Working Group: G. Bianchi Internet Draft University of Palermo, Italy Document: N. Blefari-Melazzi draft-bianchi-blefari-end-to-end-qos-00.txt University of Perugia, Italy M. Femminella University of Perugia, Italy Category: Informational December 2000 A Migration Path to provide End-to-End QoS over Stateless Networks by Means of a Probing-driven Admission Control Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. 1. Abstract This document proposes a new admission control paradigm, called GRIP (Gauge&Gate Reservation with Independent Probing), devised to transparently operate over DiffServ domains. GRIP relies the decision to admit a new flow upon the successful and timely delivery, through the Internet, of probe packets independently generated by the end points. The key idea is to use failed receptions of probes to discover, at the end points, that a congestion condition occurs in the network, and to reject the new admission request. This idea is extremely close to what TCP congestion control technique does, but it is used in the novel context of admission control. Similarly to TCP, GRIP is a pure end-to-end distributed protocol operation, whose intelligence is kept at the edge of the network and whose operation (i) does not require any specific protocol implementation in the core routers, which are stateless and remain oblivious to individual flows, and (ii) does not require any specific peer and router agreement on the probes payload information. GRIP is coherent with the architectural assumptions of RFCs [1,2] and attempts answering to a number of issues raised in these documents. Bianchi&Blefari Informational - Expires May 2001 1 A Migration Path to provide End-to-End QoS over Stateless Networks by Means of a Probing-driven Admission Control December 2000 While GRIP can be seamlessly applied to DiffServ (and even legacy) Internet, a marginal increase in QoS is envisioned in these existing scenarios. The performance of GRIP are in fact related to the capability of routers to locally take decisions about the degree of congestion in the network, and suitably drop probe packets when congestion conditions are detected. However, such decisions are localized and do not involve any coordination among routers and between routers and end points. Thus, GRIP opens up a future smooth migration path toward gradually improved QoS, as routers in different domain will be enhanced (e.g., with measurement-based admission decision criteria) without losing inter-operability with installed devices. Strict end-to-end QoS guarantees are eventually provided when all the crossed routers are equipped with GRIP capabilities. Table of Contents 2. Conventions and Definitions used in this document ............ 3 3. Introduction ................................................. 3 4. Basic GRIP operation ......................................... 5 4.1 GRIP components ........................................ 5 4.2 GRIP packet tags ....................................... 6 4.3 GRIP Source Node operation ............................. 6 4.4 GRIP Destination Node operation ........................ 6 4.5 GRIP over Legacy routers ............................... 6 4.6 GRIP over DiffServ routers ............................. 7 4.7 GRIP Routers ........................................... 8 5. GRIP rationale, scalability and extensibility ................ 9 6. GRIP design issues ........................................... 10 6.1 Redundancy ............................................. 10 6.2 Explicit Signaling information ......................... 11 6.3 Destination-driven decisions ........................... 11 6.4 Counting probes within routers ......................... 11 6.5 High Peak rate sources ................................. 12 6.6 Internet-wide issues and Interworking RSVP/GRIP ........ 12 7. Conclusions .................................................. 15 8. Security Considerations ...................................... 15 9. References ................................................... 16 10. Author's Address ............................................ 17 11. Full Copyright Statement .................................... 18 Bianchi&Blefari Informational - Expires May 2001 2 A Migration Path to provide End-to-End QoS over Stateless Networks by Means of a Probing-driven Admission Control December 2000 2. Conventions and Definitions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119. In addition, in the document, the following definitions are used: legacy router: a router unable to differentiate packets on the basis of their DSCP tags; all packets are served according to a FIFO buffer discipline. DiffServ router: a router able to enforce an Expedited Forwarding service discipline between packets tagged as probes (which are given lower service priority) and packets tagged as data. GRIP router: a router able to enforce the Gauge&Gate service discipline described in section 4.7. 