Modelling and Analysis of the CES Protocol of H.245 Lin Liu and Jonathan Billington Computer Systems Engineering Centre University of South Australia.

Modelling and Analysis of the CES Protocol of H.245

Lin Liu and Jonathan BillingtonComputer Systems Engineering

CentreUniversity of South Australia

University of South Australia

Background• Part of an ongoing project on modelling and

analysing Internet multimedia protocols with CPNs, which is focused on ITU-T recommendation H.323.

• H.323 is a key standard for multimedia communications over packet-based networks, e.g. the Internet.

• The CES protocol is a sub-protocol of ITU-T recommendation H.245, which is one of the core protocols of the H.323 standard.

UniSAUniSA

Outline

• The CES protocol• Modelling and analysis results of

• The CES protocol with a reliable transport

medium

• The CES protocol with an unreliable

transport medium

• Conclusion and future work

UniSAUniSA

The CES Protocol

The Capability Exchange Signalling (CES) protocol is used by a communication party to inform its peer of its multimedia receive and transmit capabilities.

OK, John. Thank you.

Hi Mary, I can only transmit and receive audio.

UniSAUniSA

UniSAUniSA

Primitives and messages in the CES entities Primitives and messages in the CES entities

UniSAUniSA

The SDL diagrams of the CES protocolThe SDL diagrams of the CES protocol

UniSAUniSA

Example MSCs of the CES protocol Example MSCs of the CES protocol

UniSAUniSA

Example MSCs of the CES protocol Example MSCs of the CES protocol

UniSAUniSA

Example MSCs of the CES protocol Example MSCs of the CES protocol

The CES Protocol with Reliable Transport Medium

• The CES protocol is designed to be independent of the underlying medium.

• When the CES protocol is applied to an H.323 system, it is required by H.323 to operate over a reliable transport layer.

• A reliable transport layer must preserve sequence, be error-free, and provide flow controlled transmission of messages.

UniSAUniSA

UniSAUniSA

• Basically, each SDL state transition is modelled Basically, each SDL state transition is modelled as a CPN transition.as a CPN transition.

• Each CES primitive is treated as an atomic Each CES primitive is treated as an atomic event, so when two CES primitives are included event, so when two CES primitives are included in a single SDL state transition, they are in a single SDL state transition, they are modelled as two separate CPN transitions, and a modelled as two separate CPN transitions, and a temporary state is introduced.temporary state is introduced.

Modelling SDL state transitions with CPNsModelling SDL state transitions with CPNs

UniSAUniSA

The Incoming CESE SDLThe Incoming CESE SDL

UniSAUniSA

Modelling the CES messagesModelling the CES messages

The CPN modelThe CPN model

UniSAUniSA

The declaration nodeThe declaration node

UniSAUniSA

The hierarchical CPN model (1)The hierarchical CPN model (1)

UniSAUniSA

UniSAUniSA

The top level pageThe top level page

UniSAUniSA

The Outgoing_CESE subpageThe Outgoing_CESE subpage

UniSAUniSA

The Incoming_CESE subpageThe Incoming_CESE subpage

UniSAUniSA

The hierarchical CPN model (2)The hierarchical CPN model (2)

UniSAUniSA

The top level pageThe top level page

UniSAUniSA

The Outgoing_Send subpageThe Outgoing_Send subpage

UniSAUniSA

The Outgoing_Receive subpageThe Outgoing_Receive subpage

UniSAUniSA

The Incoming_Receive subpageThe Incoming_Receive subpage

UniSAUniSA

The Incoming_send subpageThe Incoming_send subpage

• This original model has an infinite state space.This original model has an infinite state space.• We investigate the following two cases:We investigate the following two cases:

• Model AModel A • The queue length of places forChannel and The queue length of places forChannel and

revChannel is set to 3;revChannel is set to 3;• Modulo 2 instead of modulo 256 arithmetic.Modulo 2 instead of modulo 256 arithmetic.

• Model BModel B• The number of times that transition The number of times that transition

TRANSFERreq occurs is limited to 2;TRANSFERreq occurs is limited to 2;• Modulo 2 instead of modulo 256 arithmetic.Modulo 2 instead of modulo 256 arithmetic.

UniSAUniSA

Analysis restrictions Analysis restrictions

The state space for Model AThe state space for Model A

!!

UniSAUniSA

The Occ graph (part)The Occ graph (part) of Model Aof Model A

UniSAUniSA

UniSAUniSA

The CES protocol can fail if wrapping of sequence numbers happens when there are n outstanding acknowledgments for modulo n arithmetic.

• Two transitions should be dead when the transport medium is reliable, but they are not.

• The CES protocol can fail if wrapping of sequence numbers happens when there are n outstanding acknowledgments for modulo n arithmetic.

• This protocol could work properly • if there are n outstanding acknowledgments, for

modulo n arithmetic, then do not send a TerminalCapabilitySet message,

• set timer and report problem instead.

Conclusion for Model AConclusion for Model A

UniSAUniSA

The state space report for Model BThe state space report for Model B

UniSAUniSA

The full Occ graph The full Occ graph of Model Bof Model B

UniSAUniSA

UniSAUniSA

Desired terminal Desired terminal state and state and successful successful capability capability exchangesexchanges

Proper termination of Proper termination of exchanges and exchanges and discard of expired discard of expired messagesmessages

UniSAUniSA

• Transitions REJECTindUin and TRANSFERindT are dead transitions under the assumption of Model B.

• When the wrapping of sequence numbers (modulo 2) while there are 2 outstanding acknowledgments (i.e. not yet received by the outgoing CESE) does not occur, this protocol can carry out the capability exchange properly.

• An induction proof is needed to generalise these conclusions for arbitrary modulo arithmetic.

Conclusion for Model BConclusion for Model B

UniSAUniSA

The CES Protocol with Unreliable Transport Medium

• An unreliable transport layer may have message loss, duplication, and the ordering of the messages sent may not be preserved.

• We assume that each message can only be duplicated once at most.

UniSAUniSA

The CPN modelThe CPN model

UniSAUniSA

The state space report The state space report •Counter with limit 2Counter with limit 2•Modulo 2 arithmetic

UniSAUniSA

UniSAUniSA

REJECTindUin & REJECTindUin & TRANSFERindT TRANSFERindT can occurcan occur

UniSAUniSA

Proper terminal Proper terminal states and states and successful capability successful capability exchangesexchanges

UniSAUniSA

Inefficient behaviour Inefficient behaviour

• When the transport medium is unreliable, this protocol can work, but it may be inefficient.

Conclusion for the Unreliable Medium CaseConclusion for the Unreliable Medium Case

UniSAUniSA

Conclusion • Complete CPN models of the CES protocol have

been created, providing a rigorous specification of the CES protocol.

• No matter whether the underlying medium is reliable or not, the CES protocol can fail if wrapping of sequence numbers happens when there are n outstanding acknowledgments for modulo n arithmetic.

• If the problem with sequence number wrap can be avoided, then when the transport layer is unreliable, the CES protocol may be inefficient.

UniSAUniSA

• Next step: verify the CES protocol against the service specification.

• We have created a complete and general CES service specification (with CPNs) and currently are working on generating the CES service language from this service model.

• Future work includes investigations of other parts of H.323, based on the experience and methodology gained from this pilot study.

UniSAUniSA

Future Work

UniSAUniSA