idnits 2.17.1 draft-ietf-conex-destopt-11.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (October 19, 2015) is 3083 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- == Unused Reference: 'RFC4303' is defined on line 555, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2460 (Obsoleted by RFC 8200) == Outdated reference: A later version (-10) exists of draft-ietf-conex-tcp-modifications-08 == Outdated reference: A later version (-02) exists of draft-wagner-conex-audit-01 Summary: 1 error (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 ConEx Working Group S. Krishnan 3 Internet-Draft Ericsson 4 Intended status: Experimental M. Kuehlewind 5 Expires: April 21, 2016 ETH Zurich 6 C. Ralli 7 Telefonica 8 October 19, 2015 10 IPv6 Destination Option for Congestion Exposure (ConEx) 11 draft-ietf-conex-destopt-11 13 Abstract 15 Congestion Exposure (ConEx) is a mechanism by which senders inform 16 the network about the congestion encountered by packets earlier in 17 the same flow. This document specifies an IPv6 destination option 18 that is capable of carrying ConEx markings in IPv6 datagrams. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on April 21, 2016. 37 Copyright Notice 39 Copyright (c) 2015 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 2. Conventions used in this document . . . . . . . . . . . . . . 3 56 3. Requirements for the coding of ConEx in IPv6 . . . . . . . . 3 57 4. ConEx Destination Option (CDO) . . . . . . . . . . . . . . . 4 58 5. Implementation in the fast path of ConEx-aware routers . . . 7 59 6. Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . 7 60 7. Tunnel Processing . . . . . . . . . . . . . . . . . . . . . . 8 61 8. Compatibility with use of IPsec . . . . . . . . . . . . . . . 9 62 9. Mitigating flooding attacks by using preferential drop . . . 10 63 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11 64 11. Security Considerations . . . . . . . . . . . . . . . . . . . 11 65 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 66 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 67 13.1. Normative References . . . . . . . . . . . . . . . . . . 12 68 13.2. Informative References . . . . . . . . . . . . . . . . . 13 69 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 71 1. Introduction 73 Congestion Exposure (ConEx) [I-D.ietf-conex-abstract-mech] is a 74 mechanism by which senders inform the network about the congestion 75 encountered by packets earlier in the same flow. This document 76 specifies an IPv6 destination option [RFC2460] that can be used for 77 performing ConEx markings in IPv6 datagrams. 79 This document specifies the ConEx wire protocol in IPv6. The ConEx 80 information can be used by any network element on the path to e.g. do 81 traffic management or egress policing. Additionally this information 82 will potentially be used by an audit function that checks the 83 integrity of the sender's signaling. Further each transport 84 protocol, that supports ConEx signaling, will need to specify 85 precisely when the transport sets ConEx markings (e.g. the behavior 86 for TCP is specified in [I-D.ietf-conex-tcp-modifications]). 88 This document specifies ConEx for IPv6 only. Due to space 89 limitations in the IPv4 header and the risk of options that might be 90 stripped by middlebox in IPv4 the primary goal of the working goal 91 was to specify ConEx in IPv6 for experimentation. 93 This specification is experimental to allow the IETF to assess 94 whether the decision to implement the ConEx signal as a destination 95 option fulfills the requirements stated in this document, as well as 96 to evaluate the proposed encoding of the ConEx signals as described 97 in [I-D.ietf-conex-abstract-mech]. 99 The duration of this experiment is expected to be no less than two 100 years from publication of this document as infrastructure is needed 101 to be set up to determine the outcome of this experiment. 102 Experimenting with Conex requires IPv6 traffic. Even though the 103 amount of IPv6 traffic is growing, the traffic mix carried over IPv6 104 is still very different as over IPv4. Therefore, it might taker 105 longer to find a suitable test scenario where only IPv6 traffic is 106 managed using ConEx. 108 2. Conventions used in this document 110 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL","SHALL NOT", 111 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 112 document are to be interpreted as described in [RFC2119]. 