When ECN Lies: Unfairness and Exploitation in L4S Architectures
Resumo
Low Latency, Low Loss and Scalable Throughput (L4S) is a recent architecture proposed by the IETF that enables Internet applications to achieve low queuing latency, low congestion loss, and scalable throughput control. The architecture introduces incremental changes to both hosts and network nodes. On the host side, L4S must incorporate a novel variant of a scalable congestion control capable of recognizing the congestion signals. At network nodes, L4S brings a dual-queue coupled mechanism, in which one queue serves Classic traffic while another serves Scalable traffic, enabling fair bandwidth sharing and harmonious coexistence between TCP flavors. Despite its promise, the architecture faces important security challenges. One of them is the so-called unresponsive Explicit Congestion Notification (ECN) attack, in which a malicious (non-L4S) flow exploits the low-latency queue, causing starvation of compliant traffic. In this work, we conduct an in-depth evaluation of the impact of unresponsive ECN attacks in networks with L4S support. Furthermore, we propose and validate a data-plane-based mitigation mechanism, implemented in P4, capable of identifying and penalizing non-compliant flows, thereby restoring fairness and protecting the low-latency service guarantees of L4S.
Referências
Briscoe, B., Schepper, K. D., Bagnulo, M., and White, G. (2023). Low Latency, Low Loss, and Scalable Throughput (L4S) Internet Service: Architecture. RFC 9330.
Cogranne, R., Letourneau, M., and Doyen, G. (2025a). A Hybrid Autoencoder–Transformer Model for Detection of Attacks on Low Latency Services. In 2025 International Conference on Advanced Machine Learning and Data Science.
Cogranne, R., Letourneau, M., Doyen, G., and Nguyen, H. N. (2025b). A Simple yet Accurate Autoadaptive Model of Network Traffic for Detection of Attacks on Low Latency Services. In Ito, A., editor, Proceedings of the 10th International Conference on Multimedia Systems and Signal Processing (ICMSSP 2025), volume 1637 of Lecture Notes in Networks and Systems, pages 43–58. Springer.
De Almeida, L. C., Maciel Jr., P. D., Pasquini, R., Papagianni, C., and Verdi, F. L. (2026). iRED: A disaggregated P4-AQM fully implemented in programmable data plane hardware. IEEE Transactions on Networking, Early Access.
Fathalli, S., Weyulu, E. N., Zeynali, D., Chandrasekaran, B., and Feldmann, A. (2026). Network-Assisted Congestion Feedback. IEEE Transactions on Network and Service Management, 23:1797–1815.
Joarder, Y. A., Sinha, S., Doyen, G., and Fung, C. J. (2025). Exploiting Congestion Control Parameter Manipulation in QUIC for Security Implications. In Cerroni, W., Tortonesi, M., Borsatti, D., Schaeffer-Filho, A. E., Tuncer, D., François, J., and Husák, M., editors, 21st International Conference on Network and Service Management, CNSM 2025, Bologna, Italy, October 27-31, 2025, pages 1–9. IEEE.
Letourneau, M., Doyen, G., Cogranne, R., and Mathieu, B. (2023). A Comprehensive Characterization of Threats Targeting Low-Latency Services: The Case of L4S. Journal of Network and Systems Management, 31(1):19.
Letourneau, M., N’Djore, K. B., Doyen, G., Mathieu, B., Cogranne, R., and Nguyen, H. N. (2021). Assessing the Threats Targeting Low Latency Traffic: the Case of L4S. In 2021 17th International Conference on Network and Service Management (CNSM), pages 544–550.
Schepper, K. D. and Briscoe, B. (2023). The Explicit Congestion Notification (ECN) Protocol for Low Latency, Low Loss, and Scalable Throughput (L4S). RFC 9331.
Schepper, K. D., Briscoe, B., and White, G. (2023). Dual-Queue Coupled Active Queue Management (AQM) for Low Latency, Low Loss, and Scalable Throughput (L4S). RFC 9332.
Schepper, K. D., Tilmans, O., Briscoe, B., and Goel, V. (2024). Prague Congestion Control. Internet-Draft draft-briscoe-iccrg-prague-congestion-control-04, Internet Engineering Task Force. Work in Progress.
