DOCSLIB.ORG

Securing Self-Virtualizing Ethernet Devices

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Securing Self-Virtualizing Ethernet Devices Securing Self-Virtualizing Ethernet Devices Igor Smolyar Muli Ben-Yehuda Dan Tsafrir Technion – Israel Institute of Technology figors,muli,[email protected] Abstract Single root I/O virtualization (SRIOV) is a hard- ware/software interface that allows devices to “self virtu- alize” and thereby remove the host from the critical I/O hypervisor path. SRIOV thus brings near bare-metal performance to untrusted guest virtual machines (VMs) in public clouds, enterprise data centers, and high-performance comput- (a) Traditional Virtualization (b) Direct I/O Device Assignment ing setups. We identify a design flaw in current Ethernet SRIOV NIC deployments that enables untrusted VMs to Figure 1: Types of I/O Virtualization completely control the throughput and latency of other, unrelated VMs. The attack exploits Ethernet ”pause” frames, which enable network flow control functional- driver is installed in the guest [20, 69]; (3) the host as- ity. We experimentally launch the attack across sev- signs a real device to the guest, which then controls the eral NIC models and find that it is effective and highly device directly [22, 52, 64, 74, 76]. When emulating a accurate, with substantial consequences if left unmiti- device or using a paravirtual driver, the hypervisor in- gated: (1) to be safe, NIC vendors will have to mod- tercepts all interactions between the guest and the I/O ify their NICs so as to filter pause frames originating device, as shown in Figure 1a, leading to increased over- from SRIOV instances; (2) in the meantime, administra- head and significant performance penalty. tors will have to either trust their VMs, or configure their The hypervisor can reduce the overhead of device em- switches to ignore pause frames, thus relinquishing flow ulation or paravirtualization by assigning I/O devices di- control, which might severely degrade networking per- rectly to virtual machines, as shown in Figure 1b. Device formance. We present the Virtualization-Aware Network assignment provides the best performance [38,53,65,76], Flow Controller (VANFC), a software-based SRIOV NIC since it minimizes the number of I/O-related world prototype that overcomes the attack. VANFC filters pause switches between the virtual machine and its hypervisor. frames from malicious virtual machines without any loss However, assignment of standard devices is not scalable: of performance, while keeping SRIOV and Ethernet flow a single host can generally run an order of magnitude control hardware/software interfaces intact. more virtual machines than it has physical I/O device slots available. 1 Introduction One way to reduce I/O virtualization overhead fur- ther and improve virtual machine performance is to of- A key challenge when running untrusted virtual ma- fload I/O processing to scalable self-virtualizing I/O de- chines is providing them with efficient and secure I/O. vices. The PCI Special Interest Group (PCI-SIG) on Environments running potentially untrusted virtual ma- I/O Virtualization proposed the Single Root I/O Virtu- chines include enterprise data centers, public cloud com- alization (SRIOV) standard for scalable device assign- puting providers, and high-performance computing sites. ment [60]. PCI devices supporting the SRIOV standard There are three common approaches to providing I/O present themselves to host software as multiple virtual services to guest virtual machines: (1) the hypervisor interfaces. The host can assign each such partition di- emulates a known device and the guest uses an unmod- rectly to a different virtual machine. With SRIOV de- ified driver to interact with it [71]; (2) a paravirtual vices, virtual machines can achieve bare-metal perfor- mance even for the most demanding I/O-intensive work- reaching the edge switch. The traffic of virtual machines loads [38, 39]. We describe how SRIOV works and why and host that share the same link remains unaffected; it improves performance in Section 2. thus VANFC is 100% effective in eliminating the attack. New technology such as SRIOV often provides new VANFC has no impact on throughput or latency compared capabilities but also poses new security challenges. Be- to the baseline system not under attack. cause SRIOV provides untrusted virtual machines with VANFC is fully backward compatible with the current unfettered access to the physical network, such machines hardware/software SRIOV interface and with the Ether- can inject malicious or harmful traffic into the network. net flow control protocol, with all of its pros and cons. We analyze the security risks posed by using SRIOV Controlling Ethernet flow by pausing physical links has in environments with untrusted virtual machines in Sec- its fundamental problems, such as link congestion prop- tion 3. We find that SRIOV NIC, as currently deployed, agation, also known as the ”congestion