting the
   Target Transport Performance.

   Model Based Metrics rely on mathematical models to specify a Targeted
   Suite of IP Diagnostic tests, designed to assess whether common
   transport protocols can be expected to meet a predetermined Target
   Transport Performance over an Internet path.

   For Bulk Transport Capacity the IP diagnostics are built using test
   streams and statistical criteria for evaluating the packet transfer
   that mimic TCP over the complete path.  The temporal structure of the
   test stream (bursts, etc) mimic TCP or other transport protocol
   carrying bulk data over a long path.  However they are constructed to
   be independent of the details of the subpath under test, end systems
   or applications.  Likewise the success criteria evaluates the packet
   transfer statistics of the subpath against criteria determined by
   protocol performance models applied to the Target Transport
   Performance of the complete path.  The success criteria also does not
   depend on the details of the subpath, end systems or application.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.




Mathis & Morton          Expires March 19, 2018                 [Page 1]


Internet-Draft             Model Based Metrics            September 2017


   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on March 19, 2018.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
     1.1.  Version Control . . . . . . . . . . . . . . . . . . . . .   5
   2.  Overview  . . . . . . . . . . . . . . . . . . . . . . . . . .   8
   3.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .  10
   4.  Background  . . . . . . . . . . . . . . . . . . . . . . . . .  17
     4.1.  TCP properties  . . . . . . . . . . . . . . . . . . . . .  18
     4.2.  Diagnostic Approach . . . . . . . . . . . . . . . . . . .  20
     4.3.  New requirements relative to RFC 2330 . . . . . . . . . .  21
   5.  Common Models and Parameters  . . . . . . . . . . . . . . . .  22
     5.1.  Target End-to-end parameters  . . . . . . . . . . . . . .  22
     5.2.  Common Model Calculations . . . . . . . . . . . . . . . .  23
     5.3.  Parameter Derating  . . . . . . . . . . . . . . . . . . .  24
     5.4.  Test Preconditions  . . . . . . . . . . . . . . . . . . .  24
   6.  Generating test streams . . . . . . . . . . . . . . . . . . .  25
     6.1.  Mimicking slowstart . . . . . . . . . . . . . . . . . . .  26
     6.2.  Constant window pseudo CBR  . . . . . . . . . . . . . . .  27
     6.3.  Scanned window pseudo CBR . . . . . . . . . . . . . . . .  28
     6.4.  Concurrent or channelized testing . . . . . . . . . . . .  29
   7.  Interpreting the Results  . . . . . . . . . . . . . . . . . .  30
     7.1.  Test outcomes . . . . . . . . . . . . . . . . . . . . . .  30
     7.2.  Statistical criteria for estimating run_length  . . . . .  31
     7.3.  Reordering Tolerance  . . . . . . . . . . . . . . . . . .  34
   8.  IP Diagnostic Tests . . . . . . . . . . . . . . . . . . . . .  34
     8.1.  Basic Data Rate and Packet Transfer Tests . . . . . . . .  35



Mathis & Morton          Expires March 19, 2018                 [Page 2]


Internet-Draft             Model Based Metrics            September 2017


       8.1.1.  Delivery Statistics at Paced Full Data Rate . . . . .  35
       8.1.2.  Delivery Statistics at Full Data Windowed Rate  . . .  35
       8.1.3.  Background Packet Transfer Statistics Tests . . . . .  35
     8.2.  Standing Queue Tests  . . . . . . . . . . . . . . . . . .  36
       8.2.1.  Congestion Avoidance  . . . . . . . . . . . . . . . .  37
       8.2.2.  Bufferbloat . . . . . . . . . . . . . . . . . . . . .  37
       8.2.3.  Non excessive loss  . . . . . . . . . . . . . . . . .  38
       8.2.4.  Duplex Self Interference  . . . . . . . . . . . . . .  38
     8.3.  Slowstart tests . . . . . . . . . . . . . . . . . . . . .  39
       8.3.1.  Full Window slowstart test  . . . . . . . . . . . . .  39
       8.3.2.  Slowstart AQM test  . . . . . . . . . . . . . . . . .  39
     8.4.  Sender Rate Burst tests . . . . . . . . . . . . . . . . .  40
     8.5.  Combined and Implicit Tests . . . . . . . . . . . . . . .  41
       8.5.1.  Sustained Bursts Test . . . . . . . . . . . . . . . .  41
       8.5.2.  Passive Measurements  . . . . . . . . . . . . . . . .  42
   9.  An Example  . . . . . . . . . . . . . . . . . . . . . . . . .  43
     9.1.  Observations about applicability  . . . . . . . . . . . .  44
   10. Validation  . . . . . . . . . . . . . . . . . . . . . . . . .  44
   11. Security Considerations . . . . . . . . . . . . . . . . . . .  46
   12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .  46
   13. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  47
   14. Informative References  . . . . . . . . . . . . . . . . . . .  47
   Appendix A.  Model Derivations  . . . . . . . . . . . . . . . . .  51
     A.1.  Queueless Reno  . . . . . . . . . . . . . . . . . . . . .  51
   Appendix B.  The effects of ACK scheduling  . . . . . . . . . . .  52
   Appendix C.  Version Control  . . . . . . . . . . . . . . . . . .  53
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  53

1.  Introduction

   Model Based Metrics (MBM) rely on peer-reviewed mathematical models
   to specify a Targeted Suite of IP Diagnostic tests, designed to
   assess whether common transport protocols can be expected to meet a
   predetermined Target Transport Performance over an Internet path.
   This note describes the modeling framework to derive the test
   parameters for assessing an Internet path's ability to support a
   predetermined Bulk Transport Capacity.

   Each test in the Targeted IP Diagnostic Suite (TIDS) measures some
   aspect of IP packet transfer needed to meet the Target Transport
   Performance.  For Bulk Transport Capacity the TIDS includes IP
   diagnostic tests to verify that there is: sufficient IP capacity
   (data rate); sufficient queue space at bottlenecks to absorb and
   deliver typical transport bursts; and that the background packet loss
   ratio is low enough not to interfere with congestion control; and
   other properties described below.  Unlike typical IPPM metrics which
   yield measures of network properties, Model Based Metrics nominally
   yield pass/fail evaluations of the ability of standard transport



Mathis & Morton          Expires March 19, 2018                 [Page 3]


Internet-Draft             Model Based Metrics            September 2017


   protocols to meet the specific performance objective over some
   network path.

   In most cases, the IP diagnostic tests can be implemented by
   combining existing IPPM metrics with additional controls for
   generating test streams having a specified temporal structure (bursts
   or standing queues caused by constant bit rate streams, etc.) and
   statistical criteria for evaluating packet transfer.  The temporal
   structure of the test streams mimic transport protocol behavior over
   the complete path; the statistical criteria models the transport
   protocol's response to less than ideal IP packet transfer.  In
   control theory terms, the tests are "open loop".  Note that running a
   test requires the coordinated activity of sending and receiving
   measurement points.

   This note addresses Bulk Transport Capacity.  It describes an
   alternative to the approach presented in "A Framework for Defining
   Empirical Bulk Transfer Capacity Metrics" [RFC3148].  Other Model
   Based Metrics may cover other applications and transports, such as
   VoIP over UDP and RTP, and new transport protocols.

   This note assumes a traditional Reno TCP style self clocked, window
   controlled transport protocol that uses packet loss and ECN CE marks
   for congestion feedback.  There are currently some experimental
   protocols and congestion control algorithms that are rate based or
   otherwise fall outside of these assumptions.  In the future these new
   protocols and algorithms may call for revised models.

   The MBM approach, mapping Target Transport Performance to a Targeted
   IP Diagnostic Suite (TIDS) of IP tests, solves some intrinsic
   problems with using TCP or other throughput maximizing protocols for
   measurement.  In particular all throughput maximizing protocols (and
   TCP congestion control in particular) cause some level of congestion
   in order to detect when they have reached the available capacity
   limitation of the network.  This self inflicted congestion obscures
   the network properties of interest and introduces non-linear dynamic
   equilibrium behaviors that make any resulting measurements useless as
   metrics because they have no predictive value for conditions or paths
   different than that of the measurement itself.  In order to prevent
   these effects it is necessary to avoid the effects of TCP congestion
   control in the measurement method.  These issues are discussed at
   length in Section 4.  Readers whom are unfamiliar with basic
   properties of TCP and TCP-like congestion control may find it easier
   to start at Section 4 or Section 4.1.

   A Targeted IP Diagnostic Suite does not have such difficulties.  IP
   diagnostics can be constructed such that they make strong statistical
   statements about path properties that are independent of the



Mathis & Morton          Expires March 19, 2018                 [Page 4]


Internet-Draft             Model Based Metrics            September 2017


   measurement details, such as vantage and choice of measurement
   points.

1.1.  Version Control

   RFC Editor: Please remove this entire subsection prior to
   publication.

   REF Editor: The reference to draft-ietf-tcpm-rack is to attribute an
   idea.  This document should not block waiting for the completion of
   that one.

   Please send comments about this draft to ippm@ietf.org.  See
   http://goo.gl/02tkD for more information including: interim drafts,
   an up to date todo list and information on contributing.

   Formatted: Fri Sep 15 11:14:13 PDT 2017

   Changes since -11 draft:

   o  (From IESG review comments.)
   o  Ben Campbell: Shorten the Abstract.
   o  Mirja Kuhlewind: Reduced redundancy.  (See message)
   o  MK: Mention open loop in the introduction.
   o  MK: Spelled out ECN and reference RFC3168.
   o  MK: Added a paragraph to the introduction about assuming a
      traditional self clocked, window controlled transport protocol.
   o  MK: Added language about initial window to the list at about
      bursts at the end of section 4.1.
   o  MK: Network power is defined in the terminology section.
   o  MK: The introduction mention coordinated activity of both
      endpoints.
   o  MK: The security section restates that some of the tests are not
      intended for frequent monitoring tests as the high load can impact
      other traffic negatively.
   o  MK: Restored "Informative References" section name.
   o  And a few minor nits.

   Changes since -10 draft:

   o  A few more nits from various sources.
   o  (From IETF LC review comments.)
   o  David Mandelberg: design metrics to prevent DDOS.
   o  From Robert Sparks:

      *  Remove all legacy 2119 language.
      *  Fixed Xr notation inconsistency.
      *  Adjusted abstract: tests are only partially specified.



Mathis & Morton          Expires March 19, 2018                 [Page 5]


Internet-Draft             Model Based Metrics            September 2017


      *  Avoid rather than suppress the effects of congestion control
      *  Removed the unnecessary, excessively abstract and unclear
         thought about IP vs TCP measurements.
      *  Changed "thwarted" to "not fulfilled".
      *  Qualified language about burst models.
      *  Replaced "infinitesimal" with other language.
      *  Added citations for the reordering strawman.
      *  Pointed out that pseudo CBR tests depend on self clock.
      *  Fixed some run on sentences.
   o  Update language to reflect RFC7567, AQM recommendations.
   o  Suggestion from Merry Mou (MIT)

   Changes since -09 draft:

   o  Five last minute editing nits.

   Changes since -08 draft:

   o  Language, spelling and usage nits.
   o  Expanded the abstract describe the models.
   o  Remove superfluous standards like language
   o  Remove superfluous "future technology" language.
   o  Interconnects -> network interconnections.
   o  Added more labels to Figure 1.
   o  Defined Bulk Transport.
   o  Clarified "implied bottleneck IP capacity"
   o  Clarified the history of the BTC metrics.
   o  Clarified stochastic vs non-stochastic test traffic generation.
   o  Reworked Fig 2 and 6.1 "Mimicking slowstart"
   o  Described the unsynchronized parallel stream failure case.
   o  Discussed how to measure devices that use virtual queues.
   o  Changed section 8.5.2 (Streaming Media) to be Passive
      Measurements.

   Changes since -07 draft:

   o  Sharpened the use of "statistical criteria"
   o  Sharpened the definition of test_window, and removed related
      redundant text in several places
   o  Clarified "equilibrium" as "dynamic equilibrium, similar to
      processes observed in chemistry"
   o  Properly explained "Heisenberg" as "observer effect"
   o  Added the observation from RFC 6576 that HW and SW congestion
      control implementations do not generally give the same results.
   o  Noted that IP and application metrics differ as to how overhead is
      handled.  MBM is explicit about how it handles overhead.
   o  Clarified the language and added a new reference about the
      problems caused by token bucket policers.



Mathis & Morton          Expires March 19, 2018                 [Page 6]


Internet-Draft             Model Based Metrics            September 2017


   o  Added an subsection in the example that comments on some of issues
      that need to be mentioned in a future usage or applicability doc.
   o  Updated ippm-2680-bis to RFC7680
   o  Many terminology, punctuation and spelling nits.

   Changes since -06 draft:

   o  More language nits:

      *  "Targeted IP Diagnostic Suite (TIDS)" replaces "Targeted
         Diagnostic Suite (TDS)".
      *  "implied bottleneck IP capacity" replaces "implied bottleneck
         IP rate".
      *  Updated to ECN CE Marks.
      *  Added "specified temporal structure"
      *  "test stream" replaces "test traffic"
      *  "packet transfer" replaces "packet delivery"
      *  Reworked discussion of slowstart, bursts and pacing.
      *  RFC 7567 replaces RFC 2309.

   Changes since -05 draft:

   o  Wordsmithing on sections overhauled in -05 draft.
   o  Reorganized the document:

      *  Relocated subsection "Preconditions".
      *  Relocated subsection "New Requirements relative to RFC 2330".
   o  Addressed nits and not so nits by Ruediger Geib.  (Thanks!)
   o  Substantially tightened the entire definitions section.
   o  Many terminology changes, to better conform to other docs :

      *  IP rate and IP capacity (following RFC 5136) replaces various
         forms of link data rate.
      *  subpath replaces link.
      *  target_window_size replaces target_pipe_size.
      *  implied bottleneck IP rate replaces effective bottleneck link
         rate.
      *  Packet delivery statistics replaces delivery statistics.

