Congestion-Aware Multipath Tunnel Selection for Transport Services

1.2.1. Vendor Interoperability Challenges

When different vendors implement proprietary or incompatible path selection algorithms, several critical disadvantages emerge that significantly impact network operations and performance:¶

1.2.2. The Need for Standardization

These disadvantages collectively demonstrate the critical importance of standardized path selection algorithms that can ensure consistent behavior by providing predictable path selection decisions across vendor boundaries, enable interoperability through seamless integration of multi-vendor network infrastructure, reduce operational complexity and enable global optimization rather than vendor-specific local optimization, and enhance security through consistent policy enforcement and threat response across all network elements.¶

1.2.3. Multilevel Congestion Control and ECN Propagation

Nested tunneling protocols create significant challenges for congestion control mechanisms, particularly when multiple layers independently attempt to manage network congestion. This section addresses these challenges in accordance with [RFC9599] guidelines that add congestion notification to protocols that encapsulate IP. When transport protocols are tunneled within other transport protocols, multiple congestion control loops can interfere with each other, creating a complex interaction where the inner transport congestion control (e.g., TCP or QUIC) implements its own congestion control based on observed packet loss and RTT measurements, while simultaneously the tunnel transport congestion control (e.g., QUIC for MASQUE, UDP for IPsec) may implement its own independent congestion control mechanisms. These interaction effects result in the tunnel's congestion control affecting the RTT and loss measurements of the inner transport, leading to suboptimal performance and potential oscillations that degrade overall network efficiency.¶

During ECN encapsulation, tunnel endpoints must copy the ECN field from the inner header to the outer header as specified in [RFC6040] to negotiate ECN capability during tunnel establishment to enable proper congestion notification propagation, but this process becomes increasingly complex when multiple ECMP tunnels or aggregated flows are involved, each potentially implementing different ECN handling strategies.¶

To address these multilevel congestion control challenges, the proposed congestion-aware path selection algorithm incorporates multiple sophisticated mechanisms that work synergistically to provide comprehensive network congestion awareness. The algorithm monitors ECN CE (Congestion Experienced) markings on different paths to assess real-time congestion levels, while it also identifies increased RTT variability that often indicates congestion for path quality assessment that inform path selection decisions, and where available, queue delay measurements offer early congestion detection capabilities that enable proactive path switching before performance degradation becomes severe.¶

This integrated approach to congestion management represents a significant advancement over current fragmented solutions, providing a standardized framework that can effectively coordinate congestion control across multiple tunnel layers while maintaining compatibility with existing [RFC9599] and [RFC6040] standards. By incorporating these multiple congestion indicators into a unified decision-making process, the algorithm can make intelligent path selection decisions that avoid the oscillations and performance degradation inherent in current multilevel congestion control implementations.¶

1.2.4. Prioritization

Mainstream techniques such as packet marking( DSCP, ECN so on ) and queuing of other non-critical traffic (Fq-CODEL, CAKE AQM) to optimize for realtime streams is essentially prioritization in practice. However, VPN providers, CSPs and/or ISP may employ polar-opposite algorithms to shape traffic based on their interest which could lead to an overall non-synchronized approach, where a stream is prioritized in some networks and deprioritized in other networks.¶

1.3.1. 1: Full or Split tunnel based on Diff Serv via Differentiated Services Code Point (DSCP)

[RFC3270] defines how to support the Diffserv architecture in MPLS networks, including how to encode DSCP in an MPLS header. Application priorities even though using the same protocol have also been used to mark the packets differently such as DSCP Packet Markings for WebRTC QoS [RFC8807]. An example of path selection based on prioritiztion is that in case of dual uplinks available hosting an active tunnel tunnel each, use the one more with better performance for RTP since that is more prirotized over FTP data.¶

The DSCP-based approach offers the advantage of being widely adopted across network infrastructures, making it a familiar and standardized method for traffic differentiation. However, this approach has significant limitations including unreliability in some cases where network operators may choose not to honor markings, and the inherent coarse-grained classification that cannot adequately differentiate between nuanced application requirements.¶

