| Internet-Draft | Anomalous Packets Handling for DetNet | October 2025 |
| Han, et al. | Expires 19 April 2026 | [Page] |
In deterministic networking (DetNet), resource conflicts at flow aggregation nodes can lead to network anomalies. Existing data plane mechanisms for handling anomalous packets, such as simple discarding or treating them as Best-Effort (BE) flows, are insufficient. Consequently, the network performance can degrade to a level inferior to of traditional QoS approaches.Therefore, in order to handle the anomalous traffic, the data plane should implement an enhanced handling mechanism.¶
This document proposes an enhanced anomalous packet handling solution for DetNet. This solution specifies two policies: the packet squeezing policy and the packet degrading policy. These policies provide a flexible, enhanced mechanism applicable to various queuing mechanisms, ensuring the preferential scheduling and preservation of deterministic service traffic under anomalous conditions.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 19 April 2026.¶
Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
DetNet is capable of providing real-time application services with deterministic guarantees such as bounded latency, low jitter, and low packet loss rate, as per [RFC8655]. One of the major technologies of DetNet is resource allocation, as per [RFC8938], which reserves necessary resources for specified DetNet flows to mitigate packet loss and jitter caused by network congestion. The control plane orchestrates the paths of DetNet flows to avoid resource conflicts. The data plane then transmits DetNet flows based on this orchestration result, employing mechanisms like traffic shaping, flow admission control, and forwarding information encapsulation to maintain the required QoS.¶
Each node along the end-to-end path may serve as an aggregation node. Aggregated flows that belong to the same traffic class share the reserved resources at the outgoing port. Ideally, the transmission of each flow within the same traffic class would strictly conform to the scheduling of the control plane, thereby meeting the strict deterministic requirements. However, this ideal scenario is often difficult to achieve due to the diversity of deterministic flows—such as occasional microbursts and packet size fluctuations. Allocating resources based on the maximum packet size may lead to resource waste, while basing them on the average size may cause resource conflicts. Furthermore, software and hardware limitations can introduce additional discrepancies. For instance, algorithmic flaws in the control plane may lead to resource conflicts in extreme cases, and high-priority protocol messages (e.g., ARP packets under abnormal conditions) in the data plane may preempt service packets, causing delays for lower-priority flows.¶
To address these network anomalies, the control plane should properly schedule resources to avoid resource conflicts at the aggregation nodes. As defined in [RFC8655], service protection solutions like PREOF (Packet Replication, Elimination, and Ordering Functions) are proposed based on multi-path transmission. Although PREOF can prevent performance reduction by reserving a large amount of redundant resources for the specified service flows, this approach may lead to poor resource utilization and potentially diminishing the value proposition of deterministic technologies. In the data plane, the existing mechanisms are relatively simple and primitive. For example, the data plane may choose to discard packets directly or buffer them until the resources allocated to its traffic class become available. Both of these approaches can result in Quality of Service (QoS) degradation that is even worse than that of Best-Effort (BE) flows.¶
Therefore, an enhanced, automated mechanism for handling anomalous packets in the data plane is essential for the future implementation and application of deterministic network technology.¶
This document proposes an enhanced anomalous packet handling policy and solution for DetNet, supporting two policies: packet squeezing and packet degrading, which can be enabled individually or in combination. The control plane and users can configure the policies’ activation and associated parameters. Detailed procedures for implementing these policies across various queuing mechanisms are provided.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].¶
The real-time detection in the data plane aims to identify anomalous forwarding behaviors. When an anomaly is detected, enhanced processing policies, such as packet squeezing and packet degrading, are applied to ensure the preferential scheduling of deterministic flows, even under abnormal conditions.¶