   Changes since -04 draft:

   o  The introduction was heavily overhauled: split into a separate
      introduction and overview.
   o  The new shorter introduction:

      *  Is a problem statement;
      *  This document provides a framework;
      *  That it replaces TCP measurement by IP tests;



Mathis & Morton          Expires March 19, 2018                 [Page 7]


Internet-Draft             Model Based Metrics            September 2017


      *  That the results are pass/fail.
   o  Added a diagram of the framework to the overview
   o  and introduces all of the elements of the framework.
   o  Renumbered sections, reducing the depth of some section numbers.
   o  Updated definitions to better agree with other documents:

      *  Reordered section 2
      *  Bulk [data] performance -> Bulk Transport Capacity, everywhere
         including the title.
      *  loss rate and loss probability -> packet loss ratio
      *  end-to-end path -> complete path
      *  [end-to-end][target] performance -> Target Transport
         Performance
      *  load test -> capacity test

2.  Overview

   This document describes a modeling framework for deriving a Targeted
   IP Diagnostic Suite from a predetermined Target Transport
   Performance.  It is not a complete specification, and relies on other
   standards documents to define important details such as packet Type-P
   selection, sampling techniques, vantage selection, etc.  We imagine
   Fully Specified - Targeted IP Diagnostic Suites (FS-TIDS), that
   define all of these details.  We use Targeted IP Diagnostic Suite
   (TIDS) to refer to the subset of such a specification that is in
   scope for this document.  This terminology is defined in Section 3.

   Section 4 describes some key aspects of TCP behavior and what they
   imply about the requirements for IP packet transfer.  Most of the IP
   diagnostic tests needed to confirm that the path meets these
   properties can be built on existing IPPM metrics, with the addition
   of statistical criteria for evaluating packet transfer and in a few
   cases, new mechanisms to implement the required temporal structure.
   (One group of tests, the standing queue tests described in
   Section 8.2, don't correspond to existing IPPM metrics, but suitable
   new IPPM metrics can be patterned after the existing definitions.)

   Figure 1 shows the MBM modeling and measurement framework.  The
   Target Transport Performance, at the top of the figure, is determined
   by the needs of the user or application, outside the scope of this
   document.  For Bulk Transport Capacity, the main performance
   parameter of interest is the Target Data Rate.  However, since TCP's
   ability to compensate for less than ideal network conditions is
   fundamentally affected by the Round Trip Time (RTT) and the Maximum
   Transmission Unit (MTU) of the complete path, these parameters must
   also be specified in advance based on knowledge about the intended
   application setting.  They may reflect a specific application over a
   real path through the Internet or an idealized application and



Mathis & Morton          Expires March 19, 2018                 [Page 8]


Internet-Draft             Model Based Metrics            September 2017


   hypothetical path representing a typical user community.  Section 5
   describes the common parameters and models derived from the Target
   Transport Performance.

               Target Transport Performance
     (Target Data Rate, Target RTT and Target MTU)
                            |
                    ________V_________
                    |  mathematical  |
                    |     models     |
                    |                |
                    ------------------
   Traffic parameters |            | Statistical criteria
                      |            |
               _______V____________V____Targeted_______
              |       |   * * *    | Diagnostic Suite  |
         _____|_______V____________V________________   |
       __|____________V____________V______________  |  |
       |           IP diagnostic tests            | |  |
       |              |            |              | |  |
       | _____________V__        __V____________  | |  |
       | |   traffic    |        |   Delivery  |  | |  |
       | |   pattern    |        |  Evaluation |  | |  |
       | |  generation  |        |             |  | |  |
       | -------v--------        ------^--------  | |  |
       |   |    v    test stream via   ^      |   | |--
       |   |  -->======================>--    |   | |
       |   |       subpath under test         |   |-
       ----V----------------------------------V--- |
           | |  |                             | |  |
           V V  V                             V V  V
       fail/inconclusive            pass/fail/inconclusive
   (traffic generation status)           (test result)

   Overall Modeling Framework

                                 Figure 1

   Mathematical TCP models are used to determine Traffic parameters and
   subsequently to design traffic patterns that mimic TCP or other
   transport protocol delivering bulk data and operating at the Target
   Data Rate, MTU and RTT over a full range of conditions, including
   flows that are bursty at multiple time scales.  The traffic patterns
   are generated based on the three Target parameters of complete path
   and independent of the properties of individual subpaths using the
   techniques described in Section 6.  As much as possible the test
   streams are generated deterministically (precomputed) to minimize the
   extent to which test methodology, measurement points, measurement



Mathis & Morton          Expires March 19, 2018                 [Page 9]


Internet-Draft             Model Based Metrics            September 2017


   vantage or path partitioning affect the details of the measurement
   traffic.

   Section 7 describes packet transfer statistics and methods to test
   them against the statistical criteria provided by the mathematical
   models.  Since the statistical criteria typically apply to the
   complete path (a composition of subpaths) [RFC6049], in situ testing
   requires that the end-to-end statistical criteria be apportioned as
   separate criteria for each subpath.  Subpaths that are expected to be
   bottlenecks would then be permitted to contribute a larger fraction
   of the end-to-end packet loss budget.  In compensation, subpaths that
   are not expected to exhibit bottlenecks must be constrained to
   contribute less packet loss.  Thus the statistical criteria for each
   subpath in each test of a TIDS is an apportioned share of the end-to-
   end statistical criteria for the complete path which was determined
   by the mathematical model.

   Section 8 describes the suite of individual tests needed to verify
   all of required IP delivery properties.  A subpath passes if and only
   if all of the individual IP diagnostic tests pass.  Any subpath that
   fails any test indicates that some users are likely to fail to attain
   their Target Transport Performance under some conditions.  In
   addition to passing or failing, a test can be deemed to be
   inconclusive for a number of reasons including: the precomputed
   traffic pattern was not accurately generated; the measurement results
   were not statistically significant; and others such as failing to
   meet some required test preconditions.  If all tests pass but some
   are inconclusive, then the entire suite is deemed to be inconclusive.

   In Section 9 we present an example TIDS that might be representative
   of High Definition (HD) video, and illustrate how Model Based Metrics
   can be used to address difficult measurement situations, such as
   confirming that inter-carrier exchanges have sufficient performance
   and capacity to deliver HD video between ISPs.

   Since there is some uncertainty in the modeling process, Section 10
   describes a validation procedure to diagnose and minimize false
   positive and false negative results.

3.  Terminology

   Terms containing underscores (rather than spaces) appear in equations
   and typically have algorithmic definitions.

   General Terminology:

   Target:  A general term for any parameter specified by or derived
      from the user's application or transport performance requirements.



Mathis & Morton          Expires March 19, 2018                [Page 10]


Internet-Draft             Model Based Metrics            September 2017


   Target Transport Performance:  Application or transport performance
      target values for the complete path.  For Bulk Transport Capacity
      defined in this note the Target Transport Performance includes the
      Target Data Rate, Target RTT and Target MTU as described below.
   Target Data Rate:  The specified application data rate required for
      an application's proper operation.  Conventional Bulk Transport
      Capacity (BTC) metrics are focused on the Target Data Rate,
      however these metrics had little or no predictive value because
      they do not consider the effects of the other two parameters of
      the Target Transport Performance, the RTT and MTU of the complete
      paths.
   Target RTT (Round Trip Time):  The specified baseline (minimum) RTT
      of the longest complete path over which the user expects to be
      able to meet the target performance.  TCP and other transport
      protocol's ability to compensate for path problems is generally
      proportional to the number of round trips per second.  The Target
      RTT determines both key parameters of the traffic patterns (e.g.
      burst sizes) and the thresholds on acceptable IP packet transfer
      statistics.  The Target RTT must be specified considering
      appropriate packets sizes: MTU sized packets on the forward path,
      ACK sized packets (typically header_overhead) on the return path.
      Note that Target RTT is specified and not measured, MBM
      measurements derived for a given target_RTT will be applicable to
      any path with a smaller RTTs.
   Target MTU (Maximum Transmission Unit):  The specified maximum MTU
      supported by the complete path the over which the application
      expects to meet the target performance.  In this document assume a
      1500 Byte MTU unless otherwise specified.  If some subpath has a
      smaller MTU, then it becomes the Target MTU for the complete path,
      and all model calculations and subpath tests must use the same
      smaller MTU.
   Targeted IP Diagnostic Suite (TIDS):  A set of IP diagnostic tests
      designed to determine if an otherwise ideal complete path
      containing the subpath under test can sustain flows at a specific
      target_data_rate using target_MTU sized packets when the RTT of
      the complete path is target_RTT.
   Fully Specified Targeted IP Diagnostic Suite (FS-TIDS):  A TIDS
      together with additional specification such as measurement packet
      type ("type-p" [RFC2330]), etc. which are out of scope for this
      document, but need to be drawn from other standards documents.
   Bulk Transport Capacity:  Bulk Transport Capacity Metrics evaluate an
      Internet path's ability to carry bulk data, such as large files,
      streaming (non-real time) video, and under some conditions, web
      images and other content.  Prior efforts to define BTC metrics
      have been based on [RFC3148], which predates our understanding of
      TCP and the requirements described in Section 4.  In general "Bulk
      Transport" indicates that performance is determined by the
      interplay between the network, cross traffic and congestion



Mathis & Morton          Expires March 19, 2018                [Page 11]


Internet-Draft             Model Based Metrics            September 2017


      control in the transport protocol.  It excludes situations where
      performance is dominated by the RTT alone (e.g. transactions) or
      bottlenecks elsewhere, such as in the application itself.
   IP diagnostic tests:  Measurements or diagnostics to determine if
      packet transfer statistics meet some precomputed target.
   traffic patterns:  The temporal patterns or burstiness of traffic
      generated by applications over transport protocols such as TCP.
      There are several mechanisms that cause bursts at various time
      scales as described in Section 4.1.  Our goal here is to mimic the
      range of common patterns (burst sizes and rates, etc), without
      tying our applicability to specific applications, implementations
      or technologies, which are sure to become stale.
   Explicit Congestion Notification (ECN):  See [RFC3168].
   packet transfer statistics:  Raw, detailed or summary statistics
      about packet transfer properties of the IP layer including packet
      losses, ECN Congestion Experienced (CE) marks, reordering, or any
      other properties that may be germane to transport performance.
   packet loss ratio:  As defined in [RFC7680].
   apportioned:  To divide and allocate, for example budgeting packet
      loss across multiple subpaths such that the losses will accumulate
      to less than a specified end-to-end loss ratio.  Apportioning
      metrics is essentially the inverse of the process described in
      [RFC5835].
   open loop:  A control theory term used to describe a class of
      techniques where systems that naturally exhibit circular
      dependencies can be analyzed by suppressing some of the
      dependencies, such that the resulting dependency graph is acyclic.

   Terminology about paths, etc.  See [RFC2330] and [RFC7398] for
   existing terms and definitions.

   data sender:  Host sending data and receiving ACKs.
   data receiver:  Host receiving data and sending ACKs.
   complete path:  The end-to-end path from the data sender to the data
      receiver.
   subpath:  A portion of the complete path.  Note that there is no
      requirement that subpaths be non-overlapping.  A subpath can be a
      small as a single device, link or interface.
   measurement point:  Measurement points as described in [RFC7398].
   test path:  A path between two measurement points that includes a
      subpath of the complete path under test.  If the measurement
      points are off path, the test path may include "test leads"
      between the measurement points and the subpath.
   dominant bottleneck:  The bottleneck that generally determines most
      of packet transfer statistics for the entire path.  It typically
      determines a flow's self clock timing, packet loss and ECN
      Congestion Experienced (CE) marking rate, with other potential




Mathis & Morton          Expires March 19, 2018                [Page 12]


Internet-Draft             Model Based Metrics            September 2017


      bottlenecks having less effect on the packet transfer statistics.
      See Section 4.1 on TCP properties.
   front path:  The subpath from the data sender to the dominant
      bottleneck.
   back path:  The subpath from the dominant bottleneck to the receiver.
   return path:  The path taken by the ACKs from the data receiver to
      the data sender.
   cross traffic:  Other, potentially interfering, traffic competing for
      network resources (bandwidth and/or queue capacity).

   Properties determined by the complete path and application.  These
   are described in more detail in Section 5.1.

   Application Data Rate:  General term for the data rate as seen by the
      application above the transport layer in bytes per second.  This
      is the payload data rate, and explicitly excludes transport and
      lower level headers (TCP/IP or other protocols), retransmissions
      and other overhead that is not part to the total quantity of data
      delivered to the application.
   IP rate:  The actual number of IP-layer bytes delivered through a
      subpath, per unit time, including TCP and IP headers, retransmits
      and other TCP/IP overhead.  Follows from IP-type-P Link Usage
      [RFC5136].
   IP capacity:  The maximum number of IP-layer bytes that can be
      transmitted through a subpath, per unit time, including TCP and IP
      headers, retransmits and other TCP/IP overhead.  Follows from IP-
      type-P Link Capacity [RFC5136].
   bottleneck IP capacity:  The IP capacity of the dominant bottleneck
      in the forward path.  All throughput maximizing protocols estimate
      this capacity by observing the IP rate delivered through the
      bottleneck.  Most protocols derive their self clocks from the
      timing of this data.  See Section 4.1 and Appendix B for more
      details.
   implied bottleneck IP capacity:  This is the bottleneck IP capacity
      implied by the ACKs returning from the receiver.  It is determined
      by looking at how much application data the ACK stream at the
      sender reports delivered to the data receiver per unit time at
      various time scales.  If the return path is thinning, batching or
      otherwise altering the ACK timing the implied bottleneck IP
      capacity over short time scales might be substantially larger than
      the bottleneck IP capacity averaged over a full RTT.  Since TCP
      derives its clock from the data delivered through the bottleneck,
      the front path must have sufficient buffering to absorb any data
      bursts at the dimensions (size and IP rate) implied by the ACK
      stream, which are potentially doubled during slowstart.  If the
      return path is not altering the ACK stream, then the implied
      bottleneck IP capacity will be the same as the bottleneck IP
      capacity.  See Section 4.1 and Appendix B for more details.



Mathis & Morton          Expires March 19, 2018                [Page 13]


Internet-Draft             Model Based Metrics            September 2017


   sender interface rate:  The IP rate which corresponds to the IP
      capacity of the data sender's interface.  Due to sender efficiency
      algorithms including technologies such as TCP segmentation offload
      (TSO), nearly all modern servers deliver data in bursts at full
      interface link rate.  Today 1 or 10 Gb/s are typical.
   Header_overhead:  The IP and TCP header sizes, which are the portion
      of each MTU not available for carrying application payload.
      Without loss of generality this is assumed to be the size for
      returning acknowledgments (ACKs).  For TCP, the Maximum Segment
      Size (MSS) is the Target MTU minus the header_overhead.

