TSVWG Working Group                                         G. Fairhurst
Internet-Draft                                    University of Aberdeen
Intended status: Best Current Practice                September 25, 2014
Expires: March 29, 2015


                   Network Transport Circuit Breakers
                  draft-ietf-tsvwg-circuit-breaker-00

Abstract

   This note explains what is meant by the term "network transport
   circuit breaker" (CB).  It describes the need for circuit breakers
   when using network tunnels, and other non-congestion controlled
   applications.  It also defines requirements for building a circuit
   breaker and the expected outcomes of using a circuit breaker within
   the Internet.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on March 29, 2015.

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of




Fairhurst                Expires March 29, 2015                 [Page 1]


Internet-Draft                                            September 2014


   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Types of Circuit-Breaker  . . . . . . . . . . . . . . . .   4
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   4
   3.  Design of a Circuit-Breaker (What makes a good circuit
       breaker?) . . . . . . . . . . . . . . . . . . . . . . . . . .   4
     3.1.  Functional Components . . . . . . . . . . . . . . . . . .   5
     3.2.  Requirements for implementing a CB  . . . . . . . . . . .   6
   4.  Examples of Circuit Breakers  . . . . . . . . . . . . . . . .   8
     4.1.  A Fast-Trip Circuit Breaker . . . . . . . . . . . . . . .   8
       4.1.1.  A Fast-Trip Circuit Breaker for RTP . . . . . . . . .   8
     4.2.  A Slow-trip Circuit Breaker . . . . . . . . . . . . . . .   9
     4.3.  A Managed Circuit Breaker . . . . . . . . . . . . . . . .   9
       4.3.1.  A Managed Circuit Breaker for SAToP Pseudo-Wires  . .   9
   5.  Examples where circuit breakers may not be needed.  . . . . .  10
     5.1.  CBs and uni-directional Traffic . . . . . . . . . . . . .  10
     5.2.  CBs over pre-provisioned Capacity . . . . . . . . . . . .  11
     5.3.  CBs with CC Traffic . . . . . . . . . . . . . . . . . . .  11
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .  11
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  11
   8.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .  12
   9.  Revision Notes  . . . . . . . . . . . . . . . . . . . . . . .  12
   10. References  . . . . . . . . . . . . . . . . . . . . . . . . .  12
     10.1.  Normative References . . . . . . . . . . . . . . . . . .  12
     10.2.  Informative References . . . . . . . . . . . . . . . . .  12
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  13

1.  Introduction

   A network transport Circuit Breaker (CB) is an automatic mechanism
   that is used to estimate congestion caused by a flow, and to
   terminate (or significantly reduce the rate of) the flow when
   persistent congestion is detected.  This is a safety measure to
   prevent congestion collapse (starvation of resources available to
   other flows), essential for an Internet that is heterogeneous and for
   traffic that is hard to predict in advance.

   The term "Circuit Breaker" originates in electricity supply, and has
   nothing to do with network circuits or virtual circuits.  In such
   cases, a CB is intended as a protection mechanism of last resort.
   Under normal circumstances, a CB should not be triggered; It is
   designed to protect things when there is overload.  Just as people do
   not expect the electrical circuit-breaker (or fuse) in their home to




Fairhurst                Expires March 29, 2015                 [Page 2]


Internet-Draft                                            September 2014


   be triggered, except when there is a wiring fault or a problem with
   an electrical appliance.

   In networking, the CB principle can be used as a protection mechanism
   of last resort to avoid persistent congestion.  Persistent congestion
   (also known as "congestion collapse") was a feature of the early
   Internet of the 1980s.  This resulted in excess traffic starving
   other connection from access to the Internet.  It was countered by
   the requirement to use congestion control (CC) by the Transmission
   Control Protocol (TCP) [Jacobsen88] [RFC1112].  These mechanisms
   operate in Internet hosts to cause TCP connections to "back off"
   during congestion.  The introduction of CC in TCP (currently
   documented in [RFC5681] ensured the stability of the Internet,
   because it was able to detect congestion and promptly react.  This
   worked well while TCP was by far the dominant traffic in the
   Internet, and most TCP flows were long-lived (ensuring that they
   could detect and respond to congestion before the flows terminated).
   This is no longer the case, and non-congestion controlled traffic,
   including many applications of the User Datagram Protocol (UDP) can
   form a significant proportion of the total traffic traversing a link.
   The current Internet therefore requires that non-congestion
   controlled traffic needs to be considered to avoid congestion
   collapse.