spreading” phe- suffers from a major design flaw and cannot be used se- nomenon [13]. The attack might also be prevented by curely together with network flow control. completely redesigning the Ethernet flow control mech- We make two contributions in this paper. The first anism, making it end-to-end credit-based, as in Infini- contribution is to show how a malicious virtual machine Band [18], for example. But such a pervasive approach with access to an SRIOV device can use the Ethernet is not practical to deploy and remains outside the scope flow control functionality to attack and completely con- of this work. Instead, VANFC specifically targets the de- trol the bandwidth and latency of other unrelated VMs sign flaw in SRIOV NICs that enables the attack. VANFC using the same SRIOV device, without their knowledge prevents the attack without any loss of performance and or cooperation. The malicious virtual machine does this without requiring any changes to either Ethernet flow by transmitting a small number of Ethernet pause or Pri- control or to the SRIOV hardware/software interfaces. ority Flow Control (PFC) frames on its host’s link to One could argue that flow control at the Ethernet level the edge switch. If Ethernet flow control is enabled, the is not necessary, since protocols at a higher level (e.g., switch will then shut down traffic on the link for a spec- TCP) have their own flow control. We show why flow ified amount of time. Since the link is shared between control is required for high performance setups, such as multiple untrusted guests and the host, none of them will those using Converged Enhanced Ethernet, in Section 8. receive traffic. The details of this attack are discussed In Section 9 we provide some notes on the VANFC im- in Section 4. We highlight and experimentally evaluate plementation and on several aspects of VM-to-VM traf- the most notable ramifications of this attack in Section 5. fic security. We present related work in Section 10. We offer concluding remarks on SRIOV security as well as Our second contribution is to provide an understand- remaining future work in Section 11. ing of the fundamental cause of the design flaw lead- ing to this attack and to show how to overcome it. We 2 SRIOV Primer present and evaluate (in Section 6 and Section 7) the Virtualization-Aware Network Flow Controller (VANFC), Hardware emulation and paravirtualized devices impose a software-based prototype of an SRIOV NIC that suc- a significant performance penalty on guest virtual ma- cessfully overcomes the described attack without any chines [15, 16, 21, 22, 23]. Seeking to improve vir- loss in performance. tual I/O performance and scalability, PCI-SIG proposed With SRIOV, a single physical endpoint includes both the SRIOV specification for PCIe devices with self- the host (usually trusted) and multiple untrusted guests, virtualization capabilities. The SRIOV spec defines how all of which share the same link to the edge switch. The host software can partition a single SRIOV PCIe device edge switch must either trust all the guests and the host into multiple PCIe “virtual” devices. or trust none of them. The former leads to the flow con- Each SRIOV-capable physical device has at least one trol attack we show; the latter means doing without flow Physical Function (PF) and multiple virtual partitions control and, consequently, giving up on the performance called Virtual Functions (VFs). Each PF is a standard and efficient resource utilization flow control provides. PCIe function: host software can access it as it would With SRIOV NICs modeled after VANFC, cloud users any other PCIe device. A PF also has a full configuration could take full advantage of lossless Ethernet in SRIOV space. Through the PF, host software can control the en- device assignment setups without compromising their se- tire PCIe device as well as perform I/O operations. Each curity. By filtering pause frames generated by the mali- PCIe device can have up to eight independent PFs. cious virtual machine, VANFC keeps these frames from VFs, on the other hand, are “lightweight” (virtual) Bridge (VEB) [51]. guest VM0 SRIOV provides virtual machines with I/O perfor- mance and scalability that is nearly the same as bare metal. Without SRIOV, many use cases in cloud comput- ing, high-performance computing (HPC) and enterprise hypervisor data centers would be infeasible. With SRIOV it is pos- sible to virtualize HPC setups [24, 37]. In fact, SRIOV is considered the key enabling technology for fully virtu- alized HPC clusters [54]. Cloud service providers such as Amazon Elastic Compute Cloud (EC2) use SRIOV as the underlying technology in EC2 HPC services. Their Cluster Compute-optimized virtual machines with high performance enhanced networking rely on SRIOV [2]. SRIOV is important in traditional data centers as well. Figure 2: SRIOV NIC in a virtualized environment Oracle, for example, created the Oracle Exalogic Elastic Cloud, an integrated hardware and software system for data centers.