   Basic parameters common to models and subpath tests are defined here
   are described in more detail in Section 5.2.  Note that these are
   mixed between application transport performance (excludes headers)
   and IP performance (which include TCP headers and retransmissions as
   part of the IP payload).

   Network power:  The observed data rate divided by the observed RTT.
      Network power indicates how effectively a transport protocol is
      filling a network.
   Window [size]:  The total quantity of data carried by packets in-
      flight plus the data represented by ACKs circulating in the
      network is referred to as the window.  See Section 4.1.  Sometimes
      used with other qualifiers (congestion window, cwnd or receiver
      window) to indicate which mechanism is controlling the window.
   pipe size:  A general term for number of packets needed in flight
      (the window size) to exactly fill some network path or subpath.
      It corresponds to the window size which maximizes network power.
      Often used with additional qualifiers to specify which path, or
      under what conditions, etc.
   target_window_size:  The average number of packets in flight (the
      window size) needed to meet the Target Data Rate, for the
      specified Target RTT, and MTU.  It implies the scale of the bursts
      that the network might experience.
   run length:  A general term for the observed, measured, or specified
      number of packets that are (expected to be) delivered between
      losses or ECN Congestion Experienced (CE) marks.  Nominally one
      over the sum of the loss and ECN CE marking probabilities, if
      there are independently and identically distributed.
   target_run_length:  The target_run_length is an estimate of the
      minimum number of non-congestion marked packets needed between
      losses or ECN Congestion Experienced (CE) marks necessary to
      attain the target_data_rate over a path with the specified
      target_RTT and target_MTU, as computed by a mathematical model of
      TCP congestion control.  A reference calculation is shown in
      Section 5.2 and alternatives in Appendix A





Mathis & Morton          Expires March 19, 2018                [Page 14]


Internet-Draft             Model Based Metrics            September 2017


   reference target_run_length:  target_run_length computed precisely by
      the method in Section 5.2.  This is likely to be slightly more
      conservative than required by modern TCP implementations.

   Ancillary parameters used for some tests:

   derating:  Under some conditions the standard models are too
      conservative.  The modeling framework permits some latitude in
      relaxing or "derating" some test parameters as described in
      Section 5.3 in exchange for a more stringent TIDS validation
      procedures, described in Section 10.  Models can be derated by
      including a multiplicative derating factor to make tests less
      stringent.
   subpath_IP_capacity:  The IP capacity of a specific subpath.
   test path:  A subpath of a complete path under test.
   test_path_RTT:  The RTT observed between two measurement points using
      packet sizes that are consistent with the transport protocol.
      This is generally MTU sized packets of the forward path,
      header_overhead sized packets on the return path.
   test_path_pipe:  The pipe size of a test path.  Nominally the
      test_path_RTT times the test path IP_capacity.
   test_window:  The smallest window sufficient to meet or exceed the
      target_rate when operating with a pure self clock over a test
      path.  The test_window is typically given by
      ceiling(target_data_rate*test_path_RTT/(target_MTU-
      header_overhead)) but see the discussion in Appendix B about the
      effects of channel scheduling on RTT.  On some test paths the
      test_window may need to be adjusted slightly to compensate for the
      RTT being inflated by the devices that schedule packets.

   The terminology below is used to define temporal patterns for test
   stream.  These patterns are designed to mimic TCP behavior, as
   described in Section 4.1.

   packet headway:  Time interval between packets, specified from the
      start of one to the start of the next. e.g.  If packets are sent
      with a 1 mS headway, there will be exactly 1000 packets per
      second.
   burst headway:  Time interval between bursts, specified from the
      start of the first packet one burst to the start of the first
      packet of the next burst. e.g.  If 4 packet bursts are sent with a
      1 mS burst headway, there will be exactly 4000 packets per second.
   paced single packets:  Send individual packets at the specified rate
      or packet headway.
   paced bursts:  Send bursts on a timer.  Specify any 3 of: average
      data rate, packet size, burst size (number of packets) and burst
      headway (burst start to start).  By default the bursts are assumed
      to occur at full sender interface rate, such that the packet



Mathis & Morton          Expires March 19, 2018                [Page 15]


Internet-Draft             Model Based Metrics            September 2017


      headway within each burst is the minimum supported by the sender's
      interface.  Under some conditions it is useful to explicitly
      specify the packet headway within each burst.
   slowstart rate:  Mimic TCP slowstart by sending 4 packet paced bursts
      at an average data rate equal to twice the implied bottleneck IP
      capacity (but not more than the sender interface rate).  This is a
      two level burst pattern described in more detail in Section 6.1.
      If the implied bottleneck IP capacity is more than half of the
      sender interface rate, slowstart rate becomes sender interface
      rate.
   slowstart burst:  Mimic one round of TCP slowstart by sending a
      specified number of packets packets in a two level burst pattern
      that resembles slowstart.
   repeated slowstart bursts:  Repeat Slowstart bursts once per
      target_RTT.  For TCP each burst would be twice as large as the
      prior burst, and the sequence would end at the first ECN CE mark
      or lost packet.  For measurement, all slowstart bursts would be
      the same size (nominally target_window_size but other sizes might
      be specified), and the ECN CE marks and lost packets are counted.

   The tests described in this note can be grouped according to their
   applicability.

   Capacity tests:  Capacity tests determine if a network subpath has
      sufficient capacity to deliver the Target Transport Performance.
      As long as the test stream is within the proper envelope for the
      Target Transport Performance, the average packet losses or ECN
      Congestion Experienced (CE) marks must be below the statistical
      criteria computed by the model.  As such, capacity tests reflect
      parameters that can transition from passing to failing as a
      consequence of cross traffic, additional presented load or the
      actions of other network users.  By definition, capacity tests
      also consume significant network resources (data capacity and/or
      queue buffer space), and the test schedules must be balanced by
      their cost.
   Monitoring tests:  Monitoring tests are designed to capture the most
      important aspects of a capacity test, but without presenting
      excessive ongoing load themselves.  As such they may miss some
      details of the network's performance, but can serve as a useful
      reduced-cost proxy for a capacity test, for example to support
      continuous production network monitoring.
   Engineering tests:  Engineering tests evaluate how network algorithms
      (such as AQM and channel allocation) interact with TCP-style self
      clocked protocols and adaptive congestion control based on packet
      loss and ECN Congestion Experienced (CE) marks.  These tests are
      likely to have complicated interactions with cross traffic and
      under some conditions can be inversely sensitive to load.  For
      example a test to verify that an AQM algorithm causes ECN CE marks



Mathis & Morton          Expires March 19, 2018                [Page 16]


Internet-Draft             Model Based Metrics            September 2017


      or packet drops early enough to limit queue occupancy may
      experience a false pass result in the presence of cross traffic.
      It is important that engineering tests be performed under a wide
      range of conditions, including both in situ and bench testing, and
      over a wide variety of load conditions.  Ongoing monitoring is
      less likely to be useful for engineering tests, although sparse in
      situ testing might be appropriate.

4.  Background

   At the time the "Framework for IP Performance Metrics" [RFC2330] was
   published (1998), sound Bulk Transport Capacity (BTC) measurement was
   known to be well beyond our capabilities.  Even when Framework for
   Empirical BTC Metrics [RFC3148] was published, we knew that we didn't
   really understand the problem.  Now, by hindsight we understand why
   assessing BTC is such a hard problem:

   o  TCP is a control system with circular dependencies - everything
      affects performance, including components that are explicitly not
      part of the test (for example, the host processing power is not
      in-scope of path performance tests).
   o  Congestion control is a dynamic equilibrium process, similar to
      processes observed in chemistry and other fields.  The network and
      transport protocols find an operating point which balances between
      opposing forces: the transport protocol pushing harder (raising
      the data rate and/or window) while the network pushes back
      (raising packet loss ratio, RTT and/or ECN CE marks).  By design
      TCP congestion control keeps raising the data rate until the
      network gives some indication that its capacity has been exceeded
      by dropping packets or adding ECN CE marks.  If a TCP sender
      accurately fills a path to its IP capacity, (e.g. the bottleneck
      is 100% utilized), then packet losses and ECN CE marks are mostly
      determined by the TCP sender and how aggressively it seeks
      additional capacity, and not the network itself, since the network
      must send exactly the signals that TCP needs to set its rate.
   o  TCP's ability to compensate for network impairments (such as loss,
      delay and delay variation, outside of those caused by TCP itself)
      is directly proportional to the number of send-ACK round trip
      exchanges per second (i.e. inversely proportional to the RTT).  As
      a consequence an impaired subpath may pass a short RTT local test
      even though it fails when the subpath is extended by an
      effectively perfect network to some larger RTT.
   o  TCP has an extreme form of the Observer Effect (colloquially know
      as the Heisenberg effect).  Measurement and cross traffic interact
      in unknown and ill defined ways.  The situation is actually worse
      than the traditional physics problem where you can at least
      estimate bounds on the relative momentum of the measurement and
      measured particles.  For network measurement you can not in



Mathis & Morton          Expires March 19, 2018                [Page 17]


Internet-Draft             Model Based Metrics            September 2017


      general determine even the order of magnitude of the effect.  It
      is possible to construct measurement scenarios where the
      measurement traffic starves real user traffic, yielding an overly
      inflated measurement.  The inverse is also possible: the user
      traffic can fill the network, such that the measurement traffic
      detects only minimal available capacity.  You can not in general
      determine which scenario might be in effect, so you can not gauge
      the relative magnitude of the uncertainty introduced by
      interactions with other network traffic.
   o  As a consequence of the properties listed above it is difficult,
      if not impossible, for two independent implementations (HW or SW)
      of TCP congestion control to produce equivalent performance
      results [RFC6576] under the same network conditions,

   These properties are a consequence of the dynamic equilibrium
   behavior intrinsic to how all throughput maximizing protocols
   interact with the Internet.  These protocols rely on control systems
   based on estimated network metrics to regulate the quantity of data
   to send into the network.  The packet sending characteristics in turn
   alter the network properties estimated by the control system metrics,
   such that there are circular dependencies between every transmission
   characteristic and every estimated metric.  Since some of these
   dependencies are nonlinear, the entire system is nonlinear, and any
   change anywhere causes a difficult to predict response in network
   metrics.  As a consequence Bulk Transport Capacity metrics have not
   fulfilled the analytic framework envisioned in [RFC2330]

   Model Based Metrics overcome these problems by making the measurement
   system open loop: the packet transfer statistics (akin to the network
   estimators) do not affect the traffic or traffic patterns (bursts),
   which are computed on the basis of the Target Transport Performance.
   A path or subpath meeting the Target Transfer Performance
   requirements would exhibit packet transfer statistics and estimated
   metrics that would not cause the control system to slow the traffic
   below the Target Data Rate.

4.1.  TCP properties

   TCP and other self clocked protocols (e.g.  SCTP) carry the vast
   majority of all Internet data.  Their dominant bulk data transport
   behavior is to have an approximately fixed quantity of data and
   acknowledgments (ACKs) circulating in the network.  The data receiver
   reports arriving data by returning ACKs to the data sender, the data
   sender typically responds by sending approximately the same quantity
   of data back into the network.  The total quantity of data plus the
   data represented by ACKs circulating in the network is referred to as
   the window.  The mandatory congestion control algorithms
   incrementally adjust the window by sending slightly more or less data



Mathis & Morton          Expires March 19, 2018                [Page 18]


Internet-Draft             Model Based Metrics            September 2017


   in response to each ACK.  The fundamentally important property of
   this system is that it is self clocked: The data transmissions are a
   reflection of the ACKs that were delivered by the network, the ACKs
   are a reflection of the data arriving from the network.

   A number of protocol features cause bursts of data, even in idealized
   networks that can be modeled as simple queuing systems.

   During slowstart the IP rate is doubled on each RTT by sending twice
   as much data as was delivered to the receiver during the prior RTT.
   Each returning ACK causes the sender to transmit twice the data the
   ACK reported arriving at the receiver.  For slowstart to be able to
   fill the pipe, the network must be able to tolerate slowstart bursts
   up to the full pipe size inflated by the anticipated window reduction
   on the first loss or ECN CE mark.  For example, with classic Reno
   congestion control, an optimal slowstart has to end with a burst that
   is twice the bottleneck rate for one RTT in duration.  This burst
   causes a queue which is equal to the pipe size (i.e. the window is
   twice the pipe size) so when the window is halved in response to the
   first packet loss, the new window will be the pipe size.

   Note that if the bottleneck IP rate is less that half of the capacity
   of the front path (which is almost always the case), the slowstart
   bursts will not by themselves cause significant queues anywhere else
   along the front path; they primarily exercise the queue at the
   dominant bottleneck.

   Several common efficiency algorithms also cause bursts.  The self
   clock is typically applied to groups of packets: the receiver's
   delayed ACK algorithm generally sends only one ACK per two data
   segments.  Furthermore the modern senders use TCP segmentation
   offload (TSO) to reduce CPU overhead.  The sender's software stack
   builds super sized TCP segments that the TSO hardware splits into MTU
   sized segments on the wire.  The net effect of TSO, delayed ACK and
   other efficiency algorithms is to send bursts of segments at full
   sender interface rate.

   Note that these efficiency algorithms are almost always in effect,
   including during slowstart, such that slowstart typically has a two
   level burst structure.  Section 6.1 describes slowstart in more
   detail.

   Additional sources of bursts include TCP's initial window [RFC6928],
   application pauses, channel allocation mechanisms and network devices
   that schedule ACKs.  Appendix B describes these last two items.  If
   the application pauses (stops reading or writing data) for some
   fraction of an RTT, many TCP implementations catch up to their
   earlier window size by sending a burst of data at the full sender



Mathis & Morton          Expires March 19, 2018                [Page 19]


Internet-Draft             Model Based Metrics            September 2017


   interface rate.  To fill a network with a realistic application, the
   network has to be able to tolerate sender interface rate bursts large
   enough to restore the prior window following application pauses.

   Although the sender interface rate bursts are typically smaller than
   the last burst of a slowstart, they are at a higher IP rate so they
   potentially exercise queues at arbitrary points along the front path
   from the data sender up to and including the queue at the dominant
   bottleneck.  It is known that these bursts can hurt network
   performance, especially in conjunction with other queue pressure,
   however we are not aware of any models for how frequent sender rate
   bursts the network should be able to tolerate at various burst sizes.