   There are important differences between a transport circuit-breaker
   and a congestion-control method.  Specifically, congestion control
   (as implemented in TCP, SCTP, and DCCP) needs to operate on the
   timescale on the order of a packet round-trip-time (RTT), the time
   from sender to destination and return.  Congestion control methods
   may react to a single packet loss/marking and reduce the transmission
   rate for each loss or congestion event.  The goal is usually to limit
   the maximum transmission rate that reflects the available capacity of
   a network path.  These methods typically operate on individual
   traffic flows (e.g. a 5-tuple).

   In contrast, CBs are recommended for non-congestion-controlled
   Internet flows and for traffic aggregates, e.g.traffic sent using a
   network tunnel.  Later sections provide examples of cases where
   circuit-breakers may or may not be desirable.

   A CB needs to measure (meter) the traffic to determine if the network
   is experiencing congestion and must be designed to trigger robustly
   when there is persistent congestion.  This means the trigger needs to
   operate on a timescale much longer than the path round trip time
   (e.g. seconds to possibly many tens of seconds).  This longer period
   is needed to provide sufficient time for transports (or applications)
   to adjust their rate following congestion, and for the network load
   to stabilise after any adjustment.  A CB trigger will often be based



Fairhurst                Expires March 29, 2015                 [Page 3]


Internet-Draft                                            September 2014


   on a series of successive sample measurements taken over a reasonably
   long period of time.  This is to ensure that a CB does not
   accidentally trigger following a single (or even successive)
   congestion events (congestion events are what triggers congestion
   control, and are to be regarded as normal on a network link operating
   near its capacity).  Once triggered, a control function needs to
   remove traffic from the network, either disabling the flow or
   significantly reducing the level of traffic.  This reaction provides
   the required protection to prevent persistent congestion being
   experienced by other flows that share the congested part of the
   network path.

1.1.  Types of Circuit-Breaker

   There are various forms of network transport circuit breaker.  These
   are differentiated mainly on the timescale over which they are
   triggered, but also in the intended protection they offer:

   o  Fast-Trip Circuit Breakers: The relatively short timescale used by
      this form of circuit breaker is intended to protect a flow or
      related group of flows.

   o  Slow-Trip Circuit Breakers: This circuit breaker utilises a longer
      timescale and is designed to protect traffic aggregates.

   o  Managed Circuit Breakers: Utilise the operations and management
      functions that may be present in a managed service to implement a
      circuit breaker.

   Examples of each type of circuit breaker are provided in section 4.

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

3.  Design of a Circuit-Breaker (What makes a good circuit breaker?)

   Although circuit breakers have been talked about in the IETF for many
   years, there has not yet been guidance on the cases where circuit
   breakers are needed or upon the design of circuit breaker mechanisms.
   This document seeks to offer advise on these two topics.

   Section 3.1 describes the functional components of a circuit breaker
   and section 3.2 defines requirements for implementing a circuit
   breaker.




Fairhurst                Expires March 29, 2015                 [Page 4]


Internet-Draft                                            September 2014


3.1.  Functional Components

   The basic design of a transport circuit breaker involves
   communication between an ingress point (a sender) and an egress point
   (a receiver) of a network flow.  A simple picture of CB operation is
   provided in figure 1.  This shows a set of routers (each labelled R)
   connecting a set of endpoints.  A CB is used to control traffic
   passing through a subset of these routers, acting between an ingress
   and a egress point.  In some cases the ingress and egress may be in
   one or both endpoints, in other cases they will be in the network,
   for example one expected use would be at the ingress and egress of a
   tunnel service.

