John Eidson, working with the group of
TerraSwarm PI Lee, has exposed a serious flaw in a leading Internet standard
for network clock synchronization, and has developed a fix to the protocol that
will be voted on by the ITU this fall. Specifically, he used modeling
techniques being developed under theme 4, prototyped in Ptolemy II, to
construct a discrete-event (DE) model for the best master clock algorithm in
the two leading international standards for network clock synchronization, IEEE
1588-2008 and the ITU-T G.8275.1/Y.1369.1 (7/2014). The latter is a profile of
IEEE 1588-2008 targeted at providing clock synchronization in layer 2 Ethernet
telecommunications networks with full on-path support, where all network
devices, typically routers and bridges, adhere to this profile. These
networks are key to the correct operation of cellular-based telecommunications.
The ITU standard, consented to in July of this year, has a flaw that can lead
to misconfigured networks potentially with independently synchronized islands
of devices or other unintended conditions.
The Ptolemy DE models implement all critical specifications of these standards
with respect to the best master clock algorithm, BMCA. The BMCA is used to
determine the timing synchronization spanning tree and to select the clock to
be the root of this tree. The ITU-T profile adds an additional feature not
present in 1588-2008 to force a port to be in the master state. Simulating the
profile operation using the Ptolemy model revealed that there was a significant
error in the ITU specification that, uncorrected, would lead to anomalous
behavior --- certainly not the intended behavior. The error involved incorrect
logical execution order, a condition made highly visible by the capabilities of
Ptolemy DE models. Unfortunately this error is not a corner case and would
occur quite often. Using the model, a correction to the profile was
tested.
The ITU-T Q13; working group was notified of the fault and the proposed
correction. They have since written a proposal to correct the fault using the
correction proposed based on the Ptolemy model study. This correction proposal
was approved at the September interim meeting for consent at the November
plenary meeting.
Eidson's model heavily exploits Ptolemy's innovative multiform model of time,
so it is unlikely that this model could have been reasonably constructed using
existing commercial tools such as Simulink, SimEvents, or Rhapsody.
About John Eidson:
John Eidson worked for many years at HP Labs and
Agilent. He is known as the father of IEEE-1588, the Precision
Time Protocol. In 2013, Dr. Eidson was given the Time Lord award at the
International Telecommunications Synchronization Forum.