@@ -480,22 +480,26 @@ \subsubsection{Transfer-ID}\label{sec:transport_transfer_id}
480480The transfer-ID value of every emitted transfer is determined by sampling the corresponding counter
481481keyed by the session specifier of the transfer; afterwards, the counter is incremented by one.
482482
483- The initial value of a transfer-ID counter shall be zero.
483+ When the transfer-ID counter reaches the maximum value defined for the concrete transport,
484+ the next increment resets its value to zero.
485+ Transports where the number of distinct transfer-ID values is not less than $ 2 ^{48}$
486+ \emph {monotonic transfer-ID }.
487+ Those with narrower transfer-ID counters are said to have \emph {cyclic transfer-ID };
488+ the number of unique transfer-ID values is referred to as \emph {transfer-ID modulo }.
489+
490+ The initial value of a cyclic transfer-ID counter shall be zero.
491+ The initial value of a monotonic transfer-ID counter should be chosen randomly whenever a new transfer-ID counter
492+ is created, unless the execution environment does not provide a good source of true random numbers,
493+ in which case zero initialization can be used as the fallback solution\footnote {%
494+ Refer to section \ref {sec:transport_transfer_reception } for the rationale behind random numbers.
495+ }.
484496Once a new transfer-ID counter is created,
485- it shall be kept at least as long as the node remains connected to the transport network;
486- destruction of transfer-ID counter states is prohibited\footnote {%
497+ it should be kept at least as long as the node remains connected to the network.\footnote {%
487498 The number of unique session specifiers is bounded and can be determined statically per application,
488499 so this requirement does not introduce non-deterministic features into the application even if it leverages
489500 aperiodic/ad-hoc transfers.
490501}.
491502
492- When the transfer-ID counter reaches the maximum value defined for the concrete transport,
493- the next increment resets its value to zero.
494- Transports where such events are expected to take place during operation are said to have \emph {cyclic transfer-ID };
495- the number of unique transfer-ID values is referred to as \emph {transfer-ID modulo }.
496- Transports where the maximum value of the transfer-ID is high enough to be unreachable under all conceivable
497- practical circumstances are said to have \emph {monotonic transfer-ID }.
498-
499503\emph {Transfer-ID difference } for a pair of transfer-ID values $ a$ $ b$
500504for monotonic transfer-ID as their arithmetic difference $ a-b$
501505For a cyclic transfer-ID, the difference is defined as the number of increment operations that need to be applied
@@ -673,7 +677,6 @@ \subsubsection{Definitions}
673677Implementations may define this value statically according to the application requirements.
674678Implementations may automatically adjust this value per session at runtime as a function of the
675679observed transfer reception interval.
676- Transfer-ID timeout values greater than 2 (two) seconds are not recommended.
677680Implementations should document the value of transfer-ID timeout or the rules of its computation.
678681
679682\emph {Transport frame reception timestamp } specifies the moment of time when the frame is received by a node.
@@ -692,9 +695,26 @@ \subsubsection{Behaviors}
692695 Unintentional duplications may be introduced by various artifacts of the transport network.
693696}.
694697
695- For a given session specifier, a successfully reassembled transfer that is temporally separated from
696- any other successfully reassembled transfer under the same session specifier by more than the transfer-ID timeout
697- is considered unique regardless of its transfer-ID value.
698+ For a given session specifier, a successfully reassembled transfer that is either:
699+ \begin {itemize }
700+ \item temporally separated from any other successfully reassembled transfer under the same session specifier
701+ by more than the transfer-ID timeout, or
702+ \item has a transfer-ID value that is at least one million counts\footnote {%
703+ The probability of randomly picking a 64-bit value that falls into a given million-count span
704+ is approximately one in 18 trillion.
705+ }
706+ less than that of the last successfully reassembled transfer,
707+ \end {itemize }
708+ is considered unique regardless of its transfer-ID value.\footnote {%
709+ A large leap backward indicates that the sender has lost the state of its transfer-ID counter
710+ (e.g., due to power cycling); this is why random initialization is preferred for all nodes.
711+ An exception is made for resource-constrained nodes implemented in small MCUs, which may not have access
712+ to a good source of entropy to provide distinct transfer-ID values at every boot,
713+ in which case zero initialization is acceptable.
714+ A possible issue with constant initialization is that once a node is restarted, from the receiver's standpoint
715+ it will appear that it is sending duplicate transfers, which will be rejected until the expiration of the
716+ transfer-ID timeout.
717+ }
698718
699719If the optimal transfer-ID timeout value for a given session cannot be known in advance,
700720it can be computed at runtime on a per-session basis\footnote {%
0 commit comments