 +--------+                                                   +--------+
 |Endpoint|                                                   |Endpoint|
 +--+-----+                                                   +--+-----+
    |                                                            |
    | +-+  +-+  +---------+  +-+  +-+  +-+  +--------+  +-+  +-+ |
    +-+R+--+R+--+ Ingress +--+R+--+R+--+R+--+ Egress |--+R+--+R+-+
      +++  +-+  +-------+-+  +-+  +-+  +-+  +-----+--+  +++  +-+
       |         ^      |                         |      |
  +-+  |         | +----+----+                    |      |  +-+
  +R+--+         | | Measure +<-------------------+      +--+R+
  +++            | +----+----+                              +++
   |             |      |                                    |
   |             | +----+----+                               |
+--+-----+       | | Trigger +                            +--+-----+
|Endpoint|       | +----+----+                            |Endpoint|
+--------+       |      |                                 +--------+
                 +------+
                 Reaction

   Figure 1: A CB controlling the part of the end-to-end path between an
   ingress point and an egress point.

   The set of components needed to implement a circuit breaker are:

   1.  An Ingress meter (at the sender or tunnel ingress) records the
       number of packets/bytes sent in each measurement interval.  This
       measures the offered network load.  The measurement interval
       could be every few seconds.

   2.  An Egress meter (at the receiver or tunnel egress) records the
       number/bytes received in each measurement interval.  This
       measures the supported load and may utilise other signals to
       detect the effect of congestion (e.g. loss/marking experienced
       over the path).




Fairhurst                Expires March 29, 2015                 [Page 5]


Internet-Draft                                            September 2014


   3.  The measured values at the ingress and egress are communicated to
       the CB Measurement function.  This may use several methods
       including: Sending return measurement packets from a receiver to
       a trigger function at the sender; An implementation using
       Operations, Administration and Management (OAM), or another in-
       band signalling datagram to send to the trigger function; It
       could also be implemented purely as a control plane function
       using a software-defined network controller.

   4.  The Measurement function combines the Ingress and Egress
       measurements to assess the present level of network congestion.
       (For example, the loss rate for each measurement interval could
       be deduced from calculating the difference between counter
       values.  Note that accurate measurement intervals are not
       typically important, since isolated loss events need to be
       disregarded.)

   5.  A Trigger function determines if the measurements indicate
       persistent congestion.  This defines an appropriate threshold for
       determining there is persistent congestion between the ingress
       and egress (e.g. more than 10% loss, but other methods could also
       be based on the rate of transmission as well as the loss rate).
       The transport CB is triggered when the threshold is exceeded in
       multiple measurement intervals (e.g. 3 successive measurements).
       This design needs to be robust to single or spurious events
       triggering a reaction.

   6.  A Reaction that is applied at the Ingress when the CB is
       triggered.  This seeks to automatically remove the traffic
       causing persistent congestion.

   7.  The CB also triggers when it does not receive both sender and
       receiver measurements, since this also could indicate a loss of
       control packets (also a symptom of heavy congestion or inability
       to control the load).

3.2.  Requirements for implementing a CB

   The requirements for implementing a CB are:

   o  There MUST be a control path from the Ingress meter and the Egress
      meter to the point of measurement.  The CB MUST trigger if this
      control path fails.  That is, the feedback indicating a congested
      period is designed so that the CB is triggered when it fails to
      receive measurement reports that indicate an absence of
      congestion, rather than relying on the successful transmission of
      a "congested" signal back to the sender.  (The feedback signal
      could itself be lost under congestion collapse).



Fairhurst                Expires March 29, 2015                 [Page 6]


Internet-Draft                                            September 2014


   o  A CB MUST define a measurement period over which the receiver
      measures the level of congestion.  This method does not have to
      detect individual packet loss, but MUST have a way to know that
      packets have been lost/marked from the traffic flow.  If Explicit
      Congestion Notification (ECN) is enabled [RFC3168], an egress
      meter MAY also count the number of ECN congestion marks/event per
      measurement interval, but even if ECN is used, loss MUST still be
      measured, since this better reflects the impact of persistent
      congestion.  The type of CB will determine how long this
      measurement period needs to be.  The minimum time must be
      significantly longer than the time that current CC algorithms need
      to reduce their rate following detection of congestion (i.e. many
      path RTTs).

   o  A CB is REQUIRED to define a threshold to determine whether the
      measured congestion is considered excessive.

   o  A CB is REQUIRED to define a period over which the Trigger uses
      the collected measurements.