   In conclusion, to verify that a path can meet a Target Transport
   Performance, it is necessary to independently confirm that the path
   can tolerate bursts at the scales that can be caused by the above
   mechanisms.  Three cases are believed to be sufficient:

   o  Two level slowstart bursts sufficient to get connections started
      properly.
   o  Ubiquitous sender interface rate bursts caused by efficiency
      algorithms.  We assume 4 packet bursts to be the most common case,
      since it matches the effects of delayed ACK during slowstart.
      These bursts should be assumed not to significantly affect packet
      transfer statistics.
   o  Infrequent sender interface rate bursts that are the maximum of
      the full target_window_size and the initial window size (10
      segments in [RFC6928]).  The Target_run_length may be derated for
      these large fast bursts.

   If a subpath can meet the required packet loss ratio for bursts at
   all of these scales then it has sufficient buffering at all potential
   bottlenecks to tolerate any of the bursts that are likely introduced
   by TCP or other transport protocols.

4.2.  Diagnostic Approach

   A complete path of a given RTT and MTU, which are equal to or smaller
   than the Target RTT and equal to or larger than the Target MTU
   respectively, is expected to be able to attain a specified Bulk
   Transport Capacity when all of the following conditions are met:

   1.  The IP capacity is above the Target Data Rate by sufficient
       margin to cover all TCP/IP overheads.  This can be confirmed by
       the tests described in Section 8.1 or any number of IP capacity
       tests adapted to implement MBM.
   2.  The observed packet transfer statistics are better than required
       by a suitable TCP performance model (e.g.  fewer packet losses or



Mathis & Morton          Expires March 19, 2018                [Page 20]


Internet-Draft             Model Based Metrics            September 2017


       ECN CE marks).  See Section 8.1 or any number of low or fixed
       rate packet loss tests outside of MBM.
   3.  There is sufficient buffering at the dominant bottleneck to
       absorb a slowstart bursts large enough to get the flow out of
       slowstart at a suitable window size.  See Section 8.3.
   4.  There is sufficient buffering in the front path to absorb and
       smooth sender interface rate bursts at all scales that are likely
       to be generated by the application, any channel arbitration in
       the ACK path or any other mechanisms.  See Section 8.4.
   5.  When there is a slowly rising standing queue at the bottleneck
       the onset of packet loss has to be at an appropriate point (time
       or queue depth) and progressive [RFC7567].  See Section 8.2.
   6.  When there is a standing queue at a bottleneck for a shared media
       subpath (e.g. half duplex), there must be a suitable bounds on
       the interaction between ACKs and data, for example due to the
       channel arbitration mechanism.  See Section 8.2.4.

   Note that conditions 1 through 4 require capacity tests for
   validation, and thus may need to be monitored on an ongoing basis.
   Conditions 5 and 6 require engineering tests, which are best
   performed in controlled environments such as a bench test.  They
   won't generally fail due to load, but may fail in the field due to
   configuration errors, etc. and should be spot checked.

   A tool that can perform many of the tests is available from
   [MBMSource].

4.3.  New requirements relative to RFC 2330

   Model Based Metrics are designed to fulfill some additional
   requirements that were not recognized at the time RFC 2330 was
   written [RFC2330].  These missing requirements may have significantly
   contributed to policy difficulties in the IP measurement space.  Some
   additional requirements are:

   o  IP metrics must be actionable by the ISP - they have to be
      interpreted in terms of behaviors or properties at the IP or lower
      layers, that an ISP can test, repair and verify.
   o  Metrics should be spatially composable, such that measures of
      concatenated paths should be predictable from subpaths.
   o  Metrics must be vantage point invariant over a significant range
      of measurement point choices, including off path measurement
      points.  The only requirements on MP selection should be that the
      RTT between the MPs is below some reasonable bound, and that the
      effects of the "test leads" connecting MPs to the subpath under
      test can be can be calibrated out of the measurements.  The latter
      might be be accomplished if the test leads are effectively ideal
      or their properties can be deducted from the measurements between



Mathis & Morton          Expires March 19, 2018                [Page 21]


Internet-Draft             Model Based Metrics            September 2017


      the MPs.  While many of tests require that the test leads have at
      least as much IP capacity as the subpath under test, some do not,
      for example Background Packet Transfer Tests described in
      Section 8.1.3.
   o  Metric measurements should be repeatable by multiple parties with
      no specialized access to MPs or diagnostic infrastructure.  It
      should be possible for different parties to make the same
      measurement and observe the same results.  In particular it is
      specifically important that both a consumer (or their delegate)
      and ISP be able to perform the same measurement and get the same
      result.  Note that vantage independence is key to meeting this
      requirement.

5.  Common Models and Parameters

5.1.  Target End-to-end parameters

   The target end-to-end parameters are the Target Data Rate, Target RTT
   and Target MTU as defined in Section 3.  These parameters are
   determined by the needs of the application or the ultimate end user
   and the complete Internet path over which the application is expected
   to operate.  The target parameters are in units that make sense to
   upper layers: payload bytes delivered to the application, above TCP.
   They exclude overheads associated with TCP and IP headers,
   retransmits and other protocols (e.g.  DNS).  Note that IP-based
   network services include TCP headers and retransmissions as part of
   delivered payload, and this difference is recognized in calculations
   below (header_overhead).

   Other end-to-end parameters defined in Section 3 include the
   effective bottleneck data rate, the sender interface data rate and
   the TCP and IP header sizes.

   The target_data_rate must be smaller than all subpath IP capacities
   by enough headroom to carry the transport protocol overhead,
   explicitly including retransmissions and an allowance for
   fluctuations in TCP's actual data rate.  Specifying a
   target_data_rate with insufficient headroom is likely to result in
   brittle measurements having little predictive value.

   Note that the target parameters can be specified for a hypothetical
   path, for example to construct TIDS designed for bench testing in the
   absence of a real application; or for a live in situ test of
   production infrastructure.

   The number of concurrent connections is explicitly not a parameter to
   this model.  If a subpath requires multiple connections in order to




Mathis & Morton          Expires March 19, 2018                [Page 22]


Internet-Draft             Model Based Metrics            September 2017


   meet the specified performance, that must be stated explicitly and
   the procedure described in Section 6.4 applies.

5.2.  Common Model Calculations

   The Target Transport Performance is used to derive the
   target_window_size and the reference target_run_length.

   The target_window_size, is the average window size in packets needed
   to meet the target_rate, for the specified target_RTT and target_MTU.
   It is given by:

   target_window_size = ceiling( target_rate * target_RTT / ( target_MTU
   - header_overhead ) )

   Target_run_length is an estimate of the minimum required number of
   unmarked packets that must be delivered between losses or ECN
   Congestion Experienced (CE) marks, as computed by a mathematical
   model of TCP congestion control.  The derivation here follows
   [MSMO97], and by design is quite conservative.

   Reference target_run_length is derived as follows: assume the
   subpath_IP_capacity is infinitesimally larger than the
   target_data_rate plus the required header_overhead.  Then
   target_window_size also predicts the onset of queuing.  A larger
   window will cause a standing queue at the bottleneck.

   Assume the transport protocol is using standard Reno style Additive
   Increase, Multiplicative Decrease (AIMD) congestion control [RFC5681]
   (but not Appropriate Byte Counting [RFC3465]) and the receiver is
   using standard delayed ACKs.  Reno increases the window by one packet
   every pipe_size worth of ACKs.  With delayed ACKs this takes 2 Round
   Trip Times per increase.  To exactly fill the pipe, the spacing of
   losses must be no closer than when the peak of the AIMD sawtooth
   reached exactly twice the target_window_size.  Otherwise, the
   multiplicative window reduction triggered by the loss would cause the
   network to be under-filled.  Following [MSMO97] the number of packets
   between losses must be the area under the AIMD sawtooth.  They must
   be no more frequent than every 1 in
   ((3/2)*target_window_size)*(2*target_window_size) packets, which
   simplifies to:

   target_run_length = 3*(target_window_size^2)

   Note that this calculation is very conservative and is based on a
   number of assumptions that may not apply.  Appendix A discusses these
   assumptions and provides some alternative models.  If a different
   model is used, a FS-TIDS must document the actual method for



Mathis & Morton          Expires March 19, 2018                [Page 23]


Internet-Draft             Model Based Metrics            September 2017


   computing target_run_length and ratio between alternate
   target_run_length and the reference target_run_length calculated
   above, along with a discussion of the rationale for the underlying
   assumptions.

   These two parameters, target_window_size and target_run_length,
   directly imply most of the individual parameters for the tests in
   Section 8.

5.3.  Parameter Derating

   Since some aspects of the models are very conservative, the MBM
   framework permits some latitude in derating test parameters.  Rather
   than trying to formalize more complicated models we permit some test
   parameters to be relaxed as long as they meet some additional
   procedural constraints:

   o  The FS-TIDS must document and justify the actual method used to
      compute the derated metric parameters.
   o  The validation procedures described in Section 10 must be used to
      demonstrate the feasibility of meeting the Target Transport
      Performance with infrastructure that just barely passes the
      derated tests.
   o  The validation process for a FS-TIDS itself must be documented is
      such a way that other researchers can duplicate the validation
      experiments.

   Except as noted, all tests below assume no derating.  Tests where
   there is not currently a well established model for the required
   parameters explicitly include derating as a way to indicate
   flexibility in the parameters.

5.4.  Test Preconditions

   Many tests have preconditions which are required to assure their
   validity.  Examples include: the presence or non-presence of cross
   traffic on specific subpaths; negotiating ECN; and appropriate
   preamble packet stream to testing to put reactive network elements
   into the proper states [RFC7312].  If preconditions are not properly
   satisfied for some reason, the tests should be considered to be
   inconclusive.  In general it is useful to preserve diagnostic
   information as to why the preconditions were not met, and any test
   data that was collected even if it is not useful for the intended
   test.  Such diagnostic information and partial test data may be
   useful for improving the test or test procedures themselves.

   It is important to preserve the record that a test was scheduled,
   because otherwise precondition enforcement mechanisms can introduce



Mathis & Morton          Expires March 19, 2018                [Page 24]


Internet-Draft             Model Based Metrics            September 2017


   sampling bias.  For example, canceling tests due to cross traffic on
   subscriber access links might introduce sampling bias in tests of the
   rest of the network by reducing the number of tests during peak
   network load.

   Test preconditions and failure actions must be specified in a FS-
   TIDS.

6.  Generating test streams

   Many important properties of Model Based Metrics, such as vantage
   independence, are a consequence of using test streams that have
   temporal structures that mimic TCP or other transport protocols
   running over a complete path.  As described in Section 4.1, self
   clocked protocols naturally have burst structures related to the RTT
   and pipe size of the complete path.  These bursts naturally get
   larger (contain more packets) as either the Target RTT or Target Data
   Rate get larger, or the Target MTU gets smaller.  An implication of
   these relationships is that test streams generated by running self
   clocked protocols over short subpaths may not adequately exercise the
   queuing at any bottleneck to determine if the subpath can support the
   full Target Transport Performance over the complete path.

   Failing to authentically mimic TCP's temporal structure is part of
   the reason why simple performance tools such as iPerf, netperf, nc,
   etc have the reputation of yielding false pass results over short
   test paths, even when some subpath has a flaw.

   The definitions in Section 3 are sufficient for most test streams.
   We describe the slowstart and standing queue test streams in more
   detail.

   In conventional measurement practice stochastic processes are used to
   eliminate many unintended correlations and sample biases.  However
   MBM tests are designed to explicitly mimic temporal correlations
   caused by network or protocol elements themselves.  Some portions of
   these systems, such as traffic arrival (test scheduling) are
   naturally stochastic.  Other behaviors, such as back-to-back packet
   transmissions, are dominated by implementation specific deterministic
   effects.  Although these behaviors always contain non-deterministic
   elements and might be modeled stochastically, these details typically
   do not contribute significantly to the overall system behavior.
   Furthermore, it is known that real protocols are subject to failures
   caused by network property estimators suffering from bias due to
   correlation in their own traffic.  For example TCP's RTT estimator
   used to determine the Retransmit Time Out (RTO), can be fooled by
   periodic cross traffic or start-stop applications.  For these reasons
   many details of the test streams are specified deterministically.



Mathis & Morton          Expires March 19, 2018                [Page 25]


Internet-Draft             Model Based Metrics            September 2017


   It may prove useful to introduce fine grained noise sources into the
   models used for generating test streams in an update of Model Based
   Metrics, but the complexity is not warranted at the time this
   document was written.

6.1.  Mimicking slowstart

   TCP slowstart has a two level burst structure as shown in Figure 2.
   The fine time structure is caused by efficiency algorithms that
   deliberately batch work (CPU, channel allocation, etc) to better
   amortize certain network and host overheads.  ACKs passing through
   the return path typically cause the sender to transmit small bursts
   of data at full sender interface rate.  For example TCP Segmentation
   Offload (TSO) and Delayed Acknowledgment both contribute to this
   effect.  During slowstart these bursts are at the same headway as the
   returning ACKs, but are typically twice as large (e.g.  having twice
   as much data) as the ACK reported was delivered to the receiver.  Due
   to variations in delayed ACK and algorithms such as Appropriate Byte
   Counting [RFC3465], different pairs of senders and receivers produce
   slightly different burst patterns.  Without loss of generality, we
   assume each ACK causes 4 packet sender interface rate bursts at an
   average headway equal to the ACK headway, and corresponding to
   sending at an average rate equal to twice the effective bottleneck IP
   rate.  Each slowstart burst consists of a series of 4 packet sender
   interface rate bursts such that the total number of packets is the
   current window size (as of the last packet in the burst).

   The coarse time structure is due to each RTT being a reflection of
   the prior RTT.  For real transport protocols, each slowstart burst is
   twice as large (twice the window) as the previous burst but is spread
   out in time by the network bottleneck, such that each successive RTT
   exhibits the same effective bottleneck IP rate.  The slowstart phase
   ends on the first lost packet or ECN mark, which is intended to
   happen after successive slowstart bursts merge in time: the next
   burst starts before the bottleneck queue is fully drained and the
   prior burst is complete.

   For diagnostic tests described below we preserve the fine time
   structure but manipulate the coarse structure of the slowstart bursts
   (burst size and headway) to measure the ability of the dominant
   bottleneck to absorb and smooth slowstart bursts.

