[Sis-csi] Green book thoughts

Ed Criscuolo ed.criscuolo at gsfc.nasa.gov
Thu Apr 20 14:19:44 EDT 2006


(I inadvertently replied this to Scott instead of
posting it to the list this morning, so I'm resending
it)

I think we're mostly in violent agreement. The language
semantics are just getting in the way.

The network folks are counting from the bottom up: Whatever is
three layers up from the physical is THE Transport layer.
Anything above that, like CFDP, is application.

The application folks are counting from the top down: Whatever
is one layer down from the application is THE transport layer.
In this view, CFDP is transport.

Note that nothing has changed, were really just argueing over
what to call it.

Nobody is suggesting that retransmission be a custom non-standard
application, "... reinvented in every application-layer protocol
flown on every spacecraft." That has obvious cost and
interoperability impacts.  We need to have a standardized set of
recommendations, regardless of whether we call them "Transport
Protocols" or "Application Services".  The idea is that you can't
afford to "re-invent the wheel" every time.  We want to use
existing stuff, not create it from scratch.

Note that this approach includes both formal standards, such
FTP/CFDP/NORM, and de-facto standards, such as SKYPE and REAL.


Ed

----------------

Scott Burleigh wrote:

 >   Lee.Neitzel at EmersonProcess.com 
<mailto:Lee.Neitzel at EmersonProcess.com> wrote:
 >
 >> As you know, there are significant fixed and variable costs 
associated with design, implementation, testing, and deployment of each 
layer protocol.
 >>
 > In my mind, this is the key point in this discussion.
 >
 > Keith H. is clearly right that UDP is entirely entirely appropriate 
for applications where data completeness is not important.  He's also 
clearly right that UDP and UDP-like transmission has historically been 
used for operations of nearly all spacecraft mission (that I can think 
of), where all communications have been between The Spacecraft and The 
Ground.  I agree with him and with David that the simplicity of that 
model in that environment has proven to be very valuable, even though it 
means that -- if you care about data completeness -- you need some sort 
of manual command procedure to effect the retransmission of data that 
got lost or corrupted in transmission from the spacecraft to the ground.
 >
 > The question, I think, is whether or not that model is appropriate 
for communications among the elements of a cislunar network, such as the 
fleet of Constellation vehicles.  The topology we're contemplating in 
that environment would not be pairwise communication between The 
Spacecraft and The Ground, but rather multi-hop communication through 
relays (e.g., relay satellites) functioning as IP routers.
 >
 > Again, if data completeness is not important then UDP is perfectly 
adequate for conveying data throughout that network.  But if data 
completeness is important some of the time, then one or more 
retransmission mechanisms are needed in the protocols; I haven't yet 
heard anyone suggest that manually commanded retransmission would be a 
cost-effective way of assuring completeness of data exchange among 
multiple surface rovers and orbiters at the moon.
 >
 > As Lloyd points out, UDP is a terrific platform for building new 
protocols on: it imposes little overhead, it does message delimitation, 
it provides port numbers for multiplexing of higher-layer protocols, it 
provides checksums (if you want them), and the standard socket library 
makes implementation very straightforward.  But there are significant 
fixed and variable costs associated with the design, implementation, 
testing, and deployment of each layer of protocol.  I would say that's 
particularly true of protocols that do retransmission, which if done 
well is not as easy as it sounds.  This suggests that if an existing, 
proven transport protocol provides retransmission then you should use it 
rather than reinvent retransmission yourself, unless you've got a good 
reason not to.
 >
 > I think we all agree that there are some good reasons not to use TCP 
in all cases where you need a retransmitting protocol, so there are 
clearly cases where it makes more sense to use something else -- very 
likely something built on top of UDP, because UDP is such a fine 
platform for building new protocols on.  But it remains true that each 
such new protocol costs money.  If retransmission were reinvented in 
every application-layer protocol flown on every spacecraft:
 >
 > a.    Each one would impose significant additional mission cost.
 >
 > b.   Some of them would have bugs that wouldn't be found in testing 
prior to flight, imposing significant additional mission risk.
 >
 > c.   None of them would be interoperable.  In order to interoperate, 
spacecraft would have to fly multiple protocols at this layer of the 
stack, further increasing mission cost and complexity (and therefore risk).
 >
 > d.   Each one would pose a potential congestion threat to the network 
since, as experience in the Internet has shown us, retransmission 
procedures that aren't carefully designed with congestion in mind will 
increase it.  And congestion will indeed be possible, because this is a 
network, with routers and "trunk lines", and not just a set of pairwise 
communication links.
 >
 > So in this architecture document I think we want *not* to encourage 
every flight software manager to look at each mission as yet another 
opportunity to demonstrate what fools the designers of TCP were.  The 
architecture needs to support the insertion of alternatives to TCP where 
they are needed, but the fewer the better.  Suppose we leave it at that?
 >
 > Scott
 >
 >
 > ------------------------------------------------------------------------
 >
 > _______________________________________________
 > Sis-CSI mailing list
 > Sis-CSI at mailman.ccsds.org
 > http://mailman.ccsds.org/cgi-bin/mailman/listinfo/sis-csi


Scott Burleigh wrote:

