Active queue management
In routers and switches, active queue management (AQM) is the policy of dropping packets inside a buffer associated with a network interface controller (NIC) before that buffer becomes full, often with the goal of reducing network congestion or improving end-to-end latency. This task is performed by the network scheduler, which for this purpose uses various algorithms such as random early detection (RED), Explicit Congestion Notification (ECN), or controlled delay (CoDel). RFC 7567 recommends active queue management as a best practice.
An Internet router typically maintains a set of queues, one per interface, that hold packets scheduled to go out on that interface. Historically, such queues use a drop-tail discipline: a packet is put onto the queue if the queue is shorter than its maximum size (measured in packets or in bytes), and dropped otherwise.
Active queue disciplines drop or mark packets before the queue is full. Typically, they operate by maintaining one or more drop/mark probabilities, and probabilistically dropping or marking packets even when the queue is short.
Benefits of AQM
Drop-tail queues have a tendency to penalise bursty flows, and to cause global synchronisation between flows. By dropping packets probabilistically, AQM disciplines typically avoid both of these issues.
By providing endpoints with congestion indication before the queue is full, AQM disciplines are able to maintain a shorter queue length than drop-tail queues, which combats bufferbloat and reduces network latency.
Drawbacks of AQM
Early AQM disciplines (notably RED and SRED) require careful tuning of their parameters in order to provide good performance, and have other problems from a control theoretic standpoint. Modern AQM disciplines (ARED, Blue, PI, CoDel) are self-tuning, and can be run with their default parameters in most circumstances.
Network engineers have historically been trained to avoid packet loss, and have therefore sometimes been critical of AQM systems that drop packets (rather than using ECN marking): "Why should I drop perfectly good packets when I still have free buffer space?" This issue has been alleviated to a certain extent by educating network engineers about the benefit of active policies .
The Simulation and Analysis Platform for AQM algorithms
An Active Queue Management and Denial-of-Service (AQM&DoS) Simulation Platform is established based on the NS-2 simulation code of the RRED algorithm. The AQM&DoS Simulation Platform can simulate a variety of DoS attacks (Distributed DoS, Spoofing DoS, Low-rate DoS, etc.) and Active Queue Management (AQM) algorithms (RED, RRED, SFB, etc.). It automatically calculates and records the average throughput of normal TCP flows before and after DoS attacks to facilitate the analysis of the impact of DoS attacks on normal TCP flows and AQM algorithms. More details.
Active queue management algorithms
- Random early detection (RED);
- Random Exponential Marking (REM);
- Modified-REM (M-REM);
- Blue and Stochastic Fair Blue (SFB);
- PI controller.
- Robust random early detection (RRED)
- RSFB: a Resilient Stochastic Fair Blue algorithm against spoofing DDoS attacks
- RED with Preferential Dropping (RED-PD)
- Controlled Delay (CoDel)
- Floyd, Sally; Jacobson, Van (August 1993). "Random Early Detection (RED) gateways for Congestion Avoidance". IEEE/ACM Transactions on Networking. 1 (4): 397–413. CiteSeerX 10.1.1.147.3833. doi:10.1109/90.251892. Retrieved 2008-03-16.
- C.V. Hollot, Vishal Misra, Don Towsley and Wei-Bo Gong, Analysis and Design of Controllers for AQM Routers Supporting TCP Flows
- "The criminal mastermind: bufferbloat!". jg's Ramblings. Gettys.wordpress.com. 2010-12-03. Retrieved 2014-01-23.
- Athuraliya, S. (June 2001). "REM: Active Queue Management". IEEE Transactions on Networking. Volume:15 Issue:3: 48–53.
- Imer, Orhan; Basar, Tamer (December 2005). "A Global Stability Result in Utility-Based Congestion Control" (PDF). Proceedings of the 44th IEEE Conference on Decision and Control, and the European Control Conference 2005: 6740–6743.
- Changwang Zhang, Jianping Yin, Zhiping Cai, and Weifeng Chen, RRED: Robust RED Algorithm to Counter Low-rate Denial-of-Service Attacks, IEEE Communications Letters, vol. 14, pp. 489-491, 2010. Ref
- Changwang Zhang, Jianping Yin, and Zhiping Cai, RSFB: a Resilient Stochastic Fair Blue algorithm against spoofing DDoS attacks, in International Symposium on Communication and Information Technology (ISCIT), 2009. Ref
- Ratul Mahajan, Sally Floyd, and David Wetherall, Controlling high-bandwidth flows at the congested router, ICNP 2001