Load more

Recommended publications
  • Ciena 5305 Service Aggregation Switch Datasheet
    5305 SERVICE AGGREGATION SWITCH Features and Benefits The 5305 Ethernet/MPLS service aggregation > Features advanced Ethernet and MPLS to support demanding business, mobile switch is purpose-built for Carrier Ethernet backhaul, transport, and residential applications including L2VPN service to deliver cost-effective capacity, scalability, delivery and aggregation, 3G/4G wireless backhaul, FTTx and IP DSLAM and resiliency. With this switch, service Aggregation and L2 backhaul of L3VPNs > Delivers optimal density and service providers can keep pace with the constantly flexibility with a compact modular chassis, supporting incremental increasing demand for bandwidth and next- expansion of service and bandwidth capacity with linear CAPEX outlay generation services that support business, > Supports tens of thousands of services mobile backhaul, transport, and residential on a single system with robust scalability of up to 30,000+ VLANs and applications in metro networks. two million MAC addresses per chassis > Delivers high reliability, five-9s The 5305 is a modular, chassis-based system optimized for metro-edge deployments availability, and 50 ms protection in a wide variety of network topologies, including fiber and microwave rings, point-to- switching resiliency using state-of- the-art hardware and software design point fiber, microwave mesh, and fiber or copper to the subscriber. The switch coupled with advanced control plane supports high-density Gigabit Ethernet (GbE) connectivity to the subscriber edge and and Ethernet OAM capabilities
    [Show full text]
  • Data Center Ethernet 2
    DataData CenterCenter EthernetEthernet Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 [email protected] These slides and audio/video recordings of this class lecture are at: http://www.cse.wustl.edu/~jain/cse570-15/ Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse570-15/ ©2015 Raj Jain 4-1 OverviewOverview 1. Residential vs. Data Center Ethernet 2. Review of Ethernet Addresses, devices, speeds, algorithms 3. Enhancements to Spanning Tree Protocol 4. Virtual LANs 5. Data Center Bridging Extensions Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse570-15/ ©2015 Raj Jain 4-2 Quiz:Quiz: TrueTrue oror False?False? Which of the following statements are generally true? T F p p Ethernet is a local area network (Local < 2km) p p Token ring, Token Bus, and CSMA/CD are the three most common LAN access methods. p p Ethernet uses CSMA/CD. p p Ethernet bridges use spanning tree for packet forwarding. p p Ethernet frames are 1518 bytes. p p Ethernet does not provide any delay guarantees. p p Ethernet has no congestion control. p p Ethernet has strict priorities. Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse570-15/ ©2015 Raj Jain 4-3 ResidentialResidential vs.vs. DataData CenterCenter EthernetEthernet Residential Data Center Distance: up to 200m r No limit Scale: Few MAC addresses r Millions of MAC Addresses 4096 VLANs r Millions of VLANs Q-in-Q Protection: Spanning tree r Rapid spanning tree, … (Gives 1s, need 50ms) Path determined by r Traffic engineered path spanning tree Simple service r Service Level Agreement.
    [Show full text]
  • Converged Networking in the Data Center
    Converged Networking in the Data Center Peter P. Waskiewicz Jr. LAN Access Division, Intel Corp. [email protected] Abstract data center as a whole. In addition to the general power and cooling costs, other areas of focus are the physical The networking world in Linux has undergone some sig- amount of servers and their associated cabling that re- nificant changes in the past two years. With the expan- side in a typical data center. Servers very often have sion of multiqueue networking, coupled with the grow- multiple network connections to various network seg- ing abundance of multi-core computers with 10 Gigabit ments, plus they’re usually connected to a SAN: ei- Ethernet, the concept of efficiently converging different ther a Fiber Channel fabric or an iSCSI infrastructure. network flows becomes a real possibility. These multiple network and SAN connections mean large amounts of cabling being laid down to attach a This paper presents the concepts behind network con- server. Converged Networking takes a 10GbE device vergence. Using the IEEE 802.1Qaz Priority Group- that is capable of Data Center Bridging in hardware, ing and Data Center Bridging concepts to group mul- and consolidates all of those network connections and tiple traffic flows, this paper will demonstrate how dif- SAN connections into a single, physical device and ca- ferent types of traffic, such as storage and LAN traf- ble. The rest of this paper will illustrate the different fic, can efficiently coexist on the same physical connec- aspects of Data Center Bridging, which is the network- tion.