   o  A CB MUST be robust to multiple congestion events.  This usually
      will define a number of measured persistent congestion events per
      triggering period.  For example, a CB may combine the results of
      several measurement periods to determine if the CB is triggered.
      (e.g. triggered when persistent congestion is detected in 3
      measurements within the triggering interval).

   o  A triggered CB MUST react decisively by disabling (or
      significantly reducing) traffic at the source (e.g. tunnel
      ingress).  The CB SHOULD be constructed so that it does not
      trigger under light or intermittent congestion, with a default
      response to a trigger that disables all traffic that contributed
      to congestion.

   o  Some circuit breaker designs use a reaction that reduces, rather
      that disables, the flows it control.  This response MUST be much
      more severe than that of a CC algorithm, because the CB reacts to
      more persistent congestion and operates over longer timescales.  A
      CB that reduces the rate of a flow, MUST continue to monitor the
      level congestion and MUST further reduce the rate if the CB is
      again triggered.

   o  The reaction to a triggered CB MUST continue for a period of time
      of at least the triggering interval.  Manual operator intervention
      will usually be required to restore the flow.  If an automated
      response is needed to reset the trigger, then this MUST NOT be
      immediate.  The design of this release mechanism needs to be
      sufficiently conservative that it does not adversely interact with



Fairhurst                Expires March 29, 2015                 [Page 7]


Internet-Draft                                            September 2014


      other mechanisms (including other CB algorithms that control
      traffic over a common path.

   o  When a CB is triggered, it SHOULD be regarded as an abnormal
      network event.  As such, this event SHOULD be logged.  The
      measurements that lead to triggering of the CB SHOULD also be
      logged.

4.  Examples of Circuit Breakers

   There are multiple types of CB that may be defined for use in
   different deployment cases.  This section provides examples of
   different types of circuit breaker:

4.1.  A Fast-Trip Circuit Breaker

   A fast-trip circuit breaker is the most responsive form of CB.  It
   has a response time that is only slightly larger than that of the
   traffic it controls.  It is suited to traffic with well-understood
   characteristics.  It is not be suited to arbitrary network traffic,
   since it may prematurely trigger (e.g. when multiple congestion-
   controlled flows lead to short-term overload).

4.1.1.  A Fast-Trip Circuit Breaker for RTP

   A set of fast-trip CB methods have been specified for use together by
   a Real-time Transport Protocol (RTP) flow using the RTP/AVP Profile
   [RTP-CB].  It is expected that, in the absence of severe congestion,
   all RTP applications running on best-effort IP networks will be able
   to run without triggering these circuit breakers.  A fast-trip RTP CB
   is therefore implemented as a fail-safe.

   The sender monitors reception of RTCP Reception Report (RR or XRR)
   packets that convey reception quality feedback information.  This is
   used to measure (congestion) loss, possibly in combination with ECN
   [RFC6679].

   The CB action (shutdown of the flow) is triggered when any of the
   following trigger conditions are true:

   1.  An RTP CB triggers on reported lack of progress.

   2.  An RTP CB triggers when no receiver reports messages are
       received.

   3.  An RTP CB uses a TFRC-style check and set a hard upper limit to
       the long-term RTP throughput (over many RTTs).




Fairhurst                Expires March 29, 2015                 [Page 8]


Internet-Draft                                            September 2014


   4.  An RTP CB includes the notion of Media Usability.  This circuit
       breaker is triggered when the quality of the transported media
       falls below some required minimum acceptable quality.

4.2.  A Slow-trip Circuit Breaker

   A slow-trip CB may be implemented in an endpoint or network device.
   This type of CB is much slower at responding to congestion than a
   fast-trip CB and is expected to be more common.

   One example where a slow-trip CB is needed is where flows or traffic-
   aggregates use a tunnel or encapsulation and the flows within the
   tunnel do not all support TCP-style congestion control (e.g.  TCP,
   SCTP, TFRC), see [RFC5405] section 3.1.3.  A use case is where
   tunnels are deployed in the general Internet (rather than "controlled
   environments" within an ISP or Enterprise), especially when the
   tunnel may need to cross a customer access router.