114 3. Requirements for the coding of ConEx in IPv6 116 A set of requirement for an ideal concrete ConEx wire protocol is 117 given in [I-D.ietf-conex-abstract-mech]. In the ConEx working group 118 is was recognized that it will be difficult to find an encoding in 119 IPv6 that satisfies all requirements. The choice in this document to 120 implement the ConEx information in a destination option aims to 121 satisfy those requirements that constrain the placement of ConEx 122 information: 124 R-1: The marking mechanism needs to be visible to all ConEx-capable 125 nodes on the path. 127 R-2: The mechanism needs to be able to traverse nodes that do not 128 understand the markings. This is required to ensure that ConEx can 129 be incrementally deployed over the Internet. 131 R-3: The presence of the marking mechanism should not significantly 132 alter the processing of the packet. This is required to ensure that 133 ConEx marked packets do not face any undue delays or drops due to a 134 badly chosen mechanism. 136 R-4: The markings should be immutable once set by the sender. At the 137 very least, any tampering should be detectable. 139 Based on these requirements four solutions to implement the ConEx 140 information in the IPv6 header have been investigated: hop-by-hop 141 options, destination options, using IPv6 header bits (from the flow 142 label), and new extension headers. After evaluating the different 143 solutions, the ConEx working group concluded that the use of a 144 destination option would best address these requirements. 146 Choosing to use a destination option does not necessarily satisfy the 147 requirement for on-path visibility, because it can be encapsulated by 148 additional IP header(s). Therefore, ConEx-aware network devices, 149 including policy or audit devices, might have to follow the chaining 150 (extension-)headers into inner IP headers to find ConEx information. 151 This choice was a compromise between fast-path performance of Conex- 152 aware network nodes and visibility, as discussed in 153 Section Section 5. 155 Please note that the IPv6 specification [RFC2460] does not require or 156 expect intermediate nodes to inspect destination options such as the 157 CDO. This implies that ConEx-aware intermediate nodes following this 158 specification need updated extension header processing code to be 159 able read the destination options. 161 4. ConEx Destination Option (CDO) 163 The ConEx Destination Option (CDO) is a destination option that can 164 be included in IPv6 datagrams that are sent by ConEx-aware senders in 165 order to inform ConEx-aware nodes on the path about the congestion 166 encountered by packets earlier in the same flow or the expected risk 167 of encountering congestion in the future. The CDO has an alignment 168 requirement of (none). 170 0 1 2 171 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 172 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 173 | Option Type | Option Length |X|L|E|C| res | 174 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 176 Figure 1: ConEx Destination Option Layout 178 Option Type 180 8-bit identifier of the type of option. Set to the value 181 30 (0x1E) allocated for experimental work. 183 Option Length 185 8-bit unsigned integer. The length of the option in octets 186 (excluding the Option Type and Option Length fields). Set to 187 the value 1. 189 X Bit 191 When this bit is set, the transport sender is using ConEx with 192 this packet. If it is not set, the sender is not using ConEx 193 with this packet. 195 L Bit 197 When this bit is set, the transport sender has experienced a 198 loss. 200 E Bit 202 When this bit is set, the transport sender has experienced 203 congestion signaled using Explicite Congestion Notification 204 (ECN) [RFC3168]. 206 C Bit 208 When this bit is set, the transport sender is building up 209 congestion credit in the audit function. 211 Reserved (res) 213 These four bits are not used in the current specification. 214 They are set to zero on the sender and are ignored on the 215 receiver. 217 Option Layout 219 All packets sent over a ConEx-capable TCP connection or belonging to 220 the same ConEx-capable flow MUST carry the CDO. The chg bit (the 221 third-highest-order bit) in the CDO Option Type field is set to zero, 222 meaning that the CDO option is immutable. Network devices with 223 ConEx-aware functions read the flags, but all network devices MUST 224 forward the CDO unaltered. 