Session 2: Stop and Wait Protocols

1
Session 2 Stop and Wait Protocols

• Jonathan Billington
• (joint with Guy Gallash)
• Computer Systems Engineering Centre
• School of Electrical and Information Engineering
• University of South Australia
• 25 September 2003

2
Stop and Wait Protocols (SWP)

• Data transfer flow control protocol
• Basic Operation
• Send a message and wait for ack before sending
  the next message (flow control)
• Recover from loss by retransmissions (ARQ)
• Receiver discarding messages with bit errors
• Router discarding messages due to congestion
• Maximum Number of Retransmissions MaxRetrans
• Sequence Number included to detect duplicates
• Finite maximum sequence number MaxSeqNo
• Modulo arithmetic MaxSeqNo 1
• Medium
• Initially order preserving channels (DLL
  Protocol)
• However, part of TCP (window size of one)

3
Motivation

• TCP is the dominant transport protocol in the
  Internet
• TCP uses ARQ with 32 bit sequence numbers
• Original designers were concerned about
  duplicates
• message is delayed in reordering medium
• sequence numbers wrap
• then duplicate can be accepted as a new message
• Proposed
• 3 way handshake (old connections) plus
• large sequence numbers (same connection)
• time to live in IP (but implemented as hop count)
• Networks are getting faster Gbit/s and beyond
• How does the simplest ARQ (SWP) fail?

4
Outline

• Literature
• Approach
• CPN Models of SWP
• 4 Properties and their proofs
• Applicability to TCP
• Conclusions

5
Literature I

• Simplest SWP is the Alternating Bit Protocol
• Bartlett, Scantlebury and Wilkinson, 1969
• Used to illustrate Formal Description Techniques,
  tools
• Some analysis but not over reordering channels
  (ABP developed for single half-duplex line)
• Stennings Protocol 1976 (sliding window)
• Channels which lose, duplicate, reorder
• But unbounded sequence numbers

6
Literature II

• Impossibility Result
• Bounded SNs, reordering and duplicating channels
• Wang and Zuck, Tight bounds for the sequence
  transmission problem, ACM PDCS 89
• no protocol exists

7
Literature III

• Inefficiency Result
• Bounded SNs, lossy, re-ordering channels
• Afek et al, Reliable Communication over
  Unreliable Channels, JACM, Nov 1994
• Modular Solution with bounded SNs in two parts
• 1. Construct an in-sequence layer that converts
  lossy re-ordering channel to an ordered channel
  that can lose and duplicate messages
• 2. ABP to implement reliable delivery on top of
  the lossy and duplicating but in-sequence channel
• Proved that no efficient solution is possible

8
Literature IV

• Others of a similar nature, for example
• Lynch et al, Data Link Layer Two impossibility
  results, ACM PDCS, 1988
• Mansour and Schieber, The intractability of
  bounded protocols over non-FIFO channels,
  JACM, 1992 (different notion of efficiency)
• Fekete et al, The impossibility of implementing
  reliable communication in the face of crashes,
  JACM, 1993

9
Literature V

• Chkliaev et al, Verification and Improvement of
  the Sliding Window Protocol, TACAS 2003
• Arbitrary but same size of send and receive
  windows
• Bounded sequence numbers (SN)
• Lossy, duplicating and reordering channels
• Unbounded retransmissions and acks
• Wait maximum packet life-time once sequence
  numbers wrap, to avoid duplicates (at both sender
  and receiver)
• Uses timed automaton model and theorem prover PVS
• Proof of correctness took 4 person months
• 150 lemmas/theorems!
• 10,000 PVS commands

10
Literature - Summary

• A lot of detailed work has been undertaken
• Retransmission counters and limits on the number
  of retransmissions not taken into account
• Different variants of sliding window mechanism
• Impossibility and Inefficiency results
• Little, if any, work on showing how these
  protocols can fail.

