Traffic flow (computer networking)

In packet switching networks, traffic flow, packet flow or network flow is a sequence of packets from a source computer to a destination, which may be another host, a multicast group, or a broadcast domain. RFC 2722 defines traffic flow as "an artificial logical equivalent to a call or connection."[1] RFC 3697 defines traffic flow as "a sequence of packets sent from a particular source to a particular unicast, anycast, or multicast destination that the source desires to label as a flow. A flow could consist of all packets in a specific transport connection or a media stream. However, a flow is not necessarily 1:1 mapped to a transport connection."[2] Flow is also defined in RFC 3917 "a set of IP packets passing an observation point in the network during a certain time interval."[3]

Conceptual description

A TCP/IP flow can be uniquely identified by the following parameters within a certain time period:

  • Source and Destination IP address
  • Source and Destination Port
  • Layer 4 Protocol (TCP/UDP/ICMP)

UDP and ICMP flows

All packets with the same source address/port and destination address/port within a time period are considered as one flow.

Since UDP is uni-directional, it causes one flow. ICMP is bi-directional, so it causes two flows.

TCP flow

Establishing a TCP connection begins with a three-way handshake and creates two flows. One from A to B, the other from B to A, where A and B are IP-Port source and destinations.

  1. . (A) --> [SYN] ------>(B)
  2. . (A) <-- [SYN/ACK] <--(B)
  3. . (A) --> [ACK] ------>(B)

The two TCP flows end with a four-way handshake or a time-out.

  1. . (A) --> ACK/FIN ---->(B)
  2. . (A) <-- ACK <--------(B)
  3. . (A) <-- ACK/FIN <----(B)
  4. . (A) --> ACK -------->(B)

Other protocols

Packets from other protocols can be grouped into flows as well. There are other transport protocols, and some protocols use layer 4 as a transport. E.g. HTTP traffic is carried by TCP/IP and creates a flow as the connection is built and torn down.

Utility for network administration

The concept is important, since it may be that packets from one flow need to be handled differently from others, by means of separate queues in switches, routers and network adapters, to achieve traffic shaping, fair queueing or Quality of Service. It is also a concept used in Queueing Network Analyzers (QNAs) or in packet tracing.

Applied to Internet routers, a flow may be a host-to-host communication path, or a socket-to-socket communication identified by a unique combination of source and destination addresses and port numbers, together with transport protocol (for example, UDP or TCP). In the TCP case, a flow may be a virtual circuit, also known as a virtual connection or a byte stream.

In packet switches, the flow may be identified by IEEE 802.1Q Virtual LAN tagging in Ethernet networks, or by a Label Switched Path in MPLS tag switching.

Packet flow can be represented as a path in a network to model network performance. For example a water flow network can be used to conceptualize packet flow. Channels can be thought of as pipes, with the pipe capacity corresponding to bandwidth and flows corresponding to data throughput. This visualization can help to understand bottlenecks, queuing, and help understand the unique requirements of tailored systems.

See also

References

  1. N. Brownlee, C. Mills, and G. Ruth (October 1999). "RFC 2722 - Traffic Flow Measurement: Architecture". IETF. Retrieved 2010-02-11.
  2. J. Rajahalme, A. Conta, B. Carpenter and S. Deering (March 2004). "RFC 3697 - IPv6 Flow Label Specification". IETF. Retrieved 2010-02-11.
  3. J. Quittek, JT. Zseby, B. Claise, and S. Zander (October 2004). "RFC 3917 - IPFIX Requirements". IETF. Retrieved 2010-02-11.