226 The CDO SHOULD be placed as the first option in the destination 227 option header before the AH and/or ESP (if present). IPsec 228 Authentication Header (AH) MAY be used to verify that the CDO has not 229 been modified. 231 If the X bit is zero all other three bits are undefined and thus MUST 232 be ignored and forwarded unchanged by network nodes. The X bit set 233 to zero means that the connection is ConEx-capable but this packet 234 MUST NOT be counted when determining ConEx information in an audit 235 function. This can be the case if no congestion feedback is 236 (currently) available e.g. in TCP if one endpoint has been receiving 237 data but sending nothing but pure ACKs (no user data) for some time. 238 This is because pure ACKs do not advance the sequence number, so the 239 TCP endpoint receiving them cannot reliably tell whether any have 240 been lost due to congestion. Pure TCP ACKs cannot be ECN-marked 241 either [RFC3168]. 243 If the X bit is set, any of the other three bits (L, E, C) might be 244 set. Whenever one of these bits is set, the number of bytes carried 245 by this IP packet (including the IP header that directly encapsulates 246 the CDO and everything that IP header encapsulates) SHOULD be counted 247 to determine congestion or credit information. In IPv6 the number of 248 bytes can easily be calculated by adding the number 40 (length of the 249 IPv6 header in bytes) to the value present in the Payload Length 250 field in the IPv6 header. 252 A transport sends credits prior to the occurrence of congestion (loss 253 or ECN-CE marks) and the amount of credits should cover the 254 congestion risk. This is further specified in 255 [I-D.ietf-conex-abstract-mech] and described in detail for the case 256 of TCP in [I-D.ietf-conex-tcp-modifications]. Note, the maximum 257 congestion risk is that all packets in flight get lost or ECN marked. 259 If the L or E bit is set, a congestion signal in the form of a loss 260 or, respectively, an ECN mark was previously experienced by the same 261 connection. 263 In principle all of these three bits (L, E, C) might be set in the 264 same packet. In this case the packet size MUST be counted more than 265 once for each respective ConEx information counter. 267 If a network node extracts the ConEx information from a connection, 268 it is expected to hold this information in bytes, e.g. comparing the 269 total number of bytes sent with the number of bytes sent with ConEx 270 congestion marks (L, E) to determine the current whole path 271 congestion level. Therefore a ConEx-aware nodes, that processes the 272 CDO, MUST use the Payload length field of the preceding IPv6 header 273 for byte-based counting. When a ratio is measured and equally sized 274 packets can be assumed, counting the number of packets (instead of 275 the number of bytes) should deliver the same result. But an audit 276 function must be aware that this estimation can be quite wrong, if 277 e.g. different sized packed are sent and thus it is not reliable. 279 All remaining bits in the CDO are reserved for future use (which are 280 currently the last four bits of the eight bit option space). A ConEx 281 sender SHOULD set the reserved bits in the CDO to zero. Other nodes 282 MUST ignore these bits and ConEx-aware intermediate nodes MUST 283 forward them unchanged, whatever their values. They MAY log the 284 presence of a non-zero reserved field. 286 The CDO is only applicable on unicast or anycast packets (see 287 [I-D.ietf-conex-abstract-mech] note regarding item J on multicast at 288 the end of section 3.3 for reasoning). A ConEx sender MUST NOT send 289 a packet with the CDO to a multicast address. ConEx-capable network 290 nodes MUST treat a multicast packet with the X flag set the same as 291 an equivalent packet without the CDO, and they SHOULD forward it 292 unchanged. 294 As stated in [I-D.ietf-conex-abstract-mech] (see section 3.3 item N 295 on network layer requirements) protocol specs should describe any 296 warning or error messages relevant to the encoding. There are no 297 warnings or error messages associated with the CDO. 299 5. Implementation in the fast path of ConEx-aware routers 301 The ConEx information is being encoded into a destination option so 302 that it does not impact forwarding performance in the non-ConEx-aware 303 nodes on the path. Since destination options are not usually 304 processed by routers, the existence of the CDO does not affect the 305 fast path processing of the datagram on non-ConEx-aware routers, i.e. 306 they are not pushed into the slow path towards the control plane for 307 exception processing. 