The detection process is closely associated with the queuing mechanisms employed. In general, an anomaly is detected at a node when an arriving packet's designated queue has already exceeded its allocated resource limit (e.g., buffer depth or packet count) for the current scheduling cycle or timeslot. Typically, for TQF[I-D.peng-detnet-packet-timeslot-mechanism], the target output timeslot of a packet at the current node can be determined by the upstream timeslot label and the basic timeslot mapping. For EDF[I-D.peng-detnet-deadline-based-forwarding], the target output timeslot at the current node is calculated based on the budget and delay target carried in the packet. Each output timeslot is associated with a queue. When a packet arrives, it is enqueued in the corresponding queue. For CQF, if the current scheduling timeslot is 1 and the target timeslot is 5, the packet for target output timeslot 5 will be placed into the corresponding queue preemptively. Before the packet enters the output queue, the queue depth is checked. If it does not exceed the allowable packet capacity of the queue, the packet is enqueued normally. If it exceeds the allowable capacity, it indicates an anomaly.¶
The proposed solution supports two enhanced anomalous packet handling policies in the data plane:¶
These policies provide flexibility in activation: they can be enabled concurrently, individually, or disabled entirely. If neither policy is enabled, the default mechanism, such as discarding the packets or treating them as a BE flow, will be utilized.¶
The data plane can support the squeezing policy through the configuration of the squeezing threshold. When anomalous traffic causes the queue occupancy to exceed its allocated capacity—but remains below the squeezing threshold—the system applies the squeezing policy. Specifically, the system enqueues anomalous the packets and records the number of squeezed bits. According to the squeezing policy, packets that cannot be sent within the allocated time are squeezed into the next timeslot until the queue is emptied. The squeezing policy is compatible with various queuing mechanisms; however, the implementation details will vary depending on the specific mechanism utilized.¶
Assume that each timeslot permits 4000 bits, and the squeezing threshold is set to 2000 bits. Consider a service flow where the size of each packet is fixed at 1000 bits. Packets 1 to 4 are assigned to timeslot 1, while packets numbered 5 to 7 are assigned to timeslot 2. Due to the presence of aggregated traffic, assume that the current depth of queue 1 is 2000 bits.¶
|<----timeslot1---->|<----timeslot2---->|<----timeslot3---->|
+---------+---------+-------------------+-------------------+
|/////////| | | |
+---------+---------+-------------------+-------------------+
packet sequence of the flow
+----+----+----+----+----+----+----+
| P7 | P6 | P5 | P4 | P3 | P2 | P1 | --->
+----+----+----+----+----+----+----+
P1 P2 P3 P4 -> target timeslot : 1
P5 P6 P7 -> target timeslot : 2
|
\/
+---------+----+----+----+----+
Queue 1 |/////////| P1 | P2 | P3 | P4 |
+---------+----+----+----+----+
+----+----+----+
Queue 2 | P5 | P6 | P7 |
+----+----+----+
|-----timeslot1-----|-----timeslot2-----|-----timeslot3-----|
+---------+----+----+----+----+----+----+----+--------------+
|/////////| P1 | P2 | P3 | P4 | P5 | P6 | P7 | |
+---------+----+----+----+----+----+----+----+--------------+
|<------->|
squeezing threshold
Figure 1 illustrates the processing of service flow packets numbered 1 through 7. Packets 1 and 2 are placed into Queue 1 (associated with timeslot 1). Given the existing aggregated traffic, the addition of Packets 1 and 2 (totaling 2000 bits) causes Queue 1 to reach its allocated capacity of 4000 bits. When Packets 3 and 4 arrive, they are immediately identified as anomalous packets.¶
Since the squeezing policy is enabled with a threshold of 2000 bits, Packets 3 and 4 are redirected to Queue 2, while retaining their original timeslot 1 label. Based on the squeezing policy, packets 3 and 4 are now squeezed into timeslot 2 for transmission. At this point, the buffer depth of Queue 2 increases to 2000 bits. Subsequently, Packets 5, 6, and 7, which are targeted for timeslot 2, arrive and enter Queue 2. However, when Queue 2 reaches its allocated capacity of 4000 bits, Packet 7 is marked as anomalous. Packet 7 is then enqueued in Queue 2 and squeezed for transmission in timeslot 3.¶
At the aggregation node, continuous bursts may lead to successive squeezing, which could trigger a chain reaction. Without safeguards, packets squeezed from one timeslot into the next may accumulate indefinitely, undermining deterministic transmission guarantees. To prevent unbounded accumulation caused by consecutive squeezing, the following two safeguard mechanisms are introduced:¶
|----timeslot1----|----timeslot2----|----timeslot3----|----timeslot4----|
|---------queue1---------|-----queue2------|----queue3-----|---queue4---|
|<--------------------------------------------------------------------->|
synchronization threshold
The data plane supports the degrading policy and allows for the configuration of its parameters. This policy can be used either independently or in conjunction with the squeezing policy.¶
For EDF, packets are processed by adjusting their target sending time. The resultant delay time can be flexibly configured based on the congestion level at the outgoing port. For TAS/CQF and their variations, packets are redirected to a lower priority queue.¶