   Note that a stream of repeated slowstart bursts has three different
   average rates, depending on the averaging time interval.  At the
   finest time scale (a few packet times at the sender interface) the
   peak of the average IP rate is the same as the sender interface rate;
   at a medium timescale (a few ACK times at the dominant bottleneck)
   the peak of the average IP rate is twice the implied bottleneck IP



Mathis & Morton          Expires March 19, 2018                [Page 26]


Internet-Draft             Model Based Metrics            September 2017


   capacity; and at time scales longer than the target_RTT and when the
   burst size is equal to the target_window_size, the average rate is
   equal to the target_data_rate.  This pattern corresponds to repeating
   the last RTT of TCP slowstart when delayed ACK and sender side byte
   counting are present but without the limits specified in Appropriate
   Byte Counting [RFC3465].


   time ==>    ( - equals one packet)

   Fine time structure of the packet stream:

   ----  ----  ----  ----  ----

   |<>| sender interface rate bursts (typically 3 or 4 packets)
   |<===>| burst headway (from the ACK headway)

   \____repeating sender______/
          rate bursts

   Coarse (RTT level) time structure of the packet stream:

   ----  ----  ----  ----  ----                     ----  ---- ...

   |<========================>| slowstart burst size (from the window)
   |<==============================================>| slowstart headway
                                                       (from the RTT)
   \__________________________/                     \_________ ...
       one slowstart burst                     Repeated slowstart bursts

   Multiple levels of Slowstart Bursts

                                 Figure 2

6.2.  Constant window pseudo CBR

   Implement pseudo constant bit rate by running a standard self clocked
   protocol such as TCP with a fixed window size.  If that window size
   is test_window, the data rate will be slightly above the target_rate.

   Since the test_window is constrained to be an integer number of
   packets, for small RTTs or low data rates there may not be
   sufficiently precise control over the data rate.  Rounding the
   test_window up (as defined above) is likely to result in data rates
   that are higher than the target rate, but reducing the window by one
   packet may result in data rates that are too small.  Also cross
   traffic potentially raises the RTT, implicitly reducing the rate.




Mathis & Morton          Expires March 19, 2018                [Page 27]


Internet-Draft             Model Based Metrics            September 2017


   Cross traffic that raises the RTT nearly always makes the test more
   strenuous (more demanding for the network path).

   Note that Constant window pseudo CBR (and Scanned window pseudo CBR
   in the next section) both rely on a self clock which is at least
   partially derived from the properties of the subnet under test.  This
   introduces the possibility that the subnet under test exhibits
   behaviors such as extreme RTT fluctuations that prevent these
   algorithms from accurately controlling data rates.

   A FS-TIDS specifying a constant window CBR test must explicitly
   indicate under what conditions errors in the data rate cause tests to
   be inconclusive.  Conventional paced measurement traffic may be more
   appropriate for these environments.

6.3.  Scanned window pseudo CBR

   Scanned window pseudo CBR is similar to the constant window CBR
   described above, except the window is scanned across a range of sizes
   designed to include two key events, the onset of queuing and the
   onset of packet loss or ECN CE marks.  The window is scanned by
   incrementing it by one packet every 2*target_window_size delivered
   packets.  This mimics the additive increase phase of standard Reno
   TCP congestion avoidance when delayed ACKs are in effect.  Normally
   the window increases separated by intervals slightly longer than
   twice the target_RTT.

   There are two ways to implement this test: one built by applying a
   window clamp to standard congestion control in a standard protocol
   such as TCP and the other built by stiffening a non-standard
   transport protocol.  When standard congestion control is in effect,
   any losses or ECN CE marks cause the transport to revert to a window
   smaller than the clamp such that the scanning clamp loses control the
   window size.  The NPAD pathdiag tool is an example of this class of
   algorithms [Pathdiag].

   Alternatively a non-standard congestion control algorithm can respond
   to losses by transmitting extra data, such that it maintains the
   specified window size independent of losses or ECN CE marks.  Such a
   stiffened transport explicitly violates mandatory Internet congestion
   control [RFC5681] and is not suitable for in situ testing.  It is
   only appropriate for engineering testing under laboratory conditions.
   The Windowed Ping tool implements such a test [WPING].  The tool
   described in the paper has been updated.[mpingSource]

   The test procedures in Section 8.2 describe how to the partition the
   scans into regions and how to interpret the results.




Mathis & Morton          Expires March 19, 2018                [Page 28]


Internet-Draft             Model Based Metrics            September 2017


6.4.  Concurrent or channelized testing

   The procedures described in this document are only directly
   applicable to single stream measurement, e.g. one TCP connection or
   measurement stream.  In an ideal world, we would disallow all
   performance claims based multiple concurrent streams, but this is not
   practical due to at least two issues.  First, many very high rate
   link technologies are channelized and at last partially pin the flow
   to channel mapping to minimize packet reordering within flows.
   Second, TCP itself has scaling limits.  Although the former problem
   might be overcome through different design decisions, the later
   problem is more deeply rooted.

   All congestion control algorithms that are philosophically aligned
   with the standard [RFC5681] (e.g. claim some level of TCP
   compatibility, friendliness or fairness) have scaling limits, in the
   sense that as a long fast network (LFN) with a fixed RTT and MTU gets
   faster, these congestion control algorithms get less accurate and as
   a consequence have difficulty filling the network [CCscaling].  These
   properties are a consequence of the original Reno AIMD congestion
   control design and the requirement in [RFC5681] that all transport
   protocols have similar responses to congestion.

   There are a number of reasons to want to specify performance in terms
   of multiple concurrent flows, however this approach is not
   recommended for data rates below several megabits per second, which
   can be attained with run lengths under 10000 packets on many paths.
   Since the required run length goes as the square of the data rate, at
   higher rates the run lengths can be unreasonably large, and multiple
   flows might be the only feasible approach.

   If multiple flows are deemed necessary to meet aggregate performance
   targets then this must be stated in both the design of the TIDS and
   in any claims about network performance.  The IP diagnostic tests
   must be performed concurrently with the specified number of
   connections.  For the tests that use bursty test streams, the bursts
   should be synchronized across streams unless there is a priori
   knowledge that the applications have some explicit mechanism to
   stagger their own bursts.  In the absences of an explicit mechanism
   to stagger bursts many network and application artifacts will
   sometimes implicitly synchronize bursts.  A test that does not
   control burst synchronization may be prone to false pass results for
   some applications.








Mathis & Morton          Expires March 19, 2018                [Page 29]


Internet-Draft             Model Based Metrics            September 2017


7.  Interpreting the Results

7.1.  Test outcomes

   To perform an exhaustive test of a complete network path, each test
   of the TIDS is applied to each subpath of the complete path.  If any
   subpath fails any test then a standard transport protocol running
   over the complete path can also be expected to fail to attain the
   Target Transport Performance under some conditions.

   In addition to passing or failing, a test can be deemed to be
   inconclusive for a number of reasons.  Proper instrumentation and
   treatment of inconclusive outcomes is critical to the accuracy and
   robustness of Model Based Metrics.  Tests can be inconclusive if the
   precomputed traffic pattern or data rates were not accurately
   generated; the measurement results were not statistically
   significant; and others causes such as failing to meet some required
   preconditions for the test.  See Section 5.4

   For example consider a test that implements Constant Window Pseudo
   CBR (Section 6.2) by adding rate controls and detailed IP packet
   transfer instrumentation to TCP (e.g.  [RFC4898]).  TCP includes
   built in control systems which might interfere with the sending data
   rate.  If such a test meets the required packet transfer statistics
   (e.g. run length) while failing to attain the specified data rate it
   must be treated as an inconclusive result, because we can not a
   priori determine if the reduced data rate was caused by a TCP problem
   or a network problem, or if the reduced data rate had a material
   effect on the observed packet transfer statistics.

   Note that for capacity tests, if the observed packet transfer
   statistics meet the statistical criteria for failing (accepting
   hypnosis H1 in Section 7.2), the test can can be considered to have
   failed because it doesn't really matter that the test didn't attain
   the required data rate.

   The really important new properties of MBM, such as vantage
   independence, are a direct consequence of opening the control loops
   in the protocols, such that the test stream does not depend on
   network conditions or IP packets received.  Any mechanism that
   introduces feedback between the path's measurements and the test
   stream generation is at risk of introducing nonlinearities that spoil
   these properties.  Any exceptional event that indicates that such
   feedback has happened should cause the test to be considered
   inconclusive.

   One way to view inconclusive tests is that they reflect situations
   where a test outcome is ambiguous between limitations of the network



Mathis & Morton          Expires March 19, 2018                [Page 30]


Internet-Draft             Model Based Metrics            September 2017


   and some unknown limitation of the IP diagnostic test itself, which
   may have been caused by some uncontrolled feedback from the network.

   Note that procedures that attempt to search the target parameter
   space to find the limits on some parameter such as target_data_rate
   are at risk of breaking the location independent properties of Model
   Based Metrics, if any part of the boundary between passing and
   inconclusive or failing results is sensitive to RTT (which is
   normally the case).  For example the maximum data rate for a marginal
   link (e.g.  exhibiting excess errors) is likely to be sensitive to
   the test_path_RTT.  The maximum observed data rate over the test path
   has very little value for predicting the maximum rate over a
   different path.

   One of the goals for evolving TIDS designs will be to keep sharpening
   distinction between inconclusive, passing and failing tests.  The
   criteria for for passing, failing and inconclusive tests must be
   explicitly stated for every test in the TIDS or FS-TIDS.

   One of the goals of evolving the testing process, procedures, tools
   and measurement point selection should be to minimize the number of
   inconclusive tests.

   It may be useful to keep raw packet transfer statistics and ancillary
   metrics [RFC3148] for deeper study of the behavior of the network
   path and to measure the tools themselves.  Raw packet transfer
   statistics can help to drive tool evolution.  Under some conditions
   it might be possible to re-evaluate the raw data for satisfying
   alternate Target Transport Performance.  However it is important to
   guard against sampling bias and other implicit feedback which can
   cause false results and exhibit measurement point vantage
   sensitivity.  Simply applying different delivery criteria based on a
   different Target Transport Performance is insufficient if the test
   traffic patterns (bursts, etc.) does not match the alternate Target
   Transport Performance.

7.2.  Statistical criteria for estimating run_length

   When evaluating the observed run_length, we need to determine
   appropriate packet stream sizes and acceptable error levels for
   efficient measurement.  In practice, can we compare the empirically
   estimated packet loss and ECN Congestion Experienced (CE) marking
   ratios with the targets as the sample size grows?  How large a sample
   is needed to say that the measurements of packet transfer indicate a
   particular run length is present?

   The generalized measurement can be described as recursive testing:
   send packets (individually or in patterns) and observe the packet



Mathis & Morton          Expires March 19, 2018                [Page 31]


Internet-Draft             Model Based Metrics            September 2017


   transfer performance (packet loss ratio or other metric, any marking
   we define).

   As each packet is sent and measured, we have an ongoing estimate of
   the performance in terms of the ratio of packet loss or ECN CE mark
   to total packets (i.e. an empirical probability).  We continue to
   send until conditions support a conclusion or a maximum sending limit
   has been reached.

   We have a target_mark_probability, 1 mark per target_run_length,
   where a "mark" is defined as a lost packet, a packet with ECN CE
   mark, or other signal.  This constitutes the null Hypothesis:

   H0:  no more than one mark in target_run_length =
      3*(target_window_size)^2 packets

   and we can stop sending packets if on-going measurements support
   accepting H0 with the specified Type I error = alpha (= 0.05 for
   example).

   We also have an alternative Hypothesis to evaluate: if performance is
   significantly lower than the target_mark_probability.  Based on
   analysis of typical values and practical limits on measurement
   duration, we choose four times the H0 probability:

   H1:  one or more marks in (target_run_length/4) packets

   and we can stop sending packets if measurements support rejecting H0
   with the specified Type II error = beta (= 0.05 for example), thus
   preferring the alternate hypothesis H1.

   H0 and H1 constitute the Success and Failure outcomes described
   elsewhere in the memo, and while the ongoing measurements do not
   support either hypothesis the current status of measurements is
   inconclusive.

   The problem above is formulated to match the Sequential Probability
   Ratio Test (SPRT) [Wald45] and [Montgomery90].  Note that as
   originally framed the events under consideration were all
   manufacturing defects.  In networking, ECN CE marks and lost packets
   are not defects but signals, indicating that the transport protocol
   should slow down.

   The Sequential Probability Ratio Test also starts with a pair of
   hypothesis specified as above:

   H0:  p0 = one defect in target_run_length
   H1:  p1 = one defect in target_run_length/4



Mathis & Morton          Expires March 19, 2018                [Page 32]


Internet-Draft             Model Based Metrics            September 2017


   As packets are sent and measurements collected, the tester evaluates
   the cumulative defect count against two boundaries representing H0
   Acceptance or Rejection (and acceptance of H1):

   Acceptance line:  Xa = -h1 + s*n
   Rejection line:  Xr = h2 + s*n

   where n increases linearly for each packet sent and

   h1 =  { log((1-alpha)/beta) }/k
   h2 =  { log((1-beta)/alpha) }/k
   k  =  log{ (p1(1-p0)) / (p0(1-p1)) }
   s  =  [ log{ (1-p0)/(1-p1) } ]/k

   for p0 and p1 as defined in the null and alternative Hypotheses
   statements above, and alpha and beta as the Type I and Type II
   errors.

   The SPRT specifies simple stopping rules:

   o  Xa < defect_count(n) < Xr: continue testing
   o  defect_count(n) <= Xa: Accept H0
   o  defect_count(n) >= Xr: Accept H1

   The calculations above are implemented in the R-tool for Statistical
   Analysis [Rtool] , in the add-on package for Cross-Validation via
   Sequential Testing (CVST) [CVST].

   Using the equations above, we can calculate the minimum number of
   packets (n) needed to accept H0 when x defects are observed.  For
   example, when x = 0:

   Xa = 0  = -h1 + s*n
   and  n = h1 / s

   Note that the derivations in [Wald45] and [Montgomery90] differ.
   Montgomery's simplified derivation of SPRT may assume a Bernoulli
   processes, where the packet loss probabilities are independent and
   identically distributed, making the SPRT more accessible.  Wald's
   seminal paper showed that this assumption is not necessary.  It helps
   to remember that the goal of SPRT is not to estimate the value of the
   packet loss rate, but only whether or not the packet loss ratio is
   likely low enough (when we accept the H0 null hypothesis) yielding
   success; or too high (when we accept the H1 alternate hypothesis)
   yielding failure.






