Flaw Exposed in Leading Internet Standard for Network Clock Synchronization

John Eidson, working with the group of TerraSwarm PI Lee, has exposed a serious flaw in a leading Internet standard for network clock synchronization, and has developed a fix to the protocol that will be voted on by the ITU this fall.  Specifically, he used modeling techniques being developed under theme 4, prototyped in Ptolemy II, to construct a discrete-event (DE) model for the best master clock algorithm in the two leading international standards for network clock synchronization, IEEE 1588-2008 and the ITU-T G.8275.1/Y.1369.1 (7/2014). The latter is a profile of IEEE 1588-2008 targeted at providing clock synchronization in layer 2 Ethernet telecommunications networks with full on-path support, where all network devices, typically routers and bridges, adhere to this profile. These networks are key to the correct operation of cellular-based telecommunications.

The ITU standard, consented to in July of this year, has a flaw that can lead to misconfigured networks potentially with independently synchronized islands of devices or other unintended conditions.

The Ptolemy DE models implement all critical specifications of these standards with respect to the best master clock algorithm, BMCA. The BMCA is used to determine the timing synchronization spanning tree and to select the clock to be the root of this tree. The ITU-T profile adds an additional feature not present in 1588-2008 to force a port to be in the master state. Simulating the profile operation using the Ptolemy model revealed that there was a significant error in the ITU specification that, uncorrected, would lead to anomalous behavior --- certainly not the intended behavior. The error involved incorrect logical execution order, a condition made highly visible by the capabilities of Ptolemy DE models. Unfortunately this error is not a corner case and would occur quite often. Using the model, a correction to the profile was tested.

The ITU-T Q13; working group was notified of the fault and the proposed correction. They have since written a proposal to correct the fault using the correction proposed based on the Ptolemy model study. This correction proposal was approved  at the September interim meeting for consent at the November plenary meeting.

Eidson's model heavily exploits Ptolemy's innovative multiform model of time, so it is unlikely that this model could have been reasonably constructed using existing commercial tools such as Simulink, SimEvents, or Rhapsody.

About John Eidson:  

John Eidson worked for many years at HP Labs and Agilent.  He is known as the father of IEEE-1588, the Precision Time Protocol.  In 2013, Dr. Eidson was given the Time Lord award at the International Telecommunications Synchronization Forum.