> Chris.Taylor at esa.int wrote:
> 
>> This is one of the more interesting discussions that has been 
>> generated by
>> group and there is another aspect related to retransmission that has 
>> not been
>> touched upon. From what I have seen over the years ( I work in the 
>> area of
>> flight system design), ground controllers are extremely careful and  
>> hesitant
>> when it comes to releasing commands to the spacecraft. Automated 
>> sequences
>> are anathema and there is still a clear preference to release each 
>> command by
>> hand. I guess this practise is easily understood when it is considered 
>> that a
>> single incorrect command could result in the unrecoverable loss of  
>> remote
>> hardware.
>>
> You are certainly right, Chris, but I would suggest that this is 
> something of an artifact of history.  In the past, the only bits we ever 
> sent to spacecraft were commands, so it was true that any uplink had the 
> potential to crash the spacecraft.  Automated retransmission protocols 
> are different: positive and negative acknowledgements are not commands 
> and (unless your protocol implementation is inexcusably poorly written 
> and tested) they won't ever crash a spacecraft.
> 
>> Some may argue that this is even more reason for relying on
>> automated software but as this is also hand crafted and subject to 
>> bugs, I
>> believe the "man in the loop" aspect will remain important part of 
>> spacecraft
>> control.
>>  
>>
> There is a persistent fallacy here, I think.  There are clearly critical 
> spacecraft operational decisions that should only be made by humans 
> exercising informed judgement.  There are, just as clearly, routine 
> operational decisions that have got to be made by on-board software, 
> either because the control loop through a human would be too long to 
> enable timely response or because there are just too many of them to 
> make manually in a cost-effective way.  The latter require that software 
> be written and tested with great care, but however well that work is 
> done you are going to rely on it; you've got no real choice.  If there 
> are bugs, you fix them and *re-use the corrected software in the next 
> mission instead of starting over again so that new bugs can be 
> invented*.  But bugs in software, once soundly corrected, can never 
> recur.  Human errors shouldn't, but always can and sometimes do.
> 
>> This is backed up here by the slow take-up of CFDP. I still remember the
>> faces of horror when I made the original proposal for CFDP to our revered
>> CCSDS management council. The flight systems guys were in favour but the
>> support from the ground system institutions was miserable and it was 
>> treated
>> somewhat with disbelief that someone was suggesting automatic 
>> retransmission
>> to and from a spacecraft. So far we do not have a CFDP implementation 
>> on any
>> ESA spacecraft and even though the take up from NASA has been more 
>> positive,
>> I'm pretty sure that only the connectionless procedures have so far been
>> implemented.
>>  
>>
> Not true, actually.  The acknowledged procedures of CFDP were routinely 
> used for command sequence upload to the Deep Impact spacecraft and are 
> used every day for engineering telemetry download from MESSENGER.  
> What's more, the CFDP acknowledgements sent from the ground system to 
> the MESSENGER spacecraft are issued automatically, without operator 
> intervention, just as intended in the CFDP design.
> 
>> It should also not be forgotten that CCSDS packet telecommand has 
>> supports
>> ARQ for  in the form of the COP procedures ( basically HDLC). Here ESA 
>> has
>> taken a lead and for years, due to a standard ASIC, all our spacecraft 
>> have
>> had the opportunity to use retransmission on the forward link. Two 
>> points are
>> however worthy of note: in a typical mission retransmission has not been
>> triggered; if it has been triggered there was significant effort to 
>> find out
>> why. In reality, this comes down to the links that are used. The 
>> forward link
>> is typically over-engineered to cover contingency situations (we also 
>> have
>> enough power on the ground to fry fish and clips onboard), and the return
>> links are so well coded that data loss hardly considered.
>>
>> I guess one message from this is that we should be looking at the link
>> characteristics before deciding what is necessary higher up in the 
>> stack. If
>> our links are near on perfect occasional data loss due to link errors 
>> could
>> be acceptable and errorrs (e.g. due to SEUs in the flight system) can be
>> covered by application level checksum.
>>  
>>
> Sure.  Or techniques like erasure coding can even recover lost or 
> corrupted data without retransmission, if there's not too much loss.
> 
>> On the question of congestion, I still believe that the mission 
>> preplanning
>> will counteract the lack of overall bandwidth. The idea that data 
>> transfer
>> will not have a major element of preplanning doesn't make much sense if
>> crucial or mandatory data transmission is to be protected. Presumably
>> automated tools will be available to determine what each element needs to
>> transmit and in what time frame, so it should be easy enough to ensure 
>> that
>> the bandwidth is available when it is needed. It is also simple enough to
>> implement rate control for unbounded transfers such as file transfers. 
>> We are
>> already using this technique in the Columbus element of ISS where the
>> ethernet Lan is shared by several payloads and the Columbus system. We 
>> simply
>> slug the packet (UDP) release rate for each payload so that the maximum
>> allocated bandwidth is never exceeded. The release rate being 
>> configurable as
>> part of the mission timeline.
>>  
>>
> Right, you've got to have rate control, and contacts are going to be 
> scheduled (possibly automatically) for a number of reasons.  But I would 
> say that congestion control in this context is more a question of buffer 
> overrun (resulting in data loss) rather than lack of bandwidth, and in a 
> truly networked communication environment you do have to worry about 
> that at routers.  Sure, we're not facing any problem remotely like this 
> at the moment.  But in a denser and more richly interconnected cislunar 
> network environment I believe it will matter.
> 
> We don't have to predict the future accurately right now in order to 
> settle the main question, though.  I think we just want to say that we 
> know UDP support will be necessary, we think it's possible that support 
> for TCP will be necessary in some contexts, we agree that other non-TCP 
> mechanisms for assuring data transmission completeness may be necessary 
> as well, but we agree that heedless proliferation of those mechanisms 
> would impose undesirable costs on the space flight community.
> 
> Scott
> 
> 
> _______________________________________________
> Sis-CSI mailing list
> Sis-CSI at mailman.ccsds.org
> http://mailman.ccsds.org/cgi-bin/mailman/listinfo/sis-csi



More information about the Sis-CSI mailing list