Mathis & Morton          Expires March 19, 2018                [Page 33]


Internet-Draft             Model Based Metrics            September 2017


7.3.  Reordering Tolerance

   All tests must be instrumented for packet level reordering [RFC4737].
   However, there is no consensus for how much reordering should be
   acceptable.  Over the last two decades the general trend has been to
   make protocols and applications more tolerant to reordering (see for
   example [RFC4015]), in response to the gradual increase in reordering
   in the network.  This increase has been due to the deployment of
   technologies such as multithreaded routing lookups and Equal Cost
   MultiPath (ECMP) routing.  These techniques increase parallelism in
   network and are critical to enabling overall Internet growth to
   exceed Moore's Law.

   Note that transport retransmission strategies can trade off
   reordering tolerance vs how quickly they can repair losses vs
   overhead from spurious retransmissions.  In advance of new
   retransmission strategies we propose the following strawman:
   Transport protocols should be able to adapt to reordering as long as
   the reordering extent is not more than the maximum of one quarter
   window or 1 mS, whichever is larger.  (These values come from
   experience prototyping Early Retransmit [RFC5827] and related
   algorithms.  They agree with the values being proposed for "RACK: a
   time-based fast loss detection algorithm" [I-D.ietf-tcpm-rack].)
   Within this limit on reorder extent, there should be no bound on
   reordering density.

   By implication, recording which is less than these bounds should not
   be treated as a network impairment.  However [RFC4737] still applies:
   reordering should be instrumented and the maximum reordering that can
   be properly characterized by the test (because of the bound on
   history buffers) should be recorded with the measurement results.

   Reordering tolerance and diagnostic limitations, such as the size of
   the history buffer used to diagnose packets that are way out-of-
   order, must be specified in a FSTIDS.

8.  IP Diagnostic Tests

   The IP diagnostic tests below are organized the technique used to
   generate the test stream as described in Section 6.  All of the
   results are evaluated in accordance with Section 7, possibly with
   additional test specific critera.

   We also introduce some combined tests which are more efficient when
   networks are expected to pass, but conflate diagnostic signatures
   when they fail.





Mathis & Morton          Expires March 19, 2018                [Page 34]


Internet-Draft             Model Based Metrics            September 2017


8.1.  Basic Data Rate and Packet Transfer Tests

   We propose several versions of the basic data rate and packet
   transfer statistics test that differ in how the data rate is
   controlled.  The data can be paced on a timer, or window controlled
   (and self clocked).  The first two tests implicitly confirm that
   sub_path has sufficient raw capacity to carry the target_data_rate.
   They are recommended for relatively infrequent testing, such as an
   installation or periodic auditing process.  The third, background
   packet transfer statistics, is a low rate test designed for ongoing
   monitoring for changes in subpath quality.

8.1.1.  Delivery Statistics at Paced Full Data Rate

   Confirm that the observed run length is at least the
   target_run_length while relying on timer to send data at the
   target_rate using the procedure described in in Section 6.1 with a
   burst size of 1 (single packets) or 2 (packet pairs).

   The test is considered to be inconclusive if the packet transmission
   can not be accurately controlled for any reason.

   RFC 6673 [RFC6673] is appropriate for measuring packet transfer
   statistics at full data rate.

8.1.2.  Delivery Statistics at Full Data Windowed Rate

   Confirm that the observed run length is at least the
   target_run_length while sending at an average rate approximately
   equal to the target_data_rate, by controlling (or clamping) the
   window size of a conventional transport protocol to test_window.

   Since losses and ECN CE marks cause transport protocols to reduce
   their data rates, this test is expected to be less precise about
   controlling its data rate.  It should not be considered inconclusive
   as long as at least some of the round trips reached the full
   target_data_rate without incurring losses or ECN CE marks.  To pass
   this test the network must deliver target_window_size packets in
   target_RTT time without any losses or ECN CE marks at least once per
   two target_window_size round trips, in addition to meeting the run
   length statistical test.

8.1.3.  Background Packet Transfer Statistics Tests

   The background run length is a low rate version of the target target
   rate test above, designed for ongoing lightweight monitoring for
   changes in the observed subpath run length without disrupting users.
   It should be used in conjunction with one of the above full rate



Mathis & Morton          Expires March 19, 2018                [Page 35]


Internet-Draft             Model Based Metrics            September 2017


   tests because it does not confirm that the subpath can support raw
   data rate.

   RFC 6673 [RFC6673] is appropriate for measuring background packet
   transfer statistics.

8.2.  Standing Queue Tests

   These engineering tests confirm that the bottleneck is well behaved
   across the onset of packet loss, which typically follows after the
   onset of queuing.  Well behaved generally means lossless for
   transient queues, but once the queue has been sustained for a
   sufficient period of time (or reaches a sufficient queue depth) there
   should be a small number of losses or ECN CE marks to signal to the
   transport protocol that it should reduce its window or data rate.
   Losses that are too early can prevent the transport from averaging at
   the target_data_rate.  Losses that are too late indicate that the
   queue might not have an appropriate AQM [RFC7567] and as a
   consequence subject to bufferbloat [wikiBloat].  Queues without AQM
   have the potential to inflict excess delays on all flows sharing the
   bottleneck.  Excess losses (more than half of the window) at the
   onset of loss make loss recovery problematic for the transport
   protocol.  Non-linear, erratic or excessive RTT increases suggest
   poor interactions between the channel acquisition algorithms and the
   transport self clock.  All of the tests in this section use the same
   basic scanning algorithm, described here, but score the link or
   subpath on the basis of how well it avoids each of these problems.

   Some network technologies rely on virtual queues or other techniques
   to meter traffic without adding any queuing delay, in which case the
   data rate will vary with the window size all the way up to the onset
   of load induced packet loss or ECN CE marks.  For these technologies,
   the discussion of queuing in Section 6.3 does not apply, but it is
   still necessary to confirm that the onset of losses or ECN CE marks
   be at an appropriate point and progressive.  If the network
   bottleneck does not introduce significant queuing delay, modify the
   procedure described in Section 6.3 to start the scan at a window
   equal to or slightly smaller than the test_window.

   Use the procedure in Section 6.3 to sweep the window across the onset
   of queuing and the onset of loss.  The tests below all assume that
   the scan emulates standard additive increase and delayed ACK by
   incrementing the window by one packet for every 2*target_window_size
   packets delivered.  A scan can typically be divided into three
   regions: below the onset of queuing, a standing queue, and at or
   beyond the onset of loss.





Mathis & Morton          Expires March 19, 2018                [Page 36]


Internet-Draft             Model Based Metrics            September 2017


   Below the onset of queuing the RTT is typically fairly constant, and
   the data rate varies in proportion to the window size.  Once the data
   rate reaches the subpath IP rate, the data rate becomes fairly
   constant, and the RTT increases in proportion to the increase in
   window size.  The precise transition across the start of queuing can
   be identified by the maximum network power, defined to be the ratio
   data rate over the RTT.  The network power can be computed at each
   window size, and the window with the maximum is taken as the start of
   the queuing region.

   If there is random background loss (e.g. bit errors, etc), precise
   determination of the onset of queue induced packet loss may require
   multiple scans.  Above the onset of queuing loss, all transport
   protocols are expected to experience periodic losses determined by
   the interaction between the congestion control and AQM algorithms.
   For standard congestion control algorithms the periodic losses are
   likely to be relatively widely spaced and the details are typically
   dominated by the behavior of the transport protocol itself.  For the
   stiffened transport protocols case (with non-standard, aggressive
   congestion control algorithms) the details of periodic losses will be
   dominated by how the window increase function responds to loss.

8.2.1.  Congestion Avoidance

   A subpath passes the congestion avoidance standing queue test if more
   than target_run_length packets are delivered between the onset of
   queuing (as determined by the window with the maximum network power
   as described above) and the first loss or ECN CE mark.  If this test
   is implemented using a standard congestion control algorithm with a
   clamp, it can be performed in situ in the production internet as a
   capacity test.  For an example of such a test see [Pathdiag].

   For technologies that do not have conventional queues, use the
   test_window in place of the onset of queuing.  i.e. A subpath passes
   the congestion avoidance standing queue test if more than
   target_run_length packets are delivered between start of the scan at
   test_window and the first loss or ECN CE mark.

8.2.2.  Bufferbloat

   This test confirms that there is some mechanism to limit buffer
   occupancy (e.g. that prevents bufferbloat).  Note that this is not
   strictly a requirement for single stream bulk transport capacity,
   however if there is no mechanism to limit buffer queue occupancy then
   a single stream with sufficient data to deliver is likely to cause
   the problems described in [RFC7567], and [wikiBloat].  This may cause
   only minor symptoms for the dominant flow, but has the potential to
   make the subpath unusable for other flows and applications.



Mathis & Morton          Expires March 19, 2018                [Page 37]


Internet-Draft             Model Based Metrics            September 2017


   Pass if the onset of loss occurs before a standing queue has
   introduced more delay than than twice target_RTT, or other well
   defined and specified limit.  Note that there is not yet a model for
   how much standing queue is acceptable.  The factor of two chosen here
   reflects a rule of thumb.  In conjunction with the previous test,
   this test implies that the first loss should occur at a queuing delay
   which is between one and two times the target_RTT.

   Specified RTT limits that are larger than twice the target_RTT must
   be fully justified in the FS-TIDS.

8.2.3.  Non excessive loss

   This test confirms that the onset of loss is not excessive.  Pass if
   losses are equal or less than the increase in the cross traffic plus
   the test stream window increase since the previous RTT.  This could
   be restated as non-decreasing total throughput of the subpath at the
   onset of loss.  (Note that when there is a transient drop in subpath
   throughput and there is not already a standing queue, a subpath that
   passes other queue tests in this document will have sufficient queue
   space to hold one full RTT worth of data).

   Note that token bucket policers will not pass this test, which is as
   intended.  TCP often stumbles badly if more than a small fraction of
   the packets are dropped in one RTT.  Many TCP implementations will
   require a timeout and slowstart to recover their self clock.  Even if
   they can recover from the massive losses the sudden change in
   available capacity at the bottleneck wastes serving and front path
   capacity until TCP can adapt to the new rate [Policing].

8.2.4.  Duplex Self Interference

   This engineering test confirms a bound on the interactions between
   the forward data path and the ACK return path when they share a half
   duplex link.

   Some historical half duplex technologies had the property that each
   direction held the channel until it completely drained its queue.
   When a self clocked transport protocol, such as TCP, has data and
   ACKs passing in opposite directions through such a link, the behavior
   often reverts to stop-and-wait.  Each additional packet added to the
   window raises the observed RTT by two packet times, once as the
   additional packet passes through the data path, and once for the
   additional delay incurred by the ACK waiting on the return path.

   The duplex self interference test fails if the RTT rises by more than
   a fixed bound above the expected queuing time computed from the
   excess window divided by the subpath IP Capacity.  This bound must be



Mathis & Morton          Expires March 19, 2018                [Page 38]


Internet-Draft             Model Based Metrics            September 2017


   smaller than target_RTT/2 to avoid reverting to stop and wait
   behavior. (e.g.  Data packets and ACKs both have to be released at
   least twice per RTT.)

8.3.  Slowstart tests

   These tests mimic slowstart: data is sent at twice the effective
   bottleneck rate to exercise the queue at the dominant bottleneck.

8.3.1.  Full Window slowstart test

   This is a capacity test to confirm that slowstart is not likely to
   exit prematurely.  Send slowstart bursts that are target_window_size
   total packets.

   Accumulate packet transfer statistics as described in Section 7.2 to
   score the outcome.  Pass if it is statistically significant that the
   observed number of good packets delivered between losses or ECN CE
   marks is larger than the target_run_length.  Fail if it is
   statistically significant that the observed interval between losses
   or ECN CE marks is smaller than the target_run_length.

   It is deemed inconclusive if the elapsed time to send the data burst
   is not less than half of the time to receive the ACKs.  (i.e.  It is
   acceptable to send data too fast, but sending it slower than twice
   the actual bottleneck rate as indicated by the ACKs is deemed
   inconclusive).  The headway for the slowstart bursts should be the
   target_RTT.

   Note that these are the same parameters as the Sender Full Window
   burst test, except the burst rate is at slowstart rate, rather than
   sender interface rate.

8.3.2.  Slowstart AQM test

   Do a continuous slowstart (send data continuously at twice the
   implied IP bottleneck capacity), until the first loss, stop, allow
   the network to drain and repeat, gathering statistics on how many
   packets were delivered before the loss, the pattern of losses,
   maximum observed RTT and window size.  Justify the results.  There is
   not currently sufficient theory justifying requiring any particular
   result, however design decisions that affect the outcome of this
   tests also affect how the network balances between long and short
   flows (the "mice vs elephants" problem).  The queue sojourn time for
   the first packet delivered after the first loss should be at least
   one half of the target_RTT.





Mathis & Morton          Expires March 19, 2018                [Page 39]


Internet-Draft             Model Based Metrics            September 2017


   This is an engineering test: It should be performed on a quiescent
   network or testbed, since cross traffic has the potential to change
   the results in ill defined ways.

8.4.  Sender Rate Burst tests

   These tests determine how well the network can deliver bursts sent at
   sender's interface rate.  Note that this test most heavily exercises
   the front path, and is likely to include infrastructure may be out of
   scope for an access ISP, even though the bursts might be caused by
   ACK compression, thinning or channel arbitration in the access ISP.
   See Appendix B.

   Also, there are a several details about sender interface rate bursts
   that are not fully defined here.  These details, such as the assumed
   sender interface rate, should be explicitly stated is a FS-TIDS.

   Current standards permit TCP to send full window bursts following an
   application pause.  (Congestion Window Validation [RFC2861] and
   updates to support Rate-Limited Traffic [RFC7661], are not required).
   Since full window bursts are consistent with standard behavior, it is
   desirable that the network be able to deliver such bursts, otherwise
   application pauses will cause unwarranted losses.  Note that the AIMD
   sawtooth requires a peak window that is twice target_window_size, so
   the worst case burst may be 2*target_window_size.

   It is also understood in the application and serving community that
   interface rate bursts have a cost to the network that has to be
   balanced against other costs in the servers themselves.  For example
   TCP Segmentation Offload (TSO) reduces server CPU in exchange for
   larger network bursts, which increase the stress on network buffer
   memory.  Some newer TCP implementations can pace traffic at scale
   [TSO_pacing][TSO_fq_pacing].  It remains to be determined if and how
   quickly these changes will be deployed.