1.3.2. 2: Multiple Active VPN Uplinks used in weighted round robin order or ECMP

In case of multiple Active VPN Uplinks available, multiple paths are available to a destination which can be split tunneled, tunneled via different application or network layer or both such as nested tunneled. With so many options generic traffic shaping rules are often applied which may be based on QoS such as MOS, loss, latency, jitter, usage history, throughput on all VPN sessions or any other customized score. Attributes such as app type, address or even client identifier such as mac address can also be used to balance load across available options. Simple loop techniques such as Weighted Round Robin do not offer much granularity and can also result in misconfiguration or worse still creating a bottleneck. Other means of balancing the traffic across available paths are Equal-cost multi-path (ECMP) [RFC2992] which is fair by design and routes packets along multiple paths of equal cost but suffers from limited adaptability especially in sudden changes of network conditions and heterogeneous environments of unequal costs. Although it is tough to make a path selection algorithm which is ideal for balance, scalability as well optimized for all kinds of resource utilization, not having a common basis for path selection can not only lead to detrimental user experience but also undue strain on the network.¶

1.3.3. 3. Policy-Based routing that use flow preferences to pin traffic to a particular path

It is common for device or network policy to manage network flows such as bandwidth allocation or rate limiting, Geo or proximity based rules. At the device level these policies may prioritize some packets over others to avoid queing delay. Modern hybrid deployments employ many uplinks with a varity of traffic shaping policies which can be adjusted dynmaically not only based on Qos but also on hop-by-hop insights from network, tracking uplink's utilization, uptime, failure or outages.¶

Policy-based routing provides the benefit of simplicity in implementation and configuration, making it straightforward for network administrators to define and manage traffic flows. However, this approach suffers from poor scalability as the number of policies and network complexity grows, often requiring manual intervention and becoming unwieldy in large-scale deployments.¶

1.3.4. 4. Dynamic Path Selection with application or domain identification

The aplication knows its type and can directly feed the information to the algorithm. If the sender is not aware of the application it can attempt to obtain this information from intelligent ML models as Network Based Application Recognition (NBAR) from Cisco. Models exist that can suggest bottlenecks for a traffic type on a path by analysising patterns. Dynamic path selection can even rely on explicitly identifying Provisioning Domain Names through a Router Advertisement (RA) option. Discovering Provisioning Domain Names and Data, its architecture involving the authenticatio and trust model has been decribed in prior work [RFC7556] and [RFC8801].¶

1.3.5. 5. MASQUE (QUIC multiplexing) for all Web trafic

MASQUE provides the advantage of being able to handle both reliable and unreliable data streams efficiently through QUIC multiplexing, offering flexibility in transport protocol selection. However, this approach has the limitation of not being well-suited for non-web-based traffic, potentially requiring additional adaptations or alternative solutions for enterprise applications that do not follow web protocols.¶

1.3.6. 6. Whitelist for IP address or tuples to prioritize

Using whitelists for IP addresses or tuples offers the advantage of simplicity in implementation and clear, understandable traffic prioritization rules. However, this approach suffers from poor scalability as networks grow and IP address ranges change, requiring constant maintenance and becoming impractical for large-scale dynamic environments.¶

1.3.7. 7. Entropy headers

Entropy headers are extension to traditional packet header that include information about the randomness of the packet's payload. These help distributing traffic more evenly in a multipath network, mitigating the risk of hotspots and potential congestion points.¶

Entropy headers provide the advantage of being protected from in-path modification by making these headers non-updatable, ensuring the integrity of load balancing decisions. However, this approach raises privacy concerns as the entropy information may reveal patterns about the payload content or application behavior that could be exploited by network observers.¶

1.3.8. 8. Tunnelling of Explicit Congestion Notification(ECN)