309 ConEx-aware nodes still need to process the CDO without severely 310 affecting forwarding. For this to be possible, the ConEx-aware 311 routers need to quickly ascertain the presence of the CDO and process 312 the option if it is present. To efficiently perform this, the CDO 313 needs to be placed in a fairly deterministic location. In order to 314 facilitate forwarding on ConEx-aware routers, ConEx-aware senders 315 that send IPv6 datagrams with the CDO SHOULD place the CDO as the 316 first destination option in the destination options header. 318 6. Auditing 320 An audit element shall be a shadow device in the network, i.e. its 321 presence should not be detectable for well-behaving senders. The 322 objective of an audit is to verify that senders correctly signals 323 ConEx information and to penalize cheaters. For this, the audit 324 element has to maintain state for any active ConEx-enabled flow. 325 Flows must be audited independently, as there are no dependencies. 326 There are two aspects the audit element has to check for each flow: 328 o if the congestion reported using the ConEx mechanism (L- or 329 E-marked bytes) matches the congestion actually observed by the 330 receivers (loss or ECN-CE-marks) and 332 o if sufficient credit marks have been sent to signal the congestion 333 risk in advance (number of C-marked bytes is larger than lost or 334 ECN-EC-marked bytes). 336 By the Re-Echo-Loss signal a sender exposes to the network that this 337 transport has experienced loss very recently. By the Re-Echo-ECN 338 signal a sender exposes to the network that this transport has 339 experienced an ECN-CE mark very recently. For the audit this means, 340 that if it detects a loss or an ECN-CE mark for a ConEx-enabled flow, 341 for a compliant sender the corresponding Re-Echo-Loss or Re-Echo-ECN 342 signals must be observed in the near future (e.g. within a 1-2 RTT 343 after the congestion has been observed). 345 The Credit signal represents potential for congestion. A ConEx- 346 enabled sender SHOULD signal sufficient credit in advance to any 347 congestion event. If a congestion event occurs, a corresponding 348 amount of credit is consumed. If the sender intends to take the same 349 risk again, it just must replace this consumed credit as non-consumed 350 credit does not expire. 352 The audit penalizes a flow if it fails either of these two criteria. 353 In order to not incentivize senders to simply start new flows when 354 detecting being penalized by an audit element, the penalty of a 355 misbehaving flow SHOULD be proportional to the misbehavior. This 356 document does not mandate a particular audit design. Implementation 357 considerations are further discussed in [I-D.wagner-conex-audit]. 359 The CDO MUST only be used alongside protocols that provide a way to 360 audit loss in the network. Any protocol specification that uses the 361 CDO MUST define how an audit device can detect loss on the forward 362 path (e.g. sequence number monitoring) and the means for protecting 363 against likely attacks on such mechanisms. 365 7. Tunnel Processing 367 As with any destination option, an ingress tunnel endpoint will not 368 normally copy the CDO when adding an encapsulating outer IP header. 369 In general an ingress tunnel SHOULD NOT copy the CDO to the outer 370 header as this would changed the number of bytes that would be 371 counted. However, it MAY copy the CDO to the outer header in order 372 to facilitate visibility by subsequent on-path ConEx functions if the 373 configuration of the tunnel ingress and the ConEx nodes is co- 374 ordinated. This trades off the performance of ConEx functions 375 against that of tunnel processing. 377 An egress tunnel endpoint SHOULD ignore any CDO in the outer header 378 on decapsulation of an outer IP header. The information in any inner 379 CDO will always be considered correct, even if it differs from any 380 outer CDO. Therefore, the decapsulator can strip the outer CDO 381 without comparison to the inner. A decapsulator MAY compare the two, 382 and MAY log any case where they differ. However, the packet MUST be 383 forwarded irrespective of any such anomaly, given an outer CDO is 384 only a performance optimization. 