   There is not yet theory to unify these costs or to provide a
   framework for trying to optimize global efficiency.  We do not yet
   have a model for how much server rate bursts should be tolerated by
   the network.  Some bursts must be tolerated by the network, but it is
   probably unreasonable to expect the network to be able to efficiently
   deliver all data as a series of bursts.

   For this reason, this is the only test for which we encourage
   derating.  A TIDS could include a table of pairs of derating
   parameters: burst sizes and how much each burst size is permitted to
   reduce the run length, relative to to the target_run_length.





Mathis & Morton          Expires March 19, 2018                [Page 40]


Internet-Draft             Model Based Metrics            September 2017


8.5.  Combined and Implicit Tests

   Combined tests efficiently confirm multiple network properties in a
   single test, possibly as a side effect of normal content delivery.
   They require less measurement traffic than other testing strategies
   at the cost of conflating diagnostic signatures when they fail.
   These are by far the most efficient for monitoring networks that are
   nominally expected to pass all tests.

8.5.1.  Sustained Bursts Test

   The sustained burst test implements a combined worst case version of
   all of the capacity tests above.  It is simply:

   Send target_window_size bursts of packets at server interface rate
   with target_RTT burst headway (burst start to next burst start).
   Verify that the observed packet transfer statistics meets the
   target_run_length.

   Key observations:

   o  The subpath under test is expected to go idle for some fraction of
      the time, determined by the difference between the time to drain
      the queue at the subpath_IP_capacity, and the target_RTT.  If the
      queue does not drain completely it may be an indication that the
      the subpath has insufficient IP capacity or that there is some
      other problem with the test (e.g. inconclusive).
   o  The burst sensitivity can be derated by sending smaller bursts
      more frequently.  E.g. send target_window_size*derate packet
      bursts every target_RTT*derate, where "derate" is less than one.
   o  When not derated, this test is the most strenuous capacity test.
   o  A subpath that passes this test is likely to be able to sustain
      higher rates (close to subpath_IP_capacity) for paths with RTTs
      significantly smaller than the target_RTT.
   o  This test can be implemented with instrumented TCP [RFC4898],
      using a specialized measurement application at one end [MBMSource]
      and a minimal service at the other end [RFC0863] [RFC0864].
   o  This test is efficient to implement, since it does not require
      per-packet timers, and can make use of TSO in modern NIC hardware.
   o  If a subpath is known to pass the Standing Queue engineering tests
      (particularly that it has a progressive onset of loss at an
      appropriate queue depth), then the Sustained Burst Test is
      sufficient to assure that the subpath under test will not impair
      Bulk Transport Capacity at the target performance under all
      conditions.  See Section 8.2 for a discussion of the standing
      queue tests.





Mathis & Morton          Expires March 19, 2018                [Page 41]


Internet-Draft             Model Based Metrics            September 2017


   Note that this test is clearly independent of the subpath RTT, or
   other details of the measurement infrastructure, as long as the
   measurement infrastructure can accurately and reliably deliver the
   required bursts to the subpath under test.

8.5.2.  Passive Measurements

   Any non-throughput maximizing application, such as fixed rate
   streaming media, can be used to implement passive or hybrid (defined
   in [RFC7799]) versions of Model Based Metrics with some additional
   instrumentation and possibly a traffic shaper or other controls in
   the servers.  The essential requirement is that the data transmission
   be constrained such that even with arbitrary application pauses and
   bursts, the data rate and burst sizes stay within the envelope
   defined by the individual tests described above.

   If the application's serving data rate can be constrained to be less
   than or equal to the target_data_rate and the serving_RTT (the RTT
   between the sender and client) is less than the target_RTT, this
   constraint is most easily implemented by clamping the transport
   window size to serving_window_clamp, set to the test_window, computed
   for the actual serving path.

   Under the above constraints the serving_window_clamp will limit the
   both the serving data rate and burst sizes to be no larger than the
   procedures in Section 8.1.2 and Section 8.4 or Section 8.5.1.  Since
   the serving RTT is smaller than the target_RTT, the worst case bursts
   that might be generated under these conditions will be smaller than
   called for by Section 8.4 and the sender rate burst sizes are
   implicitly derated by the serving_window_clamp divided by the
   target_window_size at the very least.  (Depending on the application
   behavior, the data might be significantly smoother than specified by
   any of the burst tests.)

   In an alternative implementation the data rate and bursts might be
   explicitly controlled by a programmable traffic shaper or pacing at
   the sender.  This would provide better control over transmissions but
   is more complicated to implement, although the required technology is
   available [TSO_pacing][TSO_fq_pacing].

   Note that these techniques can be applied to any content delivery
   that can operated at a constrained data rate to inhibit TCP
   equilibrium behavior.

   Furthermore note that Dynamic Adaptive Streaming over HTTP (DASH) is
   generally in conflict with passive Model Based Metrics measurement,
   because it is a rate maximizing protocol.  It can still meet the
   requirement here if the rate can be capped, for example by knowing a



Mathis & Morton          Expires March 19, 2018                [Page 42]


Internet-Draft             Model Based Metrics            September 2017


   priori the maximum rate needed to deliver a particular piece of
   content.

9.  An Example

   In this section we illustrate a TIDS designed to confirm that an
   access ISP can reliably deliver HD video from multiple content
   providers to all of their customers.  With modern codecs, minimal HD
   video (720p) generally fits in 2.5 Mb/s.  Due to their geographical
   size, network topology and modem characteristics the ISP determines
   that most content is within a 50 mS RTT of their users (This example
   RTT is a sufficient to cover the propagation delay to continental
   Europe or either US coast with low delay modems or somewhat smaller
   geographical regions if the modems require additional delay to
   implement advanced compression and error recovery).

                        2.5 Mb/s over a 50 ms path

                +----------------------+-------+---------+
                | End-to-End Parameter | value | units   |
                +----------------------+-------+---------+
                | target_rate          | 2.5   | Mb/s    |
                | target_RTT           | 50    | ms      |
                | target_MTU           | 1500  | bytes   |
                | header_overhead      | 64    | bytes   |
                |                      |       |         |
                | target_window_size   | 11    | packets |
                | target_run_length    | 363   | packets |
                +----------------------+-------+---------+

                                  Table 1

   Table 1 shows the default TCP model with no derating, and as such is
   quite conservative.  The simplest TIDS would be to use the sustained
   burst test, described in Section 8.5.1.  Such a test would send 11
   packet bursts every 50mS, and confirming that there was no more than
   1 packet loss per 33 bursts (363 total packets in 1.650 seconds).

   Since this number represents is the entire end-to-end loss budget,
   independent subpath tests could be implemented by apportioning the
   packet loss ratio across subpaths.  For example 50% of the losses
   might be allocated to the access or last mile link to the user, 40%
   to the network interconnections with other ISPs and 1% to each
   internal hop (assuming no more than 10 internal hops).  Then all of
   the subpaths can be tested independently, and the spatial composition
   of passing subpaths would be expected to be within the end-to-end
   loss budget.




Mathis & Morton          Expires March 19, 2018                [Page 43]


Internet-Draft             Model Based Metrics            September 2017


9.1.  Observations about applicability

   Guidance on deploying and using MBM belong in a future document.
   However this example illustrates some the issues that may need to be
   considered.

   Note that another ISP, with different geographical coverage, topology
   or modem technology may need to assume a different target_RTT, and as
   a consequence different target_window_size and target_run_length,
   even for the same target_data rate.  One of the implications of this
   is that infrastructure shared by multiple ISPs, such as inter-
   exchange points (IXPs) and other interconnects may need to be
   evaluated on the basis of the most stringent target_window_size and
   target_run_length of any participating ISP.  One way to do this might
   be to choose target parameters for evaluating such shared
   infrastructure on the basis of a hypothetical reference path that
   does not necessarily match any actual paths.

   Testing interconnects has generally been problematic: conventional
   performance tests run between measurement points adjacent to either
   side of the interconnect are not generally useful.  Unconstrained TCP
   tests, such as iPerf [iPerf] are usually overly aggressive due to the
   small RTT (often less than 1 mS).  With a short RTT these tools are
   likely to report inflated data rates because on a short RTT these
   tools can tolerate very high packet loss ratios and can push other
   cross traffic off of the network.  As a consequence these
   measurements are useless for predicting actual user performance over
   longer paths, and may themselves be quite disruptive.  Model Based
   Metrics solves this problem.  The interconnect can be evaluated with
   the same TIDS as other subpaths.  Continuing our example, if the
   interconnect is apportioned 40% of the losses, 11 packet bursts sent
   every 50mS should have fewer than one loss per 82 bursts (902
   packets).

10.  Validation

   Since some aspects of the models are likely to be too conservative,
   Section 5.2 permits alternate protocol models and Section 5.3 permits
   test parameter derating.  If either of these techniques are used, we
   require demonstrations that such a TIDS can robustly detect subpaths
   that will prevent authentic applications using state-of-the-art
   protocol implementations from meeting the specified Target Transport
   Performance.  This correctness criteria is potentially difficult to
   prove, because it implicitly requires validating a TIDS against all
   possible paths and subpaths.  The procedures described here are still
   experimental.





Mathis & Morton          Expires March 19, 2018                [Page 44]


Internet-Draft             Model Based Metrics            September 2017


   We suggest two approaches, both of which should be applied: first,
   publish a fully open description of the TIDS, including what
   assumptions were used and and how it was derived, such that the
   research community can evaluate the design decisions, test them and
   comment on their applicability; and second, demonstrate that
   applications do meet the Target Transport Performance when running
   over a network testbed which has the tightest possible constraints
   that still allow the tests in the TIDS to pass.

   This procedure resembles an epsilon-delta proof in calculus.
   Construct a test network such that all of the individual tests of the
   TIDS pass by only small (infinitesimal) margins, and demonstrate that
   a variety of authentic applications running over real TCP
   implementations (or other protocols as appropriate) meets the Target
   Transport Performance over such a network.  The workloads should
   include multiple types of streaming media and transaction oriented
   short flows (e.g. synthetic web traffic).

   For example, for the HD streaming video TIDS described in Section 9,
   the IP capacity should be exactly the header_overhead above 2.5 Mb/s,
   the per packet random background loss ratio should be 1/363, for a
   run length of 363 packets, the bottleneck queue should be 11 packets
   and the front path should have just enough buffering to withstand 11
   packet interface rate bursts.  We want every one of the TIDS tests to
   fail if we slightly increase the relevant test parameter, so for
   example sending a 12 packet burst should cause excess (possibly
   deterministic) packet drops at the dominant queue at the bottleneck.
   This network has the tightest possible constraints that can be
   expected to pass the TIDS, yet it should be possible for a real
   application using a stock TCP implementation in the vendor's default
   configuration to attain 2.5 Mb/s over an 50 mS path.

   The most difficult part of setting up such a testbed is arranging for
   it to have the tightest possible constraints that still allow it to
   pass the individual tests.  Two approaches are suggested:
   constraining (configuring) the network devices not to use all
   available resources (e.g. by limiting available buffer space or data
   rate); and pre-loading subpaths with cross traffic.  Note that is it
   important that a single tightly constrained environment just barely
   passes all tests, otherwise there is a chance that TCP can exploit
   extra latitude in some parameters (such as data rate) to partially
   compensate for constraints in other parameters (queue space, or vice-
   versa).

   To the extent that a TIDS is used to inform public dialog it should
   be fully publicly documented, including the details of the tests,
   what assumptions were used and how it was derived.  All of the
   details of the validation experiment should also be published with



Mathis & Morton          Expires March 19, 2018                [Page 45]


Internet-Draft             Model Based Metrics            September 2017


   sufficient detail for the experiments to be replicated by other
   researchers.  All components should either be open source of fully
   described proprietary implementations that are available to the
   research community.

11.  Security Considerations

   Measurement is often used to inform business and policy decisions,
   and as a consequence is potentially subject to manipulation.  Model
   Based Metrics are expected to be a huge step forward because
   equivalent measurements can be performed from multiple vantage
   points, such that performance claims can be independently validated
   by multiple parties.

   Much of the acrimony in the Net Neutrality debate is due to the
   historical lack of any effective vantage independent tools to
   characterize network performance.  Traditional methods for measuring
   Bulk Transport Capacity are sensitive to RTT and as a consequence
   often yield very different results when run local to an ISP or
   interconnect and when run over a customer's complete path.  Neither
   the ISP nor customer can repeat the others measurements, leading to
   high levels of distrust and acrimony.  Model Based Metrics are
   expected to greatly improve this situation.

   Note that in situ measurements sometimes requires sending synthetic
   measurement traffic between arbitrary locations in the network, and
   as such are potentially attractive platforms for launching DDOS
   attacks.  All active measurement tools and protocols must be designed
   to minimize the opportunities for these misuses.  See the discussion
   in section 7 of [RFC7594].

   Some of the tests described in the note are not intended for frequent
   network monitoring since they have the potential to cause high
   network loads and might adversely affect other traffic.

   This document only describes a framework for designing Fully
   Specified Targeted IP Diagnostic Suite.  Each FS-TIDS must include
   its own security section.

12.  Acknowledgments

   Ganga Maguluri suggested the statistical test for measuring loss
   probability in the target run length.  Alex Gilgur and Merry Mou for
   helping with the statistics.

   Meredith Whittaker for improving the clarity of the communications.

   Ruediger Geib provided feedback which greatly improved the document.



Mathis & Morton          Expires March 19, 2018                [Page 46]


Internet-Draft             Model Based Metrics            September 2017


   This work was inspired by Measurement Lab: open tools running on an
   open platform, using open tools to collect open data.  See
   http://www.measurementlab.net/

13.  IANA Considerations

   This document has no actions for IANA.

14.  Informative References

   [RFC0863]  Postel, J., "Discard Protocol", STD 21, RFC 863, May 1983.

   [RFC0864]  Postel, J., "Character Generator Protocol", STD 22,
              RFC 864, May 1983.

   [RFC2330]  Paxson, V., Almes, G., Mahdavi, J., and M. Mathis,
              "Framework for IP Performance Metrics", RFC 2330, May
              1998.

   [RFC2861]  Handley, M., Padhye, J., and S. Floyd, "TCP Congestion
              Window Validation", RFC 2861, June 2000.

   [RFC3148]  Mathis, M. and M. Allman, "A Framework for Defining
              Empirical Bulk Transfer Capacity Metrics", RFC 3148, July
              2001.

   [RFC3168]  Ramakrishnan, K., Floyd, S., and D. Black, "The Addition
              of Explicit Congestion Notification (ECN) to IP",
              RFC 3168, DOI 10.17487/RFC3168, September 2001,
              <http://www.rfc-editor.org/info/rfc3168>.