Addition of ECN to IP [RFC3168] paved the way for much optimization in managing queues based on these marking. [RFC6040] describes the problems related to obscured original ECN markings in tunneled traffic. It proposes a standard for tunnels to propagate an extra level of congestion severity.¶

ECN tunneling benefits from having existing standards that provide a foundation for implementation and interoperability across different network equipment vendors. However, the approach becomes significantly more complicated when dealing with nested tunnels, where multiple layers of ECN marking can create conflicts and require complex processing to maintain proper congestion signaling.¶

1.3.9. 9. Flow labelling or classification for traffic steering

Flow labeling and classification approaches provide the significant advantage of enabling the application of artificially intelligent machine learning models for sophisticated traffic analysis and optimization, allowing for adaptive and predictive traffic management. However, this approach can compromise privacy by potentially exposing sensitive information about user behavior, application usage patterns, and business processes through the classification metadata.¶

2.1.1. Transport Layer Metrics

1. Available Bandwidth: Measured in bits per second, obtained through bandwidth estimation algorithms or derived from Bandwidth Delay Product (BDP) calculations. The algorithm uses techniques similar to those in QUIC congestion control [RFC9002].¶

2. Round-Trip Time (RTT): Both baseline RTT and RTT variation measurements, which indicate path latency characteristics and potential congestion.¶

3. Packet Loss Rate: Measured loss percentage that indicates network congestion or path quality issues.¶

4. ECN Markings Ratio: The percentage of packets marked with ECN Congestion Experienced (CE) bits, providing early congestion detection as per [RFC9599].¶

5. UDP Options Enhanced Metrics: Leveraging [RFC9868] Transport Options for UDP to enable real-time path characteristic discovery:¶

   • Real-time Path Probing: UDP options carrying path quality metrics for immediate assessment without dedicated probe traffic¶

   • Congestion Control Compatibility Signaling: Transport options indicating supported congestion control algorithms (BBR, CUBIC, etc.) and ECN capabilities¶

   • Authentication Status: AUTH option validation confirming tunnel endpoint authenticity and preventing path manipulation attacks¶

2.1.2. Path Characteristics and Historical Performance

1. Enhanced Tunnel Overhead Calculations: Leveraging [RFC9868] UDP options for precise overhead assessment:¶

   • Base Protocol Overhead: Static overhead from tunneling protocols (IPsec, MASQUE, WireGuard, etc.)¶

   • Dynamic UDP Options Overhead: Additional bytes from [RFC9868] transport options based on active feature set¶

   • Fragmentation Impact Assessment: Real-time evaluation of fragmentation probability using UDP options for Path MTU Discovery (DPLPMTUD)¶

   • Processing Overhead Metrics: CPU and memory costs for UDP option parsing and generation at tunnel endpoints¶

2. Path MTU Discovery Enhanced: [RFC9868] DPLPMTUD support enabling:¶

   • Adaptive MTU Sizing: Dynamic adjustment based on observed fragmentation¶

   • Multi-layer MTU Coordination: Coordinated MTU discovery across nested tunnel layers¶

   • Fragmentation Avoidance: Proactive path selection to minimize fragmentation overhead¶

3. Advanced Congestion Control Compatibility Assessment: [RFC9868] enhanced evaluation including:¶

   • Transport Option Negotiation: Capability discovery for congestion control algorithms through UDP options¶

   • ECN Propagation Verification: Active testing of ECN handling across tunnel layers using authenticated transport options¶

   • Congestion Control Interference Detection: Identification of nested congestion control conflicts through option-based signaling¶

   • Algorithm Compatibility Matrix: Real-time assessment of congestion control algorithm effectiveness on each path¶

4. Historical Performance Database: Time-series data including:¶

   • Average throughput over different time periods (hourly, daily, weekly)¶

   • Failure frequency and duration statistics¶

   • Congestion pattern analysis¶

   • Peak usage periods and capacity utilization trends¶

   • UDP Options Performance History: [RFC9868] specific metrics including option parsing latency, authentication success rates, and DPLPMTUD effectiveness¶