    [Show full text]
  • Interactions Between TCP and Ethernet Flow Control Over Netgear
    Interactions between TCP and Ethernet flow control over Netgear XAVB2001 HomePlug AV links Radika Veera Valli, Grenville Armitage, Jason But, Thuy Nguyen Centre for Advanced Internet Architectures, Technical Report 130121A Swinburne University of Technology Melbourne, Australia [email protected], [email protected], [email protected], [email protected] Abstract—HomePlug AV links are usually slower than buffers along network paths. A side-effect of such loss- the surrounding wired LAN links, creating a bottleneck based CC behaviour is that all traffic sharing the bottle- where traffic may be buffered and delayed. To investigate neck will experience additional latency due to increased the interactions between TCP congestion control and average queueing delays [5]. This is particularly prob- Ethernet flow control we trialled four TCP variants over a lematic for real-time application flows (such as VoIP and HomePlug AV link using two Netgear XAVB2001 devices. We observed that the XAVB2001’s use of Ethernet flow online games) given the growth of arguably-gratuitous control effectively concatenates the buffers in both the buffering (“buffer bloat”) in network devices, interface XAVB2001 and the directly attached sending host. This led cards and network software stacks [6]. to multi-second RTTs when using NewReno and CUBIC In this report we borrow from, and extend, previous (loss-based) TCPs, which is significantly troublesome for work by one of the current authors [7]. Our new work multimedia traffic on home LANs. In contrast, Vegas explores in greater detail the latency and flow control and CDG (delay-based) TCPs kept buffer utilisation low, issues that emerge when end-to-end TCP is allowed to and induced five to ten milliseconds RTT.
    [Show full text]
  • Chapter 2 Link Layer Verilog Hardware Implementation, and One Wireless Broadcast Link, I.E
    Modern Computer Networks: An open source approach Chapter 2 Modern Computer Networks: An open source approach Chapter 2 package, one wired broadcast link, i.e. Ethernet in Section 2.4 along with its Chapter 2 Link Layer Verilog hardware implementation, and one wireless broadcast link, i.e. wireless LAN (WLAN) in Section 2.5 plus a brief on Bluetooth and WiMAX. PPP is Problem Statement popularly used in the last-mile dial-up services or routers carrying various network protocols over point-to-point links. Ethernet has occupied more than 95 percent of To effectively and efficiently transmit data over physical links from one node wired LANs. It is also poised to be ubiquitous in MANs and WANs. In contrast to to one or more nodes, there is much more to do than simply modulating or desktop PCs, which usually use wired links, many devices such as laptop PCs encoding bit stream into signal. Transmission impairments, such as crosstalk and cellular phones are mobile and prefer wireless links such as WLAN, Bluetooth, between two adjacent pairs, can unexpectedly change transmission signal and and WiMAX. thus result in errors. The transmitter might transmit faster than the receiver can Table 2.1 Link protocols. handle. The transmitter has to somehow indicate the destination(s), if on a PAN/LAN MAN/WAN broadcast link, i.e. LAN, and usually needs to name itself to let the receiver know Token Bus (802.4) DQDB (802.6) Token Ring (802.5) HDLC where the source is. If multiple stations share a LAN, an arbitration mechanism is HIPPI X.25 required to determine who can transmit next.
    [Show full text]
  • Understanding Ethernet
    Chapter 1 Understanding Ethernet In This Chapter ▶ Exploring carrier sensing and collision detection methods ▶ Understanding directional traffic and simultaneous transmissions ▶ Examining Ethernet speed limits and wire-rated standards ▶ Exploring Gigabit Ethernet ▶ Distinguishing between local and backbone Ethernet ▶ Recognizing Ethernet interfaces ▶ Understanding Ethernet’s simplicity n today’s connected business world, ubiquitous access to Idigitized information and data is critical. Networking has not only reshaped the information landscape, but it has also vastly increased speeds at which information moves and is consumed. In fact, networking is the key to accessing the com- plex services and applications within which information plays a starring role. Although access to the Internet is essential, all networking begins at the local level. For modern networks, Ethernet is the standard infrastructure upon which local net- works rest. Ethernet comprises a family of frame-based protocols and tech- nologies designed to connect local area networks (LANs) — computersCOPYRIGHTED and devices situated in MATERIAL close proximity and able to communicate with one another. Ethernet draws its name from the fanciful Latin terminology luminiferous aether, which trans- lates to a light-bearing medium once thought to fill space and propagate magnetic waves. As such, Ethernet is a metaphorical reference for the physical transmission medium in the work- place (and at home) that propagates digitized information in electronic form. The term “Ethernet” was originally coined by 4 Carrier Ethernet For Dummies Bob Metcalfe while jointly developing basic Ethernet network computing with David Boggs at Xerox Palo Alto Research Center (PARC). Sensing a Carrier and Handling Collisions Two people on opposite ends of a phone conversation can sense carrier presence (either a dial-tone or a connected call) and handle collisions (overlapping conversations).