3. Introduction To improve and, possibly, to guarantee the performance perceived by the users, two distinct architectural frameworks have been considered: Integrated Services and Differentiated Services. However, as recognized in the recent RFC [1], _both the Integrated Services architecture and the Differentiated Services architecture have some critical elements in terms of their current definition which appear to be acting as deterrents to widespread deployment... There appears to be no single comprehensive service environment that possesses both service accuracy and scaling properties_. Also, in the RFC [2], it is pointed out that _further refinement of the QoS architecture is required to integrate DiffServ network services into an end-to-end service delivery model with the associated task of resource reservation_. It is thus suggested [1] to define an _admission control function which can determine whether to admit a service differentiated flow along the nominated network path_. Our view of the IntServ/DiffServ dilemma is well expressed as follows. Mapping, to the Internet scenario, the concepts presented in [3] for mobile (GSM/UMTS) networks, DiffServ and IntServ frameworks may be considered as representative of two opposite technology migration approaches: (i) an Evolutionary Approach, where new services are offered, but the network _philosophy_ is not fundamentally changed and over-dimensioning is a possible solution to improve the performance; and (ii) a Revolutionary Approach, where innovative network architectures _ i.e. paradigm shifts - are developed. Both approaches have their pros and cons. The latter, namely RSVP/IntServ [4,5], is based on the hypothesis of having a point in Bianchi&Blefari Informational - Expires May 2001 3 A Migration Path to provide End-to-End QoS over Stateless Networks by Means of a Probing-driven Admission Control December 2000 time where a change should happen, and imposes that all market competitors, regardless of their history and previous strategies, need to adhere to an agreed novel standard. In this view, the fact that, in RSVP, the cost of soft state maintenance and of processing and signaling overhead in the routers is significant, is not the only drawback. As a matter of fact, techniques to reduce the cost of state management, and thus improve scalability have been proposed, but have had limited resonance. What we are trying to say is that complexity and scalability are important issues, but that backward compatibility toward the previous paradigm and smooth Internet upgrade in open market scenarios are probably even more important. On the other side, DiffServ [6,7] is an evolutionary approach, much more appealing to the market. As in the legacy Internet, a DiffServ network is oblivious of individual flows. By leaving untouched this basic Internet principle, DiffServ provides supplementary tools to further move the problem of Internet traffic control up to the definition of suitable pricing/service level agreements (SLAs) between peers (this is exactly how the today Internet market operates: compare the free-of-charge ISPs and their eventually unacceptable delay performance, with the expensive "premium" ISPs, where a quite high monthly fare normally guarantees excellent delay performance). However, although the key to quality is left to the strategic initiatives and evolution efforts of each independent provider, the lack of advanced architectural solutions renders more difficult to achieve effective QoS performance. A major criticism moved to DiffServ is that it lacks an admission control function [1]. The consequence is that DiffServ does not intrinsically solve, by any means, the problem of controlling congestion in the Internet. Upon overload in a given service class, all flows in that class suffer a potentially harsh degradation of service. What DiffServ ultimately does is to better place the Internet market makers into a position in which pure market choices and network over dimensioning get reflected in an improved QoS support. In the middle between these two extreme approaches, namely Revolutionary and Evolutionary, we recognize a smoother Principled Evolutionary Approach. The key is to recognize a new principle, which may be revolutionary in its goals and outcomes, but whose implementation can be staggered in time and space, by means of subsequent steps of innovation. This approach foresees a continuous evolution in which, in different moments, small and realistic steps of innovation, back-compatible with previous architectures and choices, are asynchronously introduced by different vendors and providers. This requires that a modular and localized concept for innovative features be adopted. We argue that such a key principle, for the Internet, is the use of failed reception of probing packets to discover, at the end points, that a congestion condition occurs in the network. This principle is well known and unanimously accepted as the basis of the TCP congestion control technique. In this document, we simply put into Bianchi&Blefari Informational - Expires May 2001 4 A Migration Path to provide End-to-End QoS over Stateless Networks by Means of a Probing-driven Admission Control December 2000 light that the same simple principle may be adopted in the novel context of admission control. 4. Basic GRIP operation. GRIP (Gauge&Gate Reservation with Independent Probing) is a fully distributed and scalable Admission Control paradigm, intended to operate over an enhanced DiffServ Internet composed of GRIP routers, but, in principle, compatible with the legacy and DiffServ Internet. By using the word _paradigm_, we imply that this document does not propose a specific novel admission control method, but discusses the driving principles to design distributed admission control functions, fully compatible with the existing Internet. GRIP builds upon the idea that admission control can be managed by pure end-to-end operation, involving only the new flow ingress router (or source host) and egress router (or destination host). In this, GRIP is related to the family of distributed schemes [8,9,10,11,12,13] recently proposed in the literature under the denomination (following [12]) Endpoint