4.3.  A Managed Circuit Breaker

   A managed CB is implemented in the signalling protocol or management
   plane that relates to the traffic aggregate being controlled.  This
   type of circuit breaker is typically applicable when the deployment
   is within a "controlled environment".

   A Circuit Breaker requires more than the ability to determine that a
   network path is forwarding data, or to measure the rate of a path -
   which are often normal network operational functions.  There is an
   additional need to determine a metric for congestion on the path and
   to trigger a reaction when a threshold is crossed that indicates
   persistent congestion.

4.3.1.  A Managed Circuit Breaker for SAToP Pseudo-Wires

   [RFC4553], SAToP Pseudo-Wires (PWE3), section 8 describes an example
   of a managed circuit breaker for isochronous flows.

   If such flows were to run over a pre-provisioned (e.g.  MPLS)
   infrastructure, then it may be expected that the Pseudo-Wire (PW)
   would not experience congestion, because a flow is not expected to
   either increase (or decrease) their rate.  If instead Pseudo-Wire
   traffic is multiplexed with other traffic over the general Internet,
   it could experience congestion.  [RFC4553] states: "If SAToP PWs run
   over a PSN providing best-effort service, they SHOULD monitor packet
   loss in order to detect "severe congestion".  The currently
   recommended measurement period is 1 second, and the trigger operates
   when there are more than three measured Severely Errored Seconds
   (SES) within a period.



Fairhurst                Expires March 29, 2015                 [Page 9]


Internet-Draft                                            September 2014


   If such a condition is detected, a SAToP PW should shut down
   bidirectionally for some period of time..." The concept was that when
   the packet loss ratio (congestion) level increased above a threshold,
   the PW was by default disabled.  This use case considered fixed-rate
   transmission, where the PW had no reasonable way to shed load.

   The trigger needs to be set at the rate the PW was likely have a
   serious problem, possibly making the service non-compliant.  At this
   point triggering the CB would remove the traffic prevent undue impact
   congestion-responsive traffic (e.g., TCP).  Part of the rationale,
   was that high loss ratios typically indicated that something was
   "broken" and should have already resulted in operator intervention,
   and should trigger this intervention.  An operator-based response
   provides opportunity for other action to restore the service quality,
   e.g. by shedding other loads or assigning additional capacity, or to
   consciously avoid reacting to the trigger while engineering a
   solution to the problem.  This may require the trigger to be sent to
   a third location (e.g. a network operations centre, NOC) responsible
   for operation of the tunnel ingress, rather than the tunnel ingress
   itself.

5.  Examples where circuit breakers may not be needed.

   A CB is not required for a single CC-controlled flow using TCP, SCTP,
   TFRC, etc.  In these cases, the CC methods are designed to prevent
   congestion collapse.

   XX NOTE: Comments on this section are particularly welcome to
   establish clearer understanding of the operational conditions under
   which circuit breakers should or must be deployed.

5.1.  CBs and uni-directional Traffic

   A CB can be used to control uni-directional UDP traffic, providing
   that there is a control path to connect the functional components at
   the Ingress and Egress.  This control path can exist in networks for
   which the traffic flow is purely unidirectional (e.g. a multicast
   stream that sends packets across an Internet path).

   A one-way physical link may have no associated control path, and
   therefore cannot be controlled using an automated process.  This
   could be managed by policing traffic to ensure it does not exceed the
   available capacity.  Supporting this type of traffic in the general
   Internet requires operator monitoring to detect and respond to
   persistent congestion or the use of dedicated capacity - e.g.  Using
   per-provisioned MPLS services, RSVP, or admission-controlled
   Differentiated Services.




Fairhurst                Expires March 29, 2015                [Page 10]


Internet-Draft                                            September 2014


5.2.  CBs over pre-provisioned Capacity

   One common question is whether a CB is needed when a tunnel is
   deployed in a private network with pre-provisioned capacity?

   In this case, compliant traffic that does not exceed the provisioned
   capacity should not result in congestion.  A CB will hence only be
   triggered when there is non-compliant traffic.  It could be argued
   that this event should never happen - but it may also be argued that
   the CB equally should never be triggered.  If a CB were to be
   implemented, it would provide an appropriate response should this
   persistent congestion occur in an operational network.