11
Goal

• Aim of this lecture is much more modest
• Emphasis is on demonstrating how Stop and Wait
  protocols fail, rather than proving correctness
  or impossibility
• This may lead to further insights into how these
  protocols work and to further improvement
• May make teaching these results easier

12
Approach

• Start simply SWP rather than sliding window
• Use graphical models that allow for visualisation
• Coloured Petri net models of the SWP
• Lossy FIFO channel
• Lossy reordering channel
• Apply verification methodology hand proofs on
  the CPN

13
Approach II

• Define Properties
• Boundedness of channels
• Stop and Wait Service alternating sends and
  receives
• Duplicate acceptance
• Message Loss
• Hand proofs for boundedness (general)
• Reachability analysis, automata reduction and
  language equivalence for the other 3 properties
  (limited parameter values)
• Use Design/CPN (Aarhus) and FSM (ATT)

14
Modelling Assumptions

• Stop and Wait ARQ Protocol
• Recovery from loss by retransmissions
• Retransmission counter with limit MaxRetrans
• Transmission is aborted when limit reached not
  modelled
• Bounded sequence numbers MaxSeqNo
• Message represented by sequence number only
  data independence assumption
• Channels
• Lossy/lossless unbounded FIFO
• Lossy/lossless, re-ordering and unbounded
• Lossy/lossless, re-ordering and bounded

15
CPN Model 1 SWP over Lossy FIFO Channels

• Sender
• Places
• States sender-ready and wait_ack
• Store sequence numbers seq_no.
• Retransmission counter retrans_counter
• Transitions
• Send message as sequence number (sn)
• Retransmission on timeout to limit (MaxRetrans)
• Receive acks and duplicate acks
• Increment sn modulo MaxSeqNo 1

16
CPN Model 1

• Receiver
• Two state places, receiver_ready and
  process_mess, store expected Seq No.
• Two transitions
• Receive messages (snrn) and discard duplicates
  (snltgtrn)
• Send ack of next expected message (rn)
• Medium (Network)
• FIFO with message loss (or not)
• Built using lists with concatenation

17
CPN Model 1 Declarations

• color Sender with s
• color Seq int with 0..MaxSeqNo
• var sn,rn Seq
• color Retrans int with 0..MaxRetrans
• var retrans Retrans
• color Message Seq
• color Channel list Message
• var queue Channel
• fun NextSeq(n) if(nMaxSeqNo) then 0 else n1

18
SWP over Lossy FIFO Results

• Boundedness
• arbitrary MaxSeqNo and MaxRetrans
• bound on FIFO length of both mess_channel and
  ack_channel given by
• 2MaxRetrans 1
• Alternating sends and receives (snrn)
• No duplication
• No loss (except for possibly the last message if
  the transmission is aborted)

19
CPN Model 2 SWP over Lossy Reordering Channels

• Same as CPN Model 1 except for the message and
  ack channels
• Each channel is represented by a place, where a
  token is a message (rather than a list of
  messages)
• Loss of any message or ack at anytime
• Can switch loss off readily by use of the guard
  false on the loss transitions

20
SWP over Lossy non-FIFO Results 1

• Theorem 1 For the SWP of CPN2 (lossy non-FIFO
  channels), with MaxRetrans and MaxSeqNo gt 0, the
  message channel is unbounded.
• Proof
• find a cyclic transition sequence that on each
  repetition will increase the number of tokens in
  mess_channel by 1
• consider send_mess, receive_mess (snrn),
  send_ack, timeout_retrans, receive_ack
• from the initial marking, a new marking with
  send_mess enabled and a duplicate in mess_channel
  is obtained
• repeat transition sequence
• every repetition of the sequence increases the
  number of tokens in mess_channel by one
• sequence can be repeated indefinitely gt
  unbounded.