Admission Control (EAC). In addition, GRIP inherits the idea of combining endpoint admission control with measurement based admission control, which was first proposed in [14], where the SRP (Scalable Reservation Protocol) was outlined. Since, at that time, EAC ideas had not yet been published, the authors presented their proposal as a possible solution to the scalability problems of RSVP. Unfortunately (see e.g., what stated in [12]), SRP appeared much more like a lightweight signaling protocol, with explicit reservation messages, rather than an EAC technique with increased intelligence within the end routers. In GRIP, we inherit some key ideas of SRP, but in the light of the brand new paradigm of EAC. 4.1 GRIP components We envision GRIP as a mechanism composed of the following three components: (i) GRIP source node protocol (SNP), (ii) GRIP destination node protocol (DNP), (iii) GRIP Routers. GRIP SNP and DNPs are mandatory, while the presence of GRIP routers (section 4.7) is recommended to achieve good performance, but it is not necessary for a correct protocol operation (see sections 4.5 and 4.6). For security reasons, the source and destination node protocols may run at the ingress and egress nodes of the considered flow, nodes under the control of the relevant ISP. However, from a logical point of view, the source and destination node protocols are more naturally envisioned as running on the user's terminals, and for convenience of presentation, unless otherwise specified, we will consider source (destination) node as synonymous either of source (destination) user terminal and of ingress (egress) node. We remark that source and destination nodes may belong to different Internet domains, and thus that GRIP should be intended as an Internet-wise admission control solution. Bianchi&Blefari Informational - Expires May 2001 5 A Migration Path to provide End-to-End QoS over Stateless Networks by Means of a Probing-driven Admission Control December 2000 4.2 GRIP packet tags In this document, for convenience of presentation, we limit our discussion to a single admission controlled traffic class. For admission controlled traffic class, we mean that all flows (which can be heterogeneous in terms of traffic profiles), are subject to a GRIP admission control procedure as described in section 4.3. GRIP reserves two distinct DSCP values: one for data packets, and one for probing packets (probes). Probes are transmitted during flow setups, while packets labeled as data are transmitted only by already accepted flows (the ingress node will be responsible to control that this rule is met). 4.3 GRIP Source Node operation The GRIP Source Node Protocol (SNP) is responsible to provide a YES/NO admission control decision upon a new connection setup attempt. The simplest SNP operation is the following. When a user terminal requests a connection with a destination terminal, the SNP starts a Probing Phase, by injecting in the network in principle just one packet, tagged as probe. Meanwhile, it activates a (short, say few tens up to few hundreds ms) probing phase timeout. If no response is received from the destination node before the timeout expiration, the SNP enforces rejection of the connection setup attempt. Otherwise, if a Feedback packet is received, the connection is accepted, the probing phase terminated, and a data phase is started, consisting in the transmission of information packets. 4.4 GRIP Destination Node operation The simplest GRIP Destination Node Protocol (DNP) operation trivially consists in monitoring the incoming packets, intercepting the ones labeled as probes and reading their source address. For each incoming probe, after having verified that the destination is willing to accept the set-up request, the destination node just relays with the transmission of a feedback packet toward the source node. 4.5 GRIP over Legacy routers As GRIP is purely based on the timely receipt (or lack of) of probes/feedbacks, it does not require any specific router operation. When the contribution of the queuing delay within the network becomes large, the source node timeout expires before any feedback is received and thus the connection setup is aborted. In essence, as trivially recognized in the light of the TCP operation, even legacy routers are capable of reflecting internal congestion to the endpoints. Bianchi&Blefari Informational - Expires May 2001 6 A Migration Path to provide End-to-End QoS over Stateless Networks by Means of a Probing-driven Admission Control December 2000 4.6 GRIP over DiffServ routers DiffServ routers allow fundamental advantages with respect of legacy routers. First, and most important, DiffServ routers allow isolation of the admission controlled traffic. Additional (uncontrolled) best effort traffic, handled at each DiffServ router with a suitable scheduling/buffering discipline, does not contribute in endangering the admission controlled traffic performance. Similarly, DiffServ may provide separation among different admission controlled traffic classes, each class being controlled by a specific probe/data DSCP tag pair. In addition, we assume that DiffServ routers are configured to manage probes and data according to an Expedited Forwarding (EF) service discipline. This priority discipline ensures that probing packets are served only when no data packets are waiting in the buffer, and thus ensures that the performance of the accepted traffic is not affected by congestion occurring in the probing buffer. Thanks to the EF discipline, the delay experienced by Probing packets