    [Show full text]
  • Storage and Network Convergence Using Fcoe and Iscsi
    Front cover Storage and Network Convergence Using FCoE and iSCSI Learn how to improve IT service performance and availability Simplify your storage and network infrastructure See how to reduce data center network costs Sangam Racherla Silvio Erdenberger Harish Rajagopal Kai Ruth ibm.com/redbooks International Technical Support Organization Storage and Network Convergence Using FCoE and iSCSI January 2014 SG24-7986-01 Note: Before using this information and the product it supports, read the information in “Notices” on page xi. Second Edition (January 2014) This edition applies to the latest supported Converged Network Adapters and Switches in the IBM System Networking Portfolio of products. © Copyright International Business Machines Corporation 2012, 2014. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . xi Trademarks . xii Preface . xiii Authors. xiii Now you can become a published author, too! . .xv Comments welcome. .xv Stay connected to IBM Redbooks . xvi Part 1. Overview of storage and network convergence . 1 Chapter 1. Introduction to convergence . 3 1.1 What convergence is. 4 1.1.1 Calling it what it is . 4 1.2 Vision of convergence in data centers . 4 1.3 The interest in convergence now . 5 1.4 Fibre Channel SANs today . 5 1.5 Ethernet-based storage today. 6 1.6 Benefits of convergence in storage and network . 7 1.7 Challenge of convergence . 8 1.8 Conclusion . 10 Chapter 2. Fibre Channel over Ethernet . 11 2.1 Background: Data Center Bridging . 12 2.1.1 Priority-based Flow Control: IEEE 802.1Qbb .
    [Show full text]
  • TROUBLESHOOTING FEATURES for Media Conversion Products Table of Contents
    WHITE PAPER : TROUBLESHOOTING FEATURES for Media Conversion Products Table of Contents Introduction ......................................................................................................... 3 Link Integrity ....................................................................................................... 4 Ethernet Troubleshooting Features ................................................................... 4 1. Auto Negotiation (AN) ....................................................................................... 4 a. Full Duplex ................................................................................................ 4 b. 100 Mbps Speed ..................................................................................... 4 c. Selective Advertising ................................................................................... 5 d. Rate Converters ....................................................................................... 5 e. FX Auto Negotiation (FX AN) ..................................................................... 5 2. FX LinkLoss (FXLL) ........................................................................................... 6 3. TX LinkLoss (TXLL) ........................................................................................... 6 4. FiberAlert (FA) ................................................................................................... 7 5. LinkLoss & FiberAlert ........................................................................................ 7
    [Show full text]
  • Fairness in a Data Center
    University of New Hampshire University of New Hampshire Scholars' Repository Doctoral Dissertations Student Scholarship Winter 2012 Fairness in a data center MIkkel Hagen University of New Hampshire, Durham Follow this and additional works at: https://scholars.unh.edu/dissertation Recommended Citation Hagen, MIkkel, "Fairness in a data center" (2012). Doctoral Dissertations. 694. https://scholars.unh.edu/dissertation/694 This Dissertation is brought to you for free and open access by the Student Scholarship at University of New Hampshire Scholars' Repository. It has been accepted for inclusion in Doctoral Dissertations by an authorized administrator of University of New Hampshire Scholars' Repository. For more information, please contact [email protected]. Fairness in a data center BY Mikkel Hagen M.S. Computer Science, University of New Hampshire (2008) B.S. Computer Science/Biology/Psychology, St. Bonaventure University (2004) DISSERTATION Submitted to the University of New Hampshire in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science December 2012 UMI Number: 3537816 All rights reserved INFORMATION TO ALL USERS The quality of this reproduction is dependent upon the quality of the copy submitted. In the unlikely event that the author did not send a complete manuscript and there are missing pages, these will be noted. Also, if material had to be removed, a note will indicate the deletion. Dissertation Publishing UMI 3537816 Published by ProQuest LLC 2013. Copyright in the Dissertation held by the Author. Microform Edition © ProQuest LLC. All rights reserved. This work is protected against unauthorized copying under Title 17, United States Code. uest ProQuest LLC 789 East Eisenhower Parkway P.O.