5. Predictive Performance Indicators: - Projected path quality based on historical patterns - Anticipated congestion windows based on time-of-day patterns - Failure probability predictions based on infrastructure health - Expected performance degradation under various load conditions - Real-time Path Quality Prediction: ML models path characteristic forecasting¶

2.1.3. Network State Information

1. Provisioning Domains (PvD): Network characteristics and policies as defined in [RFC7556] and [RFC8801].¶

2. Network Telemetry: Real-time network health data including queue depths, interface utilization, and error rates.¶

3. NQB Traffic Classification: Identification of Non-Queue-Building traffic that requires special handling as per TSVWG NQB PHB specifications.¶

4. UDP Options Network Discovery: [RFC9868] enhanced network state assessment:¶

   • Real-time Path Characteristic Discovery: Active measurement of path properties using UDP options without additional probe traffic¶

   • Transport Capability Negotiation: Dynamic discovery of network and endpoint transport feature support through option exchange¶

   • Security Policy Enforcement: Authenticated path validation using AUTH options to prevent path spoofing and ensure policy compliance¶

2.1.4. Operational Requirements and Constraints

1. Failure Tolerance Specification: Configurable parameters defining acceptable service degradation:¶

   • Maximum acceptable RTT increase which is a percentage or absolute value¶

   • Minimum acceptable bandwidth threshold¶

   • Maximum tolerable packet loss rate¶

   • Service availability requirements e.g., 99.9% uptime¶

   • Graceful degradation preferences vs hard failover¶

2. Cost Considerations: Economic factors affecting path selection:¶

   • Per-byte or per-minute tunnel service charges¶

   • Bandwidth cost differentials between providers¶

   • Infrastructure maintenance and operational costs¶

   • Service Level Agreement penalty costs¶

   • Peak usage surcharge implications¶

3. Green Networking Parameters: Environmental impact considerations:¶

   • Carbon intensity of different network paths (grams CO2/kWh)¶

   • Energy efficiency ratings of tunnel endpoints¶

   • Renewable energy percentage of infrastructure providers¶

   • Geographic routing preferences for low-carbon paths¶

   • Time-of-day energy grid composition data¶

4. Prioritization Matrix: Traffic classification and handling preferences:¶

   • Real-time traffic prioritization (VoIP, video conferencing)¶

   • Business-critical application identification¶

   • Time-sensitive transaction requirements¶

   • Bulk transfer tolerance levels¶

   • Interactive vs batch workload classification¶

2.1.5. Security and Policy Metrics

1. Traffic Vulnerability Assessment: A normalized value (0.0-1.0) indicating the security exposure of traffic, where higher values indicate greater need for tunneling protection.¶

2. Policy Constraints: Enterprise or regulatory policies that may mandate or prohibit certain tunneling approaches for specific traffic types including:¶

   • Data sovereignty requirements (geographic routing restrictions)¶

   • Compliance framework mandates (GDPR, HIPAA, SOX)¶

   • Cryptographic algorithm requirements¶

   • Audit trail and logging requirements¶

2.1.6. Path Evaluation Input Structure

1. Available Path Inventory: Comprehensive catalog of available paths including:¶

For example : yaml path_inventory: - path_id: "path_001" tunnel_type: "ipsec" endpoints: ["gateway1.provider.com", "gateway2.provider.com"] characteristics: bandwidth_capacity: "1000 Mbps" baseline_rtt: "25 ms" provider: "Provider A" geographic_route: ["US-West", "US-East"] sla_guarantees: uptime: "99.95%" max_latency: "50 ms" min_bandwidth: "800 Mbps" historical_performance: avg_throughput_30d: "850 Mbps" failure_incidents_30d: 2 avg_failure_duration: "4.2 minutes" peak_usage_hours: ["09:00-12:00", "14:00-17:00"] cost_structure: base_cost_per_gb: "$0.12" peak_surcharge: "25%" setup_cost: "$500" environmental_impact: carbon_intensity: "0.45 kg CO2/kWh" renewable_percentage: "75%" ¶