is necessarily worse (and thus is a conservative measure) than that experienced by data packets (i.e. belonging to accepted connections). Thus, probes may detect internal router congestion earlier than data packets, and earlier drive reject decisions at the end points. Moreover, the probing buffer congestion is a direct consequence of an increased data traffic throughput. In fact, the EF forwarding discipline operates as a dynamic throttle of the service capacity granted to the probing packets: the greater the accepted traffic, the lower the link bandwidth given to the probing packets. In the latter case, probing packets experience higher delay, thus aborting the relevant setup attempts. This appears to provide a stability feedback: the greater the number of accepted connections, the lower the probability of acceptance for novel connections, and conversely. A preliminary performance evaluation of GRIP over DiffServ can be found in [15]. This paper shows that the throughput/delay performance provisioning of GRIP over a plain EF DiffServ network are not satisfactory in high overload conditions. However, we show that GRIP achieves reasonable QoS support in the presence of moderate overload, and, even in very high load conditions, at least GRIP introduces a stable form of traffic control that impedes persistent link congestion. In essence, GRIP over DiffServ does not allow a form of performance guarantees, but appears to provide a sort of QoS support somehow similar to the IntServ Controlled Load specification. In addition, both in this scenario and in the legacy Internet, GRIP allows a receiver capability negotiation, which is recognized as an important functionality for QoS enabled applications [1]. Bianchi&Blefari Informational - Expires May 2001 7 A Migration Path to provide End-to-End QoS over Stateless Networks by Means of a Probing-driven Admission Control December 2000 4.7 GRIP Routers A GRIP router is a router able to explicitly provide a _Gauge&Gate_ operation, i.e. it is capable of measuring the congestion level of the AGGREGATED accepted traffic (Gauge), and correspondingly discard any stored probe packet, as well as block arriving probes (Gate), when the router congestion level is critical. The GRIP router architecture is sketched in Figure 1 (for simplicity, only the admission controlled traffic class related buffers are depicted). At each router output port, the GRIP router implements two distinct queues, one for data packets, and one for probes. Packets may be served according to an Expedited Forwarding priority discipline, i.e. probing packets are transmitted only when no data packets are waiting in the buffer. Each GRIP router normally (see section 5 for exceptions) measures the aggregate data traffic that it is handling. On the basis of such running traffic measurements, the router implements a (proprietary and arbitrarily sophisticated _ refer to the large literature on Measurement Based Admission Control, e.g. [14, 16, 17] and references therein contained) Decision Criterion (DC), which continuously drives the router output port to switch between two states: ACCEPT and REJECT. On the basis of its state, the DC controls the probing buffer server. -------------------------- ----- | / \ Data Queue |/ Server \--------- |\ / | -------------------------- \ / | || ------ | || Measure | \/ | ------------------------ --------\/---------- | Decision Criterion | | | Packets | Controller Module | | Priority Server |--------> ------------------------ | | || -------------------- || /\ || Accept/Reject Switch | \/ | ------------------------- ------ | | / \ | Probe Queue |/ Server \----------- |\ / ------------------------- \ / ------ Figure 1: GRIP router operation Bianchi&Blefari Informational - Expires May 2001 8 A Migration Path to provide End-to-End QoS over Stateless Networks by Means of a Probing-driven Admission Control December 2000 In particular, when it is in the ACCEPT state, the Probing queue accommodates Probe packets, and serves them according to the described priority mechanism. Instead, when the DC switches to the REJECT state, the router discards all the Probing packets contained in the Probing queue, and blocks all new Probing packets arriving. In other words, the router acts as a gate for the probing flow, where the gate is opened or closed on the basis of the DC estimates (hence the Gauge&Gate in the acronym GRIP). As regards performance, we carried out a preliminary study of GRIP in a full-fledged QoS domain, with GRIP routers and suitable assumptions on the offered traffic (i.e., traffic sources are regulated at the edge of the domain by standard Dual Leaky Buckets, as in the IntServ framework). In this scenario, we defined a robust Decision Criterion and we verified [15,18] that GRIP can provide hard end-to-end QoS guarantees. In other words, the performance perceived by the users are always the requested ones. 5. GRIP rationale, scalability and extensibility The fundamental design advantages of GRIP are two. First, the GRIP operation is not related to the specific GRIP router implementation, and does not even require, in principle, GRIP routers (as discussed in 4.5 and 4.6, legacy/DiffServ router decision criterion is implicit in the queuing delay experienced by probes). Each GRIP router is locally in charge of deciding whether it can admit new flows, or it is congested. The notion of internal router congestion is not standardized, and it is up to each proprietary Decision Criterion implementation to determine if, and when, congestion arises. In section 4.7 we suggested