   [RFC3465]  Allman, M., "TCP Congestion Control with Appropriate Byte
              Counting (ABC)", RFC 3465, February 2003.

   [RFC4015]  Ludwig, R. and A. Gurtov, "The Eifel Response Algorithm
              for TCP", RFC 4015, February 2005.

   [RFC4737]  Morton, A., Ciavattone, L., Ramachandran, G., Shalunov,
              S., and J. Perser, "Packet Reordering Metrics", RFC 4737,
              November 2006.

   [RFC4898]  Mathis, M., Heffner, J., and R. Raghunarayan, "TCP
              Extended Statistics MIB", RFC 4898, May 2007.

   [RFC5136]  Chimento, P. and J. Ishac, "Defining Network Capacity",
              RFC 5136, February 2008.





Mathis & Morton          Expires March 19, 2018                [Page 47]


Internet-Draft             Model Based Metrics            September 2017


   [RFC5681]  Allman, M., Paxson, V., and E. Blanton, "TCP Congestion
              Control", RFC 5681, September 2009.

   [RFC5827]  Allman, M., Avrachenkov, K., Ayesta, U., Blanton, J., and
              P. Hurtig, "Early Retransmit for TCP and Stream Control
              Transmission Protocol (SCTP)", RFC 5827,
              DOI 10.17487/RFC5827, May 2010,
              <http://www.rfc-editor.org/info/rfc5827>.

   [RFC5835]  Morton, A. and S. Van den Berghe, "Framework for Metric
              Composition", RFC 5835, April 2010.

   [RFC6049]  Morton, A. and E. Stephan, "Spatial Composition of
              Metrics", RFC 6049, January 2011.

   [RFC6576]  Geib, R., Ed., Morton, A., Fardid, R., and A. Steinmitz,
              "IP Performance Metrics (IPPM) Standard Advancement
              Testing", BCP 176, RFC 6576, DOI 10.17487/RFC6576, March
              2012, <http://www.rfc-editor.org/info/rfc6576>.

   [RFC6673]  Morton, A., "Round-Trip Packet Loss Metrics", RFC 6673,
              August 2012.

   [RFC6928]  Chu, J., Dukkipati, N., Cheng, Y., and M. Mathis,
              "Increasing TCP's Initial Window", RFC 6928,
              DOI 10.17487/RFC6928, April 2013,
              <http://www.rfc-editor.org/info/rfc6928>.

   [RFC7312]  Fabini, J. and A. Morton, "Advanced Stream and Sampling
              Framework for IP Performance Metrics (IPPM)", RFC 7312,
              August 2014.

   [RFC7398]  Bagnulo, M., Burbridge, T., Crawford, S., Eardley, P., and
              A. Morton, "A Reference Path and Measurement Points for
              Large-Scale Measurement of Broadband Performance",
              RFC 7398, February 2015.

   [RFC7567]  Baker, F., Ed. and G. Fairhurst, Ed., "IETF
              Recommendations Regarding Active Queue Management",
              BCP 197, RFC 7567, DOI 10.17487/RFC7567, July 2015,
              <http://www.rfc-editor.org/info/rfc7567>.

   [RFC7594]  Eardley, P., Morton, A., Bagnulo, M., Burbridge, T.,
              Aitken, P., and A. Akhter, "A Framework for Large-Scale
              Measurement of Broadband Performance (LMAP)", RFC 7594,
              DOI 10.17487/RFC7594, September 2015,
              <http://www.rfc-editor.org/info/rfc7594>.




Mathis & Morton          Expires March 19, 2018                [Page 48]


Internet-Draft             Model Based Metrics            September 2017


   [RFC7661]  Fairhurst, G., Sathiaseelan, A., and R. Secchi, "Updating
              TCP to Support Rate-Limited Traffic", RFC 7661,
              DOI 10.17487/RFC7661, October 2015,
              <http://www.rfc-editor.org/info/rfc7661>.

   [RFC7680]  Almes, G., Kalidindi, S., Zekauskas, M., and A. Morton,
              Ed., "A One-Way Loss Metric for IP Performance Metrics
              (IPPM)", STD 82, RFC 7680, DOI 10.17487/RFC7680, January
              2016, <http://www.rfc-editor.org/info/rfc7680>.

   [RFC7799]  Morton, A., "Active and Passive Metrics and Methods (with
              Hybrid Types In-Between)", RFC 7799, DOI 10.17487/RFC7799,
              May 2016, <http://www.rfc-editor.org/info/rfc7799>.

   [I-D.ietf-tcpm-rack]
              Cheng, Y., Cardwell, N., and N. Dukkipati, "RACK: a time-
              based fast loss detection algorithm for TCP", draft-ietf-
              tcpm-rack-02 (work in progress), March 2017.

   [MSMO97]   Mathis, M., Semke, J., Mahdavi, J., and T. Ott, "The
              Macroscopic Behavior of the TCP Congestion Avoidance
              Algorithm", Computer Communications Review volume 27,
              number3, July 1997.

   [WPING]    Mathis, M., "Windowed Ping: An IP Level Performance
              Diagnostic", INET 94, June 1994.

   [mpingSource]
              Fan, X., Mathis, M., and D. Hamon, "Git Repository for
              mping: An IP Level Performance Diagnostic", Sept 2013,
              <https://github.com/m-lab/mping>.

   [MBMSource]
              Hamon, D., Stuart, S., and H. Chen, "Git Repository for
              Model Based Metrics", Sept 2013, <https://github.com/m-
              lab/MBM>.

   [Pathdiag]
              Mathis, M., Heffner, J., O'Neil, P., and P. Siemsen,
              "Pathdiag: Automated TCP Diagnosis", Passive and Active
              Measurement , June 2008.

   [iPerf]    Wikipedia Contributors, , "iPerf", Wikipedia, The Free
              Encyclopedia , cited March 2015,
              <http://en.wikipedia.org/w/
              index.php?title=Iperf&oldid=649720021>.





Mathis & Morton          Expires March 19, 2018                [Page 49]


Internet-Draft             Model Based Metrics            September 2017


   [Wald45]   Wald, A., "Sequential Tests of Statistical Hypotheses",
              The Annals of Mathematical Statistics, Vol. 16, No. 2, pp.
              117-186, Published by: Institute of Mathematical
              Statistics, Stable URL:
              http://www.jstor.org/stable/2235829, June 1945.

   [Montgomery90]
              Montgomery, D., "Introduction to Statistical Quality
              Control - 2nd ed.", ISBN 0-471-51988-X, 1990.

   [Rtool]    R Development Core Team, , "R: A language and environment
              for statistical computing. R Foundation for Statistical
              Computing, Vienna, Austria. ISBN 3-900051-07-0, URL
              http://www.R-project.org/",  , 2011.

   [CVST]     Krueger, T. and M. Braun, "R package: Fast Cross-
              Validation via Sequential Testing", version 0.1, 11 2012.

   [AFD]      Pan, R., Breslau, L., Prabhakar, B., and S. Shenker,
              "Approximate fairness through differential dropping",
              SIGCOMM Comput. Commun. Rev. 33, 2, April 2003.

   [wikiBloat]
              Wikipedia, , "Bufferbloat", http://en.wikipedia.org/
              w/ index.php?title=Bufferbloat&oldid=608805474, March
              2015.

   [CCscaling]
              Fernando, F., Doyle, J., and S. Steven, "Scalable laws for
              stable network congestion control", Proceedings of
              Conference on Decision and
              Control, http://www.ee.ucla.edu/~paganini, December 2001.

   [TSO_pacing]
              Corbet, J., "TSO sizing and the FQ scheduler",
              LWN.net https://lwn.net/Articles/564978/, Aug 2013.

   [TSO_fq_pacing]
              Dumazet, E. and Y. Chen, "TSO, fair queuing, pacing:
              three's a charm", Proceedings of IETF 88, TCPM WG
              https://www.ietf.org/proceedings/88/slides/slides-88-tcpm-
              9.pdf, Nov 2013.

   [Policing]
              Flach, T., Papageorge, P., Terzis, A., Pedrosa, L., Cheng,
              Y., Karim, T., Katz-Bassett, E., and R. Govindan, "An
              Internet-Wide Analysis of Traffic Policing", ACM SIGCOMM ,
              August 2016.



Mathis & Morton          Expires March 19, 2018                [Page 50]


Internet-Draft             Model Based Metrics            September 2017


Appendix A.  Model Derivations

   The reference target_run_length described in Section 5.2 is based on
   very conservative assumptions: that all excess data in flight
   (window) above the target_window_size contributes to a standing queue
   that raises the RTT, and that classic Reno congestion control with
   delayed ACKs are in effect.  In this section we provide two
   alternative calculations using different assumptions.

   It may seem out of place to allow such latitude in a measurement
   method, but this section provides offsetting requirements.

   The estimates provided by these models make the most sense if network
   performance is viewed logarithmically.  In the operational Internet,
   data rates span more than 8 orders of magnitude, RTT spans more than
   3 orders of magnitude, and packet loss ratio spans at least 8 orders
   of magnitude if not more.  When viewed logarithmically (as in
   decibels), these correspond to 80 dB of dynamic range.  On an 80 dB
   scale, a 3 dB error is less than 4% of the scale, even though it
   represents a factor of 2 in untransformed parameter.

   This document gives a lot of latitude for calculating
   target_run_length, however people designing a TIDS should consider
   the effect of their choices on the ongoing tussle about the relevance
   of "TCP friendliness" as an appropriate model for Internet capacity
   allocation.  Choosing a target_run_length that is substantially
   smaller than the reference target_run_length specified in Section 5.2
   strengthens the argument that it may be appropriate to abandon "TCP
   friendliness" as the Internet fairness model.  This gives developers
   incentive and permission to develop even more aggressive applications
   and protocols, for example by increasing the number of connections
   that they open concurrently.

A.1.  Queueless Reno

   In Section 5.2 models were derived based on the assumption that the
   subpath IP rate matches the target rate plus overhead, such that the
   excess window needed for the AIMD sawtooth causes a fluctuating queue
   at the bottleneck.

   An alternate situation would be a bottleneck where there is no
   significant queue and losses are caused by some mechanism that does
   not involve extra delay, for example by the use of a virtual queue as
   done in Approximate Fair Dropping [AFD].  A flow controlled by such a
   bottleneck would have a constant RTT and a data rate that fluctuates
   in a sawtooth due to AIMD congestion control.  Assume the losses are
   being controlled to make the average data rate meet some goal which




Mathis & Morton          Expires March 19, 2018                [Page 51]


Internet-Draft             Model Based Metrics            September 2017


   is equal or greater than the target_rate.  The necessary run length
   to meet the target_rate can be computed as follows:

   For some value of Wmin, the window will sweep from Wmin packets to
   2*Wmin packets in 2*Wmin RTT (due to delayed ACK).  Unlike the
   queuing case where Wmin = target_window_size, we want the average of
   Wmin and 2*Wmin to be the target_window_size, so the average data
   rate is the target rate.  Thus we want Wmin =
   (2/3)*target_window_size.

   Between losses each sawtooth delivers (1/2)(Wmin+2*Wmin)(2Wmin)
   packets in 2*Wmin round trip times.

   Substituting these together we get:

   target_run_length = (4/3)(target_window_size^2)

   Note that this is 44% of the reference_run_length computed earlier.
   This makes sense because under the assumptions in Section 5.2 the
   AMID sawtooth caused a queue at the bottleneck, which raised the
   effective RTT by 50%.

Appendix B.  The effects of ACK scheduling

   For many network technologies simple queuing models don't apply: the
   network schedules, thins or otherwise alters the timing of ACKs and
   data, generally to raise the efficiency of the channel allocation
   algorithms when confronted with relatively widely spaced small ACKs.
   These efficiency strategies are ubiquitous for half duplex, wireless
   and broadcast media.

   Altering the ACK stream by holding or thinning ACKs typically has two
   consequences: it raises the implied bottleneck IP capacity, making
   the fine grained slowstart bursts either faster or larger and it
   raises the effective RTT by the average time that the ACKs and data
   are delayed.  The first effect can be partially mitigated by re-
   clocking ACKs once they are beyond the bottleneck on the return path
   to the sender, however this further raises the effective RTT.

   The most extreme example of this sort of behavior would be a half
   duplex channel that is not released as long as the endpoint currently
   holding the channel has more traffic (data or ACKs) to send.  Such
   environments cause self clocked protocols under full load to revert
   to extremely inefficient stop and wait behavior.  The channel
   constrains the protocol to send an entire window of data as a single
   contiguous burst on the forward path, followed by the entire window
   of ACKs on the return path.




Mathis & Morton          Expires March 19, 2018                [Page 52]


Internet-Draft             Model Based Metrics            September 2017


   If a particular return path contains a subpath or device that alters
   the timing of the ACK stream, then the entire front path from the
   sender up to the bottleneck must be tested at the burst parameters
   implied by the ACK scheduling algorithm.  The most important
   parameter is the Implied Bottleneck IP Capacity, which is the average
   rate at which the ACKs advance snd.una.  Note that thinning the ACK
   stream (relying on the cumulative nature of seg.ack to permit
   discarding some ACKs) causes most TCP implementations to send
   interface rate bursts to offset the longer times between ACKs in
   order to maintain the average data rate.

   Note that due to ubiquitous self clocking in Internet protocols, ill
   conceived channel allocation mechanisms are likely to increases the
   queuing stress on the front path because they cause larger full
   sender rate data bursts.

   Holding data or ACKs for channel allocation or other reasons (such as
   forward error correction) always raises the effective RTT relative to
   the minimum delay for the path.  Therefore it may be necessary to
   replace target_RTT in the calculation in Section 5.2 by an
   effective_RTT, which includes the target_RTT plus a term to account
   for the extra delays introduced by these mechanisms.

Appendix C.  Version Control

   This section to be removed prior to publication.

   Formatted: Thu Apr 7 18:12:37 PDT 2016

Authors' Addresses

   Matt Mathis
   Google, Inc
   1600 Amphitheater Parkway
   Mountain View, California  94043
   USA

   Email: mattmathis@google.com


   Al Morton
   AT&T Labs
   200 Laurel Avenue South
   Middletown, NJ  07748
   USA

   Phone: +1 732 420 1571
   Email: acmorton@att.com



Mathis & Morton          Expires March 19, 2018                [Page 53]