386 A network node that assesses ConEx information SHOULD search for 387 encapsulated IP headers until a CDO is found. At any specific 388 network location, the maximum necessary depth of search is likely to 389 be the same for all packets between a given set of tunnel endpoints. 391 8. Compatibility with use of IPsec 393 If the endpoints are using the IPsec Authentication Header (AH) 394 [RFC4302] to detect alteration of IP headers along the path, AH will 395 also ensure the e2e integrity of the CDO header. A network-based 396 attacker could alter ConEx information to fool an audit function in a 397 downstream network into discarding packets. However, other existing 398 attacks from one network on another such a TTL expiry attacks are 399 more damaging (because ConEx audit discards silently) and less 400 traceable (because TTL is meant to change, whereas CDO is not). 402 Inside an IPv6 packet, a Destination Option header can be placed in 403 two possible positions, either before the Routing header or after the 404 ESP/AH headers as described in Section 4.1 of [RFC2460]. When the 405 CDO is placed in the destination option header before the AH and/or 406 ESP, it is not encrypted in transport mode [RFC4301]. Otherwise, if 407 the CDO were placed in the latter position and an ESP header was used 408 with encryption, the CDO cannot be viewed and interpreted by ConEx- 409 aware intermediate nodes effectively rendering it useless. 411 The IPv6 protocol architecture currently does not provide a mechanism 412 for new headers to be copied to the outer IP header. Therefore if 413 IPsec encryption is used in tunnel mode, ConEx information cannot be 414 accessed over the extent of the ESP tunnel. 416 Also, the destination IP stack will not usually process the CDO, 417 therefore the sender can send a CDO without checking if the receiver 418 will understand it. The CDO MUST still be forwarded to the 419 destination IP stack, because the destination might check the 420 integrity of the whole packet, irrespective of whether it understands 421 ConEx. 423 9. Mitigating flooding attacks by using preferential drop 425 This section is aspirational, and not critical to the use of ConEx 426 for more general traffic management. However, once CDO information 427 is present, the CDO header could optionally also be used in the data 428 plane of any IP-aware forwarding node to mitigate flooding attacks. 430 Please note that ConEx is an experimental protocol and that any kind 431 of mechanisms that reacts on information provided by the ConEx 432 protocol needs to be evaluated in experimentation as well. This is 433 also true, or especially true, for the preferential drop mechanism 434 described below. 436 Dropping packets preferentially that are not ConEx-capable or do not 437 carry a ConEx mark can be beneficial to migrate flooding attacks as 438 ConEx-marked packets can be assumed to be already restricted by an 439 ConEx ingress policer as further described in 440 [I-D.ietf-conex-abstract-mech]. Therefore the following ConEx-based 441 perferential dropping scheme is proposed: 443 If a router queue experiences very high load so that it has to drop 444 arriving packets, it MAY preferentially drop packets within the same 445 DiffServ PHB using the preference order given in Table 1 (1 means 446 drop first). Additionally, if a router implements preferential drop 447 based on ConEx it SHOULD also support ECN-marking. Even though 448 preferential dropping can be difficult to implement on some hardware, 449 if nowhere else, routers at the egress of a network SHOULD implement 450 preferential drop based on ConEx markings (stronger than the MAY 451 above). 453 +----------------------+----------------+ 454 | | Preference | 455 +----------------------+----------------+ 456 | Not-ConEx or no CDO | 1 (drop first) | 457 | X (but not L,E or C) | 2 | 458 | X and L,E or C | 3 | 459 +----------------------+----------------+ 461 Table 1: Drop preference for ConEx packets 463 A flooding attack is inherently about congestion of a resource. As 464 load focuses on a victim, upstream queues grow, requiring honest 465 sources to pre-load packets with a higher fraction of ConEx-marks. 467 If ECN marking is supported by downstream queues, preferential 468 dropping provides the most benefits because, if the queue is so 469 congested that it drops traffic, it will be CE-marking 100% of any 470 forwarded traffic. Honest sources will therefore be sending 100% 471 ConEx E-marked packets (and subject to rate-limiting at an ingress 472 policer). 