that the decision criterion may rely on measurements of the accepted traffic, but this is not mandatory: independent domain operators may use, within their domain, proprietary RSVP-like inter-router signaling to improve the DC effectiveness. Similarly, a DC may be based on different and simpler means than traffic measurements, e.g., limiting accepted probe packets via probe buffer limitations, as in [9] (although this has been proven not always effective [11]). Second, GRIP does not consider any explicit signaling. Instead, end points rely on probing packet losses (i.e., dropped by GRIP routers in the REJECT state, or delayed by legacy and DiffServ routers) as an implicit signaling pipe, of which the network remains unaware. In this, GRIP admission control criterion closely relates to the congestion control mechanism of the well-known TCP transport protocol, which relies on packet loss information to adapt the source transmission rate. More into details, when the router is in the ACCEPT state, it advertises that it can admit new connections. This information is implicitly conveyed to the endpoints by allowing probing packets to be timely served, and thus by leaving them traveling further toward their respective destination. Conversely, when the router is in the REJECT state, no probes are forwarded. Since the distributed admission control decision is related to the Bianchi&Blefari Informational - Expires May 2001 9 A Migration Path to provide End-to-End QoS over Stateless Networks by Means of a Probing-driven Admission Control December 2000 successful reception at the destination of the Probing packets, and to the consequent relay of feedback packets, locally blocking probing packets implies aborting all concurrent setup attempts of connections whose path crosses the considered router. Conversely, a connection is successfully setup when all the routers crossed by a probing packet are found in the ACCEPT state. The consequences of the two above discussed issues are scalability and extensibility. Scalability depends on the lack of state information stored in the routers, which handle traffic aggregates and not single flows. Extensibility stays in the fact that all procedures have a local scope, and each network entity does not have to explicitly co-operate with other entities (e.g., agree on probing/feedback packets payload contents). All the network devices operate autonomously, each GRIP component accounts for an extremely broad class of possible implementations, and independent implementations of different components can inter-operate. These factors, plus the non marginal fact that the GRIP implementation may start over the actual best-effort/DiffServ Internet, facilitate multi-vendor competitive market and widespread, incremental deployment of QoS effective GRIP solutions (see [15] for preliminary numerical investigations). 6. GRIP design issues In this section, we sketch some possible design problems and choices that need to be considered in the development of GRIP specific implementations. When considerations related to inter working between domains are necessary, we will refer to the scenario depicted in figure 2, where flows are set up between a transmitting node (Tx) and a receiving one (Rx), placed in different Internet domains, interconnected via Border Routers (BR). ________ ________ ________ ________ / \ / \ / \ / \ / \ / \ / \ / \ |--| |--| |---| |---| |---| |--| |--| |Tx|-|IR| domain |BR1| domain |BR2| domain |BR3| domain |ER|-|Rx| |--| |--| 1 |-- | 2 |---| 3 |---| 4 |--| |--| \ / \ / \ / \ / \________/ \________/ \________/ \________/ Figure 2: Multi-domain Internet scenario 6.1 Redundancy In the basic operation described above, single probes and feedback packets are envisioned. Nevertheless, multiple probes and feedbacks may be considered, to avoid the risk of packet corruption/loss. Similarly, it may be useful to define a more complex probing phase logic, e.g. by including reattempt procedures (eventually with backoff) after a setup failure. Bianchi&Blefari Informational - Expires May 2001 10 A Migration Path to provide End-to-End QoS over Stateless Networks by Means of a Probing-driven Admission Control December 2000 The fact that different terminals and ingress nodes may use different SNP operation leads to a potential problem of fairness. Therefore, it is recommended that all the flows attempting to setup within a given domain adopt the same probing logic. This means that the border routers depicted in figure 2 should be responsible of probing logic conversion, e.g. by intercepting the first probing packet of each setting up flow and regenerating the probing phase following the specific domain probing logic. 6.2 Explicit signaling information The described GRIP operation does not require at all any source and destination agreement, such as standardized signaling information contained in the probing/feedback packet payloads. However, when the SNP and DNP run over ingress/egress routers of the same domain, addition of proprietary signaling information may be considered in the probing packet payload or in the feedback packet payload, to be parsed, respectively, at the ingress node or at the egress node. 6.3 Destination-driven decisions In the Endpoint Admission Control literature [12], there exist proposals that base the decision to accept or reject a flow on the basis of measurements taken over a stream of probes (e.g., probes interarrival times [8]). This implies that the ultimate YES/NO decision must be carried at the destination. Note that implementation of such schemes are fully GRIP-compatible, since the decision taken at the destination can be relayed back with a feedback packet (this of course assumes that the probing timeout is suitably dimensioned). 