1. Incoming Traffic Profile: Characteristics of traffic requiring path assignment:¶

For example : yaml traffic_profile: - flow_id: "flow_001" application_type: "video_conference" requirements: min_bandwidth: "5 Mbps" max_latency: "100 ms" max_jitter: "20 ms" priority: "high" failure_tolerance: "low" security_requirements: encryption_required: true compliance_frameworks: ["SOC2", "GDPR"] geographic_constraints: ["no_transit_through_china"] duration_estimate: "60 minutes" data_volume_estimate: "2.25 GB" ¶

2.2.1. Algorithm Overview for a sample implementation

``` Input: - Traffic_Profile (T) - Available_Paths (P = {p1, p2, ..., pn}) - Policy_Constraints (C) - Optimization_Weights (W)¶

Output: - Selected_Path (p*) - Confidence_Score (0.0-1.0) - Fallback_Paths (list of p_fallback1, p_fallback2, etc.)¶

Function: SelectOptimalTunnelPath(T, P, C, W) ```¶

for path in available_paths:
    # Check geographic constraints
    if not satisfies_geographic_constraints(path, constraints):
        continue

    # Check compliance requirements
    if not meets_compliance_requirements(path, traffic_profile.compliance):
        continue

    # Check encryption requirements
    if traffic_profile.encryption_required and not path.supports_encryption:
        continue

    # Check data sovereignty requirements
    if violates_data_sovereignty(path, constraints):
        continue

    eligible_paths.append(path)

return eligible_paths ```

# Bandwidth adequacy
bandwidth_ratio = path.available_bandwidth / traffic_profile.min_bandwidth
scores['bandwidth'] = min(1.0, bandwidth_ratio)

# Latency suitability
if path.current_rtt <= traffic_profile.max_latency:
    scores['latency'] = 1.0 - (path.current_rtt / traffic_profile.max_latency)
else:
    scores['latency'] = 0.0

# Reliability based on historical data
uptime_score = path.historical_uptime / 100.0
mtbf_score = calculate_mtbf_score(path.failure_history)
scores['reliability'] = (uptime_score + mtbf_score) / 2

# Congestion likelihood
current_utilization = path.current_load / path.capacity
congestion_risk = predict_congestion_risk(path, traffic_profile.duration)
scores['congestion'] = 1.0 - (current_utilization * 0.6 + congestion_risk * 0.4)

return scores ```

total_cost = data_cost + duration_cost + setup_cost

# Normalize against maximum acceptable cost
if total_cost <= traffic_profile.max_cost:
    return 1.0 - (total_cost / traffic_profile.max_cost)
else:
    return 0.0  # Exceeds budget ```

# Renewable energy percentage
renewable_score = path.renewable_percentage / 100.0

# Energy efficiency of path
efficiency_score = path.energy_efficiency_rating / 5.0  # Assume 5-star rating

# Geographic routing efficiency (shorter paths generally more efficient)
routing_efficiency = calculate_routing_efficiency(path.geographic_route)

return (carbon_score * 0.4 + renewable_score * 0.3 +
        efficiency_score * 0.2 + routing_efficiency * 0.1) ```

# RTT degradation tolerance
predicted_rtt_increase = predict_rtt_degradation(path)