474 Senders under malicious control can either do the same as honest 475 sources, and be rate-limited at ingress, or they can understate 476 congestion and not set the E bit. 478 If the preferential drop ranking is implemented on queues, these 479 queues will preserve E/L-marked traffic until last. So, the traffic 480 from malicious sources will all be automatically dropped first. 481 Either way, malicious sources cannot send more than honest sources. 482 Therefore ConEx-based perferential drooping as describe above 483 discriminates against attack traffic if done as part of the overall 484 policing framework as described in [I-D.ietf-conex-abstract-mech]. 486 10. Acknowledgements 488 The authors would like to thank Marcelo Bagnulo, Bob Briscoe, Ingemar 489 Johansson, Joel Halpern, John Leslie, Martin Stiemerling, Robert 490 Sparks, Ron Bonica, Brian Haberman, Kathleen Moriarty, Bob Hinden, 491 Ole Troan and Brian Carpenter for the discussions that made this 492 document better. 494 Special thanks to Bob Briscoe who contributed text and analysis work 495 on preferential dropping and to David Wagner for providing the text 496 on which the audting section is based. 498 11. Security Considerations 500 [I-D.ietf-conex-abstract-mech] describes the overall audit framework 501 for assuring that ConEx markings truly reflect actual path 502 congestion. This section focuses purely on the security of the 503 encoding chosen for ConEx markings. 505 The CDO Option Type is defined with a chg bit set to zero as 506 described in Section 4. If IPsec AH is used, a zero chg bit causes 507 AH to cover the CDO option so that its end-to-end integrity can be 508 verified, as explained in Section 4. 510 This document specifies that the Reserved field in the CDO must be 511 ignored and forwarded unchanged even if it does not contain all 512 zeroes. The Reserved field is also required to sit outside the 513 Encapsulating Security Payload (ESP), at least in transport mode (see 514 Section 7). This allows the sender to use the Reserved field as a 4 515 -bit-per-packet covert channel to send information to an on-path node 516 outside the control of IPsec. However, a covert channel is only a 517 concern if it can circumvent IPsec in tunnel mode and, in the tunnel 518 mode case, ESP would close the covert channel as outlined in 519 Section 7. 521 12. IANA Considerations 523 The IPv6 ConEx destination option is used for carrying ConEx 524 markings. This document uses the experimental option type 0x1E with 525 the act bits set to 00 and the chg bit set to 0 for realizing this 526 option. No further allocation action is required from IANA at this 527 time. 529 13. References 531 13.1. Normative References 533 [I-D.ietf-conex-abstract-mech] 534 Mathis, M. and B. Briscoe, "Congestion Exposure (ConEx) 535 Concepts, Abstract Mechanism and Requirements", draft- 536 ietf-conex-abstract-mech-13 (work in progress), October 537 2014. 539 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 540 Requirement Levels", BCP 14, RFC 2119, March 1997. 542 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 543 (IPv6) Specification", RFC 2460, December 1998. 545 [RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition 546 of Explicit Congestion Notification (ECN) to IP", RFC 547 3168, September 2001. 549 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 550 Internet Protocol", RFC 4301, December 2005. 552 [RFC4302] Kent, S., "IP Authentication Header", RFC 4302, December 553 2005. 555 [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", RFC 556 4303, DOI 10.17487/RFC4303, December 2005, 557 . 559 13.2. Informative References 561 [I-D.ietf-conex-tcp-modifications] 562 Kuehlewind, M. and R. Scheffenegger, "TCP modifications 563 for Congestion Exposure", draft-ietf-conex-tcp- 564 modifications-08 (work in progress), April 2015. 566 [I-D.wagner-conex-audit] 567 Wagner, D. and M. Kuehlewind, "Auditing of Congestion 568 Exposure (ConEx) signals", draft-wagner-conex-audit-01 569 (work in progress), February 2014. 571 Authors' Addresses 573 Suresh Krishnan 574 Ericsson 575 8400 Blvd Decarie 576 Town of Mount Royal, Quebec 577 Canada 579 Email: suresh.krishnan@ericsson.com 581 Mirja Kuehlewind 582 ETH Zurich 584 Email: mirja.kuehlewind@tik.ee.ethz.ch 586 Carlos Ralli Ucendo 587 Telefonica 589 Email: ralli@tid.es