6.4 Counting probes within routers The Gauge&Gate operation in GRIP routers assumes that probes cross the router without leaving/modifying any internal state information. This raises the problem of the management of transient and potentially critical situations occurring when new flows are activated. Consider, in fact, a router in the ACCEPT state. Probing packets crossing the router, and arriving at the destination, result in new flow activations. Due to the measurement inertia, the extra load generated by an activating flow is not fully accounted until some time. In this transient time, a potentially large number of new flows may be activated, thus resulting in overallocation and QoS degradation. This problem can be addressed by allowing the router to recognize that a new request for setup is in progress, and modifying the measurement scheme by adding a temporary reservation for the setting up flows. This issue is discussed in detail in [15,18], where we also propose a specific solution, based on an aggregate stack variable. Clearly, a price to pay for this solution is that the SNP Bianchi&Blefari Informational - Expires May 2001 11 A Migration Path to provide End-to-End QoS over Stateless Networks by Means of a Probing-driven Admission Control December 2000 operation must conform with the GRIP router operation (e.g. the router may evaluate the number of setup phases in progress by counting the number of probes served, but this requires that a single probing packet per probing phase is adopted in the SNP). 6.5 High Peak rate and heterogeneous sources GRIP shares with common MBAC schemes the problem of admitting flows with high peak rate with respect to link capacities. To maintain the described interoperability advantages of GRIP, probes should not contain signaling information and should not be parsed at core routers. Hence, the router in the ACCEPT state is not able to recognize the peak rate of the source that has emitted a specific probe. To solve this problem, there are a number of design possibilities, among which [18]: - impose that an admission controlled traffic class is composed of flows with homogeneous (or at least similar) peak rate requirements, and notify the core routers of this information. In other words, QoS enabled sources are divided in traffic classes, each comprising homogeneous (or similar) sources. By envisioning a limited number of traffic classes (e.g., a class could be IP telephony), each class could be handled in a differentiated way, (according to the DiffServ approach, with its own pair of DS codepoints for probing and data), by means of suitable scheduling mechanisms, similar to those already defined (e.g., WFQ, separate queues). - allow set up of fairly limited peak rate _chunks_, and imposing that a source with higher peak rate requirements needs to pass multiple setup procedures for each chunk. In a sense, this approach is similar to the slow start TCP operation, although in our case, to avoid initial delay, the rate chunk size needs to be sufficiently high to allow setup of video traffic sources in few steps). 6.6 Internet-wide issues and Interworking RSVP/GRIP We envision two frameworks, for the operation of GRIP as an Internet-wide solution. In the first framework, all the network operates according to the DiffServ paradigm. In this case the GRIP control loop is executed between source and destination, while internal routers execute Decision Criteria on the probe packets, as described above. The second alternative is the GRIP operation over heterogeneous sub- networks (i.e., IntServ and DiffServ) and will be discussed in the context of the reference network depicted in Figure 3 and following the guidelines of [2]. The reference network includes a DiffServ region in the middle of a larger network supporting IntServ end-to- end. The source host Tx, the destination host Rx, the Edge Routers (ER) and the Border Routers (BR) execute the functions listed in [2]. In particular, we assume that both sending and receiving hosts Bianchi&Blefari Informational - Expires May 2001 12 A Migration Path to provide End-to-End QoS over Stateless Networks by Means of a Probing-driven Admission Control December 2000 use RSVP to communicate the quantitative QoS requirements of QoS- aware applications running on the hosts. Obviously, the admission control in the IntServ sub-networks is executed by means of RSVP. ________ ______________ ________ / \ / \ / \ / \ / \ / \ |---| | |---| |---| |---| |---| | |---| |Tx |-| |ER1|---|BR1| |BR2|---|ER2| |-|Rx | |---| | |-- | |---| |---| |---| | |---| \ / \ / \ / \________/ \______________/ \________/ IntServ region DiffServ region IntServ region Figure 3: Sample Network Configuration Requests for IntServ services must be mapped onto the underlying capabilities of the DiffServ network region. Aspects of such mapping include [2]: 1) selecting an appropriate PHB, or a set of PHBs, for the requested service; 2) performing appropriate policing (including, perhaps, shaping or remarking) at the edges of the DiffServ region; 3) exporting IntServ parameters from the DiffServ region (e.g., for the updating of ADSPECs); 4) performing admission control on the IntServ requests that takes into account the resource availability in the DiffServ region. In [2], it is envisaged that such functions can be distributed between ER and BR, depending on if the DiffServ network region is RSVP-aware or not. For the sake of simplicity we assume here that such functions are carried out in the BRs. In our proposal, the operation 4), i.e., the CAC in the DiffServ region, is executed by GRIP, which acts as the admission control agent to the DiffServ network region. This can be done according to two possible options, A and B. In option A, the GRIP control loop is executed between source and end nodes and the functionality of the GRIP probe packets is executed by means of the RSVP PATH messages. In other words the PATH messages carry out both RSVP and GRIP related functions: the GRIP probe is piggybacked on the PATH message. In particular, as far as GRIP is concerned, when a PATH message (with the added significance of GRIP probe packet) is received by the (upstream) BR1, the latter device: - executes the mapping of the RSVP QoS request into a DiffServ GRIP class (and marks the relevant DSCP); Bianchi&Blefari Informational - Expires May 2001 13 A Migration Path to provide End-to-End QoS over Stateless Networks by Means of a Probing-driven Admission Control December 2000 - starts the GRIP Probing Phase by injecting in the DiffServ subnetwork the Probe (=PATH) Packet relevant to the selected DiffServ class; - if such packet succeeds in reaching the BR2 node, then it means that all the involved DiffServ/GRIP routers are found in the ACCEPT state and that the DiffServ region can support the requested connection. BR2 forwards the Probe (=PATH) message to the next RSVP router belonging to the adjacent IntServ region, which continues the RSVP operation, till reaching the Rx node. If the Rx node is willing to accept the connection, it answers with a RESV message, which has also the added significance of a GRIP Feedback packet; - meanwhile, the Tx node has activated a Probing Phase timer. If Tx receives the Feedback packet, (i.e. the RESV message) before this timer expires, the Probing Phase is successfully completed; in this case, control is given back to the user application which starts a Data Phase, simply consisting in the transmission of information packets information; - information packets will then be marked with a suitable DSCP by BR1. Note that the DSCPs relevant to both probing and data packets could be marked directly by the Tx node. Host marking requires that the host be aware of the interpretation of DSCPs by the network. This information can be configured into each host. However, such configuration imposes a management burden. Alternatively, hosts can use an explicit signaling protocol such as RSVP to query the network to obtain a suitable DSCP or set of DSCPs to apply to packets for which a certain IntServ service has been requested [2]. In option B, the GRIP control loop is executed between the BRs. In other words, these routers assume the role of GRIP source and destination. The mapping between RSVP requests and DiffServ GRIP classes is executed as above. The probing procedure can be carried out: 1) by piggybacking the GRIP probe on the PATH message and then starting a GRIP operation as above (the difference is that the GRIP request is initiated by BR1 and triggered by the reception of the PATH message); if the correspondent RESV message (with the additional meaning of GRIP Feedback packet) succeeds in coming back to BR1, the latter router forwards it toward the Tx Node that originated the RSVP request; 2) by keeping on hold the PATH message in BR1, starting a GRIP operation between BR1 and BR2 and letting the PATH message go ahead through the DiffServ network only if the GRIP reservation is successful (that is if BR1 receive a Feedback packet from BR2, within the GRIP timeout). Otherwise, an RSVP error message is sent by BR1 to the Tx Node that originated the RSVP request; 3) by simply forwarding the PATH message through the DiffServ network, without GRIP operation; then, when the RESV message Bianchi&Blefari Informational - Expires May 2001 14 A Migration Path to provide End-to-End QoS over Stateless Networks by Means of a Probing-driven Admission Control December 2000 is eventually received by BR1, the latter starts a GRIP operation and keeps on hold the RESV message; if the GRIP reservation is successful, BR1 forwards the RESV message upstream toward the Tx node. Otherwise, an RSVP error message is sent by BR1 to the Tx Node that originated the RSVP request. In this alternative, BR1 can also exploit the information contained in the RESV message (i.e., requested bandwidth and slack term, in addition to Tspec) to fine-tuning the GRIP request. Note that the last two alternatives have the con of increasing the set-up delay. These issues, together with additional options are discussed in [18]. Finally, we note that the issue of the Interworking between RSVP and GRIP is very similar to the one between RSVP and DiffServ; thus, many of the solutions and considerations of [2] apply also for our solution. 7. Conclusions The most important message we have tried to convey is that GRIP is not a new reservation protocol for the Internet (in this, differing from the SRP protocol [14], from which GRIP inherits some strategic ideas). Instead, GRIP is a novel reservation paradigm that allows independent end point software developers and core router producers to inter-operate without explicit protocol agreements. The principle at the basis of the GRIP operation is to enforce admission control decisions to operate on the basis of the reception of (or lack of) probing packets, injected in the network before a connection setup. In doing this, GRIP, in a certain sense, extends the principle at the basis of TCP to the completely different and novel problem of providing explicit per-flow admission control over stateless Internet architectures. 