When both squeezing and degrading policies are enabled, the node shall perform the following steps:¶
The following anomaly handling policies are defined in this document:¶
If the squeezing or degrading policies are not enabled or are otherwise inapplicable, anomalous packets shall be processed by existing default methods, such as discarding. When the data plane supports multiple anomalous packets handling policies, the enabled policies and related parameters shall be configured by the control plane.¶
Once the data plane automatically handles anomalies using the squeezing policy or the degrading policy, it should promptly report these anomalies to the controller. This enables the controller to perceive detailed insights into the network anomalies and take appropriate actions, such as re-orchestration, flow entry re-configuration, resource expansion. In addition to reporting to the controller, the data plane should also transmit the anomaly information to the downstream nodes. This allows downstream nodes to adjust their forwarding behavior or restore the original parameters of the packets according to the received anomaly information. The anomaly information reported by the data plane includes, but is not limited to:¶
Anomalous packet handling policy information:¶
Related parameters:¶
When a node in the data plane receives a DetNet packet, it first checks for anomalies. If an anomaly is detected, the node proceeds to handle the packet.¶
Policy-based Packet Processing.¶
After processing the anomalous packets, the node SHOULD send the anomaly information to the controller and/or the downstream node.¶
This example illustrates the anomaly detection and handling policy in the forwarding plane when the TQF is employed.¶
It is assumed that TQF mechanism supports three cycles (A, B, and C) at the egress ports. The timeslot size increases in powers of 2 while the number of timeslots decreases in powers of 2. Cycle A supports eight queues, and in addition, a low-priority BE queue is provided. For Cycle A, the timeslot mapping is defined as 0 -> 5; for the Cycle B, the mapping is 0 -> 3. It is assumed that each TQF timeslot in Cycle A allows a maximum capacity of 10,000 bits, Cycle B 20,000 bits, and Cycle C 40,000 bits. When the queue depth of Cycle A exceeds 10,000 bits, it indicates that an abnormal condition has occurred.¶
Furthermore, the control plane is configured to enable the squeezing policy on the forwarding plane with a squeezing threshold set to 15,000 bits and to enable the degrading policy, which is configured in a stepwise degrading mode.¶
Consider a certain service flow where each packet is 1,000 bits in size. Packets 1 to 10 use Cycle A and carry a timeslot value of 0; packets with sequence numbers 11 to 15 also use Cycle A, but carry a timeslot value of 2. When packet 1 arrives at the node, the current queue depth of timeslot 5 is 8,000 bits, and that of timeslot 7 is 0 bits.¶
Processing Procedure:¶
packet sequence (from right to left)
+---+---+---+---+---+---+--+--+--+--+--+--+--+--+--+
|P15|P14|P13|P12|P11|P10|P9|P8|P7|P6|P5|P4|P3|P2|P1| --->
+---+---+---+---+---+---+--+--+--+--+--+--+--+--+--+
P1 P2 P3 P4 P5 P6 P7 P8 P9 P10 : Cycle A timeslot 0->5
P11 P12 P13 P14 P15 :Cycle A timeslot 2->7
|
\/
Cycle A
+-----------+--+--+--+--+--+--+--+
queue 5 |///////////|P1|P2|P3|P4|P5|P6|P7|
+-----------+--+--+--+--+--+--+--+
+---+---+---+---+---+
queue 7 |P11|P12|P13|P14|P15|
+---+---+---+---+---+
Cycle B
+--+--+---+
queue 3 |P8|P9|P10|
+--+--+---+
Cycle A
|------timeslot5------|------timeslot6------|------timeslot7------|
+---------------+--+--+--+--+--+--+--+------+---+---+---+---+---+-|
|///////////////|P1|P2|P3|P4|P5|P6|P7| |P11|P12|P13|P14|P15| |
+---------------+--+--+--+--+--+--+--+------+---+---+---+---+---+-|
Cycle B
---timeslot2----------|-----------------timeslot3-----------------|
+---------------------+--+--+---+---------------------------------+
| |P8|P9|P10| |
+---------------------+--+--+---+---------------------------------+
When packets 1 and 2 are enqueued into queue 5 according to the Cycle A timeslot mapping 0 -> 5, the depth of queue 5 reaches 10,000 bits.Upon the arrival of packet 3, if it were to be enqueued using the same mapping (0 -> 5), the queue depth would exceed the 10,000-bit threshold, thereby indicating the presence of anormaly. Since the squeezing policy is enabled with a threshold of 15,000 bits, packets 3 to 7 are processed in squeezing mode and are enqueued into queue 5, retaining their original output timeslot label 5.¶
When packet 8 arrives, enqueuing it in queue 5 would cause the cumulative bits to exceed the 15,000-bit squeezing threshold. Consequently, the degrading policy is triggered. Packets 8 to 10 are degraded from Cycle A to Cycle B. Based on the Cycle A transmission timeslot value(0) carried in the packet, which is converted to Cycle B transmission timeslot 0, the Cycle B mapping (0 → 3) is applied. Thus, packets 8–10 are enqueued into Cycle B’s Queue 3. Packets 11 to 15 mapped using timeslot 2 -> 7, are enqueued normally as the queue depth remains within the 10,000-bit capacity.¶
TBA¶
TBA¶
TBA¶