if predicted_rtt_increase <= traffic_profile.max_rtt_increase:
    tolerance_scores['rtt_tolerance'] = 1.0
else:
    tolerance_scores['rtt_tolerance'] = 0.0

# Bandwidth degradation tolerance
min_guaranteed_bw = path.sla_guarantees.min_bandwidth
if min_guaranteed_bw >= traffic_profile.min_bandwidth:
    tolerance_scores['bandwidth_tolerance'] = 1.0
else:
    tolerance_scores['bandwidth_tolerance'] = 0.0

# Availability requirements
if path.sla_guarantees.uptime >= traffic_profile.min_availability:
    tolerance_scores['availability'] = 1.0
else:
    tolerance_scores['availability'] = 0.0

return tolerance_scores ```

for path in eligible_paths:
    perf_scores = calculate_performance_score(traffic_profile, path)
    cost_score = calculate_cost_score(traffic_profile, path)
    green_score = calculate_green_score(traffic_profile, path)
    tolerance_scores = evaluate_failure_tolerance(traffic_profile, path)

    # Calculate weighted composite score
    composite_score = (
        perf_scores['bandwidth'] * weights['bandwidth'] +
        perf_scores['latency'] * weights['latency'] +
        perf_scores['reliability'] * weights['reliability'] +
        perf_scores['congestion'] * weights['congestion'] +
        cost_score * weights['cost'] +
        green_score * weights['environmental'] +
        tolerance_scores['rtt_tolerance'] * weights['rtt_tolerance'] +
        tolerance_scores['bandwidth_tolerance'] * weights['bw_tolerance'] +
        tolerance_scores['availability'] * weights['availability']
    )

    # Apply priority multiplier
    priority_multiplier = get_priority_multiplier(traffic_profile.priority)
    final_score = composite_score * priority_multiplier

    scored_paths.append({
        'path': path,
        'score': final_score,
        'component_scores': {
            'performance': perf_scores,
            'cost': cost_score,
            'environmental': green_score,
            'tolerance': tolerance_scores
        }
    })

# Sort by score (descending)
scored_paths.sort(key=lambda x: x['score'], reverse=True)

if not scored_paths:
    return None, 0.0, ..

# Select best path and prepare fallbacks
best_path = scored_paths[0]
fallback_paths = [sp['path'] for sp in scored_paths[1:4]]  # Top 3 alternatives

# Calculate confidence based on score separation
confidence = calculate_confidence_score(scored_paths)

return best_path['path'], confidence, fallback_paths ```

    # Check if path performance has degraded
    if performance_degraded(current_metrics, expected_performance):
        # Trigger re-evaluation
        new_path, confidence, fallbacks = SelectOptimalTunnelPath(
            traffic_flow.profile,
            get_current_available_paths(),
            get_current_constraints(),
            get_current_weights()
        )

        if new_path != selected_path and confidence > SWITCH_THRESHOLD:
            initiate_path_migration(traffic_flow, selected_path, new_path)
            selected_path = new_path

    time.sleep(MONITORING_INTERVAL) ```

2.2.2. Algorithm Flow Diagrams