8. Security Considerations We are proposing an admission control for a DiffServ domain, potentially able to operate also in an end-to-end path, comprising IntServ sub-networks. Therefore all IntServ and DiffServ security considerations apply [4, 5, 6, 7]. In addition, as all admission control functions, our solution presents the risk of theft of resources through the unauthorized admission of traffic. Obviously, QoS signaling protocols which are intended to undertake resource management and admission control require the use of identity authentication and integrity protection in order to mitigate this potential for theft of resources [1]. Administrators are then expected to protect network resources by configuring secure policers at interfaces with untrusted customers. Finally, all the security considerations expressed in [1] apply also to our solution. Bianchi&Blefari Informational - Expires May 2001 15 A Migration Path to provide End-to-End QoS over Stateless Networks by Means of a Probing-driven Admission Control December 2000 9. References [1] G. Huston, "Next Steps for the IP QoS Architecture", RFC2990, November 2000. [2] Bernet, Y., Yavatkar, R., Ford, P., Baker, F., Zhang, L., Speer, M., Braden, R., Davie, B., Wroclawski, J. and E. Felstaine, "A Framework for Integrated Services Operation Over DiffServ Networks", RFC 2998, November 2000. [3] E. Berruto, G. Colombo and A. Napolitano: "From Gsm to Umts: a Continuous Evolution with Steps of Innovation", 1st European Personal and Mobile Communications Conference(EPMCC 95), Bologna, Italy, 28-30 November 1995. [4] R. Braden, L Zhang, S. Berson, S. Herzog, S. Jamin, "ResourceReSerVation Protocol (RSVP) - Version 1 Functional Specification", RFC2205, September 1997. [5] J. Wroclawsky, "The use of RSVP with IETF Integrated Services", RFC2210, September 1997. [6] K. Nichols, S. Blake, F. Baker, D. Black, "Definitions of the Differentiated Service Field (DS Field) in the Ipv4 and Ipv6 Headers", RFC2474, December 1998. [7] S. Blade, D. Black, M. Carlson, E. Davies, Z. Wang, W. Weiss, "An Architecture for Differentiated Services", RFC2475, December 1998. [8] F. Borgonovo, A. Capone, L. Fratta, M. Marchese, C. Petrioli, "PCP: A Bandwidth Guaranteed Transport Service for IP networks", IEEE ICC'99, June 1999. [9] V. Elek, G. Karlsson, "Admission Control Based on End-to-End Measurements", Proc. of IEEE Infocom 2000, Tel Aviv, Israel, March 2000. [10] G. Bianchi, A. Capone, C. Petrioli," Throughput Analysis of End-to-End Measurement Based Admission Control in IP'', Proc. of IEEE Infocom 2000, Tel Aviv, Israel, March 2000. [11] G. Bianchi, A. Capone, C. Petrioli: "Packet management techniques for measurement based end-to-end admission control in IP networks", IEEE/KICS Journal of Communication Networks, June 2000. [12] L. Breslau, E. W. Knightly, S. Schenker, I. Stoica, H. Zhang: "Endpoint Admission Control: Architectural Issues and Performance", ACM SIGCOMM 2000, Stockholm, Sweden, August 2000. Bianchi&Blefari Informational - Expires May 2001 16 A Migration Path to provide End-to-End QoS over Stateless Networks by Means of a Probing-driven Admission Control December 2000 [13] R. J. Gibbens, F. P. Kelly, "Distributed Connection Acceptance Control for a Connectionless Network", 16th ITC, Edimburgh, June 1999. [14] W.Almesberger, T.Ferrari, J. Y. Le Boudec: "SRP: a Scalable Resource Reservation Protocol for the Internet",IWQoS'98, Napa (California), May 1998. [15] G. Bianchi, N. Blefari-Melazzi: " A Migration Path for the Internet: from Best-Effort to a QoS Capable Infrastructure by means of Localized Admission Control", to appear on Lecture Notes on Computer Science, Springer-Verlag, volume 1989, M. Aymone-Marsan, A. Bianco, Eds.: QoS-IP 2001, International Workshop on QoS in Multiservice IP Networks, Rome, Italy, 24-26 January, 2001 (this paper and also the more detailed technical report [18] can be requested to the authors by writing to blefari@diei.unipg.it). [16] M. Grossglauser, D. N. C. Tse: "A Time-Scale Decomposition Approach to Measurement-Based Admission Control", Proc. of IEEE Infocom 1999, New York, USA, March 1999. [17] L. Breslau, S. Jamin, S. Schenker: "Comments on the performance of measurement-based admission control algorithms", IEEE Infocom 2000, Tel-Aviv, March 2000. [18] G. Bianchi, N. Blefari-Melazzi, M. Femminella: "GRIP: QoS support over Stateless DiffServ Networks by means of localized measurements and decisions", technical report. (this paper can be requested to the authors by writing to blefari@diei.unipg.it). 10. Author's Addresses Giuseppe Bianchi DIE, University of Palermo Viale delle Scienze, Parco d'Orleans 90128 Palermo, Italy e-mail: bianchi@elet.polimi.it Nicola Blefari-Melazzi DIEI, University of Perugia Via G. Duranti 93, 06125 Perugia, ITALY Tel: +39 075 585 3630 e-mail: blefari@diei.unipg.it Mauro Femminella DIEI, University of Perugia Via G. Duranti 93, 06125 Perugia, ITALY Tel: +39 075 585 3647 e-mail: femminella@diei.unipg.it Bianchi&Blefari Informational - Expires May 2001 17 A Migration Path to provide End-to-End QoS over Stateless Networks by Means of a Probing-driven Admission Control December 2000 11. Full Copyright Statement "Copyright (C) The Internet Society (date). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implmentation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into. Bianchi&Blefari Informational - Expires May 2001 18