21
SWP over Lossy non-FIFO Results 2

• Theorem 2 For the SWP of CPN2 with MaxRetrans and
  MaxSeqNo gt 0, the ack channel is unbounded.
• Proof
• consider transition sequence send_mess,
  receive_mess(snrn), send_ack, timeout_retrans,
  receive_ack, receive_mess, send_ack
• same arguments as for the proof of Theorem 1

22
SWP over Lossy non-FIFO Results 3

• Theorem 3 The SWP of CPN2 with MaxRetrans and
  MaxSeqNo gt 0, does not satisfy the Stop and Wait
  service.
• Theorem 4 For the SWP of CPN2 with MaxRetrans and
  MaxSeqNo gt 0, duplicates may be received as new
  messages.
• Theorem 5 For the SWP of CPN2 with MaxRetrans and
  MaxSeqNo gt 0, messages can be lost without being
  detected.

23
Proof of Theorems 3-5

• Use language analysis to consider sequences of
  sends and receives desired service is (send
  receive)
• send is send_mess receive is receive_mess(snrn)
• Restricted to bounded channels (capacity 2),
  but if there are failures in this case, they will
  also occur for capacities gt 2
• Set MaxRetrans 1 MaxSeqNo. Any incorrect
  behaviour also present when MaxRetrans, MaxSeqNo
  gt 1 (conjecture)
• Two cases
• No message loss
• With message loss

24
FSA for Lossless Channel

• OG 410 nodes and 848 arcs
• Minimised FSA 14 states and 21 transitions
• Stop and Wait Service not satisfied as
• Alternating sequences of sends and receives is
  violated (ssend, rreceive)
• Duplicate acceptance cycles
• (srr) 5 s 8 r 11 r 13 s 6 r 4 r 5
• (srsrrr) 7 s 10 r 13 s 6 r 4 r 5 r 7
• Loss Cycles
• (sssr) 13 s 6 s 9 s 12 r 13
• Messages lost even though channel not lossy !
• Problems do not occur till SNs wrap

25
FSA for Lossy Channel

• OG 624 nodes and 2484 arcs
• Minimised FSA 29 states and 47 transitions
• All states are acceptance states
• Stop and Wait Service not satisfied
• Duplicate acceptance cycles
• Loss Cycles
• Problems do not occur till SNs wrap

26
Relevance to TCP

• TCP uses a sliding window mechanism with dynamic
  changes to window size and 32 bit SN
• Reduces to a stop and wait protocol if window
  size is set to one
• Conjecture that similar modes of loss and
  duplication will occur with TCP if
• Sequence numbers wrap and
• Duplicates still exist in the Internet
• Time-to-live field in IP packets (hop count!)
• RFC 793 (TCP) suggests Max Segment Lifetime of 2
  minutes
• At 1 Gbit/s effective throughput, SN wrap in 34
  secs, allowing duplicates to still be present,
  but need 4GB of data to send!
• RFC 1323 recommends the use of 32 bit time-stamps
  to overcome this problem (PAWS)
• 64 bit SN? - at 10 Gbit/s would take 470 years to
  wrap

27
Relevance to TCP - II

• Unbounded channels
• Will potentially unbounded growth of messages
  lead to congestion?
• Due to retransmissions, which will occur
• Most duplicates will be deleted by the receiver
• Remaining duplicates will be killed off after
  time to live limit is reached (if implemented)
• Congestion control procedures already in place
• Conclusion No problem for TCP

28
Conclusions

• Shown that Stop and Wait Protocols do not work
  over reordering channels in the following ways
• The channels are unbounded (for any MaxRetrans,
  MaxSeqNo)
• The SWP does not satisfy its service of (sr)
• Cyclic behaviour exists where
• Duplicates can be accepted as new messages
• Messages can be lost (unknowingly)
• The last 3 problems depend on SNs wrapping
• Congestion
• Lossy FIFO channels, congestion contained
  (2MaxRetrans 1)
• Reordering channels, other mechanisms required
• For Gbit/s networks, duplicates and loss can be a
  problem gt implement PAWS as per RFC 1323

29
Future Work

• Extend work to TCP mechanisms, including PAWS
• Incorporate mechanisms into CPN model for
  deleting old messages
• Formally extend results for loss and duplication
  to arbitrary values of MaxRetrans, MaxSeqNo and
  channel capacity
• Investigate duplication and loss even when (sr)
  is not violated