``` Tunnel Path Selection Algorithm Flow ====================================¶

Input Attributes → Traffic Profile (T) + Available Paths (P) + Policy Constraints (C) + Weights (W) │ ▼ ┌─────────────────────────────────────────────────────────────────────────────────────┐ │ STEP 1: POLICY FILTERING │ │ ──────────────────────── │ │ Input: Traffic Profile (Geographic, Compliance, Encryption, Data Sovereignty) │ │ Process: Filter paths based on hard security constraints │ │ Output: Eligible Paths (Filtered P) │ └──────────────────────────────────┬──────────────────────────────────────────────────┘ │ ▼ ┌─────────────────────────────────────────────────────────────────────────────────────┐ │ STEP 2: PERFORMANCE SCORING │ │ ────────────────────────── │ │ Input: Traffic Profile (Min Bandwidth, Max Latency, Duration) │ │ Process: Calculate scores for Bandwidth, Latency, Reliability, Congestion │ │ Output: Performance Scores per Path │ └──────────────────────────────────┬──────────────────────────────────────────────────┘ │ ▼ ┌─────────────────────────────────────────────────────────────────────────────────────┐ │ STEP 3: COST-BENEFIT ANALYSIS (Based on Input Attributes) │ │ ───────────────────────────────────────────────────── │ │ Input: Traffic Profile (Data Volume, Duration, Max Cost) │ │ Process: Calculate data_cost + duration_cost + setup_cost │ │ Output: Cost Scores per Path │ └──────────────────────────────────┬──────────────────────────────────────────────────┘ │ ▼ ┌─────────────────────────────────────────────────────────────────────────────────────┐ │ STEP 4: ENVIRONMENTAL IMPACT SCORING (Based on Input Attributes) │ │ ──────────────────────────────────────────────────────────────── │ │ Input: Traffic Profile (Green Preferences, Geographic Constraints) │ │ Process: Score Carbon Intensity, Renewable %, Energy Efficiency, Route Efficiency │ │ Output: Environmental Scores per Path │ └──────────────────────────────────┬──────────────────────────────────────────────────┘ │ ▼ ┌─────────────────────────────────────────────────────────────────────────────────────┐ │ STEP 5: FAILURE TOLERANCE EVALUATION (Based on Input Attributes) │ │ ──────────────────────────────────────────────────────────────── │ │ Input: Traffic Profile (Max RTT Increase, Min Bandwidth, Min Availability) │ │ Process: Check RTT tolerance, Bandwidth tolerance, Availability requirements │ │ Output: Tolerance Scores per Path │ └──────────────────────────────────┬──────────────────────────────────────────────────┘ │ ▼ ┌─────────────────────────────────────────────────────────────────────────────────────┐ │ STEP 6: COMPOSITE SCORING AND SELECTION │ │ ─────────────────────────────────────── │ │ Input: All Previous Scores + Optimization Weights (W) │ │ Process: Calculate weighted composite score for each path │ │ Output: Selected Path + Confidence Score + Fallback Paths │ └──────────────────────────────────┬──────────────────────────────────────────────────┘ │ ▼ ┌─────────────────────────────────────────────────────────────────────────────────────┐ │ STEP 7: DYNAMIC RE-EVALUATION │ │ ───────────────────────────── │ │ Input: Current Path Performance + Original Traffic Profile │ │ Process: Continuous monitoring and trigger re-evaluation if degraded │ │ Output: Path Migration Decision (if needed) │ └─────────────────────────────────────────────────────────────────────────────────────┘ ```¶

2.2.3. Algorithm Configuration and Weights

The algorithm uses configurable weights to adapt to different deployment scenarios:¶

```yaml algorithm_weights: # Performance factors (sum to 1.0) bandwidth: 0.25 latency: 0.20 reliability: 0.20 congestion: 0.15¶

# Operational factors cost: 0.10 environmental: 0.05¶

# Tolerance factors rtt_tolerance: 0.02 bw_tolerance: 0.02 availability: 0.01¶

# Priority multipliers for different traffic classes priority_multipliers: critical: 1.5 high: 1.2 normal: 1.0 low: 0.8¶

# Thresholds for decision making thresholds: minimum_acceptable_score: 0.6 path_switch_threshold: 0.15 # Switch if new path scores 15% higher monitoring_interval: "30s" re_evaluation_triggers: - "rtt_increase > 50%" - "bandwidth_drop > 20%" - "packet_loss > 1%" - "availability < sla_requirement" ```¶

Prior work that standardized algorithms for networking include:¶

• Happy Eyeballs [RFC6555] and Happy Eyeballs Version 2 [RFC8305] algorithms for dual-stack hosts¶

2.4.1. Zero Trust Security Considerations

In zero trust network architectures, traditional network-based trust assumptions are eliminated, requiring more sophisticated approaches to traffic classification and path selection. DSCP marking limitations present significant security and privacy risks in zero trust environments, as these markings can be easily spoofed or manipulated by malicious actors, making them unreliable indicators of actual traffic priority or security requirements. Furthermore, consistent DSCP marking patterns may reveal sensitive information about traffic nature, application types, and business processes to unauthorized observers, while violating zero trust principles that mandate "never trust, always verify" by inherently trusting network-provided markings without independent verification of their authenticity or accuracy.¶

The proposed algorithm addresses these zero trust challenges through self verifying traffic characteristics rather than relying on easily spoofed network markings.¶