5.3.  CBs with CC Traffic

   IP-based traffic is generally assumed to be congestion-controlled,
   i.e., it is assumed that the transport protocols generating IP-based
   traffic at the sender already employ mechanisms that are sufficient
   to address congestion on the path [RFC5405].  A question therefore
   arises when people deploy a tunnel that is thought to only carry an
   aggregate of TCP (or some other CC-controlled) traffic: Is there
   advantage in this case in using a CB?

   For sure, traffic in a such a tunnel will respond to congestion.
   However, the answer to the question may not be obvious, because the
   overall traffic formed by an aggregate of flows that implement a CC
   mechanism does not necessarily prevent congestion collapse.  For
   instance, most CC mechanisms require long-lived flows to react to
   reduce the rate of a flow, an aggregate of many short flows may
   result in many terminating before they experience congestion.  It is
   also often impossible for a tunnel service provider to know that the
   tunnel only contains CC-controlled traffic (e.g.  Inspecting packet
   headers may not be possible).  The important thing to note is that if
   the aggregate of the traffic does not result in persistent congestion
   (impacting other flows), then the CB will not trigger.  This is the
   expected case in this context - so implementing a CB will not reduce
   performance of the tunnel, but offers protection should persistent
   congestion occur.

6.  Security Considerations

   This section will describe security considerations, if any.

7.  IANA Considerations

   This document makes no request from IANA.





Fairhurst                Expires March 29, 2015                [Page 11]


Internet-Draft                                            September 2014


8.  Acknowledgments

   There are many people who have discussed and described the issues
   that have motivated this draft.  Contributions and comments are
   appreciated, including: Lars Eggert, Colin Perkins, David Black, Matt
   Mathis.

9.  Revision Notes

   RFC-Editor: Please remove this section prior to publication

   Draft 00

   This was the first revision.  Help and comments are greatly
   appreciated.

   Draft 01

   Contained clarifications and changes in response to received
   comments, plus addition of diagram and definitions.  Comments are
   welcome.

   WG Draft 00

   Approved as a WG work item on 28th Aug 2014.

10.  References

10.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC5405]  Eggert, L. and G. Fairhurst, "Unicast UDP Usage Guidelines
              for Application Designers", BCP 145, RFC 5405, November
              2008.

10.2.  Informative References

   [Jacobsen88]
              European Telecommunication Standards, Institute (ETSI),
              "Congestion Avoidance and Control", SIGCOMM Symposium
              proceedings on Communications architectures and
              protocols", August 1998.

   [RFC1112]  Deering, S., "Host extensions for IP multicasting", STD 5,
              RFC 1112, August 1989.




Fairhurst                Expires March 29, 2015                [Page 12]


Internet-Draft                                            September 2014


   [RFC3168]  Ramakrishnan, K., Floyd, S., and D. Black, "The Addition
              of Explicit Congestion Notification (ECN) to IP", RFC
              3168, September 2001.

   [RFC4553]  Vainshtein, A. and YJ. Stein, "Structure-Agnostic Time
              Division Multiplexing (TDM) over Packet (SAToP)", RFC
              4553, June 2006.

   [RFC5681]  Allman, M., Paxson, V., and E. Blanton, "TCP Congestion
              Control", RFC 5681, September 2009.

   [RFC6040]  Briscoe, B., "Tunnelling of Explicit Congestion
              Notification", RFC 6040, November 2010.

   [RFC6679]  Westerlund, M., Johansson, I., Perkins, C., O'Hanlon, P.,
              and K. Carlberg, "Explicit Congestion Notification (ECN)
              for RTP over UDP", RFC 6679, August 2012.

   [RTP-CB]   Perkins, and Singh, "Multimedia Congestion Control:
              Circuit Breakers for Unicast RTP Sessions", February 2014.

Author's Address

   Godred Fairhurst
   University of Aberdeen
   School of Engineering
   Fraser Noble Building
   Aberdeen, Scotland  AB24 3UE
   UK

   Email: gorry@erg.abdn.ac.uk
   URI:   http://www.erg.abdn.ac.uk



















Fairhurst                Expires March 29, 2015                [Page 13]