    [Show full text]
  • 19540 - Telematics 7Th Tutorial - Media Access, Ethernet & Wireshark
    19540 - Telematics 7th Tutorial - Media Access, Ethernet & Wireshark Bastian Blywis Department of Mathematics and Computer Science Institute of Computer Science 26. November, 2009 Institute of Computer Science – Telematics Tutorial – 26. November, 2009 1 Outline 1. Frame Size 2. Packets and Cells 3. FDDI Performance 4. ATM 5. Tunneling 6. Bridge Classification 7. Virtual LANs 8. IEEE 802.1Q and IEEE 802.2 9. Features of Layer 2 Protocols 10. Security Considerations 11. IEEE 802.1D Institute of Computer Science – Telematics Tutorial – 26. November, 2009 2 Frame Size Consider a 10 MBit/s CSMA/CD LAN with a bus of 50m length. The speed of the signal within the transmission medium is 2 ∗ 108m=s. 1. Calculate the upper bound of the collision detection time. 2. Specify the minimum frame length. Institute of Computer Science – Telematics Tutorial – 26. November, 2009 3 Frame Size Maximum time depends on maximum distance: AB 50m 5*10^-7s – Worst case: station A senses a free medium and starts to transmit – Station B senses a free medium and starts to transmit just at the time the signal from A arrives at B – Signal from B has to travel through the whole network until A detects the collision – Maximum time until collision detection, is twice the time of the signal propagation time for the whole network buslength 50m t = 2 ∗ = 2 ∗ = 5 ∗ 10−7s 8 m signalspeed 2 ∗ 10 s Institute of Computer Science – Telematics Tutorial – 26. November, 2009 4 Frame Size To ensure the stations are able to detect a collision, the frame has be take at least t to send: framelength min > t capacity 10MBit framelength > ∗ 5 ∗ 10−7s = 5Bit min s Institute of Computer Science – Telematics Tutorial – 26.
    [Show full text]
  • Network Transport for Data Centers
    X_405082 Advanced Computer Networks Data Center Transport Lin Wang ([email protected]) Period 2, Fall 2020 Course outline Warm-up Video ■ Fundamentals ■ Video streaming ■ Forwarding and routing ■ Video stream analytics ■ Network transport Networking and ML Data centers ■ Networking for ML ■ Data center networking ■ ML for networking ■ Data center transport � Mobile computing Programmability ■ Wireless and mobile ■ Sofware defined networking ■ Programmable forwarding 2 Learning objectives What are the new challenges in data center transport? What design choices do we have for data centers transport design? 3 What is special about data center transport Network ■ Extremely high speed (100+ Gbps) ■ Extremely low latency (10-100s of us) Diverse applications and workloads ■ Large variety in performance requirements Traffic patterns ■ Large long-lived flows vs small short-lived flows ■ Scatter-gather, broadcast, multicast Built out of commodity components: no expensive/customized hardware 4 Congestion control recall Network Do you still remember the goal of congestion control? 5 Congestion control recall Network Congestion control aims to determine the rate to send data on a connection, such that (1) the sender does not overrun the network capability and (2) the network is efficiently utilized 6 TCP Sender Receiver Network ACK ACK ACK Application The transport layer in the network model: Reliable TCP ■ Reliable, in-order delivery using acknowledges ■ Make sure not to overrun the receiver (receiving window, IP rwnd) and the network (congestion window,
    [Show full text]
  • NC-SI Over MCTP Binding Specification 6
    1 2 Document Number: DSP0261 3 Date: 2013-08-22 4 Version: 1.0.0 5 NC-SI over MCTP Binding Specification 6 7 Document Type: Specification 8 Document Status: DMTF Standard 9 Document Language: en-US 10 11 NC-SI over MCTP Binding Specification DSP0261 12 Copyright notice 13 Copyright © 2013 Distributed Management Task Force, Inc. (DMTF). All rights reserved. 14 DMTF is a not-for-profit association of industry members dedicated to promoting enterprise and systems 15 management and interoperability. Members and non-members may reproduce DMTF specifications and 16 documents for uses consistent with this purpose, provided that correct attribution is given. As DMTF 17 specifications may be revised from time to time, the particular version and release date should always be 18 noted. 19 Implementation of certain elements of this standard or proposed standard may be subject to third party 20 patent rights, including provisional patent rights (herein "patent rights"). DMTF makes no representations 21 to users of the standard as to the existence of such rights, and is not responsible to recognize, disclose, 22 or identify any or all such third party patent right, owners or claimants, nor for any incomplete or 23 inaccurate identification or disclosure of such rights, owners or claimants. DMTF shall have no liability to 24 any party, in any manner or circumstance, under any legal theory whatsoever, for failure to recognize, 25 disclose, or identify any such third party patent rights, or for such party’s reliance on the standard or 26 incorporation thereof in its product, protocols or testing procedures.
    [Show full text]